The Week in Breach December 13, 2018

 

This week, Quora was breached, and common breach mistakes are discussed.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (55%)
Top Compromise Type: Domains
Top Industry: High- Tech & IT
Top Employee Count: 11-50 employees (32%)


United States – Quora 

https://www.nytimes.com/2018/12/04/technology/quora-hack-data-breach.html
https://blog.quora.com/Quora-Security-Update

Exploit: Unclear at this time.
Quora: A popular question and answer site that boasts 300 million monthly active users.

correct severe gauge Risk to Small Business: 2.333 = Severe: People are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.
correct moderate gauge Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: Quora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States – Humble Bundle
https://www.scmagazine.com/home/security-news/humble-bundle-breach-could-be-first-step-in-wider-attack/

Exploit: Credential Stuffing.
Humble Bundle: Humble Bundle, Inc. is a digital storefront for video games, which grew out of its original offering of Humble Bundles, collections of games sold at a price determined by the purchaser and with a portion of the price going towards charity and the rest split between the game developers.

correct severe gauge Risk to Small Business: 2.333 = Severe: The breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
correct moderate gauge Individual Risk: 3 = Moderate: No information directly related to the individual has been compromised other than the subscription status of users.

Customers Impacted: A “very limited” number of people.
How it Could Affect Your Business: This breach is a good lesson in how it is important to report any breach, as this seemingly minor breach is most likely the first step in a spear phishing campaign.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

DNA For Pay
The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.

https://www.telegraph.co.uk/news/2018/12/05/nhs-storing-patients-genetic-data-high-security-army-base-due/

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A Note for You:

Be Ready for The Breach
Since Marriot International was breached, it has been hit with two lawsuits that claim the organization delayed the breach disclosure and weren’t transparent. How an organization handles a breach makes a significant impact on public opinion and customers trust. An organization that is seen to be forthcoming, transparent, and honest to their customers is much less likely to see a serious migration of customers.

Here are some common mistakes made when reporting breaches:

  • Not having a plan – Not being prepared for a breach can lead to a panicked, unorganized response that is half-baked. Just like every organization should have a fire response plan, every organization should have response procedures in place for a breach.
  • Downplaying the incident – Your customers deserve to know if they are at risk. Also downplaying the incident is likely illegal.
  • Delaying disclosure – Delaying disclosure can compromise the trust of your customers and may be illegal.
  • Oversharing / Under sharing – Sharing too much information can lead to bad actors taking note of the vulnerability and can put other organizations at risk. Sharing too little information can leave your customers at risk.
  • Not contacting the authorities – Involving law enforcement is free and can help significantly with the investigation.

https://www.darkreading.com/attacks-breaches/7-common-breach-disclosure-mistakes/d/d-id/1333401?image_number=1

https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis

Advertisements

This Last Week in Breach

 

This week, Amazon experienced technical issues, and cybersecurity culture isn’t where it needs to be in 95% of organizations.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Manufacturing
Top Employee Count: 11-50 employees (36%)


Global Breach – Amazon
https://www.theregister.co.uk/2018/11/21/amazon_data_breach/

Exploit: Technical error.
Amazon: Online shopping behemoth. Amazon is based out of Washington in the United States.

correct severe gauge Business Risk: 2.333 = Severe: Customers get concerned when they receive an email that informs them that their data has been disclosed, and despite the problem being a technical issue rather than an external actor hacking into the network, the image of the organization is still tarnished.
correct moderate gauge Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks. When people are addressed by their name or if there is any personal info in a phishing email, it is more likely to opened.

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: The severity of this breach is not the most damaging part, contrary to most breaches. In fact, the most damaging part of this breach has been Amazon’s poor transparency which causes speculation and paints the organization in a very negative light. The behavior of the company indicates that if a seriously damaging breach were ever to occur, they would not be transparent to their customers.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States – Make-A-Wish Foundation

https://threatpost.com/cryptojacking-attack-targets-make-a-wish-foundation-website/139194/

Exploit: Crypto jacking.
Make-A-Wish Foundation: Non-profit that arranges for children with critical illnesses to have experiences they would not be able to otherwise.

correct severe gauge Business Risk: 2.333 = Severe: The negative public image associated with being breached does not give a break to even the most just of causes, non-profit or for profit. Those who have visited the Make-A-Wish foundation international site have been lending CPU power to mine for cryptocurrency which will deter visitors in the future.
correct moderate gauge Individual Risk: 3 = Moderate: No information related to the individual has been compromised.

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: While the personal data of customers was not accessed or breached, the site itself has been stealing CPU power from those visiting the site in order to mine cryptocurrency. This would affect how many customers would use a site, and also is a prime example that non-profit organizations are not immune to being targeted by hackers.

ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

Dark Web Down 

One of the largest hosting services for Dark Web sites has been hacked, with devastating results to the sites that used the service. 100% of the accounts hosted by Daniel’s Hosting were deleted, including the root account. Over 6,500 Dark Web sites were hosted by the service and it is unlikely they will see their data again.
https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e

National Computer Security Day is Upon Us 

Friday the 30th of November is National Computer Security Day, and the perfect chance for you to convey what it means for your clients to have good cyber hygiene! Offering tips makes both of your jobs easier. Starting this conversation not only shows your expertise as their MSP but it gives clients real examples of how your other security services will protect their network and pair well in their current security stack.



Do It for The Culture
According to a report by ISACA, 95% of organizations find there is a gap between their desired culture surrounding cybersecurity and what their culture actually looks like. This is concerning, especially because 87% of those surveyed said that their organization would be more profitable if their cybersecurity culture improved.

What is causing this gap? A variety of factors come into play, including a lack of understanding on the part of leadership, lack of funding, and a lack of employees respecting the cybersecurity procedures.

With the holidays approaching and employees shopping across the web, now is the perfect time to reinforce cybersecurity culture at your organization. A breach on a popular retail site could lead to a breach within your organization if employees use the same passwords at work and home.

http://www.isaca.org/SiteCollectionDocuments/Cybersecurity-Culture-INFOGRAPHIC.pdf

The Week In Breach

 

Social Graphic_3.png (1200×627)

This week, medical data is on the menu for hackers.

Dark Web Data Trends 

  • Total Compromises: 2,368
  • Top PIIs compromised: Domains (2,366)
    • Hashed/Cleartext Passwords (36,617)
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

United States – NorthBay Healthcare Corporation

https://news.softpedia.com/news/social-security-numbers-pii-stolen-in-northbay-healthcare-data-breach-523548.shtml
Exploit: Supply chain vulnerability.
NorthBay Healthcare Corporation: A healthcare organization based in Portland, Oregon.
Risk to Small Business:1.666 = Severe: An organization that is unable to secure the data of those applying for a job could scare away potential applicants as well as customers.
Individual Risk: 2.285 = Severe: Those affected by this breach are at an increased risk of identity theft.
Customers Impacted: Those who applied to the organization between 2012 and May 2018.
How it Could Affect You: A supply chain breach can damage customer trust in an organization, and while NorthBay Healthcare is offering identity monitoring services for those affected, it will not undo what has already happened.
ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach like this one.
Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Girl Scouts of America

https://cyware.com/news/girls-scouts-got-hacked-and-the-personal-data-of-2800-members-compromised-8f63f56a
Exploit: Compromised email account.
Girl Scouts of America: The preeminent leadership development organization for young girls in the United States.
Risk to Small Business:1.667 = Severe: A breach that exposes medical history can foster distrust between a customer and an organization.
Individual Risk: 2 = Severe: Those affected by this breach are at an increased risk for identity theft and fraud.
Customers Impacted: 2,800 members.
How it Could Affect Your Business: This breach could damage the reputation of any business or organization, and in this case could push away current members of the organization and scare away new potential members.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Facebook’s Folly
Private messages between Facebook users are for sale, and there’s no shortage. 81,000 users’ private messages were accessed by a hacker who is now attempting to sell them, some for as low as 10 cents per account. Facebook has been ravaged by hacks over the last year, and the social media juggernaut appears to still be having trouble keeping their customers’ data safe.
https://www.bbc.com/news/technology-46065796

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


 

Hackers are Bundling Up This Fall.
Well, it’s nearing the end of the year. You know what that means: it’s time for the ‘best of 2018’ collections to start coming out. One category is Best Movies of 2018… personally, I think The Incredibles 2 is at the top of that list. Another category is Best of Ransomware. Yes, there is a ‘best of the year’ collection for cybercriminals. To the surprise of no one, the ransomware collection is being sold on the Dark Web, but there are many surprising elements to the bundle.

First off, the fact that the year’s most dangerous ransomware variants are being sold as a package deal at a reduced price should show the… professionalism… of the Dark Web marketplaces, as strange as it is to use that word to describe cybercriminals. This crime-as-a-service model is nothing new, but this bundle is undoubtedly a step above the norm. There are 23 ransomware variants included in the bundle, including SamSam. Yes, the notorious SamSam ransomware is included in the bundle. If you don’t know what SamSam is, it is a variant of ransomware that is infamous because of the high-profile targets it has been used against and because until now, it was under lock and key deployed only by a highly specialized group.

This bundle is not for inexperienced hackers, however, which would be worse than the current situation. An unskilled hacker would find difficulty putting most of the bundle to use. The bundle will be removed from the marketplace after sold 25 times, according to the seller, although it is unclear why this is the case. Don’t let one of the hackers who buys this bundle use it against your business!

https://www.zdnet.com/article/giant-ransomware-bundle-threatens-to-make-malware-attacks-easier-for-crooks/

 

Want some help?

 

Get a Free Dark Web Scan of your Business Domain

Get a Free Tool Kit- Phish Prone Test, Domain Spoof Test, Weak Password Tool and more!


The Week in Breach: 10/20/18 – 10/26/18

Halloween Breaches

Germany and Hong Kong get highlighted in this edition of The Week in Breach.

Dark Web ID Trends:

  • Total Compromises: 37,290
  • Top Source Hits: Website (36,618)
    • Disqus.com (36,618)
  • Top PIIs compromised: Domains (37,253)
    • Hashed/Cleartext Passwords (36,617)
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

Hong Kong – Cathay Pacific Airways
https://www.reuters.com/article/us-cathay-pacific-cyber/cathay-pacific-flags-data-breach-affecting-94-million-passengers-idUSKCN1MY26L
Exploit: Unclear at this time.
Cathay Pacific Airways: Hong Kong-based international airline.
Risk to Small Business: 1.666 = Severe: Customers are not soon to forget the company that failed to secure their data and waited several months to acknowledge their breach.
Individual Risk: 2.285 = Severe: Individuals affected by this breach are at a higher risk of credit card fraud and should contact their card issuer, cancel their cards immediately, and enroll in a credit monitoring service, if provided.
Customers Impacted: 9.4 million.

How it Could Affect Your Business
For any organization, a breach where the hacker obtained payment information is a customer relations disaster. A breach where almost 9.5 million customers were affected would scale this disaster up to match.

ID Agent to the Rescue:
  Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Germany – Wolf Intelligence
https://motherboard.vice.com/en_us/article/vbka8b/wolf-intelligence-leak-customer-victim-data-online
Exploit: Exposed database.
Wolf Intelligence: German-based spyware startup.
Risk to Small Business: 1.666 = Severe: A breach caused by negligence is hard to explain to a customer, which would affect the amount of time it would take to regain trust.
Individual Risk: 2.142 = Severe: Because the data exposed was highly personal, including phone conversations and texts, those affected by this breach are at a higher risk of identity theft.
Customers Impacted: 20 gigabytes of data exposed, it is unclear how many customer’s data existed within that.

How it Could Affect Your Business: An organization in the spyware industry will obviously take a SEVERE hit to their reputation, but any company would suffer the embarrassment of the founder leaving scans of his credit cards exposed on the internet.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:
Repair Your Phone Yourself:
It is now legal to break Digital Rights Management in order to repair your phone, following a ruling at the US Copyright Office. This is big news for third-party phone repair shops, as well as the repair businesses of many other products such as cars, tablets, refrigerators and even tractors. Go ahead and crack that old broken iPhone open to fix it yourself! Well… try to fix it at your own risk, but now you have the option.

https://www.zdnet.com/article/need-to-fix-an-iphone-or-android-device-you-can-now-break-drm-under-new-us-rules/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!



Ransomscare.
There was an article that came out this week written by the previous CIO of the New York City Law Department (which is also the world’s largest public sector law firm, fun fact), discussing the best ways to avoid ransomware. In the article he discussed 3 key points:

1.Cyber Hygiene: This is an obvious one but cannot be underrated! Passwords must be changed regularly, and everyone must remain diligent while browsing their inbox.

2. Best practices: Best practices in this context covers updating existing tech, using preventative technologies, and communication. To have the best practice for updating existing tech, put a priority on pushing out patches, use cloud web application firewalls and credential monitoring to stay a step ahead with preventative tech, and communicate with your security team and employees about what they should be doing as individuals and as a team.

3. Testing disaster recovery plans: This point is self-explanatory, you need a test to see if your backup plans work. You wouldn’t leave the fire alarms untested!

With ransomware being seen all over the world from Atlanta to Moscow to Sydney, it is something every business should take into account.
https://www.darkreading.com/cloud/3-keys-to-reducing-the-threat-of-ransomware/a/d-id/1333113

 

Would you like a free report on your corporate domain credentials exposed on the Dark Web?

The Week in Breach

Data Breach October 25

 

This week Tumblr was breached and we explore Dark Web job postings.

Dark Web ID Trends:

Total Compromises: 3,767
Top Source Hits: ID Theft Forum (1,429)
Top PIIs compromised: Domains (3,761)
Clear Text Passwords (876)
Top Company Size: 11-50
Top Industry: Business & Professional Services and Finance & Insurance

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Disqus
https://thehackernews.com/2017/10/disqus-comment-system-hacked.html
Exploit: Exposed Database
Disqus: A network community platform that allows users to blog or comment on other company’s websites. It can be installed as a plug-in or drop-in code. Disqus collects user data on the back end and allows companies to use this information for customer analytics, etc…
Risk to Small Business: 2.4444 = Severe: Although roughly 1/3 of the 17.5 million records compromised involved passwords, they happened to be salted/hashed. The company also discovered and announced the breach in a quick manner and notified the affected customers.
Individual Risk: 2.4286 = Severe: Those affected by this breach will be at a high risk of identity theft.
Customers Impacted: 5.8 million
How it Could Affect Your Customers’ Business: The breach involved a large number of customers; however, the database was from 2012 and most credentials could have already been changed. While this is damaging to Disqus’ reputation, they followed protocol and demonstrated how to do breach disclosure the proper way.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs

United States – Tumblr
https://www.bleepingcomputer.com/news/security/tumblr-fixes-security-bug-that-leaked-private-account-info/
Exploit: Bug.
Tumblr: A popular blogging website.
Risk to Small Business: 2 = Severe: While Tumblr deserves some credit for 1. Having a bug bounty program that resulted in catching this bug, and 2. Fixing the bug in less than 12 hours after it was discovered, many customers will not appreciate their personal information being leaked and will react accordingly. Tumblr’s timely response, disclosure of the breach, and its bug bounty program will likely reduce the impact on the business significantly.
Individual Risk: 2.714 = Moderate: Email addresses were leaked so those affected by the breach are at a higher risk of spam.
Customers Impacted: All of the ‘recommend blogs’ shown on Tumblr.
How it Could Affect Your Business: A breach that exposes user information is always going to have a negative effect on business, but every organization should take a page out of Tumblr’s book here regarding their response to the event and how they discovered it. Customers lose trust in businesses that mishandle their information, but they also respect when a company is making a serious effort to locate vulnerabilities and can handle a problem when it arises with swift action.

