Semper Fi Dan Williams! Pricing Out Cybersecurity: The Cost of Assurance

Dan Williams wrote this amazing piece on Network Security Assurance in CyberDefense Weekly.

Pricing Out Cybersecurity: The Cost of Assurance

Pricing Out Cybersecurity: The Cost of Assurance

By Dan Williams
Contributor, InCyberDefense

Staying one step ahead of threat actors by assessing the state of network security is definitely not a chore for the faint of heart. The activities involved to ensure that our security policy is aligned with pragmatic, emerging threats can be accomplished by either internal security departments or by third-party teams.

When it comes to regulatory compliance, some organizations do not get to choose whether or not they can hire a third-party to test their infrastructure. Achieving minimum standards of compliance has created a “good enough security” culture that leaves organizations exposed to risks that fall well outside what they are prepared to deal with.

Leadership’s desired strategic vision and the operational actuality of their production environments are often two very different things.

Evaluating Peace of Mind

Budgetary constraints are inarguably one of the greatest obstacles to sufficient assessments of the IT infrastructures organizations rely on to support their business. Attempts to justify the cost of an external team to conduct a rigorous assessment often fall on deaf managerial ears.

When executive leadership chooses a reactive security strategy as opposed to a proactive one, it is only a matter of time before a data breach occurs; sometimes the breach results not only in big fines but also a decline in revenue due to clients’ loss of confidence. These post-breach effects will leave any corporate leader thinking that due diligence would have prevented the sudden collapse of the business.

Eventually, even the most expensive security controls fail: Zero-Day exploits are utilized, misconfigured services are circumvented, and humans make mistakes. This is where the importance of detecting a security breach can compensate for anticipated failures of security controls. However, resources may be stretched too thin as they are, so we need a viable solution.

Homegrown Heroes

Adequately training and empowering personnel with the skills necessary to assist in network defense can prevent that next big security incident. Yet, training personnel costs money. This is a great opportunity to remind leadership what famed management consultant Peter Drucker once said, “If you think training is expensive, try ignorance.”

Especially wise words when cybersecurity is the topic. Supporting the idea that “every employee is on the Incident Response team,” extends the range of skills of existing IT personnel.  It also keeps them involved with security efforts and creates a cost-effective solution for organizations when contending with operational risk.

Ultimately, however, deputizing IT personnel as the first line of defense on the cyber battlefield is not going to provide effective results overnight. Hosting tabletop exercises and whiteboard sessions that give personnel a direct perspective into a threat agent’s methodologies can educate those who do not fully understand modern offensive capabilities for compromising networked information systems.

Even when expert guidance in operations that support information security goals is not available, there are activities that can assist less experienced personnel achieve these goals.

Scenario development and incident response training can be conducted using strategies that tie into the tabletop board game market. One example is Black Hills Information Security’s popular Incident Response card game “Backdoors & Breaches.”

Working through the various stages of a security incident while exposing personnel to common techniques, tactics, and procedures (TTPs) can initiate novice IT personnel into a meaningful role as supporting players of an organization’s security strategy.

Start Small, Think Big

An in-house team that performs security testing, as well as monitors for potential breaches, can set it apart from an external third-party. The contextual enrichment of internal personnel adds value to security testing because they know the intimate details and well-worn footpaths of their organization’s infrastructure.

An external engagement that may require these teams to spend weeks or even months conducting assessments can be terribly expensive. This is where knowing the various types of testing methodologies and their benefits come in handy when determining what approach to take.

Often used interchangeably, vulnerability assessments, penetration tests, and Red Team Engagements are three very different methods, each with its specific goals that set it apart from the others. So what are the differences?

Vulnerability Assessment – A wide-scoped, often automated scan of nodes on a network for common vulnerabilities and poorly configured services. This may be an effort to identify:

  • Depreciated or unpatched versions of services
  • Open ports that can allow easy access to a threat actor
  • Default passwords used on administrative accounts
  • Any inadequacies that can be built out into tests in the scan

Vulnerability assessments are the high-level, superficial overviews of the current state of a network, and are meant to be a broad, but shallow attempt at identifying conditions that open an organization to attack.

Penetration Test – A more hands-on way to validate not only discovered vulnerabilities but also the impact they can have in terms of operational risk in a proof-of-concept fashion. Penetration testing goes a step beyond a mere vulnerability assessment, which indicates only vulnerabilities that security teams need to be remediated. By presenting leadership with scenario-driven test cases uncovered through penetration testing increases situational awareness; the test cases display practical threats themselves rather than fear-mongering based on theoretical assumptions.

Red Team Engagement – Even more refined and specific than a penetration test, a Red Team Engagement consists of a group of skilled operators who test the people, processes, and supporting technologies of an environment in an effort to simulate an actual cyberattack. Unlike vulnerability assessments or penetration tests, a Red Team Engagement can test the effectiveness of a security policy from top to bottom. This means challenging the administrative policies in place, the individuals that the organization relies on to carry out their duties, and the systems that provide the backbone of daily operations using a myriad of TTPs to achieve a specific testing goal.

Understanding the differences in these testing types can be a major asset when leadership needs to be convinced of what steps an organization needs to take to improve its security posture from the inside out.

