Cyber Security Today, Week in Review for Friday, November 25, 2022

With me for the first time together are commentators Dinah Davis, vice-president of research and development at managed service provider Arctic Wolf, and Terry Cutler, who heads Montreal’s Cyology Labs, a training and incident response firm. Hello to you both.

To hear our podcast click here

Howard: I want to start with news of the theft of money from subscribers to the DraftKings fantasy sports betting site. DraftKings is an American-based sport and casino betting site available in several countries. On Monday (Nov. 21), there were news reports of users noticing funds had been withdrawn from their accounts. One person told a reporter that his email was spam around the same time.

The company told reporters that some US$300,000 was withdrawn without permission from user accounts. An official said the company’s IT systems weren’t compromised. So, it believes victims weren’t careful creating separate usernames and passwords for DraftKings. Their credentials were used elsewhere, stolen by crooks who then successfully used them on the DraftKings site.

Terry, if true, this is another example of people being careless.

Terry Cutler: This is a case of people who don’t want to deal with cyber security until it’s too late. It would have affected all users if this were a problem with the DraftKing site. We’re dealing with about five percent of their user base [affected] because they’re worth $6.5 billion. 

This is classic password reuse [problem]. If these folks were cyber-educated, they would have turned on two-step verification. Ironically, [competing site] Fan Duel tweeted around the same time, saying, “Make sure you change your passwords and then set up two-step verification,” because someone was trying to hack their accounts.  Interestingly, this is the perfect example of an unrelated third party advising there’s a problem. If you’re dealing with money, turn on your two-step verification.

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.