Hindsight Analysis 23andMe - missing security mitigations
Why hindsight analysis? Attack Techniques Missing Detections User Account Authentication Missing Mitigations Multi-factor authentication User Account Management 8K/A Summary 8-K/A Notes Why hindsight analysis? The goal of this hindsight analysis is help people involved in cybersecurity risk management reflect on their organization’s security posture and hopefully learn from the challenges others have gone through. Intended audience includes board directors, executive management and security practitioners. While reading 23andMe’s 8-KA updated on their October 1, 2023 cybersecurity incident, I thought it might be helpful to do a quick analysis of the attack and presumed missing security mitigations leveraging the MITRE ATT&CK framework.