The Week in Breach December 13, 2018

 

This week, Quora was breached, and common breach mistakes are discussed.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (55%)
Top Compromise Type: Domains
Top Industry: High- Tech & IT
Top Employee Count: 11-50 employees (32%)


United States – Quora 

https://www.nytimes.com/2018/12/04/technology/quora-hack-data-breach.html
https://blog.quora.com/Quora-Security-Update

Exploit: Unclear at this time.
Quora: A popular question and answer site that boasts 300 million monthly active users.

correct severe gauge Risk to Small Business: 2.333 = Severe: People are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.
correct moderate gauge Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: Quora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States – Humble Bundle
https://www.scmagazine.com/home/security-news/humble-bundle-breach-could-be-first-step-in-wider-attack/

Exploit: Credential Stuffing.
Humble Bundle: Humble Bundle, Inc. is a digital storefront for video games, which grew out of its original offering of Humble Bundles, collections of games sold at a price determined by the purchaser and with a portion of the price going towards charity and the rest split between the game developers.

correct severe gauge Risk to Small Business: 2.333 = Severe: The breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
correct moderate gauge Individual Risk: 3 = Moderate: No information directly related to the individual has been compromised other than the subscription status of users.

Customers Impacted: A “very limited” number of people.
How it Could Affect Your Business: This breach is a good lesson in how it is important to report any breach, as this seemingly minor breach is most likely the first step in a spear phishing campaign.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

DNA For Pay
The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.

https://www.telegraph.co.uk/news/2018/12/05/nhs-storing-patients-genetic-data-high-security-army-base-due/

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A Note for You:

Be Ready for The Breach
Since Marriot International was breached, it has been hit with two lawsuits that claim the organization delayed the breach disclosure and weren’t transparent. How an organization handles a breach makes a significant impact on public opinion and customers trust. An organization that is seen to be forthcoming, transparent, and honest to their customers is much less likely to see a serious migration of customers.

Here are some common mistakes made when reporting breaches:

  • Not having a plan – Not being prepared for a breach can lead to a panicked, unorganized response that is half-baked. Just like every organization should have a fire response plan, every organization should have response procedures in place for a breach.
  • Downplaying the incident – Your customers deserve to know if they are at risk. Also downplaying the incident is likely illegal.
  • Delaying disclosure – Delaying disclosure can compromise the trust of your customers and may be illegal.
  • Oversharing / Under sharing – Sharing too much information can lead to bad actors taking note of the vulnerability and can put other organizations at risk. Sharing too little information can leave your customers at risk.
  • Not contacting the authorities – Involving law enforcement is free and can help significantly with the investigation.

https://www.darkreading.com/attacks-breaches/7-common-breach-disclosure-mistakes/d/d-id/1333401?image_number=1

https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis

Advertisements

The Week in Breach December 6 2018

This week we report on Marriott’s massive breach, the indictment of those responsible for many SamSam attacks across the U.S., and hackers switching targets.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Finance and Insurance (13%)
Top Employee Count: 11-50 employees (45%)


Global Breach – Marriott
https://www.nbcnews.com/tech/security/marriott-says-data-breach-compromised-info-500-million-guests-n942041
https://www.cnbc.com/2016/09/23/marriott-buys-starwood-becoming-worlds-largest-hotel-chain.html
https://answers.kroll.com/us/index.html
https://www.msspalert.com/cybersecurity-breaches-and-attacks/marriott-starwood-data-breach-pressures-stock/
utm_medium=email&utm_source=sendpress&utm_campaign

Exploit: Supply chain breach.
Marriott: The largest hotel chain in the world, “30 hotel brands now fall under the Marriott umbrella to create the largest hotel chain in the world with more than 5,800 properties and 1.1 million rooms in more than 110 countries. That’s more than 1 out of every 15 hotel rooms around the globe.”

correct severe gauge Risk to Small Business: 1.444 = Extreme: Considering how damaging this breach will be to Marriott, the largest hotel chain in the world, it is safe to say that the ramifications of a breach as severe as this one has the potential to cripple a small business. One of the most damaging parts of this breach is that there has been unauthorized access to the Starwood network since 2014, meaning a bad actor, or group of bad actors, has been siphoning off data for years without being detected.
correct moderate gauge Individual Risk: 2.285 = Severe: Those affected by this breach are at an increased risk of phishing attacks. Identity theft is also a very real possibility due to the amount of information accessed, including passport numbers. The passport numbers alone could fetch a good price on the Dark Web.

