The spear phishing attack that caused the Yahoo data breach: What MSPs can learn

As more information unfolds about the Yahoo data breach, it all comes down to a single fact: the entire breach was enabled by just one click on a spear phishing link.

How the Yahoo Hack Started

According to CSO, the FBI says Aleksey Belan, a Latvian hacker hired by Russian agents, began hunting down the Yahoo user database and account management tool after he was able to gain access to Yahoo’s network thanks to one user clicking a link in a spear phishing email.

Belan then installed an agent on the Yahoo server granting him full access to the network from his own personal computer, including access to the entire database of names, phone numbers, and password recovery emails with cryptographic values unique to each account, called nonces. The hackers then used the nonces to generate access cookies through a script installed on a Yahoo server, and throughout 2015 and 2016, those cookies granted the hackers free access to email accounts without the need for a password.

Make It Harder for Hackers to Succeed

If you’re thinking “That just seems too easy!” You’re right. One of the biggest data breaches in history—which has been investigated for more than two years and affects more than half a billion people—wasn’t too challenging for hackers at all. All Belan needed was one internal Yahoo employee to open an email and click a link.

That’s what is so unsettling about spear phishing attacks. They become a success for hackers if just one employee doesn’t have the proper training and education on how to protect the network.

SMBs are going to rely on MSPs and MSSPs now more than ever to protect company data as well as personal information, and it’s up to you to help keep them safe. Here are our top tips for keeping your SMBs’ data safe, secure, and spear-phishing free!

  1. Educate Customers and Employees
    Education is the number one tool you can use to ensure that your SMB customers and your employees follow backup and security best practices. A good place to start is teaching password best practices, such as enabling multi-factor authentication (MFA) on devices, not storing passwords on Post-it notes where anyone can access them, and not emailing passwords to other employees.Other important topics to cover include the most recent malware and ransomware threats, how to spot a phishing scam, and simple best practices, like regularly updating operating systems and security software to help ensure network security is as up-to-date as possible to avoid new data breaches.
  2. Eliminate Phishing Threats
    The speed of doing business is steadily increasing. Unfortunately, this also applies to the business of spear phishing, malware, and ransomware, and the threat landscape is constantly evolving. Your organization and our customers face zero-hour malware exploits, targeted attacks, and advanced persistent threats that routinely bypass traditional signature-based IPS and antivirus engines.

    Technology like Advanced Threat Protection (ATP) enables businesses to go beyond securing and protecting assets from intrusion and data loss. With ATD technology, all email files sent through the network are first scanned in a sandbox-emulated environment to check for malicious activity. If the file contains malware, the message is blocked, and the administrator is alerted.

  3. Protect BYOD Environments
    We live in an interconnected world of “Bring Your Own Device (BYOD)” environments, where any given office has more than just desktops to secure. Any device that logs into a network—from a tablet to a cell phone to a personal laptop—must follow the same security processes as an on-premise desktop would.Technology like client-to-site secure VPN via browser (SSL VPN) enables MSPs to monitor employee-owned cell phones, tablets, and laptops that are logging in to the corporate network. Being able to easily set custom, device-based security policies ensures documents are safely delivered. This means if an SMB VPNs into the network from a personal tablet, they have the same malware-prevention security as laptops in the office.

    Organizations must balance their growing remote access needs against their available IT resources, and a remote access solution must be easy to set up and maintain while having minimal impact on the IT help desk. By incorporating SSL VPN into your customers’ remote access strategies, they gain the benefits of secure remote access without the cost and complexities of an IPsec solution.

  4. Secure Cloud Data
    Don’t rely on built-in security functionality that doesn’t do much more than spam filtering. Secure your customers’ cloud data with products offering email encryption to add an extra layer of security. For example, Barracuda Essentials for Email Security provides AES 256-bit encryption for data at rest and in transit to ensure your customers’ cloud data remains secure.
  5. Prepare for a Disaster
    While it would be nice to say technology can eliminate all risks, the reality is it can only do so much as hackers are constantly developing more sophisticated phishing attacks. Have a disaster recovery plan in place, and continually backup your customers’ data in case you need to restore quickly after a malware infection or a ransomware attack. Having up-to-date backups in place ensures that if a customer clicks on a malicious link, you can easily restore from a recent point in time without losing critical data.

 Photo: Neon Tommy via Used under CC 2.0 License.

Leave a Reply

Your email address will not be published. Required fields are marked *