In other news:
When the Dating App Stands You Up
A dating app called Donald Daters was discovered to be exposing all user information on the open internet… including personal messages. The app’s goal is to help single Donald Trump supporters connect with one another, but instead exposed all that used it. The hacker that accessed the database was able to “collect profile data, including names, photos, personal messages, and the digital access tokens to log into their accounts.” The hacker also can delete the app’s data. Watch out where you put your personal information, people!
https://in.pcmag.com/news/126298/trump-themed-dating-app-found-leaking-users-private-chats

The Dark Web Monster
When looking for a job, usually you would check one of the many job hunting sites you see in commercials or circle ads in newspapers (at least at one point you did). Some people do something very similar… but on the Dark Web searching for an illicit job. Many job postings on the Dark Web seem like normal job ads. But when you look closer you will notice that advert for a driver not only needs the person to drive but also transport drugs. The driver would make $1,000 for a week of work, not including the living expense compensation. One of the more lucrative opportunities on the Dark Web job market is the corporate insider. The most common target is financial employees who, in one example, are offered $3,150 to get a loan or increase cash withdrawal limits on a card. Postal workers are also targeted to steal packages.

The Dark Web is lucrative for those willing to risk their job and possibly their freedom for money. Be careful of both insiders and the wide array of illicit software sold there.
https://www.darkreading.com/threat-intelligence/inside-the-dark-webs-help-wanted-ads/d/d-id/1333066

The Week In Breach

Passport Dar kWeb

Trends in data found on the Dark Web this week:

  • Total Compromises: 24,968
  • Top Source Hits: ID Theft Forum
  • Top PIIs compromised: Domains
    • Clear Text Passwords (24,884)
  • Top Company Size: 11-50
  • Top Industry: Construction and Engineering

Canada – Altima Telecom
https://techcrunch.com/2018/10/01/altima-telecom-server-flaw-customer-data-exposed/
Exploit: SQL injection attack.
Altima Telecom: Serving Montreal and Toronto, Altima Telecom is one of the largest independent Canadian internet service providers.
Risk to Small Business: 1.555 = Severe: As the risk score shows, this is a severe breach that could deal major damage to any organization. Payment info exposure is a particularly significant deterrent for customers looking to do business.
Individual Risk: 2.142 = Severe: Those affected by this breach are at an increased risk for identity theft and spam.
Customers Impacted: All of Altima Telecom’s customers.
How it Could Affect Your Business: Not only was all the organization’s customer data exposed by this breach, but the affected data was highly sensitive. This would sever trust between the customer and the organization, which could take a significant time to rebuild.
ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Apollo
https://cyware.com/news/hackers-hit-apollo-stealing-database-containing-200-million-contact-records-d9c87501
https://techcrunch.com/2018/10/01/apollo-contacts-data-breach/
Exploit: Unclear at this time.
Apollo: New York-based sales engagement startup.
Risk to Small Business: 2 = Severe: This could deal a significant blow to an organization’s ability to retain customers.
Individual Risk: 2.428 = Severe: The customers affected by this breach will be at a higher risk for spam due to the nature of the data accessed.
Customers Impacted: 200 million.
How it Could Affect Your Business: A breach that exposes such a large number of customers will garner media attention and erode customer trust significantly.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:
The Chinese Chip
China was able to infiltrate US companies and governmental agencies with a simple but effective supply chain attack. The attack was discovered after Amazon had a third party examine the hardware of the servers they purchased from another American company that manufactures their servers in China. The company discovered a microchip on the servers that allow for attackers to make stealth doorways on their network. Hardware attacks are rarer and more difficult to execute than software attacks, but with China making 90% of the world’s PCs, they are in a good position to continue using hardware to infiltrate organizations across the world.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show


Planning your next vacation may have just gotten weird… 

Where should I go? This is a normal question one thinks about when planning a trip. Should I go to white sandy beaches or breathtaking mountains?
When should I go? Do I visit family during the holidays, or do I plan a summer getaway?
Who should I be? This question is asked much less, but maybe more than you think. A recent study has uncovered startling secrets surrounding the passport market on the Dark Web!

  • The average cost of a passport scan on the Dark Web is $14.71.
  • Australian passport scans are the most common, but the average cost is the most expensive at $61.27.
  • The average price of a real physical passport is $13,567, while a counterfeit physical passport is just under $1,500 ($1,478).

The Dark Web is a place where black markets and illicit activity reign. In the depths of the Dark Web, identities are traded regularly and for a low price, so why leave the unknown unchecked? With Spotlight ID, know that your identity is safe even from the darkest corners of the Dark Web.
https://www.comparitech.com/blog/vpn-privacy/passports-on-the-dark-web-how-much-is-yours-worth/

This Week in Breach September 18 2018

This week an Australian Mint was breached, as well as an airline from the UK. While searching for user credentials on the Dark Web, our team collects statistics on a wide variety of variables related to the data we unearth. The trends we see have been kept in house…until now. Introducing the newest addition to This Week in Breach:

Trends in data found on the Dark Web this week:

  • Top Source Hits: ID Theft Forums (8,534)
  • Top PIIs Compromised: Clear Text Passwords (8,460)

Australia – The Perth Mint
http://www.abc.net.au/news/2018-09-08/perth-mint-data-breach/10217258
Exploit: Under investigation.
The Perth Mint: The Online Depository of The Perth Mint that was breached allows users to buy and sell precious metals.
Risk to Small Business: Severe: A breach with sensitive data such as account information can deal a significant blow to customer trust.
Individual Risk: Severe: The victims of this breach are at risk of identity theft.
Customers Impacted: 13.

