The Week in Breach December 13, 2018

 

This week, Quora was breached, and common breach mistakes are discussed.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (55%)
Top Compromise Type: Domains
Top Industry: High- Tech & IT
Top Employee Count: 11-50 employees (32%)


United States – Quora 

https://www.nytimes.com/2018/12/04/technology/quora-hack-data-breach.html
https://blog.quora.com/Quora-Security-Update

Exploit: Unclear at this time.
Quora: A popular question and answer site that boasts 300 million monthly active users.

correct severe gauge Risk to Small Business: 2.333 = Severe: People are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.
correct moderate gauge Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: Quora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States – Humble Bundle
https://www.scmagazine.com/home/security-news/humble-bundle-breach-could-be-first-step-in-wider-attack/

Exploit: Credential Stuffing.
Humble Bundle: Humble Bundle, Inc. is a digital storefront for video games, which grew out of its original offering of Humble Bundles, collections of games sold at a price determined by the purchaser and with a portion of the price going towards charity and the rest split between the game developers.

correct severe gauge Risk to Small Business: 2.333 = Severe: The breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
correct moderate gauge Individual Risk: 3 = Moderate: No information directly related to the individual has been compromised other than the subscription status of users.

Customers Impacted: A “very limited” number of people.
How it Could Affect Your Business: This breach is a good lesson in how it is important to report any breach, as this seemingly minor breach is most likely the first step in a spear phishing campaign.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

DNA For Pay
The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.

https://www.telegraph.co.uk/news/2018/12/05/nhs-storing-patients-genetic-data-high-security-army-base-due/

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A Note for You:

Be Ready for The Breach
Since Marriot International was breached, it has been hit with two lawsuits that claim the organization delayed the breach disclosure and weren’t transparent. How an organization handles a breach makes a significant impact on public opinion and customers trust. An organization that is seen to be forthcoming, transparent, and honest to their customers is much less likely to see a serious migration of customers.

Here are some common mistakes made when reporting breaches:

  • Not having a plan – Not being prepared for a breach can lead to a panicked, unorganized response that is half-baked. Just like every organization should have a fire response plan, every organization should have response procedures in place for a breach.
  • Downplaying the incident – Your customers deserve to know if they are at risk. Also downplaying the incident is likely illegal.
  • Delaying disclosure – Delaying disclosure can compromise the trust of your customers and may be illegal.
  • Oversharing / Under sharing – Sharing too much information can lead to bad actors taking note of the vulnerability and can put other organizations at risk. Sharing too little information can leave your customers at risk.
  • Not contacting the authorities – Involving law enforcement is free and can help significantly with the investigation.

https://www.darkreading.com/attacks-breaches/7-common-breach-disclosure-mistakes/d/d-id/1333401?image_number=1

https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis

Advertisements

The Week in Breach December 6 2018

This week we report on Marriott’s massive breach, the indictment of those responsible for many SamSam attacks across the U.S., and hackers switching targets.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Finance and Insurance (13%)
Top Employee Count: 11-50 employees (45%)


Global Breach – Marriott
https://www.nbcnews.com/tech/security/marriott-says-data-breach-compromised-info-500-million-guests-n942041
https://www.cnbc.com/2016/09/23/marriott-buys-starwood-becoming-worlds-largest-hotel-chain.html
https://answers.kroll.com/us/index.html
https://www.msspalert.com/cybersecurity-breaches-and-attacks/marriott-starwood-data-breach-pressures-stock/
utm_medium=email&utm_source=sendpress&utm_campaign

Exploit: Supply chain breach.
Marriott: The largest hotel chain in the world, “30 hotel brands now fall under the Marriott umbrella to create the largest hotel chain in the world with more than 5,800 properties and 1.1 million rooms in more than 110 countries. That’s more than 1 out of every 15 hotel rooms around the globe.”

correct severe gauge Risk to Small Business: 1.444 = Extreme: Considering how damaging this breach will be to Marriott, the largest hotel chain in the world, it is safe to say that the ramifications of a breach as severe as this one has the potential to cripple a small business. One of the most damaging parts of this breach is that there has been unauthorized access to the Starwood network since 2014, meaning a bad actor, or group of bad actors, has been siphoning off data for years without being detected.
correct moderate gauge Individual Risk: 2.285 = Severe: Those affected by this breach are at an increased risk of phishing attacks. Identity theft is also a very real possibility due to the amount of information accessed, including passport numbers. The passport numbers alone could fetch a good price on the Dark Web.

Customers Impacted: Approximately 500 million.
How it Could Affect Your Business: The length of time information was being accessed is one of the most damaging parts of this breach, as well as the massive scope. The largest hotel chain in the world has been compromised since 2016 (although Starwood, the compromised subsidiary has been compromised since 2014, Marriott purchased the brand in 2016). Those who were affected by the breach are likely to avoid the chain in the future and those who are not will certainly be more hesitant.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.
Learn more: https://www.idagent.com/identity-monitoring-program

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United Kingdom – Just Urban

https://techcrunch.com/2018/11/27/urban-massage-data-exposed-customers-creepy-clients/

Exploit: Exposed database.
Just Urban: A London-based startup, used for booking massages.

correct severe gauge Risk to Small Business: 2 = Severe: The damage dealt by this breach to a small or new business could stunt the growth of the company and even cause a loss of clients. Some of the data exposed included complaints about clients. While it is important for the employees of a massage company, especially one that goes to a person’s home, to share if a certain client is inappropriate – most organizations could face severe backlash from their customer base if complaints about them surfaced.
correct moderate gauge Individual Risk: 2.714 = Moderate: In some cases, the individuals affected by this breach had complaints about them recorded by the massage therapist. These complaints can be embarrassing, but often times the complaints were in reference to the client’s actions towards the massage therapist. Some of the complaints included: requesting “sexual services from therapist”, with some clients even being marked as dangerous. These complaints were tied to the client’s full name, phone number, postcode and address.

