Because Dyn served major customers - Amazon, Etsy, GitHub, Shopify, Twitter – addresses for traffic headed their way couldn’t be resolved. Because these victims are so high-profile, it seemed to some that the internet was broken.
The lesson for enterprises is doubling or tripling up on their DNS providers so if one goes down, there’s a backup. They should look at lowering the time-to-life settings on their DNS servers so when attacks like this do occur they can redirect traffic faster to the backup DNS providers.
Thieves stole 2.6 TB of data from the Panamanian law firm Mossack Fonesca, making this a major breach based on the volume of stolen information alone. Add to the mix that the data included details about how 70 past and current world political figures hid income from revenue officials in offshore accounts and the importance is even bigger.
The prime minister of Iceland was forced to step down due to the scandal, while officials in the U.K., France, Austria, South Korea and Pakistan faced public outcry.
The culprit is unknown, but researchers probing the law firm’s network found multiple applications and plugins that weren’t kept up to date and contained vulnerabilities. Network architects didn’t employ least privilege for administrators, so hacking just one set of credentials would expose more systems than it might have if admins had access to the minimum number of systems needed to do their jobs.
When Yahoo announced Sept. 22 that half a billion of its accounts had been hacked, it was the largest ever hack of its kind. Then it came out that the actual compromise happened in 2014, elevating the incident into the realm of the incredible.
Beyond the uncountable effects of that many accounts being vulnerable for that long of a time, the breach threw the $4.8 billion sale of Yahoo to Verizon into turmoil. It still hasn’t gone through, with speculation being that Verizon wants to trim $1 billion from the price because the hack affects Yahoo’s value.
The entire fiasco holds lessons for consumers: use strong, unique passwords for all accounts and change them regularly.
It also is an object lesson for businesses and other entities that might some day have to explain a breach – get out in front of the problem and be open with facts about how it happened and what’s being done to fix it. Also – and this is difficult to specify - they should employ detection platforms that expose such breaches more quickly.
NSA Shadow Brokers leak
Shadow Brokers, a hacking group of uncertain membership, tried to sell what it described as hacking tools stolen from an equally mysterious organization called Equation Group.
Sign up for Computerworld eNewsletters.