How it Could Affect Your Customers’ Business: The Mint was breached via a third – party provider. The breach was contained to customers of their online depository, and the organization has confirmed that all investments held at the mint are secure.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs

Average: 2.22 = Severe*
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk

*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United Kingdom – British Airways
https://www.wired.com/story/british-airways-hack-details/
Exploit: cross-site scripting.
British Airways: A UK based airline.
Risk to Small Business: Severe: This was a targeted breach by a group that is linked to the Ticketmaster breach, the extent and type of data accessed could erode customer trust
Individual Risk: Severe: Those affected by this breach have a much higher risk of identity theft.
Customers Impacted: 380,000 payment cards.

How it Could Affect Your Customers’ Business: This was a targeted breach by a group that is linked to the Ticketmaster breach, dubbed ‘Magecart’ by researchers that is known for credit card skimming on the web. The attack was tailored specifically to British Airways infrastructure and shows a level of sophistication to the attack group and leads researchers to believe the group is increasing their efforts.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs

Average: 2 = Severe*
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk

*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:
Bluetooth Bite  Millions of mobile devices  are vulnerable to Bluetooth exploits, with a almost half of the devices being Android phones running older versions of the operating system. This vulnerability can be used to facilitate  ‘Airborne’ attacks, which allow Bluetooth devices to broadcasts malware to other devices in close proximity. This is significant because BlueBorne, a malware exploiting this vulnerability, does not need to pair with a device to infect it… in fact the target device does not even need to be in discoverable mode.

https://www.darkreading.com/attacks-breaches/2-billion-bluetooth-devices-remain-exposed-to-airborne-attack-vulnerabilities/d/d-id/1332815

Search and Destroy
Researchers have noticed an increased presence of malware that assesses the target device before delivering the full payload. This is useful for the attacker because they can now target specific computers. . Customizing the payload delivered by the malware can lead to some very tailored and hard-to-detect exploits. As of now these ‘scouting’ tactics are far from the standard, but it is likely we will continue to see these methods increase in popularity.

https://www.scmagazine.com/home/news/uptick-in-malware-designed-to-size-up-targets-before-launching-full-payload/

Podcasts:

Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show


 

Your Best Bet Is to Vet.
Two thirds of organizations sampled across sectors experienced a software supply chain attack in the last 12 months (Crowdstrike).  The increase in supply chain attacks can be linked to many things, but one of the most significant factors is the fact that cyber security is becoming a priority for organizations across the board. This pushes bad actors to try and find new ways to infiltrate their target.

These attacks often utilize compromised credentials and are widespread, attacking an organization with legitimate software packages to make the attack difficult to detect. One way that businesses can prevent supply chain attacks is better supplier vetting. If an organization can effectively vet their suppliers and hold them to the same cybersecurity standards that they hold themselves, then the chance of an attacker being able to infiltrate the network is significantly reduced. With the right tools and knowledge, supply chain attacks can be made less dangerous or avoided entirely.

https://www.darkreading.com/risk/the-increasingly-vulnerable-software-supply-chain/a/d-id/1332756

 

 

The Week In Breach September 12 2018

The Week In Breach September 12

 

It’s been one bad week for “Spyware” app developers as their customers’ data is leaked for all to see!  It’s not just misconfigured AWS buckets you have to worry about, it’s your misconfigured Tor site that’s not so secure.

Highlights from The Week in Breach:

Tor Vulnerability?
Freedom of Information Act Fail.
iSpy, uSpy… mSpy.

In Other News:

The Mask Comes Off
You may be familiar with misconfigured databases, a common reason for a breach. When setting up a database, the Admin may forget to put a password in place or just create a simple one like 1234. But what you may not have heard of before is a Tor (The Onion Router) site that is misconfigured. That’s right, just like any other website, Tor sites that are misconfigured can expose the hosted public IP address. Because a Tor browser is used for accessing the Dark Web, a part of the web that thrives on anonymity, the exposure of one’s IP address greatly reduces this coveted privacy.
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/

Three is a Crowd
A pair of Russian hackers is causing some serious damage to former Soviet Republic countries’ financial institutions. The group, known as Silence, has stolen $800,000 in just the thefts reported. It is highly likely the group is responsible for other attacks, but because of how new the duo is, and the irregular frequency of their activity, it’s difficult to discern other hacks they may have perpetrated. The organization has access to unique, advanced malware, and demonstrates great knowledge about ATMs and the inner workings of banks. This leads researchers to believe that at least one of the two is an insider or only recently left the security industry.
https://www.darkreading.com/attacks-breaches/silence-group-quietly-emerges-as-new-threat-to-banks/d/d-id/1332742

Podcasts:

Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


United States – United States Government (Freedom of Information Act Web Portal)

Exploit: Exposed database.
Risk to Small Business: HighAn exposure such as this can taint an organization’s reputation for an extended period.
Individual Risk: Extreme: The nature of the data exposed leaves those affected vulnerable to identity theft.
Freedom of Information Act Web Portal: foiaonline.gov is the website the United States government uses to process inquiries related to the Freedom of Information Act, an act that allows Americans to request information that the state has associated with them.
Date Occurred/Discovered: August 2018
Date Disclosed: September 4, 2018
Data Compromised:

  • Social Security Numbers
  • Date of birth
  • Immigrant identification number
  • Addresses
  • Contact details
  • Description of crime perpetrated against victim
  • Victims of identity theft had their SSN exposed

Customers Impacted: Unclear, dozens to hundreds.
https://edition.cnn.com/2018/09/03/politics/foia-revealed-social-security-numbers/index.html

United States – Family Orbit
Exploit: Weak password on database.
Risk to Small Business: HighA company that sells spyware to parents, exposed pictures of their kids on the internet, which will likely have catastrophic effects on their business.
Individual Risk: Moderate: The data by itself is not harmful but is pretty creepy. However, in use with other data accessible through the Dark Web, advanced spear phishing campaigns could be launched using the exposed data.
Family Orbit: A spyware application for parents to monitor their children.
Date Occurred/Discovered: August 2018
Date Disclosed: September 4, 2018
Data Compromised:

  • Pictures
  • Videos
  • Screenshots of developer desktops
    • Passwords
    • ‘other secrets’

Customers Impacted: Hundreds, 281 gigabytes of pictures and videos were exposed.
https://motherboard.vice.com/en_us/article/ywk8gy/spyware-family-orbit-children-photos-data-breach

https://securityaffairs.co/wordpress/75888/data-breach/family-orbit-hacked.html

United Kingdom – mSpy
Exploit: Exposed database.
Risk to Small Business: High: While a breach of this size with such sensitive information would normally cripple a company, this is actually mSpy’s sophomore breach, with the first happening in 2015 when similar information was leaked onto the Dark Web.
Individual Risk: High: The data that was exposed was both financial and very personal, and could be used for highly-targeted phishing attacks.
mSpy: A company that sells a software as a service product which spies on mobile devices of the customer’s kids or partner.
Date Occurred/Discovered: August 30, 2018
Date Disclosed: September 4, 2018
Data Compromised:

  • Passwords
  • Call logs
  • Text messages
  • Contacts
  • Notes
  • Location data
  • Names
  • Email addresses
  • Mailing addresses
  • Amount paid
  • Apple iCloud username
  • Whatsapp messages
  • Facebook messages

Customers Impacted: Millions.
https://krebsonsecurity.com/2018/09/for-2nd-time-in-3-years-mobile-spyware-maker-mspy-leaks-millions-of-sensitive-records/


Malwhat?
The Fortinet Q2 Threat Landscape Report is out, and with it, a load of new statistics that really show how at-risk most businesses are, even if they don’t realize it. Here are some of the most alarming malware statistics: 

  • There have been 23,945 unique variants of malware recorded this quarter.
  • On average there are 13 unique daily detections per firm.
  • There were 6 variants of malware that spread to more than 10% of firms.

Malware development is not slowing down, but it is changing. ‘Malware as a service’ is a popular model for the developers of the malicious programs. New types of malware such as ‘cryptojackers’ that mine cryptocurrency on the victim’s computer, or ransomware that extorts businesses, have become commonplace. The threat landscape is always changing, which is why it is important for every organization of every shape and size to have robust cyber security.
https://www.fortinet.com/blog/threat-research/threat-landscape-report–virtually-no-firm-is-immune-from-severe.html

The Week In Breach: August 22 to August 29 2018

A slow, but troubling week to say the least!  Phishing and compromised databases still rule the day. This Week in Breach highlights incidents involving a New York-based gaming developer, medical data held by a University, and the disclosure of sensitive data held by a popular babysitter application.

Is Breaking Bad?
A German company by the name of Breaking Security has been up in arms about the use of their legitimate software named Remcos (Remote Control and Surveillance). Remcos is used for managing Windows systems remotely and is increasingly being used by hackers for malicious attacks known as Remote Access Trojan (RAT). The question is, however… are they telling the truth? Researchers have uncovered that the product sold by the company is widely advertised on Dark Web hacking forums and it seems that not only does the organization know that this is happening, they are encouraging it. Breaking Security has strongly stated that any license linked to malicious hacking campaigns are revoked, yet still, many hacking campaigns continue to use the service.
https://www.darkreading.com/attacks-breaches/attackers-using-legitimate-remote-admin-tool-in-multiple-threat-campaigns/d/d-id/1332631

Not So Private Messages
In May, the popular live streaming service, Twitch, exposed user’s private messages because of a bug in their code. The Amazon subsidiary disabled the service, which allowed users to download an archive of past messages. When a user requested this archive, the game streaming company accidentally intertwined messages from other users. Twitch has come out and said that this only affected a limited number of users and has provided a link for customers to visit so they can find out if any of their messages were exposed and what the messages were.
https://www.bleepingcomputer.com/news/security/twitch-glitch-exposed-some-users-private-messages/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
IT Provider Network – The Podcast for Growing IT Service
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Small Business, Big Marketing – Australia’s #1 Marketing Show!


