{"id":40124,"date":"2019-12-27T10:14:36","date_gmt":"2019-12-27T10:14:36","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=6e187bebff1cf9a9d121c8d4c3df70f9"},"modified":"2019-12-27T10:14:36","modified_gmt":"2019-12-27T10:14:36","slug":"the-scariest-security-horror-stories-of-2019","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/the-scariest-security-horror-stories-of-2019\/","title":{"rendered":"The scariest security horror stories of 2019"},"content":{"rendered":"<p><span class=\"field field-name-field-author field-type-node-reference field-label-hidden\"><br \/>\n      <span class=\"field-item even\"><a href=\"https:\/\/www.cloudpro.co.uk\/authors\/cloud-pro\">Cloud Pro<\/a><\/span><br \/>\n  <\/span><\/p>\n<div class=\"field field-name-field-published-date field-type-datetime field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\"><span class=\"date-display-single\">27 Dec, 2019<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"short-teaser\">\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\" class=\"combined-link\"><\/a><\/p>\n<div class=\"field field-name-body\">\n<p><span data-cke-copybin-start=\"1\">\u200b<\/span>In what has become a regular feature here at <em>IT Pro<\/em>, we&#8217;re back again to take a look at some of the year&#8217;s most dramatic security stories, many of which were <a href=\"https:\/\/www.itpro.co.uk\/security\/32572\/the-scariest-security-horror-stories-of-2018\" >scarily similar to those we saw in 2018<\/a>.<\/p>\n<p>What&#8217;s\u00a0clear is that businesses continue to face the same old threats, although you&#8217;ll see from our picks that there are plenty of examples of attackers using ingenious methods to breach systems.<\/p>\n<p>Here&#8217;s our pick of 2019&#8217;s scariest security stories.<\/p>\n<h2>VFEmail&#8217;s nightmare year<\/h2>\n<div id=\"file-7464\" class=\"file file-image file-image-jpeg file-content-full-width\">\n<div class=\"content\">    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/server_fire.jpg?itok=vTL0o5dW\" alt=\"\" \/>  <\/div>\n<\/div>\n<p>The first entry on our list, and one of the earliest of 2019, involved an <a href=\"https:\/\/www.itpro.co.uk\/security\/32972\/us-email-provider-wiped-out-by-hacker\" >attack on US email provider VFEmail<\/a>. In what was described as a catastrophic breach on VFEmail&#8217;s systems in February, the company&#8217;s infrastructure had been virtually wiped out overnight, with every disk on every server, including its backups, being destroyed.<\/p>\n<p>Perhaps the most chilling part of the story is that there appeared to be no apparent motive behind the attack and that VFEmail may have been targetted randomly. No ransom was ever offered in exchange for the data, nor was there any evidence that the attacker was even interested in stealing the data.<\/p>\n<div class=\"wysiwyg-widget-wrapper\">\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We were under DDOS attack this weekend. If you received &#39;Unable to connect to server&#39; warnings, that&#39;s an unfortunate side-effect of Cloudflare&#39;s active protection. Though without it, the site was completely inaccessible.<\/p>\n<p>&mdash; VFEmail.net (@VFEmail) <a href=\"https:\/\/twitter.com\/VFEmail\/status\/1186268687218741249?ref_src=twsrc%5Etfw\">October 21, 2019<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/div>\n<p>\nDespite the loss, VFEmail remained committed to staying operational, although the company would come under repeated attack throughout the rest of 2019. Customers would face phishing attacks over the following few months, only for the main service to be hit by three consecutive <a href=\"https:\/\/www.itpro.co.uk\/security\/28026\/what-is-a-ddos-attack\" >DDoS attacks<\/a> in late October and early November. To date, work is still ongoing to restore full functionality to its services.