Skip to content

CyberSecurity Newsletter | May 2019


cybercriminal organizations

Mediaphotos | Vetta | Getty Images

The Business of Cybercrime recently published the article “Cybercrime organizations work just like any other business: Here’s what they do each day.” It’s an interesting read. Researchers from both IBM and Google describe how cybercriminal  “groups operate and often mimic the behavior of companies, including the one you might work for.”

Like mainstream businesses, cybercriminal organizations compete for customers, hiring the best managers and even search for leaders to act in CEO-like roles. In essence, they strive to be organized and on top of their game.

Other parallels objectives include:

  • Setting and achieving quarterly goals
  • Collaborating and competing with each other
  • Getting so big they fail

The similarities of the business structure are evident. Caleb Barlow, head of threat intelligence for IBM Security states, “We can see the discipline they have, we can see that they are active during office hours, they take the weekends off, they work regular hours, they take holidays.”

Understanding how malicious hackers are able to structure their business operations is important, he said, so companies can better grasp what they’re fighting, as the underground economy often functions in parallel with the broader economy.

outlook hack

Microsoft Outlook Email Accounts Compromised

The Hacker News reported that Outlook users may have had their accounts compromised. According to the article, hackers were able to breach Microsoft’s customer support portal to access information from email accounts registered with Outlook.

marriott breach 

The Marriott Data Breach Update

To date, Marriott’s huge 2018 breach has run up a price tag of $3,000,000 and affected nearly 400,000,000 guests. The SSL Store recently performed an autopsy on the massive breach and has come up with some big takeaways in addition to disclosing what happened, why it happened, who did it, etc.

Details of the breach are:

  • It may be the second biggest breach of all-time, behind Yahoo and well ahead of Equifax
  • The breach began in 2014 and wasn’t discovered until September 10, 2018
  • Up to 500 million quests made reservations during that time
  • Compromised data included full names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account numbers, birthdays and gender

The article states that Greg Scott, cybersecurity researcher and author, finds that “one of the biggest issues with the cybersecurity world in general is companies’ reticence to disclose information about breaches and attacks.”

Marriott was lucky in that it had insurance and, so far, has been able to use that insurance to help with the costs they are facing via a massive class-action lawsuit. Sadly, attacks like these are becoming more commonplace.

The article points out that it’s no longer a matter of if, but when an attack or breach will occur. And it emphasizes the importance of an organization’s response when one occurs. “Most of the criticism of Marriott and Starwood has centered around its response to the hack and not that it was compromised in the first place,” says Rob Back, CISSP, and the founder of and managing principal of Fractional CISCO.


Firefox Send – A Must Have Extension

Firefox Send is a NEW free encrypted file transfer service. You no longer have to depend on third-party services to share large files both securely and privately. Mozilla’s end-to-end encrypted file-transfer service makes it easy to share large video, audio or photo files that were too large to send as an attachment to your email, as featured on

“Firefox Send allows you to send files up to 1GB in size, but if you sign up for a free Firefox account, you can upload files as large as 2.5GB in size.” Using a browser-based encryption technology, it encrypts your files before uploading them to the Mozilla server, which can then only be decrypted by the recipient.

Firefox Send differs from services like Dropbox, Google Drive, Microsoft OneDrive and Box, in that it’s not available as desktop software. Instead it’s an online website “where you can quickly upload a file; protect it with a password (optional) and set up an expiration period. The recipients can then simply download the file just by visiting the shared URL regardless of whether they have a Firefox account or not.”

backstory tool

Introducing a New Cyber Security Tool for Business

Google has announced that it has launched Backstory. It’s a cloud-based enterprise-level threat analytics platform whose main purpose is to help companies “quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats.”

Typically, network infrastructures generate large amounts of data and logs daily that are useful when investigating security incidents. The downside is that the data is often retained for only a week or two, which renders it useless if the incident occurs prior to that.

“Backstory solves this problem by allowing organizations to privately upload and store their petabytes of ‘internal security telemetry’ on Google cloud platform and leverage machine learning and data analytics technologies to monitor and analyze it efficiently to detect and investigate any potential threat from a unified dashboard.”

“Backstory normalizes, indexes, and correlates the data, against itself and against third party and curated threat signals, to provide instant analysis and context regarding risky activity,” Alphabet subsidiary Chronicle said in a blog post.

“With Backstory, our analyst would know, in less than a second, every device in the company that communicated with any of these domains or IP addresses, ever.”

Backstory also compares data against “threat intelligence” signals collected from a variety of partners and other sources, including the Alphabet-owned VirusTotal, Avast, Proofpoint and Carbon Black. “Backstory compares your network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly,” Chronicle said. In addition, it continuously compares new information against the company’s historical data.

Backstory will not be priced based on volume. Instead Chronicle will sell licenses based on the size of the company.

This information is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice.  Should you have any questions or would like to discuss your risk exposure with your Cyber Insurance, please contact the insurance pros at ARCW Insurance.  We are here to help.