United States – Augusta University
Exploit: Email compromise by phishing attacks.
Risk to Small Business: High: This is a significant breach in scale and severity, and due to the sensitive nature of the data compromised the organization will likely face heavy fines.
Individual Risk: Extreme: Individuals affected by this breach are at high risk for identity theft, as well as their medical information being sold on the Dark Web.
Augusta University: Georgia based healthcare network.
Date Occurred/Discovered: September 10, 2017 – July 11, 2018
Date Disclosed: August 20, 2018
Data Compromised:

  • Medical record numbers
  • Treatment information
  • Surgical details
  • Demographic information
  • Medical data
  • Diagnoses
  • Medications
  • Dates of services
  • Insurance information
  • Social Security numbers
  • Driver’s license numbers

Customers Impacted: 417,000
https://cyware.com/news/augusta-university-health-breach-exposes-personal-records-of-over-400k-patients-432de74e

https://www.augusta.edu/notice/message.php

United States – Animoto
Exploit: Undisclosed.
Risk to Small Business: High: A breach of customer trust, especially involving geolocation data, can be highly damaging to a company’s image.
Individual Risk: Moderate: Users affected by this breach are at a higher risk of spam and phishing.
Animoto: New York-based company that provides a cloud-based video-making service for social media sites.
Date Occurred/Discovered: July 10, 2018
Date Disclosed: August 2018
Data Compromised:  

  • Names
  • Dates of birth
  • User email addresses
  • Salted and hashed passwords
  • Geolocation

Customers Impacted: Unclear.
https://techcrunch.com/2018/08/20/animoto-hack-exposes-personal-information-geolocation-data/

United States – Sitter
Exploit: Exposed MongoDB database.
Risk to Small Business: High: Most customers would be uncomfortable with a company leaking data about their kids and when they are left alone with someone who doesn’t live there.
Individual Risk: High: A lot of sensitive personal information was exposed in this breach, much of it unsettling.
Sitter: An app that connects babysitters and parents.
Date Occurred/Discovered: August 14, 2018
Date Disclosed: August 14, 2018
Data Compromised:

  • Encrypted passwords
  • Number of children per family
  • User home addresses
  • Phone numbers
  • Users address book contacts
  • Partial payment card numbers
  • Past in-app chats
  • Details about sitting sessions
    • Locations
    • Times

Customers Impacted: 93,000.

https://www.linkedin.com/pulse/incident-report-no1-babysitter-application-exposure-bob-diachenko/

https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/

Australia – Melbourne High School

Exploit: Negligence.
Risk to Small Business: Extreme: This is a major exposure of sensitive and potentially embarrassing information that could irreparably damage a company’s reputation.
Individual Risk: High: Those affected by the data breach have sensitive information about their personal medical information that is considered highly private and could leave them exposed to identity theft.
Melbourne High School: School in Melbourne.
Date Occurred/Discovered: August 20-22, 2018
Date Disclosed: August 22, 2018
Data Compromised:

  • Medical information
  • Mental health conditions
  • Learning behavioral difficulties

Customers Impacted: 300 students.
https://www.theguardian.com/australia-news/2018/aug/22/melbourne-student-health-records-posted-online-in-appalling-privacy-breach


 


Tick Tock.
The cost of cybercrime is no joke. This is easy to say from the perspective of someone whose business it is to know all about cybercrime trends, attack vectors, and yada, yada, yada.  But to really quantify how big of a problem cybercrime is in the world of business, it is often easier to compare it to day to day things… like a doctor explaining a complicated procedure or a mechanic telling you why your car is making that noise. So today I would like to compare the cost of cybercrime to the most universal understanding that there is… time.

The cost of cybercrime each minute globally: $1,138,888

The number of cybercrime victims each minute globally: 1,861

Number of records leaked globally each minute (from publicly disclosed incidents): 5,518

The number of new phishing domains each minute.21

As you can see, cybercrime buids by the minute.
https://www.darkreading.com/application-security/how-threats-increase-in-internet-time/d/d-id/1332629


This Week in Breach August 10 to August 17 2018

Dark Web Inforgraphic

This week we saw mobile apps making headlines. Tinder was used by a potential spy to unsuccessfully bait military secrets out of an airman and Snapchat’s source code was published on Github. The marketing campaign for the PGA championship has hit a speed bump in the form of a ransomware attack and an Australian hospital specializing in maternal health exposed treatments on the web.

