AXEL.org

Cybersecurity

Devastating Data Breaches – Part 1: The Hard Fall of Yahoo

Data breaches can affect any business. It’s an unfortunate fact, but in today’s digital world, there are so many technologically savvy criminals who seek to make money and wreak havoc upon millions. Cyberattacks can affect anyone, from the smallest neighborhood shop to the largest multinational corporations. However, while small businesses are affected constantly, the data breaches that affect large corporations are the ones that receive the most news coverage. And while the number of cyberattacks has risen in recent years, no incident comes close to the number of victims as the back-to-back data breaches Yahoo faced in 2013 and 2014.

In honor of Cybersecurity Awareness Month, AXEL is writing about some of the worst leaks, data breaches, and ransomware attacks in history. Follow along all October long to learn about what went wrong, what could’ve been done, and how companies responded to devastating data breaches. 

The History of Yahoo

From the late 1990s until the late 2000s, Yahoo was among the giants of Silicon Valley. Although the company never dabbled in hardware, it focused on one utility: Web services. And in the early years of the Internet, no one did web services better than Yahoo. Following in the footsteps of AOL, Yahoo’s first business model was organizing new web pages into categories in the early 1990s. When this proved successful, Yahoo quickly expanded into other web services, including email, instant messaging, news, and games [1]. With these services, Yahoo truly hit the mainstream. Throughout the 2000s, Yahoo remained popular, but began to lag behind tech newcomers like Google, Facebook, and their suites of web services. Following years of underperformance, Yahoo was struggling in the early 2010s. Unfortunately, Yahoo’s problems were only just beginning.

The Breach(es)

In August 2013, an unknown third party gained access to Yahoo data, making away with names, birth dates, phone numbers, and poorly encrypted passwords [2]. For three years following the breach, Yahoo was unaware of this unauthorized digital theft. However, in August 2016, Yahoo accounts were seen for sale on the dark web. Later, three separate buyers bought this stolen data for USD $300,000. To this day, Yahoo and federal investigators do not know the culprit of the 2013 hack [2].

In addition to the 2013 breach, Yahoo faced another cybersecurity crisis just a year later. In December 2014, Yahoo fell victim to another data breach, losing usernames, phone numbers, passwords, and security question answers to at least 500 million Yahoo accounts [3]. It was later revealed that the hack was the responsibility of four men hired by Russia, who sought the personal information of American intelligence officers [3]

In contrast to the 2013 breach, however, Yahoo executives were made aware of the hack soon after it occurred. Even when Yahoo was set to be acquired by Verizon in 2016, the company stated that it was aware of only four minor breaches [4]. Even in June 2016, Yahoo’s security team was aware that hundreds of millions of accounts were compromised, yet the company failed to inform Verizon or the public until September 2016.

The Fallout

Finally, in September 2016, Yahoo announced to Verizon and the public its knowledge of the 2014 breach. At the time, Yahoo estimated that 500 million accounts were compromised in the attack. In December 2016, Yahoo became aware of the 2013 attack and announced that an estimated one billion accounts were affected by the incident. While an estimated 1.5 billion compromised accounts is a nightmare for any business, the hacks and fallout occurred during a time of turmoil and transition for Yahoo. In fact, after the announcement of the 2014 hack, Yahoo lowered its purchase price to Verizon by $350 million [4]. Unfortunately, the news soon got worse for Yahoo. The company’s initial estimate of affected accounts was far from the true scale of the breaches.

In October 2017, Yahoo announced that all of its accounts were compromised in the two hacks. Over 3 billion accounts were ultimately affected by the breaches. Following the public reveal of the 2013 hack, Yahoo forced all of its users to change their passwords [5]. While this was a smart, necessary step, much of the damage had already been done. Usernames, phone numbers and birthdates were, unfortunately, already vulnerable.

Following the revelations of the breaches, Yahoo faced serious scrutiny from consumers and investigators alike. Following investigations, Yahoo was fined USD $35 million by the Securities and Exchange Commission (SEC) not for the breaches themselves, but for failing to disclose its knowledge of the 2014 breach until two years later [4]. In fact, this was the first time the SEC ever fined a public company for failure to disclose knowledge of data breaches. Additionally, Yahoo settled a class-action lawsuit for USD $80 million. Ultimately, Yahoo was punished for the cover-up, rather than the actual breaches. Unfortunately, the steep punishment simply did not outweigh the damage done to Yahoo and its customers.

