January 2021— a new year, new you, and, like clockwork, new information system infiltrations. Don't worry, though, because while the country has seen some major data breaches this month, we've also seen a lot of advancement from the nation's security teams. In this smart home cybersecurity news roundup, we take a closer look at what experts have said about the SolarWinds attack, the Spotify password spraying attempts, and the security issue researchers brought to TikTok's attention.
SolarWinds attack explained
SolarWinds is an IT management company who was recently breached by a perpetrator known as UNC2452 or "Dark Halo". During the attack, the "SUNBURST" vulnerability in SolarWinds' Orion platform granted black-hat hackers remote access to the company's information systems. Unfortunately, this breach exposed highly confidential data; The Orion platform has been valued by information technology companies for almost twenty years due to its popular infrastructure monitoring and management tools, meaning that SolarWinds' customer base not only includes several government institutions, but also more than 425 of the US Fortune 500 companies.
According to an official report posted by the security company who detected the attacker, FireEye, the SUNBURST backdoor vulnerability had set intervals in which it would remain "sleeping" before it executed commands that transferred files, executed files, rebooted machines, or even disabled services. Fortunately, the United States Cybersecurity and Infrastructure Security Agency created an open-source detection tool called Sparrow and published steps for mitigating a similar attack in the future.
SolarWinds supply chain attack impacts Microsoft and Malwarebytes
The United States government also assisted Microsoft in recuperating from the SolarWinds breach. According to security expert Joseph Menn, it was an important step for Microsoft and the US government to unite their efforts against the attack:
"...is this a Microsoft problem? In my opinion, it is not fair to expect private companies, no matter how large, to fend off entire nation-states. The job of the US government should be to defend private enterprise from other countries."
After learning of the system breach (which pointed to the SolarWinds attackers), Microsoft conducted an investigation and now claims that any threat has since been found and removed. The intentions of the attacker appear to have been targeted towards particular clients. In Microsoft’s response to the incident on their blog, they explain that they have notified over 40 customers who were potential targets, most of them being located in the United States and part of the information technology industry. Once again, other targets also included several government institutions.
Malwarebytes, a company that offers free and low-cost anti-malware software, is not a client of SolarWinds, but they were targeted by the same threat actor. Malwarebytes claims the incident was not a full breach as the vector in which the intruder gained access was through the abuse of particular Microsoft 365 and Azure environments with privileged access. After a thorough investigation, the company has come to the conclusion that there is no reason to believe any serious compromise has taken place in their production environment, and maintains that their "software remains safe to use." As of right now, it seems that damage done to both companies in the wake of these attacks was minimal.
Spotify breach
Before you start canceling your subscription, the researchers for this vulnerability have decided that the attack didn't originate from Spotify themselves, but from a third party. In other words, the credentials were most likely found elsewhere, but were used to try and compromise Spotify accounts.
The research team at vpnMentor discovered a database of emails and passwords that matched active Spotify accounts. 380+ million records measured at 72GB of data commandeered an estimated amount of over 300,000 users of their email addresses, usernames, and passwords. Some of the databases contained personally identifiable information, such as countries of residence.
The researchers also claim that this information could be used to perform malicious investigations on Spotify users' other social media platforms, directly target users' emails with phishing and malware, or even take over other accounts that share the same login credentials. This doesn't mean that you need to deactivate your account, but it would be wise to change your password even if you don't think you've been affected.
TikTok users exposed by bug
TikTok has taken social media by storm within the past year, now boasting over 1 billion users. Considering the heavy influence this platform has with young users, privacy and security are of the utmost importance. Yet, the app is known for a history of privacy and security issues. Compounding the several vulnerabilities that were found in January of 2020, TikTok "celebrates" its vulnerability anniversary with a new issue in January 2021.
This particular bug was a concern to any user that had their TikTok account linked with their personal phone number. Now resolved, the vulnerability was located in the feature dedicated to syncing contacts in order to discover new people to follow, the "Find Friends" function. Through this feature, researchers at Check Point found methods of acquiring login credentials for up to 60 days as well as pilfering usernames and phone numbers into a database for a cybercriminal to target.
While this may sound scary, the bug was responsibly disclosed in private and was corrected before a malicious attacker could abuse the bug. This means that TikTok developers were able to create a solution for the issue as soon as Check Point researchers brought it to their attention.