Highlights from The Week in Breach:

  • Samsung Meets Meltdown
  • Snapchat Source Code
  • Think of the Children
  • The PGA is in the Sand Trap

In Other News:

Catfished
A hacker recently tried a new take on an old trick, utilizing the dating app Tinder in a honeypot scheme. The bad actor set out to steal military secrets from the British Royal Air Force, using a compromised RAF airwomen’s dating profile to try and trick a serviceman into revealing the details of the F-35 stealth fighter. The brand-new fighter is the result of a £9 billion project . China and Russia are eager to get their hands on any details they can about the plane. The airwomen realized almost immediately that her account was hacked and informed RAF, who was able to confirm that no information was disclosed, and the airman targeted was not connected to the F-35 program.
https://www.telegraph.co.uk/news/2018/08/05/honeytrap-hacker-attempted-steal-raf-fighter-jet-secrets-using/

Galaxy Meltdown
Samsung phones are not invulnerable to the microchip security flaw known as Meltdown as previously thought. Researchers at an Austrian University uncovered a way to exploit the vulnerability on the popular smartphone. The researchers plan on testing other phones in the future and believe that they will have similar results with other devices. With as much damage as Spectre exploits have done since its discovery, the same kind of exposure in smartphones could wreak havoc.
https://www.irishexaminer.com/breakingnews/business/samsung-galaxy-s7-phones-vulnerable-to-being-hacked-860965.html

Oh Snap!
A hacker got ahold of some of the source code for the popular photo-messaging service Snapchat, publishing the valuable code on Github. The hacker is believed to be from Pakistan and the code has since been taken down by the company. It is likely that the repo contained part of or all of their iOS app but because the code was removed from Github. There is no way to verify the amount of source code published. The validity of the source data is also questionable, but given Snapchats all-caps DMCA request, (seen below) it seems like there’s a good chance the code was the real deal.

“SNAPCHAT SOURCE CODE. IT WAS LEAKED AND A USER HAS PUT IT IN THIS GITHUB REPO. THERE IS NO URL TO POINT TO BECAUSE SNAP INC. DOESN’T PUBLISH IT PUBLICLY.”
https://thenextweb.com/security/2018/08/07/hacker-swipes-snapchats-source-code-publishes-it-on-github/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
IT Provider Network – The Podcast for Growing IT Service
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


 

United States – The Professional Golfers’ Association (PGA)
Exploit: Ransomware.
Risk to Small Business: High: Ransomware is highly disruptive to any organization.
Individual Risk: High: Loss of data and possibly exfiltration of personal information can result from a ransomware attack.
The Professional Golfers Association: A golfing association that hosts the PGA Championship.
Date Occurred/Discovered: August 7, 2018
Date Disclosed: August 9, 2018
Data Compromised:

  • Creative material for the PGA Championship
    • Promotional banners
    • Logos
    • Digital signage
  • Creative material for the Ryder’s Cup in France
    • Abstracts of logos

Customers Impacted: With the PGA championship around the corner, this breach could affect golf fans all over the country.
https://cyware.com/news/pga-of-america-hit-by-ransomware-attack-days-before-championship-e16f53a7

Mexico – Hova Health
Exploit: Exposed the MongoDB database.
Risk to Small Business: High: Carelessness with customers’ sensitive data can cause irreparable damage to an organizations image.
Individual Risk: High: The information exposed on the internet could be used in identity theft.
Hova Health: Technology company that services the Mexican health care sector.
Date Occurred/Discovered: August 2018
Date Disclosed: August 7, 2018
Data Compromised:

  • Name
  • Gender
  • Date of birth
  • Insurance information
  • Disability status
  • Home address

Customers Impacted: 2 million individuals.
https://www.bleepingcomputer.com/news/security/health-care-data-of-2-million-people-in-mexico-exposed-online/

Australia – The Women’s and Children’s Hospital
Exploit: Negligence.
Risk to Small Business: High: The sensitive nature of the data exposed as well as the scope of the breach will cost the organization the trust of its customers and could possibly result in hefty fines.
Individual Risk: High: The data exposed by the organization could be extremely useful for bad actors to impersonate them, in addition to the high value of personal medical information on the Dark Web.
The Women’s and Children’s Hospital: An Adelaide based health care facility that provides treatment for women, babies and children.
Date Occurred/Discovered: Occurred over the last 13 years
Date Disclosed: August 6, 2018
Data Compromised:  

  • Names
  • Date of birth
  • Test results

Customers Impacted: 7,200 individuals.
https://cyware.com/news/7200-womens-and-childrens-hospital-patient-records-test-results-exposed-online-for-13-years-1d384ef4

United States – Comcast
Exploit: Web vulnerability.
Risk to Small Business: High: The loss of customer trust and the expense of providing identity monitoring for the affected individuals could damage any organization.
Individual Risk: High: Key data needed for identity theft was exposed.
Comcast: One of the United States largest cable providers.
Date Occurred/Discovered: August 2018
Date Disclosed: August 8, 2018
Data Compromised:

  • Social Security Numbers
  • Partial home addresses

Customers Impacted: 26.5 million individuals.
https://www.buzzfeednews.com/article/nicolenguyen/a-comcast-security-flaw-exposed-millions-of-customers



Go Phish.
Phishing emails have evolved far past the misspelled words and suspicious email addresses that most people use to help judge the validity of an email. The phishing email of today can look like an exact copy of the communications coming from the imitated company. With the constant PII saturation of dark web, personal details can be added to the phishing email to make it look even more convincing. The malicious emails will continue to get better and more refined, so how do you counter them? The best way to keep your organization safe is by training employees about social engineering attacks, encouraging employees to be skeptical of suspicious emails and to report them, and utilizing technologies such as an antivirus and simulated phishing awareness training and using constant credential monitoring with Dark Web ID™. A properly executed phishing email could result in a business’s operations suspended due to ransomware, the theft of IP or the exposure of customer data… so why wouldn’t any organization proactively get prepared?