Jump to content
  • Reddit was hit with a phishing attack. How it responded is a lesson for everyone

    aum

    • 590 views
    • 4 minutes
     Share


    • 590 views
    • 4 minutes

    A quick and transparent response shows that there's a correct way to respond to cybersecurity incidents.

     

    Reddit has confirmed its systems were hacked last weekend as the result of a sophisticated and highly targeted phishing attack: the attackers gained access to documents, code, and some internal business systems.

     

    Late on February 5, Reddit became aware of the phishing campaign that targeted its employees. The attacker sent out "plausible-sounding prompts", pointing employees to a website that cloned the behavior of its intranet gateway, in an attempt to steal credentials and second-factor tokens. After obtaining a single employee's credentials, the attacker gained access to some documents and code, as well as some internal dashboards and business systems.

     

    We know all of this information because Reddit's CTO posted about the incident on Reddit. Currently, there's no indication that usernames and passwords of Reddit users have been accessed -- but Reddit has suggested users should apply multi-factor authentication (MFA) to their accounts for added protection.

     

    There are two key takeaways from the Reddit security incident. The first is that phishing attacks continue to be a key tool in the cyber criminal's arsenal -- we all use emails, and a carefully crafted phishing attack can trick even the most security-conscious user.

     

    The second is that Reddit has -- I think -- chosen the right option by being transparent about falling victim to cyber attackers, publicly disclosing the incident just days after it was first detected.

     

    Despite the prolific nature of cyberattacks and data breaches, many victims decide that the best course of action is to keep quiet about what has happened -- sometimes, they won't even mention that there was an incident at all.

     

    The reasons for keeping quiet include fear of reputational damage, fear of financial losses, or even fear of alerting other cyber criminals to the fact that they might make a good target for attacks.

     

    But Reddit's openness over what happened -- and how the incident was discovered and managed -- provides a good example of how incident disclosure could and should be done, and how it can benefit both a company's users and customers, as well as the business itself.

     

    According to Reddit, soon after being phished, the employee suspected something was wrong and self-reported the incident, alerting the information security team. They responded quickly, removing the infiltrator's access and started an internal investigation.

     

    What's also key here is that an employee came forward with their suspicions. Keeping it quiet doesn't help anyone but the attacker, who gets more time in the network.

     

    But in this instance, the employee reported the incident, something Reddit's CTO commented he was "extremely grateful" for in the thread below the initial post. As a result, the attacker only had access to the network for a few hours because the security team was able to respond quickly.

     

    The speed of detection -- combined with transparency over the incident -- has gone down well with Reddit users, many of whom have praised Reddit's response, which included answering queries about what happened.

     

    Reddit also used the post to encourage users to apply MFA to their Reddit accounts, and to use a password manager to help stay secure.

     

    At a time when many businesses that fall victim to cyberattacks won't say anything, Reddit's openness after the phishing attack provides a good lesson on being transparent about a cybersecurity incident -- and it's something that other companies can learn from.

     

    As shown by the response online, users and customers will be grateful they've been told about the incident quickly, enabling them to take the necessary steps to secure their accounts.

     

    It's unfortunate that the nature of cyber crime means that phishing and cyberattacks are an everyday occurrence -- but a company that shows it can deal with incidents well is positive for everyone.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...