Tag: communications | Page 4

Hackers in Cox Communications Data Breach Impersonated Company’s Support Agent to Access Customer Information

December 24, 2021/in Computer Security

Atlanta-based digital cable television, internet, and phone services provider Cox Communications has disclosed a data breach that exposed customer information.

Cox said it learned on October 11, 2021, that a hacker impersonated a support agent and gained access to some customers’ personal information.

With over 20,000 employees and 6.5 million customers, Cox ranks as the third-largest cable television provider and seventh telephone carrier in the United States.

The October data breach was the second cybersecurity incident, six months after the ransomware attack that affected Cox Media Group (CMG) in June 2021.

Hackers accessed personally identifiable information (PII) in the Cox data breach

Cox Communications said that the hackers impersonated a support agent and accessed customer account information. The hacker accessed the customer’s name, address, telephone number, username, PIN code, Cox account number, Cox.net email address, account security question and answer, and/or the types of digital services subscribed.

“On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts,” Cox said.

Subsequently, the company launched an internal investigation, took additional steps to secure the affected customer accounts, and notified the relevant law enforcement agencies.

However, the data breach notification did not clarify whether customers’ financial information or passwords were accessed.

Similarly, the company did not disclose whether the data breach affected its partners’ operations. Usually, threat actors target upstream vendors like Cox to compromise their downstream customers through supply chain attacks.

Although subscribers’ financial information was likely not affected, the company advised its customers to monitor their financial accounts for suspicious activity.

Similarly, they should change their passwords on other online accounts that share passwords with the compromised Cox accounts.

Paul Laudanski, Head of Threat Intelligence at Tessian said the Cox Communications data breach highlighted the risk of password reuse. Additionally, he noted that support…

Source…

Hacker Poses As Support Rep To Breach Cox Communications

December 11, 2021/in Computer Security

Cox Communications, the third-largest cable provider in the U.S., has sent notifications to customers who were impacted by a recent data breach. According to the company, the hacker gained access to its systems by impersonating a support rep.

Signage sits on display outside a Cox Solutions store in Lake Forest, California, U.S., on Monday, … [+] Sept. 13, 2010. Cox Communications Inc., Comcast Corp. and Time Warner Cable Inc., the three largest cable operators in the U.S., are branching into retailing as growth in the pay TV industry stalls. The companies face mounting competition from movie services such as Netflix Inc. and devices such as Apple Inc.’s iPad, which pull viewers away from televisions. Photographer: Tim Rue/Bloomberg

A copy of the notification shared by Bleeping Computer’s Lawrence Abrams reveals that Cox became aware of the attack on October 11.

This is the second incident related to a Cox company in the past six months. In June, Cox Media Group (CMG) suffered a ransomware attack that knocked TV and radio broadcasts offline.

The breach notification does not mention when the breach actually occurred, though it’s possible that information was not yet known at the time the notifications were sent out. Cox also notes that impacted accounts were secured, an investigation was launched and law enforcement officials notified on the day the attack was discovered.

Customers were notified that the attacker “may have viewed” private details of their accounts. That data potentially includes the customer’s Cox account number, access PIN, security questions and answers, list of active Cox services, Cox.net email address, name, address and telephone number.

It does not appear as though customer financial information was compromised, though Cox is still advising that those impacted carefully review their payment card statements for fraudulent transactions.

Cox customers who received a notification are also being a year of identity monitoring from Experian to “relieve concerns and restore confidence.”

The company is also advising that users change their passwords if they have re-used their Cox password with another…

Source…

NSA releases guidance on voice and video communications security

June 18, 2021/in Internet Security

The National Security Agency (NSA) has released a new report giving organizations insight into the current best practices around the security of unified communications (UC) and voice and video over IP (VVoIP).

The report, titled Deploying Secure Unified Communications/Voice and Video over IP Systems, also looks at the potential risks to improperly secured UC/VVoIP systems.

Modern communications infrastructure in most organizations is tightly integrated with other IT networks, increasing the attack surface for hackers to gain access. The NSA said that UC/VVoIP devices would pose the same hacking risks to organizations through spyware, viruses, software vulnerabilities, or other malicious means if left inadequately secured.

“Malicious actors could penetrate the IP networks to eavesdrop on conversations, impersonate users, commit toll fraud and perpetrate denial of service attacks,” the NSA said in a statement.

“Compromises can lead to high-definition room audio and/or video being covertly collected and delivered to a malicious actor using the IP infrastructure as a transport mechanism.”

The report outlined the tips and tricks organizations should undertake to enhance security, such as segmenting voice and video traffic from data traffic and separate IP address ranges to limit access to a common set of devices.

In addition to using VLANs, administrators should also use access control lists and routing rules to limit access to devices across VLANs. According to the NSA, this makes it more difficult for a malicious actor to access open services on phones and servers from outside the VLAN.

Another best practice the NSA outlined is implementing layer 2 protections and address resolution protocol (ARP) and IP spoofing defenses. It also recommended only using switches with these protections.

The NSA also said that PSTN gateways should authenticate all UC/VVoIP connections and not allow calls directly from IP phones without the UC/VVoIP server’s permission.

The agency also urged organizations to use only vendor-signed patches downloaded from trusted sources.

The NSA said taking advantage of a UC/VVoIP system’s benefits, such as cost savings in operations or advanced call processing,…

Source…

PRC Spying, Malware and Disinformation Campaigns Push Hong Kong Dissidents to Underground Communications Channels

February 19, 2021/in Computer Security

Following the anti-extradition protests that spanned from 2019 into 2020, the Chinese Communist Party has stepped up its digital actions against Hong Kong activists and dissidents. A new report from threat intelligence firm Intsights finds that aggressive disinformation campaigns and related measures have forced organizers to move to the digital underground, using encryption and the dark web to keep the PRC from observing and inserting itself into their communications.

Disinformation campaigns, mass surveillance drive “dark web” uptick in Hong Kong

Though the Hong Kong street protests have since dissipated, tensions have nevertheless remained high as the Chinese government has aggressively moved to control the flow of information in the region. It has also made mass arrests of protesters under charges such as “subverting state power.” The PRC has also been conducting blanket surveillance that sweeps up even those that are not politically involved, for example monitoring and censoring Zoom conferences organized by businesses and schools. The country’s national security laws require companies based in its territory to turn over any information requested by the government.

Dissidents have responded to disinformation campaigns and surveillance by moving their communications to encrypted messaging apps and dark web forums. However, the researchers warn that this opens up inexperienced navigators to a new realm of criminal threats; some paid services have sprung up to safely guide activists and dissidents to the clandestine meeting places and resources that they are seeking.

The dark web is best known for the sale of illicit goods, everything from credit card skimming equipment to illegal drugs. This is the world that novices must learn to navigate, generally without assistance (unless they pay for it). And when they do find homes for political discussion, they are not necessarily ideologically friendly. The report finds that the most popular Chinese-language discussion forums on the dark web actually tend to be pro-PRC. And the dark web is not free from the eyes of the government; posts from users indicate that Chinese espionage agents monitor at…

Source…

Tag Archive for: communications

Hackers accessed personally identifiable information (PII) in the Cox data breach

Disinformation campaigns, mass surveillance drive “dark web” uptick in Hong Kong