Customers Impacted: Approximately 500 million.
How it Could Affect Your Business: The length of time information was being accessed is one of the most damaging parts of this breach, as well as the massive scope. The largest hotel chain in the world has been compromised since 2016 (although Starwood, the compromised subsidiary has been compromised since 2014, Marriott purchased the brand in 2016). Those who were affected by the breach are likely to avoid the chain in the future and those who are not will certainly be more hesitant.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.
Learn more: https://www.idagent.com/identity-monitoring-program

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United Kingdom – Just Urban

https://techcrunch.com/2018/11/27/urban-massage-data-exposed-customers-creepy-clients/

Exploit: Exposed database.
Just Urban: A London-based startup, used for booking massages.

correct severe gauge Risk to Small Business: 2 = Severe: The damage dealt by this breach to a small or new business could stunt the growth of the company and even cause a loss of clients. Some of the data exposed included complaints about clients. While it is important for the employees of a massage company, especially one that goes to a person’s home, to share if a certain client is inappropriate – most organizations could face severe backlash from their customer base if complaints about them surfaced.
correct moderate gauge Individual Risk: 2.714 = Moderate: In some cases, the individuals affected by this breach had complaints about them recorded by the massage therapist. These complaints can be embarrassing, but often times the complaints were in reference to the client’s actions towards the massage therapist. Some of the complaints included: requesting “sexual services from therapist”, with some clients even being marked as dangerous. These complaints were tied to the client’s full name, phone number, postcode and address.

Customers Impacted: 309,000.
How it Could Affect Your Business:  In any organization, the exposure of complaints against customers is highly embarrassing in addition to being bad for business. The reasons why the complaints exist make sense in the context of the organizations operations but is still a damaging blow to the standing of the company with its clients. Most organizations would not have the justification for keeping such complaints on file, and NO organization can justify leaving a database exposed with sensitive business and client information. It could take years for an organization that experiences a breach such as this to recover and regain trust.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go tohttps://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

IranIran SamSam Goes ByeBye
Two Iranian men living in New Jersey were indicted for using the infamous SamSam ransomware to collect over $6million USD (7,981,320.00 CAD, 8,205,990.00 AUD, 5,278,320.00 EUR) and causing over $30 million USD ($39,906,600.00 CAD, $41,029,950.00 AUD, 26,391,600.00 EUR) in damages. SamSam is well known for its targeting of infrastructure, including hospitals. Here is a list of some of the targets during their spree:

City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public?fbclid=IwAR2B58dKjoDQT48LK7EEQwD_Y1TqbGQCqAC9K1YzzO7WYmmor7l8QPj5tZ8

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e



The Evolution of a Phish
A new report has shed light on the fact that not only are email-based attacks on the rise, but they are spreading at an alarming rate. Cyber criminals have been shuffling their decks of targets, as 99% of the most heavily targeted email addresses this quarter are different than those targeted in Q3. The phishing emails now are more likely to show up in the inbox of your marketing, public relations, and human resources departments. The reasoning behind this shift is that these teams have access to information about earnings and employee records. It is important to stay agile in cybersecurity, as cyber criminals are always adapting to find new ways to compromise credentials and hack into organizations.

https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis

This Last Week in Breach

 

This week, Amazon experienced technical issues, and cybersecurity culture isn’t where it needs to be in 95% of organizations.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Manufacturing
Top Employee Count: 11-50 employees (36%)


Global Breach – Amazon
https://www.theregister.co.uk/2018/11/21/amazon_data_breach/

Exploit: Technical error.
Amazon: Online shopping behemoth. Amazon is based out of Washington in the United States.

correct severe gauge Business Risk: 2.333 = Severe: Customers get concerned when they receive an email that informs them that their data has been disclosed, and despite the problem being a technical issue rather than an external actor hacking into the network, the image of the organization is still tarnished.
correct moderate gauge Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks. When people are addressed by their name or if there is any personal info in a phishing email, it is more likely to opened.

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: The severity of this breach is not the most damaging part, contrary to most breaches. In fact, the most damaging part of this breach has been Amazon’s poor transparency which causes speculation and paints the organization in a very negative light. The behavior of the company indicates that if a seriously damaging breach were ever to occur, they would not be transparent to their customers.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States – Make-A-Wish Foundation

https://threatpost.com/cryptojacking-attack-targets-make-a-wish-foundation-website/139194/

Exploit: Crypto jacking.
Make-A-Wish Foundation: Non-profit that arranges for children with critical illnesses to have experiences they would not be able to otherwise.

correct severe gauge Business Risk: 2.333 = Severe: The negative public image associated with being breached does not give a break to even the most just of causes, non-profit or for profit. Those who have visited the Make-A-Wish foundation international site have been lending CPU power to mine for cryptocurrency which will deter visitors in the future.
correct moderate gauge Individual Risk: 3 = Moderate: No information related to the individual has been compromised.