Customers Impacted: 309,000.
How it Could Affect Your Business:  In any organization, the exposure of complaints against customers is highly embarrassing in addition to being bad for business. The reasons why the complaints exist make sense in the context of the organizations operations but is still a damaging blow to the standing of the company with its clients. Most organizations would not have the justification for keeping such complaints on file, and NO organization can justify leaving a database exposed with sensitive business and client information. It could take years for an organization that experiences a breach such as this to recover and regain trust.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go tohttps://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

IranIran SamSam Goes ByeBye
Two Iranian men living in New Jersey were indicted for using the infamous SamSam ransomware to collect over $6million USD (7,981,320.00 CAD, 8,205,990.00 AUD, 5,278,320.00 EUR) and causing over $30 million USD ($39,906,600.00 CAD, $41,029,950.00 AUD, 26,391,600.00 EUR) in damages. SamSam is well known for its targeting of infrastructure, including hospitals. Here is a list of some of the targets during their spree:

City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public?fbclid=IwAR2B58dKjoDQT48LK7EEQwD_Y1TqbGQCqAC9K1YzzO7WYmmor7l8QPj5tZ8

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e



The Evolution of a Phish
A new report has shed light on the fact that not only are email-based attacks on the rise, but they are spreading at an alarming rate. Cyber criminals have been shuffling their decks of targets, as 99% of the most heavily targeted email addresses this quarter are different than those targeted in Q3. The phishing emails now are more likely to show up in the inbox of your marketing, public relations, and human resources departments. The reasoning behind this shift is that these teams have access to information about earnings and employee records. It is important to stay agile in cybersecurity, as cyber criminals are always adapting to find new ways to compromise credentials and hack into organizations.

https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis

This Last Week in Breach

 

This week, Amazon experienced technical issues, and cybersecurity culture isn’t where it needs to be in 95% of organizations.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Manufacturing
Top Employee Count: 11-50 employees (36%)


Global Breach – Amazon
https://www.theregister.co.uk/2018/11/21/amazon_data_breach/

Exploit: Technical error.
Amazon: Online shopping behemoth. Amazon is based out of Washington in the United States.

correct severe gauge Business Risk: 2.333 = Severe: Customers get concerned when they receive an email that informs them that their data has been disclosed, and despite the problem being a technical issue rather than an external actor hacking into the network, the image of the organization is still tarnished.
correct moderate gauge Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks. When people are addressed by their name or if there is any personal info in a phishing email, it is more likely to opened.

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: The severity of this breach is not the most damaging part, contrary to most breaches. In fact, the most damaging part of this breach has been Amazon’s poor transparency which causes speculation and paints the organization in a very negative light. The behavior of the company indicates that if a seriously damaging breach were ever to occur, they would not be transparent to their customers.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States – Make-A-Wish Foundation

https://threatpost.com/cryptojacking-attack-targets-make-a-wish-foundation-website/139194/

Exploit: Crypto jacking.
Make-A-Wish Foundation: Non-profit that arranges for children with critical illnesses to have experiences they would not be able to otherwise.

correct severe gauge Business Risk: 2.333 = Severe: The negative public image associated with being breached does not give a break to even the most just of causes, non-profit or for profit. Those who have visited the Make-A-Wish foundation international site have been lending CPU power to mine for cryptocurrency which will deter visitors in the future.
correct moderate gauge Individual Risk: 3 = Moderate: No information related to the individual has been compromised.

Customers Impacted: Unclear at this time.
How it Could Affect Your Business: While the personal data of customers was not accessed or breached, the site itself has been stealing CPU power from those visiting the site in order to mine cryptocurrency. This would affect how many customers would use a site, and also is a prime example that non-profit organizations are not immune to being targeted by hackers.

ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/

Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.


In Other News:

Dark Web Down 

One of the largest hosting services for Dark Web sites has been hacked, with devastating results to the sites that used the service. 100% of the accounts hosted by Daniel’s Hosting were deleted, including the root account. Over 6,500 Dark Web sites were hosted by the service and it is unlikely they will see their data again.
https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/

What We’re Listening To

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e

National Computer Security Day is Upon Us 

Friday the 30th of November is National Computer Security Day, and the perfect chance for you to convey what it means for your clients to have good cyber hygiene! Offering tips makes both of your jobs easier. Starting this conversation not only shows your expertise as their MSP but it gives clients real examples of how your other security services will protect their network and pair well in their current security stack.



Do It for The Culture
According to a report by ISACA, 95% of organizations find there is a gap between their desired culture surrounding cybersecurity and what their culture actually looks like. This is concerning, especially because 87% of those surveyed said that their organization would be more profitable if their cybersecurity culture improved.

What is causing this gap? A variety of factors come into play, including a lack of understanding on the part of leadership, lack of funding, and a lack of employees respecting the cybersecurity procedures.

With the holidays approaching and employees shopping across the web, now is the perfect time to reinforce cybersecurity culture at your organization. A breach on a popular retail site could lead to a breach within your organization if employees use the same passwords at work and home.

http://www.isaca.org/SiteCollectionDocuments/Cybersecurity-Culture-INFOGRAPHIC.pdf

The week in BREACH!!

Success Rate of Phishing by Day

 

This week you’ll hear how a supply chain attack could snatch your customers’ credit card information right from underneath you and why Google+ goes bye-bye.

Dark Web ID Trends:

  • Total Compromises: 974
  • Top Source Hits: ID Theft Forum (501)
  • Top PIIs compromised: Domains (973)
    • Clear Text Passwords (498)
  • Top Company Size: 11-50
  • Top Industry: High-Tech & IT

United States – Shopper Approved
https://www.zdnet.com/article/new-magecart-hack-detected-at-shopper-approved/
Exploit: Malicious code.
Shopper Approved: Utah-based company that provides a review widget for other companies’ websites, that allows customers to post reviews.
Risk to Small Business: 2.111 = Severe: This is another attack conducted by one (or more) of the several groups who operate under a similar style, given the term Magecart as a general identifier. Magecart is also responsible for the hacking of Ticketmaster and British Airways.

If your business uses Shopper Approved, you should remove the code from your website immediately.

Individual Risk: 2.428 = Severe: Those affected by this breach should cancel their credit cards and enroll in a credit monitoring service.
Customers Impacted: Unclear how many customers were affected by this breach, but only sites with the widget code on their checkout pages had credit card information compromised. The incident only lasted 2 days before being discovered, a much shorter span than many of the other Magecart breaches.
How it Could Affect Your  Business: A breach of this kind can often go unknown for a long period of time while the hackers collect valuable user data and credit card information. Even though it is a third party who was breached, it will be your business that takes the PR damage.
ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that also includes credit monitoring. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Rebound Orthopedics and Neurosurgery
https://cyware.com/news/hackers-hit-rebound-orthopedics-neurosurgery-2800-patient-records-compromised-026125d8
Exploit: Compromised employee credentials.
Rebound Orthopedics and Neurosurgery: Vancouver-based orthopedics and neurosurgery practice.
Risk to Small Business: 1.555 = Severe: This breach would have a long-lasting effect on customer trust for any business, and in many countries the government will fine an organization heavily for failing to secure health data.
Individual Risk: 2.142 = Severe: Health information is valuable data for hackers and useful for identity theft. Those affected by this breach are at a severe risk for insurance fraud and identity theft.
Customers Impacted: 2800.
How it Could Affect Your Business: Organizations that store health information are held to a higher standard for securing data due to the sensitive nature of the information and HIPAA laws. When an organization fails to keep the data secure, it reflects very poorly on the company and usually results in a fine from the government.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Google –
Google+ will be shutting down, and yes Google+ is (or at least was) still around. After exposing more than 500,000 users’ data to external developers, the tech giant has decided the best course of action is to close down the failed social network. This move makes sense given the recent outrage against Facebook after the social media site exposed 50 million people’s data. An unfortunately fitting ending to the continuously failing website.
https://www.yahoo.com/news/google-exposed-user-data-feared-repercussions-disclosing-public-170304936–finance.html?soc_src=newsroom&soc_trk=com.apple.UIKit.activity.CopyToPasteboard&.tsrc=newsroom

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


A note for you:
e-mail….ware
New research has revealed that a whopping 90% of all malware is delivered via email. The team also discovered that the average employee will not go 48 hours without seeing a phishing message.  In addition, over half of the phishing messages examined used the word “invoice” in the subject line. A little under a quarter (21%) of the flagged emails also had malicious attachments sent with the phishing message.

Watch out for suspicious emails! All it takes is one employee to fall for a phishing email and an entire organization can be compromised.

https://www.darkreading.com/attacks-breaches/most-malware-arrives-via-email/d/d-id/1333023

 

Need to learn more about your Dark Web exposure? Click Here!

Want some free tools to combat phishing? Click Here

The Week In Breach: August 22 to August 29 2018

A slow, but troubling week to say the least!  Phishing and compromised databases still rule the day. This Week in Breach highlights incidents involving a New York-based gaming developer, medical data held by a University, and the disclosure of sensitive data held by a popular babysitter application.

Is Breaking Bad?
A German company by the name of Breaking Security has been up in arms about the use of their legitimate software named Remcos (Remote Control and Surveillance). Remcos is used for managing Windows systems remotely and is increasingly being used by hackers for malicious attacks known as Remote Access Trojan (RAT). The question is, however… are they telling the truth? Researchers have uncovered that the product sold by the company is widely advertised on Dark Web hacking forums and it seems that not only does the organization know that this is happening, they are encouraging it. Breaking Security has strongly stated that any license linked to malicious hacking campaigns are revoked, yet still, many hacking campaigns continue to use the service.
https://www.darkreading.com/attacks-breaches/attackers-using-legitimate-remote-admin-tool-in-multiple-threat-campaigns/d/d-id/1332631

Not So Private Messages
In May, the popular live streaming service, Twitch, exposed user’s private messages because of a bug in their code. The Amazon subsidiary disabled the service, which allowed users to download an archive of past messages. When a user requested this archive, the game streaming company accidentally intertwined messages from other users. Twitch has come out and said that this only affected a limited number of users and has provided a link for customers to visit so they can find out if any of their messages were exposed and what the messages were.
https://www.bleepingcomputer.com/news/security/twitch-glitch-exposed-some-users-private-messages/

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
IT Provider Network – The Podcast for Growing IT Service
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Small Business, Big Marketing – Australia’s #1 Marketing Show!


United States – Augusta University
Exploit: Email compromise by phishing attacks.
Risk to Small Business: High: This is a significant breach in scale and severity, and due to the sensitive nature of the data compromised the organization will likely face heavy fines.
Individual Risk: Extreme: Individuals affected by this breach are at high risk for identity theft, as well as their medical information being sold on the Dark Web.
Augusta University: Georgia based healthcare network.
Date Occurred/Discovered: September 10, 2017 – July 11, 2018
Date Disclosed: August 20, 2018
Data Compromised:

  • Medical record numbers
  • Treatment information
  • Surgical details
  • Demographic information
  • Medical data
  • Diagnoses
  • Medications
  • Dates of services
  • Insurance information
  • Social Security numbers
  • Driver’s license numbers

Customers Impacted: 417,000
https://cyware.com/news/augusta-university-health-breach-exposes-personal-records-of-over-400k-patients-432de74e

https://www.augusta.edu/notice/message.php

United States – Animoto
Exploit: Undisclosed.
Risk to Small Business: High: A breach of customer trust, especially involving geolocation data, can be highly damaging to a company’s image.
Individual Risk: Moderate: Users affected by this breach are at a higher risk of spam and phishing.
Animoto: New York-based company that provides a cloud-based video-making service for social media sites.
Date Occurred/Discovered: July 10, 2018
Date Disclosed: August 2018
Data Compromised:  

  • Names
  • Dates of birth
  • User email addresses
  • Salted and hashed passwords
  • Geolocation

Customers Impacted: Unclear.
https://techcrunch.com/2018/08/20/animoto-hack-exposes-personal-information-geolocation-data/

United States – Sitter
Exploit: Exposed MongoDB database.
Risk to Small Business: High: Most customers would be uncomfortable with a company leaking data about their kids and when they are left alone with someone who doesn’t live there.
Individual Risk: High: A lot of sensitive personal information was exposed in this breach, much of it unsettling.
Sitter: An app that connects babysitters and parents.
Date Occurred/Discovered: August 14, 2018
Date Disclosed: August 14, 2018
Data Compromised:

  • Encrypted passwords
  • Number of children per family
  • User home addresses
  • Phone numbers
  • Users address book contacts
  • Partial payment card numbers
  • Past in-app chats
  • Details about sitting sessions
    • Locations
    • Times

Customers Impacted: 93,000.

https://www.linkedin.com/pulse/incident-report-no1-babysitter-application-exposure-bob-diachenko/

https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/

Australia – Melbourne High School

Exploit: Negligence.
Risk to Small Business: Extreme: This is a major exposure of sensitive and potentially embarrassing information that could irreparably damage a company’s reputation.
Individual Risk: High: Those affected by the data breach have sensitive information about their personal medical information that is considered highly private and could leave them exposed to identity theft.
Melbourne High School: School in Melbourne.
Date Occurred/Discovered: August 20-22, 2018
Date Disclosed: August 22, 2018
Data Compromised:

  • Medical information
  • Mental health conditions
  • Learning behavioral difficulties

Customers Impacted: 300 students.
https://www.theguardian.com/australia-news/2018/aug/22/melbourne-student-health-records-posted-online-in-appalling-privacy-breach


 


Tick Tock.
The cost of cybercrime is no joke. This is easy to say from the perspective of someone whose business it is to know all about cybercrime trends, attack vectors, and yada, yada, yada.  But to really quantify how big of a problem cybercrime is in the world of business, it is often easier to compare it to day to day things… like a doctor explaining a complicated procedure or a mechanic telling you why your car is making that noise. So today I would like to compare the cost of cybercrime to the most universal understanding that there is… time.