Protecting Your Data

Although October is designated as Cybersecurity Awareness Month, true protection from data breaches and cyberattacks requires a year-long commitment. That’s where AXEL Go comes in. AXEL Go is a secure file-sharing and storage software that prioritizes data protection. Offering military-grade encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from cybercriminals. Put simply, your vital information deserves the best protection. If you’re ready to try the best protection, get two free weeks of AXEL Go here

[1] Greenberg, Julia. “Once Upon a Time, Yahoo Was the Most Important Internet Company. Now It’s Struggling.” Wired. November 23, 2015. https://www.wired.com/2015/11/once-upon-a-time-yahoo-was-the-most-important-internet-company/.

[2] Perlroth, Nicole. “All 3 Billion Yahoo Accounts Were Affected by 2013 Attack.” The New York Times. October 03, 2017. https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html.

[3] Goel, Vindu, and Eric Lichtblau. “Russian Agents Were Behind Yahoo Hack, U.S. Says.” The New York Times. March 15, 2017. https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html?_r=0.

[4] “The Hacked & the Hacker-for-Hire: Lessons from the Yahoo Data Breaches (So Far).” The National Law Review. May 11, 2018. https://www.natlawreview.com/article/hacked-hacker-hire-lessons-yahoo-data-breaches-so-far.


[5] Goel, Vindu, and Nicole Perlroth. “Yahoo Says 1 Billion User Accounts Were Hacked.” The New York Times. December 14, 2016. https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html.

Data Privacy and Security Increase Profitability in the Cannabis Industry

Experts estimate that the cannabis industry is currently worth $60 billion, and that number is predicted to grow to $100 billion by 2030. As this industry grows and the customer base gets larger, so too does the need for modern data custody technologies. It might not be obvious at first glance, but data custody and security are critical components of running a successful cannabis business. Here are four reasons why.

The Importance of Data Security in the Cannabis Industry

First, medical dispensaries could be considered “healthcare providers” under the Health Insurance Portability and Accountability Act (HIPAA). Under HIPAA, healthcare providers must implement safeguards to prevent the incidental disclosure of any patient’s “protected health information.” Disclosures could result in a fine of up to $50,000 per disclosure. 

Second, each cannabis company has numerous trade secrets to protect. These could include growing processes, distribution plans, recipes for edibles, extraction techniques, soil mixtures, etc. The theft of any of these trade secrets could be disastrous to a company.

Third, cannabis companies must comply with (sometimes conflicting) state laws. For example, in California, the Medicinal and Adult-Use Cannabis Regulation and Safety Act (MAUCRSA) requires cannabis delivery companies to maintain records of every person who receives a delivery. At the same time, the California Consumer Privacy Act (CCPA) gives customers the right to demand that companies delete any records pertaining to them.

Fourth, data breaches result in damage to a company’s reputation. Dispensaries often sell T-shirts and other merchandise stamped with the company logo to foster customer loyalty, but a newsworthy data breach could shake that loyalty. Further, data breaches could damage the industry’s image as a whole and become a roadblock to legalization efforts at the federal level.

Room for Improvement

Last year, a group of ethical “white hat” hackers located a breach in the THSuite point-of-sale system, which is used by many dispensaries. Through the breach in THSuite, the hackers were able to access roughly 85,000 unencrypted files containing the personally identifying information of 30,000 people, including names, phone numbers, addresses, emails, birthdays, images of state-issued IDs, signatures, quantities of cannabis purchased, and medical ID numbers. 

This breach, and all the reasons discussed above, highlight the need for modern technological solutions. The International Cannabis Bar Association (INCBA) and AXEL are working together to bring these solutions to Bar members. INCBA members will now receive a 20% discount when they sign up for Premium or Business Plan subscriptions of AXEL Go. AXEL Go is the safest way to collect, store and share files during in-office, hybrid and remote work situations.