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: While the personal data of customers was not accessed or breached, the site itself has been stealing CPU power from those visiting the site in order to mine cryptocurrency. This would affect how many customers would use a site, and also is a prime example that non-profit organizations are not immune to being targeted by hackers.

ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

Dark Web Down 

One of the largest hosting services for Dark Web sites has been hacked, with devastating results to the sites that used the service. 100% of the accounts hosted by Daniel’s Hosting were deleted, including the root account. Over 6,500 Dark Web sites were hosted by the service and it is unlikely they will see their data again.
https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e

National Computer Security Day is Upon Us 

Friday the 30th of November is National Computer Security Day, and the perfect chance for you to convey what it means for your clients to have good cyber hygiene! Offering tips makes both of your jobs easier. Starting this conversation not only shows your expertise as their MSP but it gives clients real examples of how your other security services will protect their network and pair well in their current security stack.



Do It for The Culture
According to a report by ISACA, 95% of organizations find there is a gap between their desired culture surrounding cybersecurity and what their culture actually looks like. This is concerning, especially because 87% of those surveyed said that their organization would be more profitable if their cybersecurity culture improved.

What is causing this gap? A variety of factors come into play, including a lack of understanding on the part of leadership, lack of funding, and a lack of employees respecting the cybersecurity procedures.

With the holidays approaching and employees shopping across the web, now is the perfect time to reinforce cybersecurity culture at your organization. A breach on a popular retail site could lead to a breach within your organization if employees use the same passwords at work and home.

http://www.isaca.org/SiteCollectionDocuments/Cybersecurity-Culture-INFOGRAPHIC.pdf

The Week In Breach

 

Social Graphic_3.png (1200×627)

This week, medical data is on the menu for hackers.

Dark Web Data Trends 

  • Total Compromises: 2,368
  • Top PIIs compromised: Domains (2,366)
    • Hashed/Cleartext Passwords (36,617)
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

United States – NorthBay Healthcare Corporation

https://news.softpedia.com/news/social-security-numbers-pii-stolen-in-northbay-healthcare-data-breach-523548.shtml
Exploit: Supply chain vulnerability.
NorthBay Healthcare Corporation: A healthcare organization based in Portland, Oregon.
Risk to Small Business:1.666 = Severe: An organization that is unable to secure the data of those applying for a job could scare away potential applicants as well as customers.
Individual Risk: 2.285 = Severe: Those affected by this breach are at an increased risk of identity theft.
Customers Impacted: Those who applied to the organization between 2012 and May 2018.
How it Could Affect You: A supply chain breach can damage customer trust in an organization, and while NorthBay Healthcare is offering identity monitoring services for those affected, it will not undo what has already happened.
ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach like this one.
Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Girl Scouts of America

https://cyware.com/news/girls-scouts-got-hacked-and-the-personal-data-of-2800-members-compromised-8f63f56a
Exploit: Compromised email account.
Girl Scouts of America: The preeminent leadership development organization for young girls in the United States.
Risk to Small Business:1.667 = Severe: A breach that exposes medical history can foster distrust between a customer and an organization.
Individual Risk: 2 = Severe: Those affected by this breach are at an increased risk for identity theft and fraud.
Customers Impacted: 2,800 members.
How it Could Affect Your Business: This breach could damage the reputation of any business or organization, and in this case could push away current members of the organization and scare away new potential members.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Facebook’s Folly
Private messages between Facebook users are for sale, and there’s no shortage. 81,000 users’ private messages were accessed by a hacker who is now attempting to sell them, some for as low as 10 cents per account. Facebook has been ravaged by hacks over the last year, and the social media juggernaut appears to still be having trouble keeping their customers’ data safe.
https://www.bbc.com/news/technology-46065796

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


 

Hackers are Bundling Up This Fall.
Well, it’s nearing the end of the year. You know what that means: it’s time for the ‘best of 2018’ collections to start coming out. One category is Best Movies of 2018… personally, I think The Incredibles 2 is at the top of that list. Another category is Best of Ransomware. Yes, there is a ‘best of the year’ collection for cybercriminals. To the surprise of no one, the ransomware collection is being sold on the Dark Web, but there are many surprising elements to the bundle.