The cost of cybercrime each minute globally: $1,138,888

The number of cybercrime victims each minute globally: 1,861

Number of records leaked globally each minute (from publicly disclosed incidents): 5,518

The number of new phishing domains each minute.21

As you can see, cybercrime buids by the minute.
https://www.darkreading.com/application-security/how-threats-increase-in-internet-time/d/d-id/1332629


The Week in Breach

spearphishing

Russian Dark Web
A reporter from The Guardian recently dove into a popular Russian Dark Web hacking forum known as FreeHacks, which aims to maximize efficiency in the attacks of its members and to disperse information on ‘quality’ hacking. On the surface it looks like any other forum, and (in essence) it is, with a twisted turn provided by the malicious nature of the subject matter. The categories of the forum are split into a wide variety of specific types of hacking and some ‘lifestyle’ forums as well.

Hacker news, humor, botnet, DDoS, programming, web development, malware and exploits, and security are examples of some of the topics discussed on the site. Some of the markets on the site include stolen credit cards, password cracking software, a clothing market to launder money, and a document market where members can buy passports and citizenships. The forum has about 5,000 active members and claims that a hacker is not a ‘computer burglar’ but rather ‘someone who likes to program and enjoy it.” Given the kind of information and marketplaces available on the site, this seems more like mental gymnastics rather than a nuanced examination of one’s own criminality. After passing the registration to get into the site, the reporter found step-by-step directions for finding someone’s physical address, among other nefarious ways to penetrate companies’ networks or to extort individuals.
https://www.theguardian.com/commentisfree/2018/jul/24/darknet-dark-web-hacking-forum-internet-safety

Gamer Recognize Game
The website for Kaiser Permanente was hijacked this week by hackers, defacing the site to include a variety of Game of Thrones quotes, which is a popular book series turned TV show. The American integrated care consortium based in Oakland, California had their pictures of happy healthy families on their front page replaced with a black screen and a declaration that a hacking group known as the faceless men was responsible for the act. The hacking group appears to be somewhat amateur in nature, and Turkish in origin. An investigation into the group’s members reveals that a few of the hackers listed are active Turkish gamers, which raises the question about how an organization that handles sensitive medical information was able to be hacked by a group of Turkish gamers with very little hacking experience. It is unclear whether any personal information has been accessed in the hack … the organization has declined to comment as of the writing of this Week in Breach.
https://www.databreaches.net/hear-me-roar-kaiser-permanente-site-defaced-by-got-fans/

Security > Convenience
More customers value security over convenience than professionals in the UK, according to a new study. 83% of customers prefer security, compared to only 60% of cybersecurity professionals. The study explores the reason for the disparity in the concern, citing organizations desire for frictionless customer experience as a reason for not having tight security. This could contribute to the UK scoring an unimpressive 56 out of 100 points on the Digital Trust Index which is one of the lowest in the world and 5 points lower than the global average. This disconnect is likely to continue in the future considering 88% of UK executives believe they are doing a good job protecting consumer data while over half of their organizations have been breached in the past year.
https://www.infosecurity-magazine.com/news/uk-consumers-prefer-security-to/

Hacking from The Inside
Across 5 different correctional facilities in Idaho, hundreds of inmates were able to add thousands of dollars’ worth of credits to their JPay accounts, which allows inmates to buy music or send emails. Over 300 inmates were able to exploit a vulnerability in the JPay system to add $224,772 across the group. One of those involved managed to gain nearly $10,000 using the exploit. Those who hacked their JPay accounts are being punished, and the vulnerability is being fixed, but this raises questions about the security of programs used by the U.S. prison system.
https://www.nytimes.com/2018/07/27/us/idaho-prison-hack-jpay-nyt.html

Podcasts:
IT Provider Network – The Podcast for Growing IT Service
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


United States – Reddit
Exploit: SMS intercept.
Risk to Small Business: High: Could have damaging effects on the trust of clients, as well as highlighting the vulnerabilities of SMS 2FA.
Individual Risk: Moderate: The nature of the data is not particularly harmful due to the age and the scope but affected users could be at risk for spam.
Reddit: Extremely popular forum, one of the 5 most popular sites on the internet.
Date Occurred/Discovered: June 14 – 18, 2018
Date Disclosed: August 1, 2018
Data Compromised:

• Old Reddit user data (before May 2007)
• Usernames
• Salted hashed passwords
• Email addresses
• Public content
• Private messages
• Email digests
Customers Impacted: Users with accounts made before 2007, subscribers to email digests between June 3 and June 17, 2018.
https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/

United States – UnityPoint Health
Exploit: Phishing.
Risk to Small Business: High: A huge breach of customer trust, also this organization will be fined heavily because medical data was breached.
Individual Risk: High: The content breached is valuable on the Dark Web and is vital in identity theft.
UnityPoint Health: Multi hospital group operating in Iowa, Illinois and Wisconsin.
Date Occurred/Discovered: March 14 – April 3, 2018
Date Disclosed: July 31, 2018
Data Compromised:
• Protected health information
• Names
• Addresses
• Medical data
• Treatment information
• Lab results
• Insurance information
• Payment cards
• Social Security Number
Customers Impacted: 1.4 Million.
https://www.healthcareitnews.com/news/14-million-patient-records-breached-unitypoint-health-phishing-attack

New Zealand – Hāwera High School
Exploit: Phishing.
Risk to Small Business: High: Ransomware attacks can be very disruptive.
Individual Risk: High: Students could lose files stored locally on computers. High risk of identity theft if PII is stored.
Hāwera High School: A New Zealand High School.
Date Occurred/Discovered: August 2018
Date Disclosed: August 2, 2018
Data Compromised:
• Local files stored on school computers
Customers Impacted: Students at the school.
https://www.theregister.co.uk/2018/08/02/new_zealand_school_hit_by_ransomware_scum/

India – CreditMate.in
Exploit: Exposed database.
Risk to Small Business: High: The exposed database was found during a routine google search, this kind of breach would seriously damage an organizations image.
Individual Risk: High: Data key for identity theft were exposed in this breach.
CreditMate: Helps customers obtain loans to purchase motorbikes.
Date Occurred/Discovered: July 27, 2018
Date Disclosed: August 2, 2018
Data Compromised:
• Member reference number
• Enquiry number
• Enquiry purpose
• Amount of loan being sought
• Full name
• Date of birth
• Gender
• Income tax ID number
• Passport
• Driver’s license
• Universal ID number
• Telephone number
• Email address
• Employment information
• Employment income
• CIBIL credit score
• Residential address
• Payment history of other loans/credit cards
Customers Impacted: 19,000.
https://www.databreaches.net/exclusive-creditmate-in-developers-goof-left-19000-consumers-credit-reports-unsecured/