<\/p>\n<h2>NASA narrowly averts catastrophe<\/h2>\n<div id=\"file-7463\" class=\"file file-image file-image-jpeg file-content-full-width\">\n<div class=\"content\">    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/nasa.jpg?itok=2Jl5lK2N\" alt=\"\" \/>  <\/div>\n<\/div>\n<p>Next up we have one of our most widely read stories from the year, and an example of how the miss-handling of relatively new hardware can pose a serious threat to legacy systems. In June, NASA revealed that a <a href=\"https:\/\/www.itpro.co.uk\/security\/33878\/nasa-hack-blamed-on-unauthorised-raspberry-pi\" >Raspberry Pi device had been blamed for a 2018 data breach<\/a> that saw the theft\u00a0of 500MB of mission system data.<\/p>\n<p>An employee was said to have brought a <a href=\"https:\/\/www.itpro.co.uk\/mobile\/21862\/raspberry-pi-top-projects-to-try-yourself\" >Raspberry Pi<\/a> into work without permission and connected it to NASA&#8217;s Jet Propulsion Laboratory network, which a hacker later targetted to gain access to adjoining systems.<\/p>\n<p>The incident sparked a wider investigation into the organisation&#8217;s systems and networks, which found myriad flaws in its database management techniques and methods used to track devices and applications using internal networks. It was ruled that the JPL network was, in fact, incapable of detecting whether an unauthorised or unsecured device was attached to its network.<\/p>\n<p>The report issued ten urgent recommendations for fixing NASA systems, all but one of which were implemented immediately. NASA was fortunate in this instance, as the relatively minor security incident revealed far greater problems plaguing its systems, which were mercifully fixed before disaster could strike.<\/p>\n<h2>Hackers at the door<\/h2>\n<div id=\"file-7465\" class=\"file file-image file-image-jpeg file-content-full-width\">\n<div class=\"content\">    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/amazon_ring.jpg?itok=GYe5YL5M\" alt=\"\" \/>  <\/div>\n<\/div>\n<p>For our next entry, we fast forward to November, where a vulnerability in Amazon&#8217;s Ring doorbells was discovered that could <a href=\"https:\/\/www.itpro.co.uk\/internet-of-things-iot\/34786\/ring-doorbells-leak-users-wi-fi-passwords-in-clear-text\" >allow hackers to intercept their owner&#8217;s Wi-Fi passwords<\/a>.<\/p>\n<p>Researchers at Bitdefender discovered that by accessing a Wi-Fi network&#8217;s credentials, criminals could launch much larger and far more sophisticated attacks against a household. This was possible as the device stored passwords in plain text which were then communicated between a smartphone app and the doorbell using HTTP rather than the <a href=\"https:\/\/www.itpro.co.uk\/network-internet\/30416\/http-vs-https-what-difference-does-it-make-to-security\" >far more secure HTTPS<\/a>.<\/p>\n<p>The news prompted further calls for tougher legislation around the manufacture of connected devices, particularly when they are destined for\u00a0the home.<\/p>\n<h2>King&#8217;s Cross, we barely recognise you<\/h2>\n<div id=\"file-7466\" class=\"file file-image file-image-jpeg file-content-full-width\">\n<div class=\"content\">    <img decoding=\"async\" src=\"https:\/\/cdn2.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/kings_cross.jpg?itok=2RTCVxf4\" alt=\"\" \/>  <\/div>\n<\/div>\n<p>In what will likely set a precedent for the use of cutting-edge technology in public spaces, August saw an investigation by the <a href=\"https:\/\/www.itpro.co.uk\/information-commissioner\/31751\/what-is-the-information-commissioner-s-office-ico\" >Information Commissioner&#8217;s Office<\/a> into the use of <a href=\"https:\/\/www.itpro.co.uk\/biometrics\/30833\/is-facial-recognition-fit-for-purpose\" >facial recognition technology<\/a> at King&#8217;s Cross.