First off, the fact that the year’s most dangerous ransomware variants are being sold as a package deal at a reduced price should show the… professionalism… of the Dark Web marketplaces, as strange as it is to use that word to describe cybercriminals. This crime-as-a-service model is nothing new, but this bundle is undoubtedly a step above the norm. There are 23 ransomware variants included in the bundle, including SamSam. Yes, the notorious SamSam ransomware is included in the bundle. If you don’t know what SamSam is, it is a variant of ransomware that is infamous because of the high-profile targets it has been used against and because until now, it was under lock and key deployed only by a highly specialized group.

This bundle is not for inexperienced hackers, however, which would be worse than the current situation. An unskilled hacker would find difficulty putting most of the bundle to use. The bundle will be removed from the marketplace after sold 25 times, according to the seller, although it is unclear why this is the case. Don’t let one of the hackers who buys this bundle use it against your business!

https://www.zdnet.com/article/giant-ransomware-bundle-threatens-to-make-malware-attacks-easier-for-crooks/

 

Want some help?

 

Get a Free Dark Web Scan of your Business Domain

Get a Free Tool Kit- Phish Prone Test, Domain Spoof Test, Weak Password Tool and more!


The Week in Breach: 10/20/18 – 10/26/18

Halloween Breaches

Germany and Hong Kong get highlighted in this edition of The Week in Breach.

Dark Web ID Trends:

  • Total Compromises: 37,290
  • Top Source Hits: Website (36,618)
    • Disqus.com (36,618)
  • Top PIIs compromised: Domains (37,253)
    • Hashed/Cleartext Passwords (36,617)
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

Hong Kong – Cathay Pacific Airways
https://www.reuters.com/article/us-cathay-pacific-cyber/cathay-pacific-flags-data-breach-affecting-94-million-passengers-idUSKCN1MY26L
Exploit: Unclear at this time.
Cathay Pacific Airways: Hong Kong-based international airline.
Risk to Small Business: 1.666 = Severe: Customers are not soon to forget the company that failed to secure their data and waited several months to acknowledge their breach.
Individual Risk: 2.285 = Severe: Individuals affected by this breach are at a higher risk of credit card fraud and should contact their card issuer, cancel their cards immediately, and enroll in a credit monitoring service, if provided.
Customers Impacted: 9.4 million.

How it Could Affect Your Business
For any organization, a breach where the hacker obtained payment information is a customer relations disaster. A breach where almost 9.5 million customers were affected would scale this disaster up to match.

ID Agent to the Rescue:
  Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Germany – Wolf Intelligence
https://motherboard.vice.com/en_us/article/vbka8b/wolf-intelligence-leak-customer-victim-data-online
Exploit: Exposed database.
Wolf Intelligence: German-based spyware startup.
Risk to Small Business: 1.666 = Severe: A breach caused by negligence is hard to explain to a customer, which would affect the amount of time it would take to regain trust.
Individual Risk: 2.142 = Severe: Because the data exposed was highly personal, including phone conversations and texts, those affected by this breach are at a higher risk of identity theft.
Customers Impacted: 20 gigabytes of data exposed, it is unclear how many customer’s data existed within that.

How it Could Affect Your Business: An organization in the spyware industry will obviously take a SEVERE hit to their reputation, but any company would suffer the embarrassment of the founder leaving scans of his credit cards exposed on the internet.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:
Repair Your Phone Yourself:
It is now legal to break Digital Rights Management in order to repair your phone, following a ruling at the US Copyright Office. This is big news for third-party phone repair shops, as well as the repair businesses of many other products such as cars, tablets, refrigerators and even tractors. Go ahead and crack that old broken iPhone open to fix it yourself! Well… try to fix it at your own risk, but now you have the option.

https://www.zdnet.com/article/need-to-fix-an-iphone-or-android-device-you-can-now-break-drm-under-new-us-rules/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!



Ransomscare.
There was an article that came out this week written by the previous CIO of the New York City Law Department (which is also the world’s largest public sector law firm, fun fact), discussing the best ways to avoid ransomware. In the article he discussed 3 key points:

1.Cyber Hygiene: This is an obvious one but cannot be underrated! Passwords must be changed regularly, and everyone must remain diligent while browsing their inbox.

2. Best practices: Best practices in this context covers updating existing tech, using preventative technologies, and communication. To have the best practice for updating existing tech, put a priority on pushing out patches, use cloud web application firewalls and credential monitoring to stay a step ahead with preventative tech, and communicate with your security team and employees about what they should be doing as individuals and as a team.

