Last week, the Cybersecurity & Infrastructure Agency (CISA) – part of the U.S. Department of Homeland Security – published a joint advisory alert, revealing that an advanced-persistent-threat (APT) hacking group aligned with the Iranian government has been exploiting vulnerabilities of the Microsoft Exchange mail server and Fortinet cyber security company. The advisory was released by the FBI, CISA, the U.K.'s National Cyber Security Center, and the Australian Cyber Security Center.
Backed by Iran, APT actors have leveraged the two entities' vulnerabilities to "target a broad range of victims across multiple critical infrastructure sectors" since at least March 2021, according to the alert. One target of their malicious activity involved a U.S.-based hospital specializing in healthcare for children.
A prime target
American Family News spoke to Andrew Jenkinson, CEO of cybersecurity company Cybersec Innovation Partners (CIP). The U.K.-based expert contends the United States isn't prepared when it comes to the hacking exploits of such nefarious actors. Following the 9/11 terror attacks, he says, "billions of dollars were spent in the quest to monitor, track, trace, and digitally eavesdrop on people." Unfortunately, these same tools are now being used by cybercriminals to attack companies and governments, Jenkinson reveals.
Jenkinson considers the U.S. to be "the most advanced country" in the world, adding that it's a country that relies on digital devices. He explains that CIP's research confirms 80% of all cyber and ransomware attacks are against U.S. organizations – and the threat is costing billions of dollars daily.
To put a damper on the activities of cyber criminals, the security expert asserts that Americans should have already taken one important step: ensure they're only accessing secure websites.
Jenkinson explains that Google, among other internet service providers, made it mandatory for websites to transfer older versions of HTTP (Hypertext Transfer Protocol) to the improved HTTPS (Hypertext Transfer Protocol Secure). According to the U.S. government's Chief Information Officers Council, "HTTPS encrypts nearly all information sent between a client and a web service."
When the more secure communication protocol isn't used, Jenkinson adds, the two-word phrase "Not Secure" will appear in the URL (Uniform Resource Locator) address bar. These insecure websites are often the target of cyber criminals, and Jenkinson states data can easily be exfiltrated due to a such security oversights.
Jenkinson points out that the "insecure data stored, and in flight, is not encrypted, but in plain text so it can easily be held for ransom." He then describes ransomware as "the infiltration [that is often accompanied by] the exfiltration of sensitive digital data from a company's network, for example."
This data typically includes personable identifiable information (PII) like names, addresses, dates of birth, credit cards numbers, and more.
"Sadly, few learn from these oversights and security negligence as multiple cyber and ransomware attacks are becoming the norm," the cyber security expert laments.
Andrew Jenkinson is author of the book "Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber Warfare."