<\/p>\n<p>Private owners of the 67-acre site, which houses 50 buildings and is home to major companies such as Google, said they had introduced facial recognition technology alongside their CCTV system to improve the on-site public experience. However, both campaign groups and the Mayor of London Sadiq Khan <a href=\"https:\/\/www.itpro.co.uk\/information-commissioner\/34202\/sadiq-khan-concerned-over-facial-recognition-at-kings-cross\" >criticised the decision as it was unclear precisely how the technology was being used<\/a>. It also raised serious concerns about the capturing of personal data without consent.<\/p>\n<p>The technology was eventually scrapped at the site, however, the owners have not ruled out the possibility of the technology returning at a later date.<\/p>\n<h2>The Collection Folders<\/h2>\n<div id=\"file-6758\" class=\"file file-image file-image-jpeg file-content-full-width\">\n<div class=\"content\">    <img decoding=\"async\" src=\"https:\/\/cdn2.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2018\/10\/password_shutterstock_154905620.jpg?itok=prbTAYt1\" alt=\"\" \/>  <\/div>\n<\/div>\n<p>What&#8217;s unusual about 2019 is that it only took 17 days before we saw what would be one of the largest data leaks of the year. Between late January and early February, a group of researchers determined that around 600GB worth of personal data had been leaked and was circulating online in caches known as &#8220;Collection&#8221; folders.<\/p>\n<p>The initial discovery of the <a href=\"https:\/\/www.itpro.co.uk\/data-breaches\/32774\/massive-collection-1-leak-exposes-773m-unique-records-online\" >Collection #1 folder<\/a> unearthed 773 million unique email addresses and 22 million passwords, figures that were then dwarfed when <a href=\"https:\/\/www.itpro.co.uk\/security\/32891\/collections-2-5-unearthed-with-22-billion-unique-records-now-exposed-online\" >Collection folders 2 through 5<\/a> were then found. In total, it&#8217;s believed that around 2.2 billion emails and passwords were in the complete cache, now being shared around hacking forums.<\/p>\n<p>It&#8217;s also believed that the data is an amalgamation of various leaks\u00a0sourced from high profile data breaches, such as the enormous <a href=\"https:\/\/www.itpro.co.uk\/security\/33427\/yahoo-offers-1175m-settlement-for-2013-monster-hack\" >Yahoo hacks of 2013 and 2014<\/a>. Despite the age of the data, security experts believe that criminals have relied on a lax approach to password hygiene and that many of the email and password pairs could still be exploited.<\/p>\n<h2>Citrix vs IRIDIUM<\/h2>\n<div id=\"file-7467\" class=\"file file-image file-image-jpeg file-content-full-width\">\n<div class=\"content\">    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/citrix.jpg?itok=Fh5q9e6v\" alt=\"\" \/>  <\/div>\n<\/div>\n<p>In March, Citrix revealed that it was working with the FBI to look into a breach on its systems after a number of documents had been reported stolen. Initial reports were light on detail, mainly as only very brief statements were issued by\u00a0the company, and it would only be through the release of a report by cyber security firm Resecurity that we&#8217;d learn that <a href=\"https:\/\/www.itpro.co.uk\/security\/33189\/citrix-security-breach-sees-6tb-of-sensitive-data-stolen\" >around 6TB of data had been swiped in the raid<\/a>.<\/p>\n<p>The company had a number of high-profile customers at the time, including large corporations and both the US military and government.<\/p>\n<p>Resecurity had traced the attack back to an Iranian hacking group known as IRIDIUM, which had bombarded a number of Citrix accounts with commonly used passwords, known as password spraying, before gaining a foothold. After this, the group was then able to methodically bypass each additional security layer, including <a href=\"https:\/\/www.itpro.co.uk\/security\/29982\/what-is-two-factor-authentication\" >two-factor authentication<\/a>.<\/p>\n<p>The IRIDIUM group had\u00a0reportedly targetted hundreds of thousands of people at more than 200 companies during the previous two years leading up to the hack on Citrix, according to figures provided by Microsoft.