United States – Yale University
Exploit: Unclear.
Risk to Small Business: High: Highly sensitive personal information was leaked which would damage consumer trust.
Individual Risk: High: The data accessed would be highly useful for bad actors looking to steal someone’s identity.
Yale University: A prestigious American University.
Date Occurred/Discovered: April 2008 – January 2009
Date Disclosed: June 2018
Data Compromised:
• Social security numbers
• Dates of birth
• Email addresses
• Physical addresses
Customers Impacted: 119,000
https://www.zdnet.com/article/yale-discloses-old-school-data-breach/

A note for your customers:
Texts from a Hacker.
With the breach of Reddit being disclosed this week, it’s key to remember the importance of robust cybersecurity, given that the hacker of the site was able to bypass 2FA. The actor was able to do this by using a method called ‘SMS intercept’ which is when the hacker is able to receive the text that contains the code for authentication. One way this is done is by SIM-swap, which is when the attacker convinces the phone provider that he is the target and applies their service to a new SIM card. Another method of attack is when bad actor impersonates the target and tricks the phone provider into transferring the target’s number to a new provider where the attacker is then able to access any 2FA codes coming into the phone.

A more secure alternative to SMS 2FA is app-based authentication through organizations such as Duo, which is not subject to the same vectors of attack. Stay vigilant out there, because SMS-intercept attacks are going to become more and more prevalent as they have been shown to be successful, and publicly too considering Reddit is one of the most popular sites on the internet.

The Week in Breach 07/09/2018 to 07/18/2018

The Week in Breach

This week there was a TON of attention in the media about dark web markets and what’s bought and sold in these shady marketplaces. Timehop, a social media nostalgia app was breached exposing the PII of at least 21 million individuals, due to lack of 2FA, while Macy’s was hit with a breach where credit card data was accessed.

 Highlights from The Week in Breach:

– Pedal to the metal! Gas stolen in hack.
– Tracking military workouts!
– Macy’s falls victim to a breach.
– Timehop wishes it could turn back time for more security!

In Other News:

Dead Men Do Tell Tales
Hackers on the Dark Web have always sold medical records, as they are valued much higher than credit card info or PII. Researchers found this week that bad actors in these dark corners of the web are also selling medical records of deceased patients, with one vendor claiming to have 60,000 available for purchase. The records for sale include name, SSN, Address, zip code, phone number, birthday, sex, insurance and even date of death. What ever happened to respecting the dead?
https://threatpost.com/deceased-patient-data-being-sold-on-dark-web/133871/

Classified Documents for $200
The U.S. military can’t escape the Dark Web either! A lot of military documents have turned up on dark web markets after a hacker, with only a moderate level of technical skill, was able to access a captain’s computer through a previously-disclosed FTP vulnerability. Some of the documents are classified, and all of them contain sensitive data about military tactics or hardware. One of the documents is a maintenance book for the MQ-9 Reaper drone which is regarded as one of the deadliest drones used by the United States. How much money will classified U.S. military documents fetch on the Dark Web? $200. That says a lot about how much information is available for criminals to buy.
https://www.theverge.com/2018/7/10/17555982/hacker-caught-selling-stolen-air-force-drone-manual-dark-web

A $10 Key into Your Network
Remote access to IT systems is a competitive market on the Dark Web, with some running an interest to criminals for as low as $10! Some of these forums have tens of thousands of compromised systems available for bad actors to choose from, across all versions of Windows and at places such as international airports, hospitals and governments. One international airport found on the site had the administrator account exposed, as well as accounts associated with the companies that provide camera surveillance and building security. That’s not a good look!
https://www.zdnet.com/article/hackers-are-selling-backdoors-into-pcs-for-just-10/

Gassed Up
This week in Detroit, two suspects managed to steal over 600 gallons of gasoline after hacking the gas pump. The fuel is worth about $1,800 and was taken in broad daylight over the course of 90 minutes. At least 10 cars benefited from the hack and the police are at a complete loss on who conducted the hack. The hacker or hackers used a remote device that was able to alter the price of the gas and lock out the clerk from being able to shut off the affected pump. With gas prices being so high, it’s likely that attacks like this will continue in the future.
https://www.clickondetroit.com/news/men-hack-into-pump-at-detroit-gas-station-steal-600-gallons-of-gas_

Fitness App Turned Finder App
A fitness tracking app hailing from Finland has disabled their global activity map after it was revealed it could be used to track the geolocation of military personnel. The map showed the biking and running routes of its users, but also included the usernames of each person, allowing one to cross-reference the username with other websites and possibly identify the person’s name. Using the map, one could see where the person jogged around their home address and around the military base; possibly even bases that are secret to foreign countries.
https://www.bleepingcomputer.com/news/technology/polar-app-disables-feature-that-allowed-journalists-to-identify-intelligence-personnel/

Sex Appall
A twist on a classic email scam has appeared this week, with the classic ‘sextortion’ scam getting an upgrade. Now rather than just an intimidation email where targeted parties pay up out of fear of friends and family finding out what they do privately, the email also includes a password. The password appears to be from a large or multiple large data breaches, but these data breaches appear to be fairly old. Those who reported receiving the email claimed that the passwords were correct… ten years ago. While the passwords are outdated in many cases, this likely indicates that we will see more complex versions of this scam appearing in the near future.
https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/#more-44406

Podcasts:

Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


United States – Macy’s

Exploit: Supply chain exploit.
Risk to Small Business: High: A bad actor accessing names and card information can severely damage consumer trust in a brand.
Individual Risk: High: Individuals affected by this breach are at high risk of their credit card details being sold on the Dark Web.
Macy’s: Large department store chain.
Date Occurred/Discovered: April 26 – June, 2018
Date Disclosed: July, 2018
Data Compromised:

  • Full name
  • Address
  • Phone number
  • Email address
  • Date of birth
  • Debit/ credit card numbers
  • Expiration dates

Customers Impacted: Unclear but the hacker operated undetected for almost 2 months.
https://cyware.com/category/breaches-and-incidents-news

United States – Timehop

Exploit: Lack of 2FA on cloud infrastructure.
Risk to Small Business: High: All of Timehop’s customers were a part of this breach, which discredits the organization and could have long-lasting effects on the business.
Individual Risk: Moderate: The credentials stolen could be used to compromise other accounts.
Timehop: Social media aggregation site that allows users to see posts made in the past.
Date Occurred/Discovered: July 4, 2018
Date Disclosed: July 8, 2018
Data Compromised:        

