Cyber security experts have long said that attackers only need to get lucky once, while organizations have to get lucky every time they get attacked.
Evidence of that maxim was demonstrated by Reddit in its recent data breach explanation.
Launched by an unknown assailant on 5 February What is the discussion point called? A “sophisticated phishing campaign that targeted Reddit employees. As with most phishing campaigns, the attacker directed employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.” sent praise-sounding signals.
“After successfully obtaining an employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.”
As a result of the incident, the statement said, Reddit is working to “strengthen” the security skills of employees. “As we all know, humans are often the most vulnerable part of the security chain,” the statement said.
To this employee’s credit, though, he reported his mistake, allowing Reddit’s security team to quickly remove the intruder’s access.
The statement said there is no evidence that the site’s primary production systems – the parts of the stack that run Reddit and store most of its data – were accessed. Reddit user passwords and accounts are secure.
However, the site acknowledged that the attacker used “some internal documents, code, and some internal business systems”.
The exposed data included what it called limited contact information for “(currently hundreds of) company contacts and employees (current and former) as well as limited advertiser information. Based on many days In a preliminary investigation by Security, Engineering, and Data Science (and friends!), we have no evidence to suggest that any of your non-public data was accessed, or that Reddit information was published online. or distributed.
The statement also urged Reddit users to enable multifactor authentication and use a password manager to protect their login credentials.
Johannes Ulrich, Dean of Research SANS Institute of Technology, explained in an email that there is a lot of technology to detect website impersonation. “For example, companies like Google have made great efforts to clean up TLS [transport layer security, which encrypts data] to generate infrastructure trusted certificates to identify the identity of websites connecting to a browser and prevent machine-in-the-middle attacks,” he wrote. “But at the same time, better ways to communicate to users There has been little progress in finding ways to see which organizations they interact with.
“Instead of relying on users to decide whether a website is legitimate, we need to leverage Phishing-resistant authentication schemes Like FIDO2, These systems take advantage of existing technology such as TLS to prevent the use of authentication secrets across different sites.