<\/p>\n<h2>Microsoft: &#8220;We told you so&#8230;&#8221;<\/h2>\n<div id=\"file-7297\" class=\"file file-image file-image-jpeg file-content-full-width\">\n<div class=\"content\">    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/08\/germanmicrosoft_shutterstock_1028638774.jpg?itok=D_Yavrki\" alt=\"\" \/>  <\/div>\n<\/div>\n<p>One of our most-read stories of the year actually surfaced at the beginning of December.<\/p>\n<p>According to Microsoft threat researchers, <a href=\"https:\/\/www.itpro.co.uk\/security\/identity-and-access-management-iam\/354289\/44-million-microsoft-customers-found-using\" >44 million of its customers were still using passwords that had been compromised<\/a> in the past by large scale data breaches. This included both general users of Microsoft Service Accounts, as well as Azure Active Directory accounts owned by businesses.<\/p>\n<p>Following a check on a database of three billion credentials sourced from public accounts and law enforcement, it was found that the 44 million customers were using the same compromised passwords across a number of online services.<\/p>\n<p>The discovery forced Microsoft to issue a password reset to all affected customers, including an alert to business admins to reset user credentials. The company also <a href=\"https:\/\/www.itpro.co.uk\/mobile\/28511\/microsoft-wants-you-to-forget-your-passwords\" >urged customers to turn on multi-factor authentication<\/a>.<\/p>\n<p>Despite the shocking figure, the news potentially served as a great PR for Microsoft \u2013\u00a0the company has long been attempting to move customers away from passwords onto more secure passwordless authentication. The company revealed to <em>IT Pro<\/em>\u00a0in November that it had <a href=\"https:\/\/www.itpro.co.uk\/business-strategy\/34796\/view-from-the-airport-microsoft-ignite-2019\" >managed to move 100 million customers to biometric authentication<\/a>, although it would take at least three more years to move the remaining 700 million users. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p><span><br \/>\n      <span><a href=\"https:\/\/www.cloudpro.co.uk\/authors\/cloud-pro\">Cloud Pro<\/a><\/span><br \/>\n  <\/span><\/p>\n<div>\n<div>\n<div><span>27 Dec, 2019<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p>\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\"><\/a><\/p>\n<div>\n<p><span data-cke-copybin-start=\"1\">&#8203;<\/span>In what has become a regular feature here at <em>IT Pro<\/em>, we&#8217;re back again to take a look at some of the year&#8217;s most dramatic security stories, many of which were <a href=\"https:\/\/www.itpro.co.uk\/security\/32572\/the-scariest-security-horror-stories-of-2018\" target=\"_blank\" rel=\"noopener noreferrer\">scarily similar to those we saw in 2018<\/a>.<\/p>\n<p>What&#8217;s&nbsp;clear is that businesses continue to face the same old threats, although you&#8217;ll see from our picks that there are plenty of examples of attackers using ingenious methods to breach systems.<\/p>\n<p>Here&#8217;s our pick of 2019&#8217;s scariest security stories.<\/p>\n<h2>VFEmail&#8217;s nightmare year<\/h2>\n<div>\n<div>    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/server_fire.jpg?itok=vTL0o5dW\" alt=\"\"><\/div>\n<\/div>\n<p>The first entry on our list, and one of the earliest of 2019, involved an <a href=\"https:\/\/www.itpro.co.uk\/security\/32972\/us-email-provider-wiped-out-by-hacker\" target=\"_blank\" rel=\"noopener noreferrer\">attack on US email provider VFEmail<\/a>. In what was described as a catastrophic breach on VFEmail&#8217;s systems in February, the company&#8217;s infrastructure had been virtually wiped out overnight, with every disk on every server, including its backups, being destroyed.<\/p>\n<p>Perhaps the most chilling part of the story is that there appeared to be no apparent motive behind the attack and that VFEmail may have been targetted randomly. No ransom was ever offered in exchange for the data, nor was there any evidence that the attacker was even interested in stealing the data.