Leading Open Source Modular Framework and Content Management System

Drupal Developer's Journal

Subscribe to Drupal Developer's Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Drupal Developer's Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Drupal Authors: Mehdi Daoudi, Cloud Best Practices Network, Neil McNulty, AppDynamics Blog, Hiren Y

Related Topics: Drupal Developer, CMS Journal, Agile Digital Transformation, Haiti EarthQuake

Blog Feed Post

Cybersecurity Lessons Learned From ‘Panama Papers’ Breach

In the weeks since the revelation of the Panama Papers, the world of the rich and powerful has been reeling. A single cyberattack against Mossack Fonseca, a quiet Panamanian law firm, has sent a tsunami around the world, toppling one world leader so far, with more turbulence to come.

The attacker absconded with a vast trove of information, consisting of millions of documents, emails, and other information – so much information, in fact, that journalists and other investigators have been poring through it for over a year.

panamahttp://intellyx.com/wp-content/uploads/2016/04/panama-260x101.jpg 260w, http://intellyx.com/wp-content/uploads/2016/04/panama-50x19.jpg 50w, http://intellyx.com/wp-content/uploads/2016/04/panama-600x233.jpg 600w, http://intellyx.com/wp-content/uploads/2016/04/panama.jpg 640w" sizes="(max-width: 400px) 100vw, 400px" />Still a mystery: the identity or identities of the attackers. Perhaps an insider with access to secret passwords? Or maybe a skilled attacker, well-versed in the intricacies of cyberespionage?

In all probability, neither profile is accurate, because the Mossack Fonseca attack was dead simple. So simple, in fact, that a teenager with no hacking knowledge other than basic googling skills could have done it.

Furthermore, the security mistakes Mossack Fonseca made were appallingly common. So common, in fact, that it’s fair to say most of the readers of this article work for organizations that are making at least one of the same mistakes.

Do you think the same thing that happened to Mossack Fonseca and its clients can’t happen quite so easily to your organization? Here’s your wakeup call: it already has. You probably just don’t know it yet.

What are you going to do about it?

The Mossack Fonseca Attack: Dead Simple

The attacker’s point of entry: older versions of popular open source web server software Drupal and WordPress. In the case of WordPress, a particular plugin was the likely culprit. “We think it is likely that an attacker gained access to the MF [Mossack Fonseca] WordPress website via a well-known Revolution Slider vulnerability,” according to Mark Maunder, Wordfence Founder and CEO. “This vulnerability is trivially easy to exploit.”

Read the entire article at http://www.forbes.com/sites/jasonbloomberg/2016/04/21/cybersecurity-lessons-learned-from-panama-papers-breach/.

Intellyx advises companies on their digital transformation initiatives and helps vendors communicate their agility stories. As of the time of writing, Certes Networks is an Intellyx customer. None of the other organizations mentioned in this article are Intellyx customers. Image credit: LWYang.

Read the original blog entry...

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).