Have you ever experienced that feeling of concern when you discover that some trusted software you rely upon—say, an important application for work—has been compromised? It's the dreadful moment when it's apparent that your laptop and/or phone is no longer safe. Now imagine that feeling in the context of a large organization such as The Washington Post. That's exactly what just unfolded.
The Washington Post has not told us all of the details—what was the nature of the attacks, did any sensitive data get exposed and to what extent, etc.—but it appears to be a very serious matter.
Reports indicate that a hacking group called CL0P may be the culprit behind the attack. This group of hackers typically steal sensitive business information and then demand a ransom to release it or keep it private. The E-Business Suite stores proprietary and/or sensitive business information, which complicates things—a leak could certainly complicate this for a lot of enterprises.
If someone can attack The Washington Post through one of its external vendors like Oracle, then certainly, small businesses should care about cybersecurity too.
Here’s something to consider - the next time you read about “a breach in a company”, ask yourself - could my company experience that type of breach too?”
So, What Actually Happened?
The Washington Post noted that it was impacted by a cyberattack associated with Oracle's E-Business Suite—this is a corporate application that large enterprises install on company servers and use to manage and perform critical functions associated with their business data.The Washington Post has not told us all of the details—what was the nature of the attacks, did any sensitive data get exposed and to what extent, etc.—but it appears to be a very serious matter.
Reports indicate that a hacking group called CL0P may be the culprit behind the attack. This group of hackers typically steal sensitive business information and then demand a ransom to release it or keep it private. The E-Business Suite stores proprietary and/or sensitive business information, which complicates things—a leak could certainly complicate this for a lot of enterprises.
The Significance Of This Report
You might say, "Okay, but what does this matter?" Well, the point of letting you know about it is because it illustrates how even large reputable organizations can fall prey to a hacker attack.- The Washington Post uses excellent systems, yet hackers were still able to get inside.
- Sometimes just one software vulnerability is all it takes to let the hackers inside.
- If a large news organization can be vulnerable, what do you think would happen with another organization that uses the same tools?
How Could This Have Happened?
Let's take the complex explanation to a simple one.- Hackers discovered a vulnerability in Oracle's E-Business Suite - possibly through one of their software components.
- The vulnerability allowed the hackers to gain access, and therefore steal information.
- Once they were inside, they could identify other areas of the network to move around or take information, or they could encrypt files and hold them for ransom.
What Companies Should Do In The Wake Of This
If you are a cybersecurity professional, or if you manage technology for a company, I hope this serves as a stark reminder:- Review logs for any signs of irregular activity.
- Install updates and patches as soon as possible.
- If any users or clients may be affected, alert them.
- Train the team to spot phishing and suspicious activity.
Final Remarks
These kinds of breaches/attacks show us one main truth – cyber security should no longer be about just the small systems – it should be about everything.If someone can attack The Washington Post through one of its external vendors like Oracle, then certainly, small businesses should care about cybersecurity too.
Here’s something to consider - the next time you read about “a breach in a company”, ask yourself - could my company experience that type of breach too?”