<\/p>\n<div>\n<blockquote>\n<p lang=\"en\" dir=\"ltr\">We were under DDOS attack this weekend. If you received &#8216;Unable to connect to server&#8217; warnings, that&#8217;s an unfortunate side-effect of Cloudflare&#8217;s active protection. Though without it, the site was completely inaccessible.<\/p>\n<p>&mdash; VFEmail.net (@VFEmail) <a href=\"https:\/\/twitter.com\/VFEmail\/status\/1186268687218741249?ref_src=twsrc%5Etfw\">October 21, 2019<\/a><\/p>\n<\/blockquote>\n<\/div>\n<p>\nDespite the loss, VFEmail remained committed to staying operational, although the company would come under repeated attack throughout the rest of 2019. Customers would face phishing attacks over the following few months, only for the main service to be hit by three consecutive <a href=\"https:\/\/www.itpro.co.uk\/security\/28026\/what-is-a-ddos-attack\" target=\"_blank\" rel=\"noopener noreferrer\">DDoS attacks<\/a> in late October and early November. To date, work is still ongoing to restore full functionality to its services.<\/p>\n<h2>NASA narrowly averts catastrophe<\/h2>\n<div>\n<div>    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/nasa.jpg?itok=2Jl5lK2N\" alt=\"\"><\/div>\n<\/div>\n<p>Next up we have one of our most widely read stories from the year, and an example of how the miss-handling of relatively new hardware can pose a serious threat to legacy systems. In June, NASA revealed that a <a href=\"https:\/\/www.itpro.co.uk\/security\/33878\/nasa-hack-blamed-on-unauthorised-raspberry-pi\" target=\"_blank\" rel=\"noopener noreferrer\">Raspberry Pi device had been blamed for a 2018 data breach<\/a> that saw the theft&nbsp;of 500MB of mission system data.<\/p>\n<p>An employee was said to have brought a <a href=\"https:\/\/www.itpro.co.uk\/mobile\/21862\/raspberry-pi-top-projects-to-try-yourself\" target=\"_blank\" rel=\"noopener noreferrer\">Raspberry Pi<\/a> into work without permission and connected it to NASA&#8217;s Jet Propulsion Laboratory network, which a hacker later targetted to gain access to adjoining systems.<\/p>\n<p>The incident sparked a wider investigation into the organisation&#8217;s systems and networks, which found myriad flaws in its database management techniques and methods used to track devices and applications using internal networks. It was ruled that the JPL network was, in fact, incapable of detecting whether an unauthorised or unsecured device was attached to its network.<\/p>\n<p>The report issued ten urgent recommendations for fixing NASA systems, all but one of which were implemented immediately. NASA was fortunate in this instance, as the relatively minor security incident revealed far greater problems plaguing its systems, which were mercifully fixed before disaster could strike.<\/p>\n<h2>Hackers at the door<\/h2>\n<div>\n<div>    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/amazon_ring.jpg?itok=GYe5YL5M\" alt=\"\"><\/div>\n<\/div>\n<p>For our next entry, we fast forward to November, where a vulnerability in Amazon&#8217;s Ring doorbells was discovered that could <a href=\"https:\/\/www.itpro.co.uk\/internet-of-things-iot\/34786\/ring-doorbells-leak-users-wi-fi-passwords-in-clear-text\" target=\"_blank\" rel=\"noopener noreferrer\">allow hackers to intercept their owner&#8217;s Wi-Fi passwords<\/a>.<\/p>\n<p>Researchers at Bitdefender discovered that by accessing a Wi-Fi network&#8217;s credentials, criminals could launch much larger and far more sophisticated attacks against a household. This was possible as the device stored passwords in plain text which were then communicated between a smartphone app and the doorbell using HTTP rather than the <a href=\"https:\/\/www.itpro.co.uk\/network-internet\/30416\/http-vs-https-what-difference-does-it-make-to-security\" target=\"_blank\" rel=\"noopener noreferrer\">far more secure HTTPS<\/a>.<\/p>\n<p>The news prompted further calls for tougher legislation around the manufacture of connected devices, particularly when they are destined for&nbsp;the home.