It is also important to understand these testing types when deciding on internal security teams and assessing their reactiveness and effectiveness to threats. Everything in cybersecurity comes at a cost, but satisfactorily training a security team will likely be much less expensive than a companywide cybersecurity breach.

The Week in Breach

 

This week, Dunkin’ faces a 2nd credential stuffing attack, a Canadian photo-sharing platform discovers hack, a French cybersecurity society is compromised and Australian property data is leaked.

Dark Web  Trends:
Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Medical and Healthcare
Top Employee Count: 1 – 10 Employees (94%)


United States – Dunkin’ Donuts

correct severe gauge Exploit: Credential stuffing attack
Dunkin’ Donuts: One of the world’s leading baked goods and coffee chains
>> Read full details on our blog.


United States – Truluck’s Seafood, Steak & Crab House 

correct severe gauge Exploit: Malware injection into point-of-sale (POS) systems
Truluck’s: Houston-based chain restaurant.
>> Read full details on our blog. 


United States – DataCamp

correct severe gauge Exploit: Unauthorized system access
DataCamp: Online learning platform for data science
>> Read full details on our blog. 


Canada – 500px

extreme gauge Exploit: Server hack
500px: Photo-sharing platform 
>> Read full details on our blog. 


Canada – College of Physicians and Surgeons of Saskatchewan

correct severe gauge Exploit: Employee breach
eHealth Saskatchewan: Electronic health record system
>> Read full details on our blog. 


France – CLUSIF

correct moderate gauge Exploit: Human error resulting in data leak
CLUSIF: Paris-based information security society
>> Read full details on our blog. 


Australia – LandMark White

correct severe gauge Exploit: Database leak
LandMark White: Large property evaluation firm
>> Read full details on our blog. 

 

Australia – Optus

correct severe gauge Exploit: Website glitch and phishing
Optus: Telecommunications company seeking to be first-in-market with 5G home broadband service
>> Read full details on our blog. 

 


In Other News:

MyFitnessPal and CoffeeMeetsBagel data go for sale on the Dark Web

After the breach of MyFitnessPal last year involving 150M user accounts, the data has finally been packaged up along with stolen credentials from 15 other websites to be sold on the Dark Web. The asking price? Less than $20,000 in Bitcoin…

Read more


A Note for You:

5 quick and easy tips for updating your data security

It’s safe to say that data breaches are one of the primary threats affecting the ways in which small businesses operate. All industries face the risk of exposing valuable personally identifiable information (PII) or protected health information (PHI). To compound the matter, innovations such as Internet of Things (IoT) become deeply integrated into operations and can create additional risk.

However, to mitigate even the most advanced cybersecurity concerns, we must begin by thinking simple and effective. Here are 5 steps for proactively preventing breaches and protecting your data in the event of a compromise.

Read more

Breach News

This week, a Tampa Bay Credit Union gets spoofed, Canada sees an uptick in data breaches, and HR/Finance employees get caught in the cross-hairs of cybercrime.

Dark Web ID Trends:
Top Source Hits: Domains (99%) 
Top Compromise Type: ID Theft Forums (99%)
Top Industry: High-Tech / IT
Top Employee Count: 11 – 50 Employees


United States – Tampa Bay Federal Credit Union 

correct severe gauge Exploit: Debit card spoofing.
Tampa Bay Federal Credit Union: Financial services provider.
Risk to Small Business: 1.777 = Severe
Customers Impacted: Approximately 3,000, or 10% of all union members.
>> Read full details on our blog.


United States – Black Rock

extreme gauge Exploit: Database leak.
BlackRock: World’s largest asset manager and issuer of exchange-traded funds (ETFs).
Risk to Small Business: 1.777 = Severe
Customers Impacted: Over 12,000 advisers and sales representatives.
>> Read full details on our blog. 


United States- Hanover County 

correct severe gauge Exploit: Click2Gov breach of online payment portal.
Hanover County: Small county in the Commonwealth of Virginia.
Risk to Small Business: 2 = Severe
Customers Impacted: To be determined.
>> Read full details on our blog. 


Canada – Health Sciences North

correct severe gauge Exploit: System infection via zero-day virus.
Health Sciences North (HSN): Academic health science center and hospital.
Risk to Small Business: 2.111 = Severe
Customers Impacted: 
To be determined. 
>> Read full details on our blog. 

Canada – Coast Capital Savings 

extreme gauge Exploit: Phishing, “brute force,” and social engineering fraud.
Coast Capital Savings: Federal credit union headquartered in Surrey.
Risk to Small Business:  2.111 = Severe
Customers Impacted: 140 members. 
>> Read full details on our blog. 


United Kingdom – Newcastle’s Royal Grammar School 

correct severe gauge Exploit: Email spam.
Royal Grammar School (RGS): British independent school located in Newcastle.
Risk to Small Business: 2.111 = Severe
Customers Impacted: To be determined 
>> Read full details on our blog. 


France – Adverline

correct severe gauge Exploit: Magecart attack, also known as web card skimming.
Adverline: Paris-based online advertising company.
Risk to Small Business: 1.888 = Severe
Customers Impacted: To be determined. 
>> Read full details on our blog. 


