The Week in Breach: 10/20/18 – 10/26/18

Halloween Breaches

Germany and Hong Kong get highlighted in this edition of The Week in Breach.

Dark Web ID Trends:

  • Total Compromises: 37,290
  • Top Source Hits: Website (36,618)
    • Disqus.com (36,618)
  • Top PIIs compromised: Domains (37,253)
    • Hashed/Cleartext Passwords (36,617)
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

Hong Kong – Cathay Pacific Airways
https://www.reuters.com/article/us-cathay-pacific-cyber/cathay-pacific-flags-data-breach-affecting-94-million-passengers-idUSKCN1MY26L
Exploit: Unclear at this time.
Cathay Pacific Airways: Hong Kong-based international airline.
Risk to Small Business: 1.666 = Severe: Customers are not soon to forget the company that failed to secure their data and waited several months to acknowledge their breach.
Individual Risk: 2.285 = Severe: Individuals affected by this breach are at a higher risk of credit card fraud and should contact their card issuer, cancel their cards immediately, and enroll in a credit monitoring service, if provided.
Customers Impacted: 9.4 million.

How it Could Affect Your Business
For any organization, a breach where the hacker obtained payment information is a customer relations disaster. A breach where almost 9.5 million customers were affected would scale this disaster up to match.

ID Agent to the Rescue:
  Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Germany – Wolf Intelligence
https://motherboard.vice.com/en_us/article/vbka8b/wolf-intelligence-leak-customer-victim-data-online
Exploit: Exposed database.
Wolf Intelligence: German-based spyware startup.
Risk to Small Business: 1.666 = Severe: A breach caused by negligence is hard to explain to a customer, which would affect the amount of time it would take to regain trust.
Individual Risk: 2.142 = Severe: Because the data exposed was highly personal, including phone conversations and texts, those affected by this breach are at a higher risk of identity theft.
Customers Impacted: 20 gigabytes of data exposed, it is unclear how many customer’s data existed within that.

How it Could Affect Your Business: An organization in the spyware industry will obviously take a SEVERE hit to their reputation, but any company would suffer the embarrassment of the founder leaving scans of his credit cards exposed on the internet.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:
Repair Your Phone Yourself:
It is now legal to break Digital Rights Management in order to repair your phone, following a ruling at the US Copyright Office. This is big news for third-party phone repair shops, as well as the repair businesses of many other products such as cars, tablets, refrigerators and even tractors. Go ahead and crack that old broken iPhone open to fix it yourself! Well… try to fix it at your own risk, but now you have the option.

https://www.zdnet.com/article/need-to-fix-an-iphone-or-android-device-you-can-now-break-drm-under-new-us-rules/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!



Ransomscare.
There was an article that came out this week written by the previous CIO of the New York City Law Department (which is also the world’s largest public sector law firm, fun fact), discussing the best ways to avoid ransomware. In the article he discussed 3 key points:

1.Cyber Hygiene: This is an obvious one but cannot be underrated! Passwords must be changed regularly, and everyone must remain diligent while browsing their inbox.

2. Best practices: Best practices in this context covers updating existing tech, using preventative technologies, and communication. To have the best practice for updating existing tech, put a priority on pushing out patches, use cloud web application firewalls and credential monitoring to stay a step ahead with preventative tech, and communicate with your security team and employees about what they should be doing as individuals and as a team.

3. Testing disaster recovery plans: This point is self-explanatory, you need a test to see if your backup plans work. You wouldn’t leave the fire alarms untested!

With ransomware being seen all over the world from Atlanta to Moscow to Sydney, it is something every business should take into account.
https://www.darkreading.com/cloud/3-keys-to-reducing-the-threat-of-ransomware/a/d-id/1333113

 

Would you like a free report on your corporate domain credentials exposed on the Dark Web?

Advertisements

About Vic Levinson
Telecommunications and IT professional with over 25 years experience in Business Technology Solutions. Specializing in managed technologies solutions : hosted VoIP, cyber security, help desk, remote monitoring and maintenance, cloud work space and - the works. Founded Prime Telecommunications in 1993 and providing business communications solutions. Cloud Applications- everything from hosted network security, hosted Disaster Recovery, hosted printer management, data centers and colocation solutions for businesses.

Comments are closed.

%d bloggers like this: