Twitch Leak

Summary: On October 8th, an anonymous user on the message board site 4chan posted information stating that Twitch had been hacked along with what was labeled as “part 1” of a Twitch data dump, suggesting more was to come. As of right now, no more dumps have occurred. However, what has been revealed in the first data dump has serious ramifications for users.

Although the user claimed to target the platform out of disdain, the actual harm was towards the users of the site, as some security researchers have claimed that plain text usernames and passwords have been found in the data. Despite these claims from researchers and user reports of compromised accounts, Twitch still maintains that no credentials were leaked. In addition to the allegedly leaked login information is plain text data pertaining to amounts paid, usernames, emails, and payment statuses all related to the PayPal platform as it dealt with Twitch. Twitch officials attribute this hack to a misconfigured switch, but beyond that they have not commented much further on the subject.

Why it matters: The adage of never reusing a password rings true. Many Twitch users who were late to hear about the hack found that some other accounts were compromised. Twitch’s parent company, Amazon, is an internet goliath that hosts a large share of servers in the world. Despite its size and sophistication, it was not immune to being the target of a cyber-attack.

Sharing passwords across platforms has always been a threat in the cyber security world and no matter how strong a password is, reuse is a cause for a sizable number of instances of unauthorized access to data by third-party individuals. Avoiding reuse can be as simple as using a password manager like which can generate unique passwords and remember them for you.

Most password managers grant you the ability to configure password generation requirements such as case variance, usage of numbers, special characters, and much more. On the other side of this coin is continuous monitoring for passwords that may have been leaked. have i been pwned is one of the world’s largest repositories of data breaches. Some password managers also have the capability to monitor these leaks and notify users appropriately.

Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers

Summary: On October 12th, Microsoft disclosed that it was able to stave off a 2.4 Tbps DDoS attack (Terabit per second Distributed Denial of Service attack) during the final week of August. The attack targeted an unnamed Microsoft Azure customer in Europe. At 2.4 Tbps this is slightly larger than the 2.3 Tbps attack on AWS in 2020, and the second largest DDoS attempt to have ever occurred – the largest being against Google in 2017 at 2.5 Tbps. Reports indicate the source of the attack was a botnet comprised of approximately 70,000 machines located throughout the Asian-Pacific region and the western coast of the United States. Amir Dahan, a senior program manager for Azure Networking, said that this attack “is 140 percent higher than 2020’s 1 Tbps attack and higher than any network volumetric event previously detected on Azure.” He went on to say this attack is a result of a “UDP reflection” lasting approximately 10 minutes in total. Despite the massive scale, the malicious traffic was mitigated before it was able to reach the target.

Why it matters: As attackers’ methods, scale of attack, and intended targets continue to change, the need for continued innovation in defensive measures presents itself. As of late, cloud service providers have shown incredible resilience with recent botnet DDoS attacks. Continued development is part of the core model of cloud deployments as the continued revenue stream allows for dedicated teams to focus on more specific defensive and preventative measures while other teams can focus on user experience and structural architecture. The industry has reached the point where cloud is a clear and solid path forward in its evolution and the results are showing.


Coinbase Phishing Campaign Takes Advantage of MFA Flaw

Summary: Between March and May of this year, attackers used an undisclosed flaw in Coinbase’s SMS authentication to steal cryptocurrency. Krebs on Security writes that the attackers enumerated account information by attempting to register new accounts with the intent of seeing which were already in use. Those email accounts were then targeted with phishing emails to further gather victim data, including passwords, birthdates, and addresses. While successful logins would typically be stopped at this stage due to MFA, in this instance, a vulnerability in the SMS account recovery process allowed the hackers to generate an authentication token.

Why it matters: Phishing can take advantage of a user’s trust in a company’s reputation. Avoid clicking on links in emails and navigate to the external site directly. Coinbase has a help page on what to do if you believe you received a phishing email purporting to be them. Opt to use an authentication app rather than SMS where possible for more security, as apps are not susceptible to SIM swapping attacks or other methods of text message interception.


Security Tip of the Month

Summary: October was Cybersecurity Awareness Month but security best practices should be a daily occurrence whether at work, at home, or while traveling. While traveling, you may wind up connecting to public Wi-Fi or using a shared computer where your data is more vulnerable. Use a VPN or a mobile hotspot when making sensitive online transactions. To protect yourself, make sure that physical access to your electronic devices is always restricted. Keep your laptop and mobile phone devices put away and locked while not in use. Additionally, if traveling for work, with company issued or managed devices, make sure that your organization’s IT team is aware of potential activity outside of normal locations.

Why it matters: It is much simpler to maintain a good security posture when in a known and familiar environment. Traveling can make this difficult and introduce new risk factors when connecting to airport Wi-Fi, exposing your device to unknown people, etc. Additionally, targeted phishing attacks may result from posts on social media. Be careful about inadvertently sharing location information with strangers on the web.


Additional Reads

Summary: On September 1st, a fired credit union employee pled guility to deleting 21G of confidential data as well as anti-ransomware software files from the company shared drive after the IT department failed to revoke access following her termination. Due to insufficient backups, the credit union ended up paying over $10,000 to restore data following the loss.The LockBit ransomware group attempted to recruit insiders to help deploy malware on corporate networks. Vindictive former employees or employees motivated financially can pose a threat to internal security.

Why It matters:Employees, vendors, and partners have insight into how a company operates and can use that knowledge maliciously. Best practices include provisioning account permissions with the least privilege necessary to complete routine tasks. Zyston monitors access to high-privilege groups as well as suspicious mass deletions to stay abreast of potential data loss and privilege escalation. Additionally, it is important to automate identity and access management where possible to ensure that employees are terminated properly across all company resources.