AXEL’s patented blockchain technology and AES-256 encryption help attorneys collect, store, and share client files in a user-friendly manner that is impervious to hackers, unauthorized access, and ransomware attacks. The decentralized nature of the network ensures that there is no single point of failure. Further, files uploaded to the AXEL network are heavily encrypted, sharded, and scattered between 400+ different global servers, providing a high level of security without sacrificing speed. Sensitive files and shifting regulatory frameworks in the cannabis industry call for an abundance of caution permitted by AXEL Go. INCBA members can sign up for a 14-day trial of AXEL Go and redeem discounts here.

Data Breaches are Here to Stay (For the Unprepared)

On August 18, T-Mobile announced that a recent data breach has affected over 40 million customers. Thankfully, it appears that no financial information was leaked. However, in a statement, T-Mobile stated “While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information.” Those responsible for the breach targeted T-Mobile credit applications, putting names, phone numbers and social security numbers at risk [1].

This massive data leak is just one of many that have occurred in recent years. From banks to superstores, data breaches have affected businesses in every industry, putting customers at risk. With this never-ending barrage of data breaches occurring, it’s fair to ask: When will they stop?

Well, we simply don’t know. If businesses continue to neglect cybersecurity, data breaches will remain common and catastrophic. However, there are ways to minimize this risk. Simply taking the time to protect your data is the key to preventing these massive, costly data breaches. After all, protecting your data is a lot easier than dealing with a massive data breach. Just ask Equifax.

The Equifax Data Breach

In 2017, Equifax, a consumer credit reporting agency, fell victim to a massive cyberattack and data breach. In the attack, over 160 million customers’ personal information was leaked, including names, phone numbers, social security numbers, driver’s license numbers and more [2].

In addition to the massive security breach, Equifax’s response to the attack was criticized as well. Although Equifax learned of the attack in July 2017, it was not announced publicly until September 2017. Additionally, Equifax social media directed customers to unofficial sites not owned by Equifax, putting clients further at risk of phishing attacks [3]. Put simply, the Equifax data breach showed what a business should not do in the event of a data breach. From poor communication to a lackadaisical response to the sheer scale of the breach, Equifax was largely unprepared for the breach and its consequences.

But how did the breach occur? While some data breaches can be the consequence of an honest mistake, this was anything but. Equifax was targeted because of its refusal to update its security software. In March 2017, an update for Equifax’s security software was released, but the update was not immediately installed. Quickly, cybercriminals realized there was a security hole in the older version of the software. Then, in May 2017, cybercriminals found that Equifax’s dispute portal still used the flawed security software. They gained access to documents that contained customers’ personal information, and slowly extracted the data over 76 days to avoid detection. As the attackers continued to extract the data, Equifax learned of the breach on July 29, and quickly shut off access. However, by the time Equifax cut off access to the criminals, the damage had already been done.

Why do Criminals Want Your Data?

While data breaches can be catastrophic to consumers, they can lead to big paydays for hackers. For the T-Mobile breach, the release of phone numbers can lead to increased phishing attempts among victims. And because the criminals have access to each phone number’s accompanying name, they can craft a much more convincing phishing text message. If customers fall for the trick, it puts the rest of their data, including financial information, at risk.

If cybercriminals gain access to financial information in a data breach, the consequences can be even more severe. Using this financial information, the hackers (or those who buy the data from the hackers) can open new credit lines, receive loans, or file false tax returns. And because these financial agreements are under your name, you could be on the hook for paying it back.

How do Data Breaches Happen?

While the cause of T-Mobile’s breach is not immediately apparent, Equifax’s cause certainly is clear: Negligence of cybersecurity. Treating cybersecurity as an afterthought is the main cause of many data breaches. Attackers often use phishing techniques and malware in order to gain access to valuable data. For example, when Target was the victim of a data breach in 2013, the attackers stole credentials and installed malware to Target’s software to extract names and credit card numbers [4]

In addition to outside cybercriminals, insider attacks pose a threat to businesses as well. In fact, employee error is the main cause of most data breaches [5]. While most of these breaches are small and have few negative consequences, it shows that outside actors are not the only cybersecurity risk. 47% of business leaders say that human error has caused a data breach in their organization. From losing a device to unintentionally sending confidential emails, internal data breaches certainly pose a threat. Thankfully, there are ways to minimize this risk.