New Zealand – 9 Websites

correct moderate gauge Exploit: Massive online data breach originating from Collection One.
9 Websites: A consortium of nine company websites that have asked to remain anonymous.
Risk to Small Business: 2 = Severe
Customers Impacted: Unknown.
>> Read full details on our blog. 


In Other News:

An Emerging Target for Data Breaches: HR and Finance Employees
As phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the crosshairs. Historically, such departments have been able to fend off poorly executed phishing campaigns. However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.

Many times, employee data can command a higher price tag on the Dark Web than customer data, since it is more likely to include social security numbers, dates of birth, names of dependents, and other lucrative data that can be used in perpetuity, instead of a one-time payment card fraud. When it comes to phishing attacks, it’s important to remember that human users are the weakest link the security chain.
https://searchhrsoftware.techtarget.com/feature/Phishing-attacks-are-top-employee-data-breach-threat-for-HR

What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A Note

Does anyone actually know how consumers are affected by a data breach?
If you take a peek into a recent newspaper, you’re likely to see the words ‘data breach’ flash across headlines. The conversation surrounding data privacy is becoming increasingly commonplace, yet surprisingly scarce in acknowledging the actual consequences or outcomes for affected consumers. Although we are able to speculate as to what might happen to consumers, we are usually left wondering what actually does.

This void in information results in our entire industry viewing only part of the problem, as we cannot understand the link between the efficacy of security measures and the level of harm caused to end-users. As a sector, we know very little regarding how hackers transform data breaches into financial gain for themselves. What can we do to solve this?

Tapping into the vast resources of law enforcement agencies, large banks, and major card providers. Through collaboration, they can offer financial forensics, fraud detection, and task forces that can help attribute breaches to thefts and fraud. Some would argue that investments and partnerships must be made to acquire such information, but enhancing awareness could be the match that lights the fire, illuminating the path towards global data accountability by consumers and businesses alike.
https://www.americanbanker.com/opinion/consumer-harm-from-data-breaches-is-a-black-box

 

Want to see how exposed you are? We can check your corporate domain for Dark Web breaches!

The Week In Breach

 

United States – Titan Manufacturing and Distribution

correct severe gauge Exploit: System breach through malware attack.
Titan: Retailer for tools, housewares, and household appliances.
Risk to Small Business: 1.555 = Severe
Customers Impacted: Total number to be determined, but 1,838 Washington residents were affected.
>> Read full details on our blog.

 


United States – Managed Health Services of Indiana 

extreme gauge Exploit: Third-party breach via employee email phishing attack.
Managed Health Services (MHS) of Indiana: Healthcare group that manages Indiana’s Hoosier Healthwise and Hoosier Care Connect Medicaid programs.
Risk to Small Business: 1.333 = Extreme
Customers Impacted: Up to 31,000 patients.
>> Read full details on our blog. 


United States- DiscountMugs.com

correct severe gauge Exploit: Injection of card skimming code into website.
DiscountMugs.com: E-commerce website for custom mugs and apparel.
Risk to Small Business: 1.666 = Severe
Customers Impacted: To be determined.
>> Read full details on our blog. 


India – Amazon

correct severe gauge Exploit: Internal technical glitch.
Amazon India: Online shopping site in India.
Risk to Small Business: 2.111 = Severe
Customers Impacted: 
400,000 sellers.
>> Read full details on our blog.


Singapore – SingHealth

extreme gauge Exploit: Initial malware infection coupled with a multi-pronged attack.
SingHealth: Singapore’s largest group of healthcare institutions.
Risk to Small Business: 1.444 = Extreme
Customers Impacted: 1.5M individuals.
>> Read full details on our blog. 


Italy- Maire Tecnimont SpA

correct severe gauge Exploit: Social engineering and business email compromise (BEC).
Maire Tecnimont SpA: Construction engineering company.
Risk to Small Business: 2.111 = Extreme
Customers Impacted: N/A
>> Read full details on our blog. 


Australia – Early Warning Network 

correct severe gauge Exploit: Compromise of login details.
Early Warning Network (EWN): Emergency weather alert system of Australia.
Risk to Small Business: 2.333 = Severe
Customers Impacted: N/A
>> Read full details on our blog. 


Australia – First National 

correct moderate gauge Exploit: Leak by “third-party” recruitment agency, Sales Inventory Profile.
First National: Real estate network.
Risk to Small Business: 2.555 = Moderate
Customers Impacted: 2,000 job applications.
>> Read full details on our blog. 

 


In Other News:

Hyatt will pay hackers to find security vulnerabilities
Hyatt Hotels recently launched a bug bounty program dubbed HackerOne, enabling ethical hackers to report security flaws for rewards up to $4,000. Considering recent card-skimming attacks against the hospitality chain, the innovative platform is designed to “tap into the vast expertise of the security research community to accelerate identifying and fixing potential vulnerabilities”. Other organizations that are following suit and using the platform include Google, Twitter, the US Department of Defense, GitHub, and Qualcomm.

https://www.hotelmanagement.net/tech/hyatt-hotels-launches-bug-bounty-program

What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A Note for You:

Video: Consumers are catching on to the data value exchange game.

