Indian Nuclear Power Plant, Kudankulam Nuclear Power Plant (KKNPP), Hit by Malware

I wanted to have a funny headline or intro for this post, but I honestly can't find anything to joke about.  In all the madness of US Politics, this story somehow didn't show up on my news feed until I looked for my week computer security topic:

- Click for link to original article -

If there was any "humor" to be found in this story, it's that on October 29th the Nuclear Power Corporation of India Limited (NPCIL) issued a statement that a malware attack would have no impact on their plant control systems.

The malware appears to be connected to North Korea, and according to the NPCIL, was isolated to a single user's PC.  NPCIL claimed that the network the user PC was not connected to the power plant's critical internal network.

There's no information available at this time regarding if any data was stolen, but hopefully more details are revealed over the next several days.

The Latest Data Breach Everyone Is Talking About: NordVPN

Well, another week brings another data breach (it feels that way at least).  This week news broke that NordVPN was the latest victim of a data breach.

NordVPN released an official response

Thankfully, it does not appear that any NordVPN customer data was compromised.  Here's a quick break-down of the issue:

• A data center in Finland, where NordVPN had a contract for server hosting, experienced a breach.  The breach involved a single server.
• The data center allowed remote management to remain enabled on the server long enough for an intruder to access the server.
• The intruder did not obtain customer information, but did steal a TLS key.
• NordVPN claims that the stolen key was already expired.
• After learning about the breach, NordVPN terminated their contract with the Finland data center.

Cancer Treatment Centres of America Suffers A Data Breach. Again.

The Atlanta location for one of Cancer Treatment Centers of America hospitals fell victim to a phishing attack last month, resulting in nearly 4,600 patient’s data being copied.

Howard Solomon breaks down the recent breach, as well as noting that this is the FIFTH data breach for Cancer Treatment Centers of America since November 2018.

Phishing attacks may very well be the most frustrating aspect of computer security for anyone in IT.  Firewalls, VPNs, 10+ digit password, etc. all mean nothing if employees fall for phishing attempts and provide access to information willingly.

The attacks are so effective, Solomon noted in his article that the Atlanta location has now victim to three attacks since November 2018.  A representative from Cancer Treatment Centers of America stated that employees will be going through more extensive security training, so hopefully it makes a difference going forward.

Your company was hacked? Don't be ashamed about it (probably).

I ran across a ZDNet headline today by Danny Palmer:

I understand that you're employed to do everything you can to help keep a company secure from bad actors, but things happen.  In the event that a hacker is able to get around your security measures  (and possibly get away with valuable information), how are you supposed to reflect on that in your career?

If you created accounts that have unrestricted access and the passwords were "password", then yeah, it's probably going to be an issue when you're looking for a new job.  What is interesting is that according to the article, 54% of respondents from a University of London survey flat-out don't discuss past incidents where they experienced attacks or breaches.

It was interesting to read, since it wasn't an aspect of computer security I have thought about yet this semester: what happens if you're on the receiving end of a successful hack/breach?

I imagine that if you did everything possible to prevent the attack, how you reacted (and how quickly) would determine if that's something you would want to share with others, especially prospective employers.  

Instagram Vulnerability Allows Bad Actors to Access User Phone Numbers and Names

While I don't use Instagram, I'm very much aware of how popular it is and how many people have an IG account.  This morning I came across an article from Forbes regarding a vulnerability in Instagram, that allows for individuals to obtain user's name and phone numbers.  I can sum up the issue as best as I can, but Zak Doffman goes in great detail and does an excellent job of going into all the details:

If I had to sum up the vulnerability as quickly as possible: bad actors can use an algorithm to brute force Instagram's login form, and combined with exploiting Instagram's "Sync Contact" feature, is able to obtain a list of user full names and their phone numbers.  The issue is much more complex than can be summed up in a single sentence, so I highly recommend reading Zak Doffman's article (linked above in the image).

Thankfully, Facebook was quick to fix the issue and the exploit no longer works as of this post.

You didn't want to play World of Warcraft today, did you?

Update 9/9/2019: Two days of DDoS attacks.

I have been playing World of Warcraft on and off since 2005.  It's a fun game to play and (for the most part) has a large, helpful community of players to chat and play with.  Sometimes I spend far too much time in the game, so I tend to cancel my subscription at the beginning of each school semester to avoid distractions from my studies.

This brings us to today's post.  My WoW subscription ended the evening of September 6th, forcing me to say goodbye to my online friends until the end of the 2019 Fall semester.  Earlier today I discovered that I quit just in time, as Blizzard Entertainment was forced to deal with DDoS attacks on their World of Warcraft: Classic servers.

It was brought to my attention as I was browsing through Reddit, but it was later confirmed by Blizzard via Twitter:

During the DDoS attack, players were unable to connect to most of the servers in World of Warcraft: Classic, a version of World of Warcraft that was released less than two weeks ago.  The DDoS attack impacted players for almost 6 hours today.

This isn't the first time players have had to deal with DDoS attacks against their favorite MMORPG, and I'm sure it won't be the last.

The purpose of this blog is to find interesting articles/topics relating to computer security, so it felt appropriate to make the first post that ties in my interest in computer security and one of my favorite personal hobbies: World of Warcraft.  Hopefully I don't get another opportunity to make a similar post later.