<\/p>\n<h2>King&#8217;s Cross, we barely recognise you<\/h2>\n<div>\n<div>    <img decoding=\"async\" src=\"https:\/\/cdn2.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/kings_cross.jpg?itok=2RTCVxf4\" alt=\"\"><\/div>\n<\/div>\n<p>In what will likely set a precedent for the use of cutting-edge technology in public spaces, August saw an investigation by the <a href=\"https:\/\/www.itpro.co.uk\/information-commissioner\/31751\/what-is-the-information-commissioner-s-office-ico\" target=\"_blank\" rel=\"noopener noreferrer\">Information Commissioner&#8217;s Office<\/a> into the use of <a href=\"https:\/\/www.itpro.co.uk\/biometrics\/30833\/is-facial-recognition-fit-for-purpose\" target=\"_blank\" rel=\"noopener noreferrer\">facial recognition technology<\/a> at King&#8217;s Cross.<\/p>\n<p>Private owners of the 67-acre site, which houses 50 buildings and is home to major companies such as Google, said they had introduced facial recognition technology alongside their CCTV system to improve the on-site public experience. However, both campaign groups and the Mayor of London Sadiq Khan <a href=\"https:\/\/www.itpro.co.uk\/information-commissioner\/34202\/sadiq-khan-concerned-over-facial-recognition-at-kings-cross\" target=\"_blank\" rel=\"noopener noreferrer\">criticised the decision as it was unclear precisely how the technology was being used<\/a>. It also raised serious concerns about the capturing of personal data without consent.<\/p>\n<p>The technology was eventually scrapped at the site, however, the owners have not ruled out the possibility of the technology returning at a later date.<\/p>\n<h2>The Collection Folders<\/h2>\n<div>\n<div>    <img decoding=\"async\" src=\"https:\/\/cdn2.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2018\/10\/password_shutterstock_154905620.jpg?itok=prbTAYt1\" alt=\"\"><\/div>\n<\/div>\n<p>What&#8217;s unusual about 2019 is that it only took 17 days before we saw what would be one of the largest data leaks of the year. Between late January and early February, a group of researchers determined that around 600GB worth of personal data had been leaked and was circulating online in caches known as &#8220;Collection&#8221; folders.<\/p>\n<p>The initial discovery of the <a href=\"https:\/\/www.itpro.co.uk\/data-breaches\/32774\/massive-collection-1-leak-exposes-773m-unique-records-online\" target=\"_blank\" rel=\"noopener noreferrer\">Collection #1 folder<\/a> unearthed 773 million unique email addresses and 22 million passwords, figures that were then dwarfed when <a href=\"https:\/\/www.itpro.co.uk\/security\/32891\/collections-2-5-unearthed-with-22-billion-unique-records-now-exposed-online\" target=\"_blank\" rel=\"noopener noreferrer\">Collection folders 2 through 5<\/a> were then found. In total, it&#8217;s believed that around 2.2 billion emails and passwords were in the complete cache, now being shared around hacking forums.<\/p>\n<p>It&#8217;s also believed that the data is an amalgamation of various leaks&nbsp;sourced from high profile data breaches, such as the enormous <a href=\"https:\/\/www.itpro.co.uk\/security\/33427\/yahoo-offers-1175m-settlement-for-2013-monster-hack\" target=\"_blank\" rel=\"noopener noreferrer\">Yahoo hacks of 2013 and 2014<\/a>. Despite the age of the data, security experts believe that criminals have relied on a lax approach to password hygiene and that many of the email and password pairs could still be exploited.<\/p>\n<h2>Citrix vs IRIDIUM<\/h2>\n<div>\n<div>    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/12\/citrix.jpg?itok=Fh5q9e6v\" alt=\"\"><\/div>\n<\/div>\n<p>In March, Citrix revealed that it was working with the FBI to look into a breach on its systems after a number of documents had been reported stolen. Initial reports were light on detail, mainly as only very brief statements were issued by&nbsp;the company, and it would only be through the release of a report by cyber security firm Resecurity that we&#8217;d learn that <a href=\"https:\/\/www.itpro.co.uk\/security\/33189\/citrix-security-breach-sees-6tb-of-sensitive-data-stolen\" target=\"_blank\" rel=\"noopener noreferrer\">around 6TB of data had been swiped in the raid<\/a>.