Following the Cambridge Analytica scandal, Australia media company, Pureprofile, surveyed consumers to measure perceptions surrounding data use by organizations. Almost half (48%) were concerned about how their data was being used and intended to make changes to their privacy and sharing settings. Surprisingly, 26% of the Australian users surveyed decided to change or close their Facebook account.

When combined with other research on attitudes towards data use, it becomes clear that consumers are growing increasingly aware of the value exchange that occurs with online services, social media, and companies. However, they are not satisfied with how their data is being used and who exactly is using it, signaling a future paradigm shift in the way customers respond to data breaches.

Fostering trust with cyber vigilant customers begins by explaining how you are protecting their data. Consider highlighting your security solutions and outline how customer data is only being used when necessary, and with the intention of improving customer experiences to make their lives easier.

https://which-50.com/video-the-consumer-data-game-is-changing/

Hello 2019, Hello Breaches

This week, it was all fun and games until the Town of Salem game maker got breached, an Irish tram service dealt with ransom, and German politicians were besieged by cyber criminals.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Manufacturing 
Top Employee Count: 11-50 employees (36%)


United States – BlackMediaGames (Town of Salem)

https://www.scmagazine.com/home/security-news/town-of-salem-breach-affects-7-million-accounts/
Exploit: LFI/RFI attack that injected malicious code into database.
BlankMediaGames: Game maker of ‘Town of Salem’.

correct severe gauge Risk to Small Business: 2 = Severe: With a number as high as 7.6M users exposed, this cyberattack has the potential to be game-changing. News broke that DeHashed, a commercial breach indexing service, discovered the successful attack before Christmas and tried alerting the company, but no actions were made to secure the hacked servers and notify users until later on. Cybersecurity experts are claiming that the company’s hashing technique (PHPBB) for securing passwords was relatively weak, meaning that it is only a matter of time until hackers were able to crack them.
correct moderate gauge Individual Risk: 2.428 = Severe: Stolen user data included usernames, email addresses, hashed passwords, IP addresses, and game/forum activities. Payment information or credit card details were not exposed, but compromised information can still be leveraged to gain access to payment details on other similar accounts.

Customers Impacted: 7.6M users of ‘Town of Salem’.
How it Could Affect Your Business: Although BlankMediaGames clarified that it does not handle payment information, users may not fully grasp what this means. When they hear breach, they feel exposed. To further compound the issue, the company admitted that its hashing platform for passwords was not as secure as it could be. Overall, video game services are becoming “low hanging fruits” for cybercriminals due to the emphasis of user experience over security and increasingly growing value of digital “in-game” goods or purchases.
ID Agent to the Rescue: SpotLight ID™ is backed by our $1M identity theft restoration policy, and can help MSPs’ clients proactively protect customers while enhancing overall cyber security awareness. Learn more at:https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

France and Spain – Orange

https://www.zdnet.com/article/over-19000-orange-modems-are-leaking-wifi-credentials/

Exploit: Device vulnerability in modems that reveals Wi-Fi credentials.
Orange: Telecommunications operator that offers a router product.

correct severe gauge Risk to Small Business: 2.333= Severe: Although such an attack can be contained by finding all the hardware products with vulnerabilities, the breach can negatively impact customers and result in the erosion of brand loyalty.
correct moderate gauge Individual Risk: 2.571= Moderate: Such a compromise can be dangerous because it enables hackers to execute on-location proximity attacks, which means they can travel to a company headquarters or home to access a network and then hack into connected devices nearby. Also, Wi-FI passwords might be reused elsewhere, such as the backend administration panel, allowing hackers to control the system infrastructure and create online botnets.

Customers Impacted: 19,500 customers using Orange Livebox modems.
How it Could Affect Your Business: Security vulnerabilities in hardware can be financially catastrophic, as they usually result in expensive patches, product recalls, reinvention, and customer churn.
ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web and can help discover this form of breach before it hits the news cycle. We work with MSP and MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Ireland – Luas

https://www.independent.co.uk/travel/news-and-advice/luas-website-down-dublin-tram-hacked-not-working-data-leak-bitcoin-a8709446.html

Exploit: Website compromise via newsletter hack.
Luas: Light rail system in Dublin.

correct severe gauge Risk to Small Business: 2.111 = Severe: Since the investigation is ongoing, the extent of damage is not determined. However, the hacker responsible for the attack threatened to publish all compromised data if the demanded ransom of 1 bitcoin was not met within 5 days. Currently, no financial information has been exposed, but complete access to a company’s website can result in theft of IP, IT system interference, and entry into sensitive data.
correct moderate gauge Individual Risk: 3 = Moderate: Given that the attack was limited to the 3,226 that signed up for the Luas newsletter and did not include payment details, the threat to individual compromises is relatively low. Nevertheless, it remains to be seen if there will be other repercussions.