  • Names
  • Email addresses
  • Phone numbers
  • Date of birth
  • Gender

Customers Impacted: 21 Million.
https://www.infosecurity-magazine.com/news/timehop-breach-hits-21-million/
https://www.timehop.com/security
https://techcrunch.com/2018/07/11/timehop-data-breach/

United States – Cass Regional Medical Center

Exploit: Ransomware.
Risk to Small Business: High: A ransomware attack on any business in any sector would greatly diminish the organization’s ability to operate as needed. In some ransomware cases the data encrypted is lost entirely.
Individual Risk: Moderate: At this point in time there is no evidence that the data affected was also exfiltrated.
Cass Regional Medical Center: Missouri based medical center.
Date Occurred/Discovered: July 9, 2018
Date Disclosed: July 9, 2018
Data Compromised: The medical center’s internal communications system and access to their electronic health record system were affected by the hack, but there is no public indication that patient data has been accessed.
Customers Impacted: Many details surrounding the attack are being withheld from the public at this time, but restoration of the affected systems were at 50% as of July 10, 2018.
https://cyware.com/news/missouris-cass-regional-medical-center-hit-with-ransomware-attack-92884b12

Germany – DomainFactory

Exploit: Dirty cow vulnerability. (this is a nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild)
Risk to Small Business: High: A breach including banking account numbers would heavily damage the reputation of a small business.
Individual Risk: High: A wealth of PII was accessed during this breach and could leave individuals vulnerable to account takeover or identity theft.
DomainFactory: Web hosting service based in Ismaning.
Date Occurred/Discovered: July 6, 2018
Date Disclosed: July 9, 2018
Data Compromised:

  • Names
  • Addresses
  • Phone numbers
  • DomainFactory passwords
  • Dates of birth
  • Bank names/ account numbers
  • Schufa scores

Customers Impacted: The amount of customers impacted has not been made publicly available.
 https://www.zdnet.com/article/user-data-exposed-in-domain-factory-hosting-security-breach/
https://www.infosecurity-magazine.com/news/unauthorized-party-accessed/


 Did you know?

The cost of a breach
A recent study conducted by IBM provides some context to the same old story that you hear in the news of big bad breaches and how scary they are for your business. The Cost of a Data Breach Study by Ponemon* puts numbers to these stories and provides a wealth of analysis so even someone who has never used a computer before can quantify the seriousness of a breach… as long as they are familiar with money.

The average cost of a breach increased this year by 6.4%, with the per capita cost rising less, but only barely, by 4.8% (page 3). The cost of a data breach varies greatly by country, with the United States average breach price coming in at $7.91 Million and per capita costing $233. Canada’s per capita cost is the second highest out of the nations surveyed at $202 per record, and their average price of a breach is $4.74 million. Australia’s cost of a breach is less than the US and Canada, but Aussies are far from getting off free. The average cost of a breach down under is $1.99 million and the per capita cost averages at $108 (page 13).

The study also explored the main factors that were found to affect the cost of a breach, stating 5 major contributing factors that could make the difference between a manageable breach vs a mega breach. The loss of customers following a breach, the size of the data breach, the time it takes to identify and contain a breach, management of detection costs and management of the costs following a breach are the factors that most contribute to the cost of a breach (page 7). The time it takes to identify a breach being a major contributing factor to the cost of a breach is particularly important due to the fact that organizations saw an increased time to identify a breach this year. This can be contributed to the ever-increasing severity of malicious attacks companies face and highlight the need for proactive monitoring for breaches, as well as a serious focus on cybersecurity on a management level. That’s why tools such as Dark Web ID™ that dredge the Dark Web for personal information and credentials can contribute greatly to decreasing the cost of a breach. Organizations that identified breaches within 100 days saved more than $1 Million (page 9) compared to companies who did not. That says a lot because after all… money talks.

*Source: Ponemon Cost of Breach Study 2018

New Cybersecurity Regulations on Horizon for Corporate America

Image result for horizon

 

Prime Telecommunications, Inc., a leading managed technology services provider, is helping small to mid-sized businesses (SMBs) navigate the recent changes in cybersecurity standards that are highly likely to affect American businesses. Many have heard about Facebook’s recent controversy around Cambridge Analytica and irresponsible data sharing policies. Marc Zuckerburg even testified in front of the EU in order to address these major concerns and the result has been the passing and implementation of the GDPR (General Data Protection Regulation), which took effect in Europe in late May.

This new regulation demands transparency and responsible data practices on the behalf of all companies that do business in the EU. Some examples of GDPR in effect are 1) Requiring all subscribers to opt-in again to receiving all newsletters/marketing emails/etc. and 2) Companies need to report any major data breaches to all of their customers within 72 hours of the breach occurring. There are many more components to the regulation, however, the penalties for not adhering to these standards are in the millions.

This standard is very likely to reach the US marketplace and for most companies, this standard is already affecting their businesses. For example, if a business has any suppliers, customers, or satellite offices in countries located within the EU, they need to take a serious look at their data practices and make sure they are compliant. In time, many experts expect GDPR or some derivation of it to affect US-based businesses. “We strongly believe data regulation is coming to the US marketplace it’s certain that some form of cybersecurity regulation is imminent and severe penalties will follow businesses that aren’t compliant,” stated Vic Levinson, President of Prime Telecommunications. “There’s simply been too many data breaches that have affected major companies like Dropbox and Target for regulation not to come. When it does Prime Telecommunications’ proven cyber security program will play a major role in helping our customers meet these new regulations,” added Mr. Levinson.

Cybersecurity has transitioned from the era where an enterprise could “play dumb,” expect a slap on the wrist, pay minor fines and resume business as usual. Cybersecurity is now a central pillar of any organization’s success or demise and with the stakes as high as they are now, SMBs need to address their data policies and practices immediately.

While most business owners dread the idea of spending time, energy and money on meeting a new compliance, the simultaneous opportunity is for businesses to leverage the expertise of Prime Telecommunications to lower their operating costs through the deployment of advanced technology to offset the new investments in cybersecurity that they will likely be required to make. Whether the organization is large or small, soaring or declining, it’s time to revisit cybersecurity policies today.

The Week in Breach June 23 to June 29 2018

 

The Week in Breach

 

It’s no surprise that this week has been busy for cyber-attacks on the web, targeting big events such as the World Cup but also continuing to pursue small-and medium-sized businesses across the globe.

– Google is still leaking!
– Another Dark Web marketplace down in a big win for French authorities.
– Do androids dream of electric… rats? A new malware for Android!
– Going phishing at the World Cup.

