Mirai Security | Cyber Security Blog

Security Impurities: News of the Week (October 19th - 25th)

Written by Alex Morgan | Nov 28, 2022

Pain and Cable: French Internet cable outages and their security implications

When we hear the term "cable news," this is usually not what is being referenced: This week in France, a major Internet cable was severed. While this may seem like an isolated outage, it affected Internet connectivity in Europe, Asia, and the US. Coupled with the news that subsea cables in the UK were also damaged, key takeaways emerge. Individual users, businesses, and even whole nations rely on the safety and security of these cables for Internet access. When outages occur, access to unsaved data, cloud assets, and other services become unavailable. Whether the failure of these cables was due to human error, an accident of nature, or more malicious activity is not yet known. Still, cybersecurity advocates should see this as what can happen when critical infrastructure is poorly protected. While this outage may not have been planned, major internet cables like these are targets for sabotage, and reliable Cloud backups should be in place in the case of a malicious attack. Internet outages can bring things to a halt, and news like this should make security advocates think about how to best minimize the damage if these things occur.

Pain Clouds: The Microsoft breach

Internet outages affect Cloud services. But, with news of this week's Microsoft hack, Cloud security is also under the microscope.

The Microsoft hack

Microsoft's Cloud security failure, which resulted in 2.4 terabytes of customer data being exposed, shows that even the biggest companies have trouble with cloud security. While the tech giant claimed that this breach was "not the result of a security vulnerability," its blaming of the event on human error doesn't bode well for consumer trust in their security solutions or the Cloud environment. This is especially true in the face of two recent Cloud network security studies.

CSA, BigID, and Venafi find Cloud security risks in keeping track of data

Cybersecurity company Venafi has released a report claiming that over 80% of companies have admitted to experiencing a Cloud security incident in the past year. Nearly half of the companies in the study reported incident totals of four or more. Also, the Cloud Security Alliance (CSA) published a study with data intelligence platform BigID. It found that companies are having trouble securing and tracking sensitive data in the Cloud. While these studies show that companies are using Cloud storage services more than ever, they are not always happy with the results. Frustrations with Cloud networks and Cloud security solutions have resulted in a justifiable lack of competence and confidence in the tech. Until companies find ways to make their Cloud environments secure and easy to navigate, and train their employees to use them effectively, these issues will remain.

Spyware Nightmare: Iranian Android spyware

In hot news out of Iran this week, a hacking group known as Domestic Kitten has been targeting Android users with their FurBall spyware. FurBall poses as a translation app for an Iranian literature website. Once downloaded, the spyware utilizes app permissions to collect sensitive user information. In a time of great unrest in Iran, the state-aligned Domestic Kitten has been using this malware to target dissidents of the Iranian regime. Though used for political purposes, FurBall is yet another example of the threat spyware poses to people and businesses alike. Spyware's corporate espionage capabilities should be in the minds of any security-conscious employee. Additionally, FurBall serves as a reminder to always question what permissions an app needs.