3. Testing disaster recovery plans: This point is self-explanatory, you need a test to see if your backup plans work. You wouldn’t leave the fire alarms untested!

With ransomware being seen all over the world from Atlanta to Moscow to Sydney, it is something every business should take into account.
https://www.darkreading.com/cloud/3-keys-to-reducing-the-threat-of-ransomware/a/d-id/1333113

 

Would you like a free report on your corporate domain credentials exposed on the Dark Web?

Six Common Computer Viruses and What They Do to Your Computer

Here is a great article from InCyberDefense that explains computer viruses.

By Marissa Bergen 
Contributor, InCyberDefense

Viruses can attack your computer at any time, so knowing how to protect yourself is helpful in preventing attacks. Part of that protection is familiarizing yourself with the different types of viruses to which your computer is vulnerable. Once you understand how viruses work, you will be better prepared to deal with them in the unfortunate event that a virus infects your computer.

Six Common Computer Viruses and What They Do to Your Computer

To avoid an infection, here are six common computer viruses you should look for:

1. Polymorphic virus: When this type of virus infects your computer, it creates copies of itself. Each copy is slightly different than the others, making it difficult for antivirus programs to detect them.

2. Resident virus: A non-resident virus needs to be executed before it begins its infection, but a resident virus can activate as soon as the operating system loads. It functions by hiding in your computer’s memory, which makes it exceptionally difficult to eradicate.

3. Boot sector virus: A boot sector is the section of a computer’s hard drive or external storage medium that contains the information required to boot (start) your computer. A boot sector virus infects that part of the sector known as the master boot record and replaces legitimate information with its own infected version. This virus activates in your computer before it loads and may make your computer unbootable, so you can’t start your computer.

4. Multipartite virus: This virus is exceptional because it has the ability to attack two components of the computer at the same time. It infects both the boot sector and system or program files simultaneously. Because of this ability, a multipartite virus infects the same operating system over and over until the system and all of its components are completely eradicated.

5. Overwriting virus: An overwriting virus destroys files by infecting them and overwriting the data they contain. It can only be removed by deleting the infected files. In these cases, files are permanently lost and clean versions of them will have to be reinstalled on your computer.

6. Browser hijacker virus: Once this virus is in your computer, it modifies the settings of your web browser, including the default search engine and the homepage. Once the takeover occurs, the virus sends users to malicious websites.

This virus can also install spyware and ransomware to an operating system, compromising sensitive data. The virus spreads through malicious email attachments, free downloads and visits to infected websites.

Education Is the First Step in Preventing Virus Infections

Unfortunately, there is not much you can do to get rid of these six common viruses once they enter your computer. But educating yourself about viruses and how to avoid them can save you from a lot of headaches and heartaches later.

 

Need help on training your staff? Want some free tools for cyber awareness? Click Here!

The Week in Breach

Data Breach October 25

 

This week Tumblr was breached and we explore Dark Web job postings.

Dark Web ID Trends:

Total Compromises: 3,767
Top Source Hits: ID Theft Forum (1,429)
Top PIIs compromised: Domains (3,761)
Clear Text Passwords (876)
Top Company Size: 11-50
Top Industry: Business & Professional Services and Finance & Insurance

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Disqus
https://thehackernews.com/2017/10/disqus-comment-system-hacked.html
Exploit: Exposed Database
Disqus: A network community platform that allows users to blog or comment on other company’s websites. It can be installed as a plug-in or drop-in code. Disqus collects user data on the back end and allows companies to use this information for customer analytics, etc…
Risk to Small Business: 2.4444 = Severe: Although roughly 1/3 of the 17.5 million records compromised involved passwords, they happened to be salted/hashed. The company also discovered and announced the breach in a quick manner and notified the affected customers.
Individual Risk: 2.4286 = Severe: Those affected by this breach will be at a high risk of identity theft.
Customers Impacted: 5.8 million
How it Could Affect Your Customers’ Business: The breach involved a large number of customers; however, the database was from 2012 and most credentials could have already been changed. While this is damaging to Disqus’ reputation, they followed protocol and demonstrated how to do breach disclosure the proper way.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs

United States – Tumblr
https://www.bleepingcomputer.com/news/security/tumblr-fixes-security-bug-that-leaked-private-account-info/
Exploit: Bug.
Tumblr: A popular blogging website.
Risk to Small Business: 2 = Severe: While Tumblr deserves some credit for 1. Having a bug bounty program that resulted in catching this bug, and 2. Fixing the bug in less than 12 hours after it was discovered, many customers will not appreciate their personal information being leaked and will react accordingly. Tumblr’s timely response, disclosure of the breach, and its bug bounty program will likely reduce the impact on the business significantly.
Individual Risk: 2.714 = Moderate: Email addresses were leaked so those affected by the breach are at a higher risk of spam.
Customers Impacted: All of the ‘recommend blogs’ shown on Tumblr.
How it Could Affect Your Business: A breach that exposes user information is always going to have a negative effect on business, but every organization should take a page out of Tumblr’s book here regarding their response to the event and how they discovered it. Customers lose trust in businesses that mishandle their information, but they also respect when a company is making a serious effort to locate vulnerabilities and can handle a problem when it arises with swift action.

In other news:
When the Dating App Stands You Up
A dating app called Donald Daters was discovered to be exposing all user information on the open internet… including personal messages. The app’s goal is to help single Donald Trump supporters connect with one another, but instead exposed all that used it. The hacker that accessed the database was able to “collect profile data, including names, photos, personal messages, and the digital access tokens to log into their accounts.” The hacker also can delete the app’s data. Watch out where you put your personal information, people!
https://in.pcmag.com/news/126298/trump-themed-dating-app-found-leaking-users-private-chats

The Dark Web Monster
When looking for a job, usually you would check one of the many job hunting sites you see in commercials or circle ads in newspapers (at least at one point you did). Some people do something very similar… but on the Dark Web searching for an illicit job. Many job postings on the Dark Web seem like normal job ads. But when you look closer you will notice that advert for a driver not only needs the person to drive but also transport drugs. The driver would make $1,000 for a week of work, not including the living expense compensation. One of the more lucrative opportunities on the Dark Web job market is the corporate insider. The most common target is financial employees who, in one example, are offered $3,150 to get a loan or increase cash withdrawal limits on a card. Postal workers are also targeted to steal packages.

The Dark Web is lucrative for those willing to risk their job and possibly their freedom for money. Be careful of both insiders and the wide array of illicit software sold there.
https://www.darkreading.com/threat-intelligence/inside-the-dark-webs-help-wanted-ads/d/d-id/1333066

The week in BREACH!!

Success Rate of Phishing by Day

 

This week you’ll hear how a supply chain attack could snatch your customers’ credit card information right from underneath you and why Google+ goes bye-bye.

Dark Web ID Trends:

  • Total Compromises: 974
  • Top Source Hits: ID Theft Forum (501)
  • Top PIIs compromised: Domains (973)
    • Clear Text Passwords (498)
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

United States – Shopper Approved
https://www.zdnet.com/article/new-magecart-hack-detected-at-shopper-approved/
Exploit: Malicious code.
Shopper Approved: Utah-based company that provides a review widget for other companies’ websites, that allows customers to post reviews.
Risk to Small Business: 2.111 = Severe: This is another attack conducted by one (or more) of the several groups who operate under a similar style, given the term Magecart as a general identifier. Magecart is also responsible for the hacking of Ticketmaster and British Airways.

If your business uses Shopper Approved, you should remove the code from your website immediately.

Individual Risk: 2.428 = Severe: Those affected by this breach should cancel their credit cards and enroll in a credit monitoring service.
Customers Impacted: Unclear how many customers were affected by this breach, but only sites with the widget code on their checkout pages had credit card information compromised. The incident only lasted 2 days before being discovered, a much shorter span than many of the other Magecart breaches.
How it Could Affect Your  Business: A breach of this kind can often go unknown for a long period of time while the hackers collect valuable user data and credit card information. Even though it is a third party who was breached, it will be your business that takes the PR damage.
ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that also includes credit monitoring. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Rebound Orthopedics and Neurosurgery
https://cyware.com/news/hackers-hit-rebound-orthopedics-neurosurgery-2800-patient-records-compromised-026125d8
Exploit: Compromised employee credentials.
Rebound Orthopedics and Neurosurgery: Vancouver-based orthopedics and neurosurgery practice.
Risk to Small Business: 1.555 = Severe: This breach would have a long-lasting effect on customer trust for any business, and in many countries the government will fine an organization heavily for failing to secure health data.
Individual Risk: 2.142 = Severe: Health information is valuable data for hackers and useful for identity theft. Those affected by this breach are at a severe risk for insurance fraud and identity theft.
Customers Impacted: 2800.
How it Could Affect Your Business: Organizations that store health information are held to a higher standard for securing data due to the sensitive nature of the information and HIPAA laws. When an organization fails to keep the data secure, it reflects very poorly on the company and usually results in a fine from the government.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Google –
Google+ will be shutting down, and yes Google+ is (or at least was) still around. After exposing more than 500,000 users’ data to external developers, the tech giant has decided the best course of action is to close down the failed social network. This move makes sense given the recent outrage against Facebook after the social media site exposed 50 million people’s data. An unfortunately fitting ending to the continuously failing website.
https://www.yahoo.com/news/google-exposed-user-data-feared-repercussions-disclosing-public-170304936–finance.html?soc_src=newsroom&soc_trk=com.apple.UIKit.activity.CopyToPasteboard&.tsrc=newsroom