How to Minimize the Risk of a Data Breach

One of the best ways for businesses to prevent a data breach is to encrypt confidential files. With strong encryption, files are unintelligible to unauthorized attackers, making your data useless to cybercriminals. So even if attackers gain access to your documents, encryption blocks the attackers from understanding the data. This ensures that your documents are usable for you, but worthless to criminals.

For individuals, there are easy strategies to minimize harm if your data is leaked. One easy technique to protect yourself is to use different passwords for different accounts. If you use the same password for all of your accounts, just one leak can make all of your accounts at risk. Therefore, it’s important to use different passwords for all your online accounts to ensure one leaked password doesn’t compromise all of your accounts. Additionally, simply checking your credit card history and credit reports can help stop identity theft after a data breach. If you catch fraud early, it can be stopped. Simply using these two techniques can help minimize the damage of a data breach if your information is compromised.

AXEL Offers Unparalleled Protection

AXEL believes that privacy is a human right. With this in mind, we created AXEL Go, a secure file-sharing and storage software. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from unauthorized cybercriminals. Put simply, personal information deserves the best protection. If you’re ready to try the best protection, get two free weeks of AXEL Go here

[1] Schwartz, Mathew J., and Ron Ross. “T-Mobile: Attackers Stole 8.6 Million Customers’ Details.” Data Breach Today. August 18, 2021. https://www.databreachtoday.com/t-mobile-attackers-stole-86-million-customers-details-a-17314?rf=2021-08-19_ENEWS_ACQ_DBT__Slot1_ART17314&mkt_tok=MDUxLVpYSS0yMzcAAAF-_hUkPD9ryUOmFe0rRKxJ3eQA_mnHG9wpo_qAsffgZRgbqIV4FLolYFKr0A7f0CcMmHSwwy3ta4adyJhcjljmHueKFGYuyCT0ezu_kdFj7GYGdCBegA.

[2] Ng, Alfred. “How the Equifax Hack Happened, and What Still Needs to Be Done.” CNET. September 07, 2018. https://www.cnet.com/tech/services-and-software/equifaxs-hack-one-year-later-a-look-back-at-how-it-happened-and-whats-changed/.

[3] Morse, Jack. “Equifax Has Been Directing Victims to a Fake Phishing Site for Weeks.” Mashable. June 10, 2021. https://mashable.com/article/equifax-twitter-phishing-site-facepalm

[4] McCoy, Kevin. “Target to Pay $18.5M for 2013 Data Breach That Affected 41 Million Consumers.” USA Today. May 23, 2017. https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/.

[5] Reinicke, Carmen. “The Biggest Cybersecurity Risk to US Businesses Is Employee Negligence, Study Says.” CNBC. June 21, 2018. https://www.cnbc.com/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html.

Another Day, Another Cyberattack: Kaseya Software and the Future of Ransomware

Once again, a major ransomware attack has affected businesses and consumers across the globe. Kaseya, a software company that provides IT infrastructure for managed service providers, was the victim of this latest cyberattack. Over the 2021 Independence Day weekend, REvil, a Russian-based hacker gang sent out a malicious software update to Kaseya’s clients, resulting in up to 1,500 small businesses being compromised[1]. Now, the group is asking for USD 50 million to undo the damage, the largest ransomware demand in history[2].

While the effects on some compromised businesses were minor, others were hit hard. For example, hundreds of grocery stores in Sweden were forced to close after their cash registers became inoperable following the attack, with railways and pharmacies in the country also being affected[3]. Additionally, some New Zealand schools were taken offline because of the attack[4]. This worldwide attack shows how crippling ransomware attacks can be, and highlights the importance of businesses protecting and securing their data.

The History of REvil

REvil, short for Ransomware Evil, is a Russian-based group of cybercriminals that attacks businesses by encrypting their data and rendering it unusable until a ransom is paid to them. Founded in 2019, REvil quickly gained prominence and, recently, has increased the scale of its attacks. While the average ransom demand from REvil was just USD 728,000[5], recent attacks have shown the group’s willingness to aim for more. For example, REvil attacked JBS, a meat processing company, in May. While food shortages were avoided, the company still paid REvil USD 11 million to prevent further supply chain interruptions[6]. Even worse, REvil uses its ransom money to hire new hackers and research new ransomware technology, becoming a thriving business of cybercrime[5]. In just two years, REvil has become a powerful group, launching successful ransomware attacks across the globe.

A Troubling Trend

Unfortunately, the Kaseya attack is just one example of a larger problem faced by businesses around the globe. Hacker groups seek to attack and exploit any business they can by threatening to destroy or leak data unless a massive payment is made. Much worse than simple computer viruses, ransomware attacks can grind business to a halt within hours.

Cyberattacks involving ransomware have increased further in 2021, with recent attacks affecting people and businesses around the globe. In May, an attack on the Colonial Pipeline affected millions of Americans, causing fuel shortages in the Southeast. Even though Colonial Pipeline paid the ransom within hours of the attack, the effect was still felt by millions. 

The Colonial Pipeline attack was just one of the thousands of expected ransomware attacks in 2021[7], and, unfortunately, they show no sign of slowing down. As long as hackers continue to find vulnerabilities in business security, ransomware attacks will continue. With more and more work being done online, data becomes more and more vulnerable. Ransomware attackers can strike at any time, destroying a business’s ability to function. And even if a business pays the ransom, it can take a long period of time to get back to normal. 

So while ransomware prevention can be a headache, it helps make sure you are as protected as possible from attackers. After all, there is nothing hackers love more than a business with lax cybersecurity.

Tips to Prevent Ransomware Attacks

Create and Frequently Update Offline Backups of Data: While this is a time-consuming process, this is the best way to ensure your business can still function if a ransomware attack occurs. Backing up your data offline ensures that if you are affected by ransomware, your important data will be safe from hackers. Simply delete your affected systems and reupload your offline data onto a new system.

Consider Using White Hat Hackers: While hackers have a negative connotation, white hat hackers can help businesses tremendously. They ethically check and test your cybersecurity measures and inform you of any potential vulnerabilities. Once you know the issues, you can fix them and protect your business from the hackers who wish to hurt rather than help.

Update your Antivirus Software: This is the simplest, easiest way to make sure you and your business are protected from ransomware attacks. Each update of antivirus software helps patch vulnerabilities that are present. Staying up-to-date helps ensure you are as protected as possible from unethical hackers who check for holes in security. If your business is on an older version of antivirus software, hackers can find a way past the protection and hold your business hostage. Patching these holes through software updates keeps you safe from old security bugs that attackers often exploit.

The Future of Ransomware

As technology evolves further, unfortunately, so do the practices of unethical hackers. Every day, businesses and individuals put data at risk of cyberattacks. While businesses and antivirus softwares try to ensure every security vulnerability is patched, hackers may still find a way to attack. However, following the tips mentioned before and safeguarding your data can make you less likely to become a victim of a ransomware attack.

Unfortunately, if attackers obtain data and threaten to sell or leak it unless a ransom is paid, a business has few options other than paying the ransom or losing the data. Once attackers have access to the data, there is not much a business can do. This is why the best defense against ransomware is prevention. Taking the time to secure your data, update your software, and find vulnerabilities will increase your protection from cybercriminals who wish to wreak havoc on a business.

Securing Your Data

At AXEL, we believe data privacy is a right. Unlike other tech companies, we will never sell your data to third parties, helping ensure your data is only yours. Our file-sharing application, AXEL Go, uses blockchain technology and AES 256-bit encryption to provide the most secure cloud-sharing system in the industry. Whether for business or personal use, AXEL Go helps protect your most important files. 

Sign up today to receive a free 14-day trial of our Premium service with all of AXEL Go’s features unlocked. After the trial period, you can choose to continue your Premium account for just $9.99/month or use our Basic service free of charge. Together, we can help protect data from malicious attackers.

[1] “Up to 1,500 Businesses Compromised by Latest Ransomware Attack, Kaseya CEO Says.” CBS News. July 06, 2021. http://www.cbsnews.com/news/ransomware-attack-kaseya-1500-businesses/.

[2] “In Private Conversation, Hackers behind Massive Ransomware Outbreak Lower Demand to $50 Million.” CNBC. July 05, 2021. http://www.cnbc.com/2021/07/05/revil-hackers-behind-massive-ransomware-outbreak-drop-demand-to-50m.html.

[3] Browning, Kellen. “Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack.” The New York Times. July 03, 2021. https://www.nytimes.com/2021/07/02/technology/cyberattack-businesses-ransom.html.

[4] Satter, Raphael. “Up to 1,500 Businesses Affected by Ransomware Attack, U.S. Firm’s CEO Says.” Reuters. July 05, 2021. http://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/

[5] Javers, Eamon. “Axis of REvil: What We Know about the Hacker Collective Taunting Apple.” CNBC. April 23, 2021. https://www.cnbc.com/2021/04/23/axis-of-revil-inside-the-hacker-collective-taunting-apple.html.

[6] Bunge, Jacob. “JBS Paid $11 Million to Resolve Ransomware Attack.” The Wall Street Journal. June 10, 2021. https://www.wsj.com/articles/jbs-paid-11-million-to-resolve-ransomware-attack-11623280781.

[7] Hum, Thomas. “Over 65,000 Ransomware Attacks Expected in 2021: Former Cisco CEO.” Yahoo! Finance. June 14, 2021. https://finance.yahoo.com/news/over-65000-ransomware-attacks-expected-in-2021-former-cisco-ceo-125100793.html.

Breaking Down Biden’s Executive Order on Cybersecurity

On the heels of two of the largest hacks in United States history (SolarWinds and Microsoft Exchange Server), President Biden released an executive order on May 12th dealing with cybersecurity. Let’s dig into what’s in the order and how it could affect the nation’s cyber defense strategy.

The breakdown – Remove barriers to sharing information

IT contractors collect a vast amount of data every day for federal government agencies. Due to contractual obligations and restrictions, however, these agencies don’t share this data freely with each other. This can lead to knowledge gaps and situations where agencies can’t put together a complete picture of a threat. This executive order seeks to eliminate these knowledge gaps by amending service provider contracts and streamlining the information-sharing process.  

AXEL Commentary: Since organizations are already collecting this data, ensuring a pipeline for sharing seems like a good idea. The caveat is that there were no specifics as to what is actually being collected daily. For example, are they tracking international or domestic actors? Both? Does it violate privacy or civil liberties? When you’re talking about the U.S. Government surveilling people under the guise of national security, the track record is spotty, to say the least.

Modernize federal cybersecurity

There are no reasons given why the current cybersecurity protocols are lagging, but let’s assume that the Administration is correct that the government isn’t on the cutting-edge of cyber defense. Of course, you’d hope this assumption wouldn’t apply to agencies dealing with crucial defense systems such as nuclear weapons, but…

The main priority of this section is to migrate federal computer systems to cloud-based options that integrate ‘Zero Trust Architecture.’ Zero Trust networks eliminate the concept of an ‘edge’ and require all users, whether they connect through a local or cloud-based node, to validate and provide the necessary credentials to maintain access.

AXEL Commentary: Zero Trust Architecture is an excellent idea in an ideal world. In reality, thus far, it’s proven to be little more than the go-to buzzword for IT department heads. The cost of updating legacy systems to the Zero Trust model would be prohibitive. The Administration is talking about updating all federal networks to this method. Knowing how slow government can be to upgrade, it seems infeasible that Zero Trust security can be implemented holistically any time in the near future. The technical difficulties combined with the eventual re-training efforts required would be enormous.

Solidify security throughout the software supply chain

As the recent hacks proved, federal agencies often rely on private third-party vendors for their software solutions. These solutions typically aren’t developed with cybersecurity as the main priority, leaving critical systems susceptible to attack. This order aims to incentivize organizations throughout the supply chain to harden their security systems.

AXEL Commentary: Again, it comes down to the question of practicality. The order prioritizes this initiative specifically for ‘critical systems, so the scope is at least somewhat limited. It certainly makes sense to ensure software providers for important systems prioritize security. The details for how this would actually play out are scarce, but there is some optimism that it can be accomplished.

Create a Cyber Safety Review Board

This order establishes the framework for a Cyber Safety Review Board. Members on the board would assess ‘significant cyber events’ taking place on national networks and recommend remediation procedures or tips for future prevention.

