NBC, Chrysler, and Burger King Hacked through trusted vendors

Websites and social media sites have been under attack this week. Here’s the short list:
 – NBC.com: the site was hacked on 2/21 and the Citadel Trojan, which is used by cyber criminals for “banking fraud and cyber-espionage”, was introduced. If you visited NBC.com yesterday morning you may have picked up a virus. Please scan your PC for this virus. If you are unsure how to do this then please give us a call.
 – Jeep’s twitter account was hacked on 2/19 and bogus information was posted. This hack was so severe that Chrysler had to shut down the account.
 – Burger King’s twitter account was hacked on 2/18 and bogus information was posted.

At this time preliminary reports indicate that in all of the above cases the hackers were able to break in by accessing compromised email accounts hosted on 3rd party mail servers out of their control. If you rely on a 3rd party for maintenance of any social media accounts or critical systems then you need to make sure that they employ security at least as strong as your own if not stronger. This vendor could potentially be the weakest link in your company security. You have the right to ask this 3rd party for their internal security policies. If they don’t have any policies or if the policies are not adequate then it may be time to look for another provider.

Which vendors should I be concerned about?

  • Vendors that have access to any system owned or used by you or your company.
  • Vendors that take your data or equipment offsite. 

Don’t be shy about who this vendor is or what they mean to your business. In 2011 in Houston, TX the laptops of two credit union examiners were stolen from the trunk of their car. These laptops contained detailed spreadsheets with account information for the credit unions that had just recently  been examined. The hard drives of these laptops were unencrypted. This was a clear violation of the policies of the credit unions being examined and these credit unions had to treat this data loss just like any other breach.

If you have any questions or concerns about your security or your vendors security then please give us a call. We can help you prioritize your data, identify your risks, and formulate the questions you need to ask of your critical vendors.We can be reached at 512-832-6209.