In other news… Google has announced that Chromecast and Google Home devices, that are easily scripted to reveal precise location data to the public, will be patched in the coming weeks. Disclosed by a researcher at Tripwire, the simple script running on a website can collect location by revealing a list of internet connections available to the device. Researchers go on to describe how easy it would be to remote into an exposed individual’s device and network.
https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/

The Dark Web marketplace known as ‘Black Hand’ was shut down by French authorities this week. The marketplace was used to sell drugs, weapons, stolen personal information and banking data, as well as fake documents. The site had over 3,000 users from France and was highly active for selling illicit materials.
https://www.hackread.com/authorities-shut-down-dark-web-marketplace-black-hand/

Researchers have come across a new malware family that takes form as an Android remote administration tool (or RAT). The malware uses the messaging app Telegram both to spread and to operate the RAT. When an attacker gains access to a device, he or she operates it by using Telegram’s bot functionality and can intercept text messages, send text messages, make calls, record audio or screen, and locate the device.
https://www.welivesecurity.com/2018/06/18/new-telegram-abusing-android-rat/

With the World Cup in full swing this week, bad actors are taking advantage of the attention on the event and spinning up malicious email campaigns. The idea is that people are less vigilant about clicking emails from unknown sources when related to an event that only occurs every couple of years. Sites selling fake tickets, offering fictitious giveaways and luring unsuspecting induvial to click on malicious links related to the World Cup are popping up all over the place.
 https://www.darkreading.com/attacks-breaches/wallchart-phishing-campaign-exploits-world-cup-watchers/d/d-id/1332080

A network worm called ‘Olympic Destroyer’ that debuted at the 2018 winter Olympics is still doing damage across Europe. Since the Olympics, the group has taken an interest in financial and biochemical organizations and oftentimes uses spear phishing as a way to gain illegal access to systems. The group has so far remained anonymous, using a complex combination of false flags and other deceptive behavior to avoid being revealed.
https://www.darkreading.com/vulnerabilities—threats/olympic-destroyer-reappears-in-attacks-on-europe-russia/d/d-id/1332094


What we’re listening to this week!

Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!

Indian Government

Exploit: Leaky websites, lack of basic website/ internet security controls.

Risk to Small Business: High: Demonstrates that poor cyber hygiene and complete disregard for basic website/ internet security can be highly damaging.

Risk to Exploited Individuals: High: Sensitive personally identifiable information that can be used for identity theft.

Indian Government: The Republic of India’s government.

Date Occurred/Discovered The government has experienced a wide variety of breaches over a long span of time, but with their websites being audited in May of 2018, their continuing lack of security with such highly sensitive information proves to be a continuing problem.
Date Disclosed June 20, 2018
Data Compromised · Names and phone numbers of those who bought various medicines from state-run pharmacies

Recently but not this week:

· Aadhaar number

· Data collected in ‘Smart Pulse Survey’

· Geolocation of people based on caste/religion

· Geolocation of ambulances, why they were summoned, and the hospital destination

How it was compromised Leaky websites and dashboards allowing anyone to look up HIGHLY sensitive medical and personal information.
Customers Impacted Anyone who has purchased medicine from the state-run pharmacies.
Attribution/Vulnerability Poorly configured database.

http://www.newindianexpress.com/specials/2018/jun/19/in-wake-of-data-leaks-andhra-pradesh-orders-audit-of-all-government-websites-1830571.html

https://www.huffingtonpost.in/2018/06/19/caught-leaking-information-on-people-buying-viagra-from-government-stores-ap-orders-security-audit_a_23463256/

Med Associates

Exploit: Supply Chain/Trusted Vendor Compromise
Compromised Workstation, most likely compromised credentials and a lack of multi-factor authentication.

Risk to Small Business: High: At least 42 physician practices had their customer’s PII compromised. Lack of situational awareness within the supply chain will create significant challenges for the vendors that replied on the claims processing vendor.

Risk to Exploited Individuals: High: This breach has disclosed a massive amount of HIGHLY sensitive personal and health information leaving customers impacted significant risk of identity theft and fraud.

Med Associates: A New York-based claims processing company.

Date Occurred/Discovered March 2018
Date Disclosed June 2018
Data Compromised · Patient names

· Dates of Birth

· Addresses

· Dates of service

· Diagnosis codes

· Procedure codes

· Insurance information, such as insurance ID numbers

How it was compromised Not disclosed, but it was specified that the attack did not involve ransomware or phishing.
Customers Impacted 270,000
Attribution/Vulnerability Still under investigation, but the third party gained remote access to the workstation without phishing or ransomware.

https://www.govinfosecurity.com/hacking-incident-at-billing-vendor-affects-270000-patients-a-11116


Chicago Public Schools

Exploit: Negligence

Risk to Small Business: High: If a breach of this magnitude happened to a small business, it is unlikely it would recover. This kind of negligence causing a breach tarnishes a name to a great degree, but people do not have a choice but to continue using Chicago public schools because it is a government-run program.

Risk to Exploited Individuals: High: Unfortunately, a minor’s personally identifiable information is highly sought after and valuable as its often not monitored.

Chicago Public Schools: School district in the Illinois city of Chicago

Date Occurred/Discovered June 16, 2018
Date Disclosed June 16, 2018
Data Compromised · Children’s names.

· Home phone numbers.

· Cell phone numbers.

· Email addresses.

· School ID numbers

How it was compromised When sending out an email about applications to selective enrollment schools, an employee attached a spreadsheet containing the sensitive data which was then sent out to families in the district. The person who made the critical mistake is going to lose their job according to the superintendent.
Customers Impacted 3,700 students and families
Attribution/Vulnerability Negligence

https://chicago.suntimes.com/news/cps-data-breach-exposes-private-student-data/

An important takeaway from this week is how easy it is to unsuspectingly leak personal information. A study conducted by Positive Technologies found some alarming statistics when researching the vulnerabilities of something that is often overlooked; web applications.

The study uncovered that almost half (48%) of the web applications tested were vulnerable to unauthorized access from a third party, with 17% of the tested applications being so unsecured that full control could be acquired. Every single web app that the study looked had vulnerabilities with just over half of them (52%) being high risk. A little under half (44%) of web apps examined that processed personal data leaked that personal data and 70% of all applications were at risk of leaking critical information to the business. The study found an average of two critical vulnerabilities per web application, and where the researchers had access to the source code of the web app they uncovered high-severity vulnerabilities 100% of the time. The industries used in this study of web applications include: finance, IT, e-commerce, telecom, government, mass media, and manufacturing.