AXEL Commentary: Jokes about the unstoppable expansion of governmental bureaucracy aside, it’s surprising such a committee doesn’t already exist. Cyber-attacks have been a national security threat for decades, so you’d figure there would be a board that analyzes attacks, but evidently not. However, depending on the competence of those assigned to this committee, it could help with future incidents.

Standardize cyber incident response across agencies

The Administration wants to unify the response guidelines for federal agencies to provide a coherent interdepartmental plan. This would result in a more coordinated response with standardized incident logging procedures, making analysis and cooperation easier.

AXEL Commentary: Theoretically, this change could be beneficial. It depends on how different the systems of individual agencies are, however. If one department’s specific network requires a significantly different and more tailored response, making it a ‘one-size-fits-all’ situation could hamper remediation efforts. Unified logging procedures are a good idea in any case.

Improve vulnerability detection capabilities

0-day, or previously unknown, exploits are a common way hackers breach sensitive networks. The executive action looks to deploy more resources toward vulnerability detection.

AXEL Commentary: The specifics of the ‘how’ here aren’t detailed. Is the government going to employ teams of penetration testers who search out a systems’ weak points? Hopefully, because that’s the best way to find exploits. Of course, this assumes there are people in federal agencies that have the skills to tackle the task. If not, the lag between finding, clearing, hiring, and deploying the necessary white hat hackers could be considerable.

And, those are the main points of the executive action. There are a few other sections, but they piggyback and expand upon these goals. If you’d like to read the entire document for yourself, visit whitehouse.gov and do so. Let us know if you think we left out anything important! Overall, it’s an interesting plan that sounds great on paper. It’s hard to argue that the United States doesn’t need to overhaul its cybersecurity practices.

As always, the devil is in the details. How exactly will the plan’s implementation go? Will it be funded adequately? What problems will agencies run into along the way? Only time will tell, but we hope for a resounding success.

AXEL: Secure solutions for your organization

Most software products aren’t geared toward robust cybersecurity, and the United States government agrees. AXEL provides an alternate path that provides high-tech security without sacrificing usability. The secure, private file-sharing and cloud storage platform, AXEL Go, embodies this philosophy. Developed with integrated blockchain technology, InterPlanetary File System integration, and 256-bit encryption capabilities, AXEL Go is the best way to share and store files online safely. Try it out today and receive a 14-day free trial of our premium service. You’ll see how easy cybersecurity can be. So, stop waiting for a data breach and protect your organization with AXEL Go.

The Jones Day Law Firm Data Breach Serves as a Warning for Others

In December and January, the technology company Accellion experienced a hack to the Accellion FTA (File Transfer Appliance), a file-sharing program aimed at enterprise customers. Since then, multiple organizations have reported data breaches linked to the software, including the large law firm Jones Day. This created quite the storm for the firm and some high-profile customers like the City of Chicago. Here, we’ll go over the hack and discuss the lessons organizations should learn from the situation.

How it happened

According to a report by the cybersecurity company FireEye[1], the initial attacks occurred via a malicious SQL injection that allowed the criminals to install a web shell on Accellion servers. Then, the hackers could run malware programs at will via the web shell. If you remember, this is very similar to the methods employed by the group behind the infamous SolarWinds hack, covered by us here and here.

Who was behind it?

Cybersecurity experts attribute the attack to the CL0P ransomware gang[2] due to increased activity on the group’s dark website that shames organizations into paying the ransom. Analysts conclude that the victims implicated on the site line up with the known victims of this breach.

The threat actors used the Accellion FTA exploits to steal data from over 100 organizations, including the Australian Securities and Investments Commission, grocery store chain Kroger, the University of Colorado, and the Jones Day law firm. We’ll be specifically looking at the Jones Day state of affairs, as it has become a juicy story.

Jones Day

The Jones Day Law Firm is a major firm headquartered in Cleveland, Ohio, employing over 2500 attorneys and serving thousands of clients globally. In February 2021, representatives confirmed the company was one of those affected by the Accellion FTA breach. Law firms have significantly more to worry about from data breaches than, say, Kroger. This is due to the sheer amount of confidential information that passes between attorneys, legal assistants, clients, and court officials. Jones Day says its internal systems weren’t compromised, but the distinction is a bit moot, given what ended up being leaked.

