Last week’s massive Twitch hack was the latest example of a high-profile breach in which the security industry is in a frenzy. Everyone is asking himself how can this happen, how such a huge repository of important data – the source code! — that no alarm can be sounded without tripping, a company with Amazon-level security resources, literally, only finds out about a breach after it has spread on 4chan.
While security professionals wait anxiously to unpack and decipher the reveal “Part 2” from hackers, it is becoming clear that passwords and user emails are probably coming forward, although evidence of this data has already been uncovered by researchers. are being done, According to Threat Post
The PR nightmare for Twitch is only just beginning, and now the personal, plain text information of millions of users will soon be spread among dangerous actors looking to capitalize on the trove of data released in this hack.
First, it goes without saying that Twitch users need to cycle their passwords immediately and enable multifactor authentication on their accounts if they haven’t already; It’s just good safety hygiene. Twitch, for its part, reset all stream keys “out of caution” and has been able to keep its platform online during the crisis. This in itself is impressive and remarkable during such a huge event.
Ongoing changes in attack strategy
Beyond the immediately compelling parts of the story – from the enormity of producer pay trolling jeff bezos The nature of this attack and the move towards extortion rather than ransom demand is serious and important.
Broken organizations that have lost control of their data no longer have the binary option of paying for decryption keys or rebuilding from backups. This is a sign that calculations are becoming increasingly more complex for businesses in times of crisis when the objective of a threat actor is extortion rather than direct ransomware payments.
Twitch will not be the last example of this emerging and disturbing strategy; Which seems to be gaining momentum.
stay ahead of the game
I’ll give Twitch the benefit of the doubt and assume that it had a fairly mature security operation and incident response plan — two elements that companies often underestimate for too long.
But the situation is a grim reminder that even when an organization does everything right, there is no 100% prevention, and threat actors simply find a vulnerability to take action. The name of the game, now, is to have a well-tested, well-documented plan and establish your company’s response when the unthinkable happens.
Who takes the final decision? What do you need to close and when? Who is called and in what order? It’s Infinitely Easier to Have These Discussions When It’s Not hair-on-fire Situation. When the inevitable happens, the company and its response need to be battle tested.
While the full scope of Twitch’s hack remains to be seen, it is an eye-opening situation that everyone should study as a cautionary tale. Even mature, well-resourced systems can be penetrated, and threat actors are eager to wreak havoc and take control of data without locking it into ransomware. .
Companies must plan and be diligent on process and documentation, and also ensure that they are doing everything possible to detect and mitigate impact to keep themselves safe. They must keep playing an unfair game that is becoming more and more complicated.