Make sure to consider what web applications you are using in both your professional and personal life, otherwise, your information could end up on the Dark Web.

https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Web-application-vulnerabilities-2018-eng.pdf

https://www.darkreading.com/attacks-breaches/most-websites-and-web-apps-no-match-for-attack-barrage/d/d-id/1332092

 

Highlights from The Week in Breach: May 30 to June 6 2018

Highlights from The Week in Breach:

– Finance sector attacks ramping up
– BackSwap JavaScript injections effectively circumventing detection
– Honda has leaky buckets too

This week in breach has all been about money, money, money. The finance sector is getting pelted with attacks recently – even more than usual – and Mexico, Canada, and Poland have been hit the worst.

In other news…

North Korea is still up to their old tricks, targeting South Korean websites with advanced zero-day attacks.
https://www.bleepingcomputer.com/news/security/activex-zero-day-discovered-in-recent-north-korean-hacks/

School is letting out which means grade changing breaches are in season! Two students at Bloomfield Hills High School attempted to fudge their report card and refund lunches for themselves and 20 other students.
https://www.forbes.com/sites/leemathews/2018/05/22/school-hackers-changed-grades-and-tried-to-get-a-free-lunch/#478b6d026e7d

The government of Idaho was hacked 2 times in 3 days which is not a very good look.
https://idahobusinessreview.com/2018/05/22/state-government-hacked-twice-in-three-days/

Coca-Cola had a breach that compromised 8,000 employees’ personal data, but they are also providing identity monitoring for a year at no cost. Ahh… refreshing, isn’t it?
https://www.infosecurity-magazine.com/news/no-smiles-for-cocacola-after-data/


 What we’re STILL listening to this week!

Security Now – Hosted by Steve Gibson, Leo Laporte

Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)

Small Business, Big Marketing – Australia’s #1 Marketing Show!

Simplii Financial (CIBC) & Bank of Montreal
Exploit: Spear Phishing
Type of Exploit Risk to Small Business:  High: Personal and account information from a large number of customers were compromised, opening up the possibility of identity theft for business owners or employees.

Risk to Exploited Individuals: High: A large number of both personal and account information was breached from both banks including social insurance numbers and account balances. 

Simplii Financial: Owned by CIBC, Simplii Financial is a Canadian banking institution offering a wide array of services for their customers such as mortgages and investing.

BMO (Bank of Montreal): BMO is also a Canadian banking institution that offers investing, financial planning, personal accounts, and mortgages.

Date Occurred/
Discovered
The weekend of the 25th
Date Disclosed May 28, 2018
Data Compromised Personal and account information of the two bank’s customers. The hackers provided a sample of the breached data, containing the names, dates of birth, social insurance number and account balances of two customers.
How it was Compromised It is believed that both bank data breaches have been carried out by the same group of fraudsters, due to the time frame and ‘blackmail’ strategy of the group rather than selling of the data. It is suspected that a spear phishing attack was used, focusing on individual employees with targeted phishing attempts rather than a ‘dragnet’ approach typically seen in phishing attacks.
Customers Impacted
Between the two banks over 90,000 people’s personal and account information was compromised during the breach. CIBC owned Simplii Financial reported 40,000 accounts compromised compared to BMO who declared 50,000 accounts compromised later on the same day.
Attribution/Vulnerability Undisclosed at this time.

http://www.cbc.ca/news/business/simplii-data-hack-1.4680575

Honda Car India
Exploit: Misconfigured/ Insecure Amazon S3 buckets
Type of Exploit Risk to Small Business: High
Risk to Exploited Individuals: Moderate: Presumably low-risk PII and vehicle information exposed.
Honda Car India: Honda is an international cooperation from Japan that specializes in cars, planes, motorcycles and power equipment.

Date Occurred/
Discovered
The details were left exposed for at least three months. A security researcher who was scanning the web for unsecured servers left a message of warning timestamped February 28.
Date Disclosed May 30 2018
Data Compromised
Names
User gender
Phone numbers for both users and their trusted contacts
Email addresses for both users and their trusted contacts
Account passwords
Car VIN
Car Connect IDs, and more
How it was Compromised
A researcher who was scanning the web for AWS S3 buckets with incorrect permissions left a message in Honda Car India’s server to try and warn them to secure their server. Honda was not even aware that the note was added, signaling a complete lack of monitoring on the companies part.
Customers Impacted
50,000 of Honda Car India’s customers have had their personal info exposed on the internet for three months at the minimum.
Attribution/Vulnerability Negligence. Once the researcher noticed that Honda had still not secured their buckets, he reached out to them but it still took the company 2 weeks to respond.

https://www.bleepingcomputer.com/news/security/honda-india-left-details-of-50-000-customers-exposed-on-an-aws-s3-server/

SPEI
Exploit: Man in the Middle Attack
Type of Exploit Risk to Small Business: Severe: Security certificate exploit, website login spoofing, traffic re-direct. Significant financial loss. Threat intelligence/ data share fail.
Risk to Exploited IndividualsLow:  Financial Institutions will absorb the loss.

SPEI: Mexican domestic payment system.

Date Occurred/
Discovered
A breach was first detected on April 17th, with 5 more financial institutions being breached on April 24th, 26th, and May 8th.
Date Disclosed May 2018
Data Compromised
$15 Million stolen
How it was Compromised The central bank of Mexico experienced a man in the middle attack in April that it was able to stop, but failed to warn other financial institutions in the country about the severity of the incident. This led to 5 other financial institutions being compromised except the attacks were successful. It is unclear exactly how the hackers were able to enter the network, but the situation is constantly developing.
Attribution/Vulnerability Outside actors/ not disclosing breach possibly facilitated more breaches.
Customers Impacted Multiple financial institutions in Mexico

https://www.bloomberg.com/news/articles/2018-05-29/mexico-foiled-a-110-million-bank-heist-then-kept-it-a-secret

Polish Banks
Exploit: JavaScript malware injection named BackSwap
Type of Exploit Risk to Small Business: High: Sophisticated JavaScript injection designed to bypass advanced security/ injection detection.
Risk to Exploited Individuals: High: those who used the polish banks targeted by the new malware will take a financial loss, 2FA does not combat this.

Polish Banks: 5 Polish banks are being targeted

Date Occurred/
Discovered
The banking malware was first introduced in March 2018. The malware has been increasingly active since then.
Date Disclosed May 2018
Data Compromised Banking account information and funds
How it was Compromised
A new malware family. This family of banking malware uses an unfortunately elegant solution to bypass traditional security measures, using Windows message loop events rather than process injection methods to monitor browsing activity. When an infected user begins banking activities, the malware injects malicious JavaScript directly into the address bar. The script hides the change in recipient by replacing the input field with a fake one displaying the intended destination.
Attribution/Vulnerability Outside actors, deployed through spam email campaign

https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/

The last couple of months has seen an increase in the number of attacks on financial institutions around the world. