Do you remember the Twitter security breach in July 2020? It compromised 130 accounts, including those of former presidents and Tesla billionaire Elon Musk.
The damage?
The hackers gained $121,000 in Bitcoin.
If the Twitter scandal doesn’t ring a bell, maybe you recall when Marriott notified the public that a security breach had a direct impact on more than 5.2 million hotel guests.
Regardless of the company or industry, hackers can choose any target they please and wreak havoc if they manage to get access to internal systems.
Unfortunately — and somewhat shockingly —The FBI is no exception.
In this article, we’ll walk you through what we know about the November 2021 FBI security breach, share email server security best practices to help protect your business and share details about our own secure email encryption services at DS BLS.
Table of Contents
The FBI Security Breach: What Happened?
Let’s dig right in. Here’s what we know about the FBI security breach.
On November 13, 2021, a hacker compromised the FBI’s email servers. Their mission? To send spam emails to 100,000 recipients.
What did the spam email consist of?
The email warned recipients that they were prone to data breaches.
Unfortunately — and somewhat shockingly —The FBI is no exception.
We’ll walk you through what we know about the November 2021 FBI security breach, share email server security best practices to help protect your business and share details about our own secure email encryption services at DS BLS.
These emails look like this:
Sending IP: 153.31.119.142 (https://t.co/En06mMbR88)
From: [email protected]
Subject: Urgent: Threat actor in systems pic.twitter.com/NuojpnWNLh— Spamhaus (@spamhaus) November 13, 2021
Right off the bat, the email had spelling and punctuation inconsistencies. The only part of the email that made sense was that it was sent from the FBI’s official email address.
Hacker and cybersecurity evangelist, Vinny Troia, and his company, Night Lion Security, were mentioned in the fake email, in addition to the cybercriminal group called The Dark Overlord.
The hacker attempted to frame Vinny Troia as the mastermind behind the chain attack.
In a copy of the email embedded below, the hackers tried to trick organizations into believing that the FBI had detected Troia trying to steal data from their networks.
We have been made aware of “scary” emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.
— Spamhaus (@spamhaus) November 13, 2021
Who were the recipients of the security breach?
The 100,000 spam emails were sent to website administrators publicly listed on the American Registry for Internet Numbers.
What’s interesting was that the hacker used the U.S. Department of Homeland Security’s Cyber Threat Detection and Analysis Group, a department that hasn’t existed for at least two years, as the email sign off.
What was the motive behind the cyberattack?
The hacker said that the goal of the security breach to make fun of and point out the security flaw he found in an intra-agency portal, used to share information by local law enforcement agencies and the FBI.
Who was behind this security breach?
Vinny Troia believes that “pompompurin,” a familiar cyberbully, was the criminal mind behind the disruption.
Further solidifying his claim, the alleged hacker sent him a direct message on Twitter saying, “Enjoy,” before the hack occurred.
An ongoing investigation
The FBI described the incident as an “ongoing investigation.” Fortunately, no data was compromised and only fake messages were sent.
They also asked the recipients to report the emails to the Infrastructure Security Agency or the Internet Crime Complaint Center.
The FBI didn’t give out too many details on how they resolved the issue, but said that they resolved the software vulnerability.
Here is the FBI’s press release posted on their official Twitter account:
#FBI Statement on Incident Involving Fake Emails @CISAgov https://t.co/pkF8qtAeH1 pic.twitter.com/Wg4cOerFpE
— FBI (@FBI) November 14, 2021
Common Security Breach Threats
A security breach occurs when a hacker gains unauthorized access to your network, data or device.
Let’s dive into some of the most common types of security breaches.
Password Attack
According to a recent Google survey, 27% of Americans have tried to guess someone else’s password.
Even more shocking? 17% of those password guesses ended up being correct.
While it’s convenient to use a password that’s easy to remember, such as “12345” or “password,” these passwords put your r account at risk of being easily accessed by a hacker.
Password protection is your first line of defense in protecting your personal information, your company data and your computer from unauthorized access.
A strong password means more protection and is a key strategy in keeping both your servers and data safe.
Eavesdrop Attack
If you think eavesdropping is something that only happens in a social setting, think again.
An eavesdropping attack occurs when a hacker obstructs, modifies or deletes your data through the network.
Through eavesdropping, the hacker knows your every move and behavior online, allowing them to track your credit card numbers and other sensitive information.
Eavesdropping heavily depends on an unsecured network.
This type of attack has two forms:
- Active attack: The hacker disguises himself as a friendly server that sends queries to transmitters
- Passive attack: The hacker listens to information and observes your behavior through the transmission network
Phishing Attack
A recent survey found that 74% of U.S. organizations experienced a successful phishing attack in 2020, making it a favorite among cybercriminals.
You’ve likely encountered a phishing email before. Let’s use PayPal as an example.
You receive an email from PayPal that seems legitimate, but you notice a few odd features. The grammar is off, typography and other elements seem inconsistent with the brand, and the language is forceful.
The email is telling you that if you don’t click on the link provided, your account will be deactivated. You can bet that you have just received a phishing email.
Phishing is a form of cyberattack that poses as a legitimate source or entity asking you to click on a malicious link. The purpose ranges from extracting sensitive account information to gaining access to your log-ins.
Keystroke Logging
Unfortunately, you don’t have to be skilled to use this hacking technique.
Keystroke logging or keylogging is a cyberattack that records your keystroke when using a computer keyboard, and this can be done using a spy program called Keylogger.
Software-based keyloggers implant themselves into your browser or computer.
Cyber criminals who use keylogging are stealthy and can even hack sensitive information without the use of a physical computer, thanks to remote installation.
Email Server Security Best Practices
While some hackers aim high, such as the FBI, many focus on smaller businesses or even individual accounts.
Whether you run a big-name company such as Bitcoin, or a much smaller company, secure email encryption services are a necessity to keep your sensitive data safe.
Here are our top three email server security best practices to help keep your email spam-free and secure from hackers:
- Block spammers using local IP blacklists: While maintaining a blacklist time and resources, it is worth knowing that you can counter specific spammers.
- Verify message content using Spam URI Real-time Block Lists: Spam URI Real-time Block Lists (SURBL) recognize unwanted emails based on malicious links inside an email. SURBL acts as an added layer of protection against phishing and malware attacks.
- Counter email abuse with DNSBL servers: Domain Name System blacklist (DNSBL) servers are spam blocking lists that confirm if the IP or sender domain is identified by DNSBL servers worldwide, such as Spamhaus. If not, it gets tagged as spam.
Secure Email Encryption Services At DS BLS
At DS BLS, our managed IT services not only ensure increased security, but also filter the emails and messages you receive to detect spam and protect your company’s sensitive data.
Our Server Management and Network Maintenance includes:
- Weekly deployment of Microsoft patches via group management policy
- Implementation of operating system and application upgrades
- Regular cleaning of temporary folders and files
- Notification of service issues discovered through monitoring and the resolution thereof
- Network Devices, End User and Mobile Devices
- Monitoring of supported Firewalls, Routers and Managed Switches, Access Points
- Management and remediation of issues or problems related to supported network devices
- Management of firewall rules and built-in security services
- Support for connectivity to servers, printers and the internet
- Regular inventory of computer hardware and software
- Maintenance and updates of included software
Takeaways On Secure Email Encryption
The need for a secure email encryption service has never been greater, as 91% of cyberattacks are email-related.
From preventing phishing attacks to avoiding the spread of misinformation and the possible threat of losing important data, think of a secure email encryption service as your shield to counter cyberattacks and put a stop to unwelcome hackers.
The best practices to secure your email server include:
- Block spammers using local IP blacklists
- Verify message content using Spam URI Real-time Block Lists
- Counter email abuse with DNSBL servers
- Invest in a secure email encryption service
At DS BLS, we can help you secure your email servers to minimize the possible threat of a hacking incident and ultimately, protect you from the risk of leaking sensitive data that could compromise your business, finances, partnerships and more.
Outsmart hackers by investing in the most secure server solutions, at DS BLS.