<\/p>\n<p>The company had a number of high-profile customers at the time, including large corporations and both the US military and government.<\/p>\n<p>Resecurity had traced the attack back to an Iranian hacking group known as IRIDIUM, which had bombarded a number of Citrix accounts with commonly used passwords, known as password spraying, before gaining a foothold. After this, the group was then able to methodically bypass each additional security layer, including <a href=\"https:\/\/www.itpro.co.uk\/security\/29982\/what-is-two-factor-authentication\" target=\"_blank\" rel=\"noopener noreferrer\">two-factor authentication<\/a>.<\/p>\n<p>The IRIDIUM group had&nbsp;reportedly targetted hundreds of thousands of people at more than 200 companies during the previous two years leading up to the hack on Citrix, according to figures provided by Microsoft.<\/p>\n<h2>Microsoft: &#8220;We told you so&#8230;&#8221;<\/h2>\n<div>\n<div>    <img decoding=\"async\" src=\"https:\/\/cdn1.cloudpro.co.uk\/sites\/cloudprod7\/files\/styles\/insert_main_wide_image\/public\/2019\/08\/germanmicrosoft_shutterstock_1028638774.jpg?itok=D_Yavrki\" alt=\"\"><\/div>\n<\/div>\n<p>One of our most-read stories of the year actually surfaced at the beginning of December.<\/p>\n<p>According to Microsoft threat researchers, <a href=\"https:\/\/www.itpro.co.uk\/security\/identity-and-access-management-iam\/354289\/44-million-microsoft-customers-found-using\" target=\"_blank\" rel=\"noopener noreferrer\">44 million of its customers were still using passwords that had been compromised<\/a> in the past by large scale data breaches. This included both general users of Microsoft Service Accounts, as well as Azure Active Directory accounts owned by businesses.<\/p>\n<p>Following a check on a database of three billion credentials sourced from public accounts and law enforcement, it was found that the 44 million customers were using the same compromised passwords across a number of online services.<\/p>\n<p>The discovery forced Microsoft to issue a password reset to all affected customers, including an alert to business admins to reset user credentials. The company also <a href=\"https:\/\/www.itpro.co.uk\/mobile\/28511\/microsoft-wants-you-to-forget-your-passwords\" target=\"_blank\" rel=\"noopener noreferrer\">urged customers to turn on multi-factor authentication<\/a>.<\/p>\n<p>Despite the shocking figure, the news potentially served as a great PR for Microsoft &ndash;&nbsp;the company has long been attempting to move customers away from passwords onto more secure passwordless authentication. The company revealed to <em>IT Pro<\/em>&nbsp;in November that it had <a href=\"https:\/\/www.itpro.co.uk\/business-strategy\/34796\/view-from-the-airport-microsoft-ignite-2019\" target=\"_blank\" rel=\"noopener noreferrer\">managed to move 100 million customers to biometric authentication<\/a>, although it would take at least three more years to move the remaining 700 million users. <\/p>\n<\/p><\/div>\n","protected":false},"author":404,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-40124","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/40124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/404"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=40124"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/40124\/revisions"}],"predecessor-version":[{"id":40125,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/40124\/revisions\/40125"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=40124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=40124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=40124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}