I hope you are safe and secure at home. The SKY ECC team have been working remotely for over a month now, but we have not slowed our quest to keep your communications private in a time when digital attacks are escalating rapidly.
Here are the “can’t miss” stories from the last month which show these attacks are real:
- NASA warns its own experts about pandemic-related risks and attacks.
- BlackBerry uncovers APT Groups with a decade of access to the global server network.
- A damning report shows fingerprints to be insecure for authentication.
- 600,000 email users were hacked, their data is for sale on the dark web.
This is a crucial moment to discuss online privacy and security. Read and share these stories, or forward this newsletter, to have more people involved in this important conversation.
My lead story last month looked at COVID-19 related phishing attacks. Even NASA sent out a memo to all staff on April 6 about this very issue:
A quote further down reads: “Be cautious while working and when using your personal computers or mobile devices”.
You need to distribute SKY ECC devices to more of your staff to protect your business at a time when it needs it most. Even NASA is under threat and taking further precautions. You are not immune.Even NASA is concerned about the security of workers as they #workfromhome, sending al tter to all staff. #remotework Click To Tweet
2. BlackBerry finds a decade of advanced hacking
We chose BlackBerry for the penetration testing of SKY ECC because of their renowned industry experts. The BlackBerry team has proven themselves again by uncovering a decade of hacking against servers across the globe by five APT groups. Key quotes from the report include:
- “Linux runs nearly all of the top 1 million websites online, 75% of all web servers, 98% of the world’s supercomputers and 75% of major cloud service providers.”
- “The report…provides further insight into pervasive economic espionage operations targeting intellectual property.”
- “The tools identified in these ongoing attack campaigns are already in place to take advantage of work-from-home mandates.”
- “This research paints a picture of an espionage effort targeting the very backbone of large organizations’ network infrastructure that is more systemic than has been previously acknowledged,” says John McClurg, BlackBerry CISO.
3. Report: fingerprints not secure for authentication
We made the decision to not trust fingerprints as a secure biometric for authentication years ago—it’s not as secure as a complex password, despite what some manufacturers say.
Researchers found it took a 3D printer and some fabric glue to beat a wide variety of fingerprint censors. They could unlock many different mobile devices with a success rate well over 50% in many cases—including the iPhone 8 with a success rate over 80% for two techniques they used.
The worst stats were a 95% success rate on a Macbook Pro they were using…and 100% with a Samsung Note 9. Do you see now why SKY ECC devices don’t use biometric authentication?
Don’t trust fingerprints as your sole authentication method for valuable data. They are still not secure enough.
4. Data of 600,000 email users exposed
The email provider Email.it was hacked over a period of two years, with user records compromised totaling over 600,000. Haven’t heard of Email.it? It’s likely because they cater to the Italian (IT) market.
Anyone who has used the service between 2007-2020 can assume they’ve had their emails, passwords, security questions, and email content stolen. Change them all now on any other service you’ve used them on (which is bad!).
The content is currently for sale on the dark web, price points range from 0.5 to 3 bitcoin.
- NASA hacking story
- BlackBerry’s hacker report
- Fingerprint biometrics insecure
- 600,000 email users hacked
New from SKY ECC this month!
Remember in the last newsletter when I said we were working on something new for all of you? I wasn’t blowing smoke!
We launched our Online Renewal site at Renew.SkyECC.Com!
We took steps to further help our customers and distributors alike in this challenging business environment:
- Payment can be made via Bitcoin or credit card. All we need to process the payment is the anonymous ECCID for the account. No customer information is needed!
- Extension of all soon-expiring contracts to May 1. We didn’t want anyone in a position of not being able to renew while we all figured this out, leaving them vulnerable in at a bad time. Anyone who was near renewing was automatically given time to sort out their next steps.
- A limited time promotion for those who renew their subscription online using the new site! 3 months free with a 3 month renewal, or 6 months free with a 6 month renewal.
This online renewal portal is only going to grow, and it will be used to help both distributors and customers alike. Have any feedback? Message us at firstname.lastname@example.org.