Customers Impacted: 3,226 people who signed up for the Luas newsletter.
How it Could Affect Your Business: Situations where ransom is involved can be sticky, since there is no assurance that the hacker will not leak the data even if the ransom is paid. On the other hand, the group or person responsible has threatened to publish all data and send emails to the users, which could cause customers to avoid visiting the website or trusting their payment information with the tram service. Also, the hacker could virtually destroy the website, resulting in the company having to rebuild their entire platform.
ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web, helping reduce the impact of such a breach. See how you can benefit here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Australia – Victorian Government

https://www.abc.net.au/news/2019-01-01/victorian-government-employee-directory-data-breach/10676932

Exploit: Phishing attack on government employee directory.
Victorian Government: State government of Victoria.

correct severe gauge Risk to Small Business: 2.333 = Severe: Even though the stolen directory included work details for 30,000 government employees, the list only contained work emails, job titles, work phone numbers, and in some cases, mobile phone numbers. However, there is the possibility that public servants who were compromised may feel exposed and choose to leave, causing employee turnover.

 

correct moderate gauge Individual Risk: 2.714 = Moderate: Payment and banking information was not compromised, but the compromised information can still be manipulated by hackers to orchestrate future phishing, spam, and social engineering attacks. Those who were affected should remain vigilant in order to protect themselves.

Customers Impacted: 30,000 government employees.
How it Could Affect Your Business: Following last week’s coverage of the Nova Entertainment compromise, it is clear that data breach notifications are piling up in Australia after the introduction of the Notifiable Data Breaches (NDB) scheme. Businesses and consumers alike are beginning to realize the magnitude of breaches that are seemingly benign but can be leveraged to execute complex cybercrime.
ID Agent to the Rescue: Dark Web ID by ID Agent can help proactively monitor stolen employee and customer data, mitigating losses from this breach type. Learn more at: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

German Politicians and Celebrities are Under Attack
Hundreds of German parliament members, most notably Chancellor Angela Merkel, and celebrities are having their personal details leaked in what seems to be a politically motivated cyber-attack. Information including financial details, contact information, private conversations, and more was originally leaked in December on a Twitter account, which was only recently discovered and suspended.

Although six of seven main political parties were among those affected, no members from the far-right Alternative party (AfD) seem to be impacted. Officials are saying that the data could have been obtained by hackers using stolen passwords to log into email accounts, social networks, and cloud-based services.
https://www.bankinfosecurity.com/hackers-leak-hundreds-german-politicians-personal-data-a-11915

What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


How Work-From-Home Can Open Your Business Up to Breach

As the historical debate surrounding work-from-home (WFH) policies continues to reach news headlines, an additional consideration has surfaced: IT security. Home networks in WFH environments can expose your company to security risks, as devices are connected to the internet and can serve as an entry point for hacks.

With the advent of remote working arrangements and rising adoption of smart devices, employees are accessing enterprise software such as cloud-based apps, video conferencing software, and file sharing regularly, resulting in vulnerabilities that black hats can tap into with little to no difficulty.

Of course, this doesn’t necessarily mean you should discontinue your WFH policy. Instead, consider how you can arm your employees with best practices for securing their devices and networks to avoid breach possibilities.
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2019

Week in Breach- last post of 2018

Databreach

This week, Caribou Coffee gets roasted, and memes are being used as code.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (100%)
Top Compromise Type: Domains
Top Industry: Legal
Top Employee Count: 251 – 500 employees (50%)


United States – Caribou Coffee

https://www.zdnet.com/article/caribou-coffee-chain-announces-card-breach-impacting-239-stores/

Below is a link to the notification published by Caribou regarding the affected locations: https://assets.coffeeandbagels-static.com/cariboucoffee/Data-Security-Notice.pdf

Exploit: Compromise of POS systems.
Caribou Coffee: A large coffee chain in the United States.

correct severe gauge Risk to Small Business: 1.777 = Severe: A breach of this magnitude would have a negative impact on any organization for a long time. Around 40% of the company’s locations were affected by the breach, with all cards used during the breach being considered accessed.
correct moderate gauge Individual Risk: 2.428 = Severe: Those affected by this breach are at an increased risk of identity theft. Those who used a credit or debit card at the organization between August 28, 2018, and December 3, 2018.

Customers Impacted: 239 of the organization’s stores were affected by the breach.

How it Could Affect Your Business: Credit card information being accessed is never good for business. Customers tend not to forget the company whose breach resulted in them losing money.

ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.
Learn more:Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United Kingdom – Steelite

https://cyware.com/news/pottery-giant-steelite-international-hit-by-a-massive-cyber-attack-0b640be8

Exploit: Ransomware.
Steelite: A Middleport-based company that manufactures tableware for the hospitality industry.

correct severe gauge Risk to Small Business: 1.888= Severe: The risk to small business in this scenario is very high. Ransomware is becoming more and more prevalent in the cyber-crime scene as it is a low-risk/ high reward attack vector.
correct moderate gauge Individual Risk: 2.571= ModerateIt is unclear if payroll information was accessed, but due to the sensitive nature of the encrypted files, it would be best to be cautious.

Customers Impacted: The employees who work at the organization are the ones at risk.

How it Could Affect Your Business: Payroll information is vital for operating a business, which makes this attack particularly damaging. Many organizations would not have the resources available to rebuild their payroll servers so quickly, which would leave them in a precarious situation.

ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:
Facebook, What Are You Doing?
Facebook continues to let down its users this week… this time by providing user data to a wide variety of large companies for commercial purposes. Some of the companies that took advantage of Facebook’s fast and loose outlook on its customers’ data include Apple, Amazon, Microsoft, Spotify, and Netflix. The information even included private messages between users. When Amazon was asked about how it used the user data Facebook provided them, their official statement stated they used the data “appropriately,” which is not very comforting.

https://www.theverge.com/2018/12/18/18147616/facebook-user-data-giveaway-nyt-apple-amazon-spotify-netflix

What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e



Twitter Memes
Researchers have discovered a malware that is being distributed by hackers, which receives instructions from… memes.

That’s right, this form of malware that targets Windows systems can “capture local screenshots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker.” It also can receive instructions from Twitter memes. This type of communication is known as stenography and hypothetically could be used to instruct many people at once with memes, while surpassing most detection systems.

So, stay frosty this holiday while perusing the interwebs for memes! Make sure all your systems are up to date and your credentials aren’t compromised… better to enjoy this season!
https://www.darkreading.com/threat-intelligence/memes-on-twitter-used-to-communicate-with-malware/d/d-id/1333518

The Week in Breach December 13, 2018

 

This week, Quora was breached, and common breach mistakes are discussed.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (55%)
Top Compromise Type: Domains
Top Industry: High- Tech & IT
Top Employee Count: 11-50 employees (32%)


United States – Quora 

https://www.nytimes.com/2018/12/04/technology/quora-hack-data-breach.html
https://blog.quora.com/Quora-Security-Update

Exploit: Unclear at this time.
Quora: A popular question and answer site that boasts 300 million monthly active users.

correct severe gauge Risk to Small Business: 2.333 = Severe: People are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.
correct moderate gauge Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: Quora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States – Humble Bundle
https://www.scmagazine.com/home/security-news/humble-bundle-breach-could-be-first-step-in-wider-attack/

Exploit: Credential Stuffing.
Humble Bundle: Humble Bundle, Inc. is a digital storefront for video games, which grew out of its original offering of Humble Bundles, collections of games sold at a price determined by the purchaser and with a portion of the price going towards charity and the rest split between the game developers.

correct severe gauge Risk to Small Business: 2.333 = Severe: The breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
correct moderate gauge Individual Risk: 3 = Moderate: No information directly related to the individual has been compromised other than the subscription status of users.

Customers Impacted: A “very limited” number of people.
How it Could Affect Your Business: This breach is a good lesson in how it is important to report any breach, as this seemingly minor breach is most likely the first step in a spear phishing campaign.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

DNA For Pay
The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.

https://www.telegraph.co.uk/news/2018/12/05/nhs-storing-patients-genetic-data-high-security-army-base-due/

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A Note for You:

Be Ready for The Breach
Since Marriot International was breached, it has been hit with two lawsuits that claim the organization delayed the breach disclosure and weren’t transparent. How an organization handles a breach makes a significant impact on public opinion and customers trust. An organization that is seen to be forthcoming, transparent, and honest to their customers is much less likely to see a serious migration of customers.

Here are some common mistakes made when reporting breaches:

  • Not having a plan – Not being prepared for a breach can lead to a panicked, unorganized response that is half-baked. Just like every organization should have a fire response plan, every organization should have response procedures in place for a breach.
  • Downplaying the incident – Your customers deserve to know if they are at risk. Also downplaying the incident is likely illegal.
  • Delaying disclosure – Delaying disclosure can compromise the trust of your customers and may be illegal.
  • Oversharing / Under sharing – Sharing too much information can lead to bad actors taking note of the vulnerability and can put other organizations at risk. Sharing too little information can leave your customers at risk.
  • Not contacting the authorities – Involving law enforcement is free and can help significantly with the investigation.

https://www.darkreading.com/attacks-breaches/7-common-breach-disclosure-mistakes/d/d-id/1333401?image_number=1

https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis

The Week in Breach December 6 2018

This week we report on Marriott’s massive breach, the indictment of those responsible for many SamSam attacks across the U.S., and hackers switching targets.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Finance and Insurance (13%)
Top Employee Count: 11-50 employees (45%)


Global Breach – Marriott
https://www.nbcnews.com/tech/security/marriott-says-data-breach-compromised-info-500-million-guests-n942041
https://www.cnbc.com/2016/09/23/marriott-buys-starwood-becoming-worlds-largest-hotel-chain.html
https://answers.kroll.com/us/index.html
https://www.msspalert.com/cybersecurity-breaches-and-attacks/marriott-starwood-data-breach-pressures-stock/
utm_medium=email&utm_source=sendpress&utm_campaign

Exploit: Supply chain breach.
Marriott: The largest hotel chain in the world, “30 hotel brands now fall under the Marriott umbrella to create the largest hotel chain in the world with more than 5,800 properties and 1.1 million rooms in more than 110 countries. That’s more than 1 out of every 15 hotel rooms around the globe.”

correct severe gauge Risk to Small Business: 1.444 = Extreme: Considering how damaging this breach will be to Marriott, the largest hotel chain in the world, it is safe to say that the ramifications of a breach as severe as this one has the potential to cripple a small business. One of the most damaging parts of this breach is that there has been unauthorized access to the Starwood network since 2014, meaning a bad actor, or group of bad actors, has been siphoning off data for years without being detected.
correct moderate gauge Individual Risk: 2.285 = Severe: Those affected by this breach are at an increased risk of phishing attacks. Identity theft is also a very real possibility due to the amount of information accessed, including passport numbers. The passport numbers alone could fetch a good price on the Dark Web.

Customers Impacted: Approximately 500 million.
How it Could Affect Your Business: The length of time information was being accessed is one of the most damaging parts of this breach, as well as the massive scope. The largest hotel chain in the world has been compromised since 2016 (although Starwood, the compromised subsidiary has been compromised since 2014, Marriott purchased the brand in 2016). Those who were affected by the breach are likely to avoid the chain in the future and those who are not will certainly be more hesitant.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.
Learn more: https://www.idagent.com/identity-monitoring-program

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United Kingdom – Just Urban

https://techcrunch.com/2018/11/27/urban-massage-data-exposed-customers-creepy-clients/

Exploit: Exposed database.
Just Urban: A London-based startup, used for booking massages.

correct severe gauge Risk to Small Business: 2 = Severe: The damage dealt by this breach to a small or new business could stunt the growth of the company and even cause a loss of clients. Some of the data exposed included complaints about clients. While it is important for the employees of a massage company, especially one that goes to a person’s home, to share if a certain client is inappropriate – most organizations could face severe backlash from their customer base if complaints about them surfaced.
correct moderate gauge Individual Risk: 2.714 = Moderate: In some cases, the individuals affected by this breach had complaints about them recorded by the massage therapist. These complaints can be embarrassing, but often times the complaints were in reference to the client’s actions towards the massage therapist. Some of the complaints included: requesting “sexual services from therapist”, with some clients even being marked as dangerous. These complaints were tied to the client’s full name, phone number, postcode and address.

Customers Impacted: 309,000.
How it Could Affect Your Business:  In any organization, the exposure of complaints against customers is highly embarrassing in addition to being bad for business. The reasons why the complaints exist make sense in the context of the organizations operations but is still a damaging blow to the standing of the company with its clients. Most organizations would not have the justification for keeping such complaints on file, and NO organization can justify leaving a database exposed with sensitive business and client information. It could take years for an organization that experiences a breach such as this to recover and regain trust.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go tohttps://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

IranIran SamSam Goes ByeBye
Two Iranian men living in New Jersey were indicted for using the infamous SamSam ransomware to collect over $6million USD (7,981,320.00 CAD, 8,205,990.00 AUD, 5,278,320.00 EUR) and causing over $30 million USD ($39,906,600.00 CAD, $41,029,950.00 AUD, 26,391,600.00 EUR) in damages. SamSam is well known for its targeting of infrastructure, including hospitals. Here is a list of some of the targets during their spree:

City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public?fbclid=IwAR2B58dKjoDQT48LK7EEQwD_Y1TqbGQCqAC9K1YzzO7WYmmor7l8QPj5tZ8

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e



The Evolution of a Phish
A new report has shed light on the fact that not only are email-based attacks on the rise, but they are spreading at an alarming rate. Cyber criminals have been shuffling their decks of targets, as 99% of the most heavily targeted email addresses this quarter are different than those targeted in Q3. The phishing emails now are more likely to show up in the inbox of your marketing, public relations, and human resources departments. The reasoning behind this shift is that these teams have access to information about earnings and employee records. It is important to stay agile in cybersecurity, as cyber criminals are always adapting to find new ways to compromise credentials and hack into organizations.

https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis

This Last Week in Breach

 

This week, Amazon experienced technical issues, and cybersecurity culture isn’t where it needs to be in 95% of organizations.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Manufacturing
Top Employee Count: 11-50 employees (36%)


Global Breach – Amazon
https://www.theregister.co.uk/2018/11/21/amazon_data_breach/

Exploit: Technical error.
Amazon: Online shopping behemoth. Amazon is based out of Washington in the United States.

correct severe gauge Business Risk: 2.333 = Severe: Customers get concerned when they receive an email that informs them that their data has been disclosed, and despite the problem being a technical issue rather than an external actor hacking into the network, the image of the organization is still tarnished.
correct moderate gauge Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks. When people are addressed by their name or if there is any personal info in a phishing email, it is more likely to opened.

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: The severity of this breach is not the most damaging part, contrary to most breaches. In fact, the most damaging part of this breach has been Amazon’s poor transparency which causes speculation and paints the organization in a very negative light. The behavior of the company indicates that if a seriously damaging breach were ever to occur, they would not be transparent to their customers.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States – Make-A-Wish Foundation

https://threatpost.com/cryptojacking-attack-targets-make-a-wish-foundation-website/139194/

Exploit: Crypto jacking.
Make-A-Wish Foundation: Non-profit that arranges for children with critical illnesses to have experiences they would not be able to otherwise.

correct severe gauge Business Risk: 2.333 = Severe: The negative public image associated with being breached does not give a break to even the most just of causes, non-profit or for profit. Those who have visited the Make-A-Wish foundation international site have been lending CPU power to mine for cryptocurrency which will deter visitors in the future.
correct moderate gauge Individual Risk: 3 = Moderate: No information related to the individual has been compromised.

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: While the personal data of customers was not accessed or breached, the site itself has been stealing CPU power from those visiting the site in order to mine cryptocurrency. This would affect how many customers would use a site, and also is a prime example that non-profit organizations are not immune to being targeted by hackers.

ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

Dark Web Down 

One of the largest hosting services for Dark Web sites has been hacked, with devastating results to the sites that used the service. 100% of the accounts hosted by Daniel’s Hosting were deleted, including the root account. Over 6,500 Dark Web sites were hosted by the service and it is unlikely they will see their data again.
https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e

National Computer Security Day is Upon Us 

Friday the 30th of November is National Computer Security Day, and the perfect chance for you to convey what it means for your clients to have good cyber hygiene! Offering tips makes both of your jobs easier. Starting this conversation not only shows your expertise as their MSP but it gives clients real examples of how your other security services will protect their network and pair well in their current security stack.



Do It for The Culture
According to a report by ISACA, 95% of organizations find there is a gap between their desired culture surrounding cybersecurity and what their culture actually looks like. This is concerning, especially because 87% of those surveyed said that their organization would be more profitable if their cybersecurity culture improved.

What is causing this gap? A variety of factors come into play, including a lack of understanding on the part of leadership, lack of funding, and a lack of employees respecting the cybersecurity procedures.

With the holidays approaching and employees shopping across the web, now is the perfect time to reinforce cybersecurity culture at your organization. A breach on a popular retail site could lead to a breach within your organization if employees use the same passwords at work and home.

http://www.isaca.org/SiteCollectionDocuments/Cybersecurity-Culture-INFOGRAPHIC.pdf

The Week In Breach

 

Social Graphic_3.png (1200×627)

This week, medical data is on the menu for hackers.

Dark Web Data Trends 

  • Total Compromises: 2,368
  • Top PIIs compromised: Domains (2,366)
    • Hashed/Cleartext Passwords (36,617)
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

United States – NorthBay Healthcare Corporation

https://news.softpedia.com/news/social-security-numbers-pii-stolen-in-northbay-healthcare-data-breach-523548.shtml
Exploit: Supply chain vulnerability.
NorthBay Healthcare Corporation: A healthcare organization based in Portland, Oregon.
Risk to Small Business:1.666 = Severe: An organization that is unable to secure the data of those applying for a job could scare away potential applicants as well as customers.
Individual Risk: 2.285 = Severe: Those affected by this breach are at an increased risk of identity theft.
Customers Impacted: Those who applied to the organization between 2012 and May 2018.
How it Could Affect You: A supply chain breach can damage customer trust in an organization, and while NorthBay Healthcare is offering identity monitoring services for those affected, it will not undo what has already happened.
ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach like this one.
Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Girl Scouts of America

https://cyware.com/news/girls-scouts-got-hacked-and-the-personal-data-of-2800-members-compromised-8f63f56a
Exploit: Compromised email account.
Girl Scouts of America: The preeminent leadership development organization for young girls in the United States.
Risk to Small Business:1.667 = Severe: A breach that exposes medical history can foster distrust between a customer and an organization.
Individual Risk: 2 = Severe: Those affected by this breach are at an increased risk for identity theft and fraud.
Customers Impacted: 2,800 members.
How it Could Affect Your Business: This breach could damage the reputation of any business or organization, and in this case could push away current members of the organization and scare away new potential members.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Facebook’s Folly
Private messages between Facebook users are for sale, and there’s no shortage. 81,000 users’ private messages were accessed by a hacker who is now attempting to sell them, some for as low as 10 cents per account. Facebook has been ravaged by hacks over the last year, and the social media juggernaut appears to still be having trouble keeping their customers’ data safe.
https://www.bbc.com/news/technology-46065796

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


 

Hackers are Bundling Up This Fall.
Well, it’s nearing the end of the year. You know what that means: it’s time for the ‘best of 2018’ collections to start coming out. One category is Best Movies of 2018… personally, I think The Incredibles 2 is at the top of that list. Another category is Best of Ransomware. Yes, there is a ‘best of the year’ collection for cybercriminals. To the surprise of no one, the ransomware collection is being sold on the Dark Web, but there are many surprising elements to the bundle.

First off, the fact that the year’s most dangerous ransomware variants are being sold as a package deal at a reduced price should show the… professionalism… of the Dark Web marketplaces, as strange as it is to use that word to describe cybercriminals. This crime-as-a-service model is nothing new, but this bundle is undoubtedly a step above the norm. There are 23 ransomware variants included in the bundle, including SamSam. Yes, the notorious SamSam ransomware is included in the bundle. If you don’t know what SamSam is, it is a variant of ransomware that is infamous because of the high-profile targets it has been used against and because until now, it was under lock and key deployed only by a highly specialized group.

This bundle is not for inexperienced hackers, however, which would be worse than the current situation. An unskilled hacker would find difficulty putting most of the bundle to use. The bundle will be removed from the marketplace after sold 25 times, according to the seller, although it is unclear why this is the case. Don’t let one of the hackers who buys this bundle use it against your business!

https://www.zdnet.com/article/giant-ransomware-bundle-threatens-to-make-malware-attacks-easier-for-crooks/

 

Want some help?

 

Get a Free Dark Web Scan of your Business Domain

Get a Free Tool Kit- Phish Prone Test, Domain Spoof Test, Weak Password Tool and more!