COO/CISO @CoinList - Past: Co-founder CEO @Altitude, CISO @Twitter, @Mozilla
Jul 11 • 8 tweets • 4 min read
The crypto targeted squarespace breach is real. Multiple sites are compromised and more may be coming.
We detected and thwarted this attack at @coinlist on Tuesday, July 9.
Here's what to do & I'll share why I'm concerned the root issue may be a @Squarespace breach
What is the attack? 1. The attackers are gaining unauthorized access to SquareSpace and adjusting settings to forward all email to an attacker's email address at a address 2. The attacker then initiates password resets at important third party services such as chat services and custodians. These resets are targeting specific individuals the attackers believe have admin access to the accounts. 3. If the email forwarding attack was successful then the password resets would be sent to the attacker, they'd be able to extract the password reset urls and then take over the third party services. 4. Attackers would then use all of this access to either directly drain funds or modify websites to include malicious code to compromise users.proton.me
Jul 6, 2021 • 7 tweets • 2 min read
The Kaseya ransomware attack is interesting because it leverages the "supply chain" risk.
Many recent ransomeware breaches targeted individual organizations, but the REvil attack on Kaseya is impacting thousands of companies through a centralized breach of software
What is to be seen is whether this approach is profitable for the attackers. At the end of the day, this is not an academic exercise in threat modeling or potential exploit paths - it is a financially motivated operation.