The City of Chicago

The most interesting insights revealed in breach so far come from leaked correspondence between Jones Day and Chicago government officials. The City of Chicago was not a formal client of the firm, but Jones Day attorneys offered advice on many legal situations. The hackers stole over 85GB of emails, images, and documents sent between the two entities.

Neither Jones Day nor the City of Chicago paid the ransom, and these files were made available on the Dark Web. The Wikileaks-esque whistleblower website DDOSecret.com released a small portion of the haul publicly and has sent the complete data set to journalists. What has been reported on offers a fascinating look behind the political curtain of America’s third-largest city:

  • The Chicago Police Department created a secret drone surveillance program using money from seized assets sold after criminal investigations[3]. The budget for the drone initiative totaled nearly $8 million. The police used it to aid in missing persons cases and anti-terrorism strategies.
  • Mayor Lori Lightfoot attempted to distance herself from a campaign promise regarding police reformation[4].
  • Mayor Lightfoot and Illinois Governor J.B. Pritzker clashed on COVID lockdown restrictions on indoor dining.

Clandestine drone programs aside, there haven’t been many earth-shattering bombshells. Still, it’s embarrassing for both the City of Chicago and Jones Day. Mayor Lightfoot has called into question the authenticity of the emails[5], stopping short of outright denial.

It seems unlikely that a hacker group would go through the trouble of fabricating hundreds of thousands of documents to expose what amounts to normal everyday political shenanigans, but we’ll see how it shakes out.

The lesson

Jones Day and 100+ other affected organizations could have saved themselves the public embarrassment and loss of trust if they used better data transfer solutions. The Accellion FTA was a legacy file-sharing platform left largely unsupported. However, the inertia of technological adoption resulted in massive companies leaving themselves open to a data breach. Given the resources these organizations have at their disposal, the risks of sticking with old tech are unacceptable.

It’s especially objectional for a law firm like Jones Day. Their entire business is keeping confidential legal information away from the public’s eyes. While they may have the clout to recover from this issue, smaller firms would be devastated.

The takeaway for law firms and solo practices should be; take data security very seriously! Don’t rely on outdated platforms or downright insecure solutions like email attachments to share and store documents. Vet the provider you end up going with to ensure they will support the solution for the foreseeable future and continue to provide security patches along with new privacy features. Not doing so leaves you susceptible to catastrophic scenarios.

The right choice

Our file-sharing and cloud storage platform AXEL Go prevents data breaches. It’s the perfect solution for those working within targeted industries such as the legal sector. Our development team built AXEL Go from a framework of security and privacy. It combines secure blockchain technology, decentralized IPFS implementation, and military-grade file encryption to keep the most sensitive files safe.

To learn more, please visit AXELGo.app and sign up for a free 14-day trial of our Premium service. You get to try out all of the innovative features, such as Secure Fetch and storage encryption. Our team is always hard at work improving the platform and releasing updates. Once you see the AXEL difference, you’ll never go back to insecure data transfer systems again.

[1] Andrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta, Kimberly Goody, “Cyber Criminal Exploit Accellion FTA for Data Theft and Extortion”, FireEye.com, Feb. 22, 2021, https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html

[2] Tara Seals, “Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11”, ThreatPost.com, Feb. 22, 2021, https://threatpost.com/accellion-zero-day-attacks-clop-ransomware-fin11/164150/

[3] Tom Schuba, Frank Main, “CPD launched secret drone program with off-the-books cash”, Chicago Sun Times, May 12, 2021, https://chicago.suntimes.com/city-hall/2021/5/11/22425299/cpd-chicago-police-drone-secret-emails-hack-lori-lightfoot-dodsecrets-city-hall

[4] Gregory Pratt, “Computer hackers stole thousands of Lightfoot administration emails. Here’s a look at some of what they leaked online.”, Chicago Tribune, May 14, 2021, https://www.chicagotribune.com/politics/ct-lightfoot-administration-hacked-emails-closer-look-20210514-havyv352lfegrklmfi76a25wfi-story.html

[5] Bernie Tafoya, “Lightfoot questions legitimacy of city emails made public after hack”, WBBM NewsRadio 780 AM, May 11, 2021, https://www.audacy.com/wbbm780/news/local/mayor-questions-legitimacy-of-emails-made-public-after-hack