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


A note for you:
e-mail….ware
New research has revealed that a whopping 90% of all malware is delivered via email. The team also discovered that the average employee will not go 48 hours without seeing a phishing message.  In addition, over half of the phishing messages examined used the word “invoice” in the subject line. A little under a quarter (21%) of the flagged emails also had malicious attachments sent with the phishing message.

Watch out for suspicious emails! All it takes is one employee to fall for a phishing email and an entire organization can be compromised.

https://www.darkreading.com/attacks-breaches/most-malware-arrives-via-email/d/d-id/1333023

 

Need to learn more about your Dark Web exposure? Click Here!

Want some free tools to combat phishing? Click Here

The Week In Breach

Passport Dar kWeb

Trends in data found on the Dark Web this week:

  • Total Compromises: 24,968
  • Top Source Hits: ID Theft Forum
  • Top PIIs compromised: Domains
    • Clear Text Passwords (24,884)
  • Top Company Size: 11-50
  • Top Industry: Construction and Engineering

Canada – Altima Telecom
https://techcrunch.com/2018/10/01/altima-telecom-server-flaw-customer-data-exposed/
Exploit: SQL injection attack.
Altima Telecom: Serving Montreal and Toronto, Altima Telecom is one of the largest independent Canadian internet service providers.
Risk to Small Business: 1.555 = Severe: As the risk score shows, this is a severe breach that could deal major damage to any organization. Payment info exposure is a particularly significant deterrent for customers looking to do business.
Individual Risk: 2.142 = Severe: Those affected by this breach are at an increased risk for identity theft and spam.
Customers Impacted: All of Altima Telecom’s customers.
How it Could Affect Your Business: Not only was all the organization’s customer data exposed by this breach, but the affected data was highly sensitive. This would sever trust between the customer and the organization, which could take a significant time to rebuild.
ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Apollo
https://cyware.com/news/hackers-hit-apollo-stealing-database-containing-200-million-contact-records-d9c87501
https://techcrunch.com/2018/10/01/apollo-contacts-data-breach/
Exploit: Unclear at this time.
Apollo: New York-based sales engagement startup.
Risk to Small Business: 2 = Severe: This could deal a significant blow to an organization’s ability to retain customers.
Individual Risk: 2.428 = Severe: The customers affected by this breach will be at a higher risk for spam due to the nature of the data accessed.
Customers Impacted: 200 million.
How it Could Affect Your Business: A breach that exposes such a large number of customers will garner media attention and erode customer trust significantly.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:
The Chinese Chip
China was able to infiltrate US companies and governmental agencies with a simple but effective supply chain attack. The attack was discovered after Amazon had a third party examine the hardware of the servers they purchased from another American company that manufactures their servers in China. The company discovered a microchip on the servers that allow for attackers to make stealth doorways on their network. Hardware attacks are rarer and more difficult to execute than software attacks, but with China making 90% of the world’s PCs, they are in a good position to continue using hardware to infiltrate organizations across the world.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show


Planning your next vacation may have just gotten weird… 

Where should I go? This is a normal question one thinks about when planning a trip. Should I go to white sandy beaches or breathtaking mountains?
When should I go? Do I visit family during the holidays, or do I plan a summer getaway?
Who should I be? This question is asked much less, but maybe more than you think. A recent study has uncovered startling secrets surrounding the passport market on the Dark Web!

  • The average cost of a passport scan on the Dark Web is $14.71.
  • Australian passport scans are the most common, but the average cost is the most expensive at $61.27.
  • The average price of a real physical passport is $13,567, while a counterfeit physical passport is just under $1,500 ($1,478).

The Dark Web is a place where black markets and illicit activity reign. In the depths of the Dark Web, identities are traded regularly and for a low price, so why leave the unknown unchecked? With Spotlight ID, know that your identity is safe even from the darkest corners of the Dark Web.
https://www.comparitech.com/blog/vpn-privacy/passports-on-the-dark-web-how-much-is-yours-worth/

The Week In Breach October 1 2018

 

 

Cyber awareness Match

 

This week Medical Data is on our minds, due to a new study on the healthcare industry and cyber security. Facebook and the United Nations were also breached this week, and both were very large datasets, impacting tens of millions of people.

Dark Web ID Weekly Trends:

  • Total Compromises: 861
  • Top Source Hits: ID Theft Forum
  • Top PIIs compromised: Domains
    • Clear Text Passwords: 501
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

United States – Facebook

https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html

Exploit: Web vulnerability.
Facebook: Facebook is a social media platform that is one of the Internet’s most popular websites.
Risk to Small Business: 2.333 = Severe: The loss of trust any organization would feel after a breach of this magnitude would greatly harm the organization’s ability to retain or obtain customers.
Individual Risk: 2.571 = Moderate: The data accessed puts those affected by this breach at an increased risk for identity theft, spam and targeted phishing campaigns.
Customers Impacted: 50 million.

How it Could Affect Your Business: Facebook being such a large and widely-used social media platform means that it has data on a large amount of the population that uses the Internet. If employees post information to this site, they could now be open to targeted phishing campaigns and spam.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Aspire Health

https://www.usatoday.com/story/money/nation-now/2018/09/26/aspire-health-hacked-phishing-scheme-patient-health-data/1430262002/

Exploit: Compromised email account hacked through a phishing scheme.
Aspire Health: According to Aspire health website, “Aspire Health specializes in providing an extra layer of support and relief from stress, pain and symptoms to patients facing a serious illness.”
Risk to Small Business: 2.333 = Severe: The risk to small business is severe due to medical data as well as confidential information being accessed.
Individual Risk: 2.571 = Moderate: The data accessed puts those affected by this breach at an increased risk for identity theft.
Customers Impacted: This information has not been released as the investigation is ongoing.

How it Could Affect Your Business: Breaches that involve medical data can have serious long-lasting effects on the reputation of a business, due to the sensitive nature of the data.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: http://downloads.primetelecommunications.com/Dark-WeB

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Nations

https://cyware.com/news/united-nation-wordpress-site-publicly-exposes-thousands-of-resumes-2f2a8cf1

Exploit: WordPress Vulnerability.
United Nation: An intergovernmental organization tasked to promote international cooperation and to create and maintain international order.
Risk to Small Business: 2.333 = Severe: While the United Nations is unlikely to see any repercussions for this breach, a small business would face serious PR consequences if they experienced a breach such as this.
Individual Risk: 2.714 = Moderate Risk: Resumes contain a significant amount of personal information and job history, which can be used for spear phishing attacks and identity theft.
Customers Impacted: Resumes that have been submitted to the UN since 2016.

How it Could Affect Your Customer’s Business:  The exposure of resumes for 2 years would deal a serious blow to an organization of any size: the amount of time the data was exposed, and the type of data included in resumes makes this breach score severe on our risk score scale.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

No Fly Zone
The Dark Web is known to have all things illegal for sale, from medical information to illicit drugs. A new trend has been discovered by researchers where frequent flyer miles are being sold for significantly less than what legitimate buyers would pay. The average rate that a batch of frequent flyer miles sells for is $31, although the price depends on the airline and number of miles.
https://www.hackread.com/stolen-frequent-flyer-miles-of-top-airlines-sold-on-dark-web/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


A note for you:

The Cost of Healthcare on The Dark Web.
We all know that compromised health records and other medical information is highly valuable and sought after on the Dark Web. A new study by JAMA helps us conceptualize the volume of medical information for sale, and how much your health records go for on the Dark Web.

The annual data breach tally has increased every year since 2010 (except for 2015). The median number of records accessed per breach: 2,300. The mean number of records accessed per breach: 84,456. With patient records selling on the Dark Web for $300 – $500, hackers could make close to $700,000 ($690,000) by breaching an organization that stores medical information.

Who in the healthcare sector was hit the hardest?

  • Healthcare providers: 1,503 data breaches or 37.1 million records
  • Health plans: 278 data breaches or 110.4 million records

Be careful where you allow your medical records to be stored!
https://www.hcanews.com/news/yes-healthcares-data-breach-problem-really-is-that-bad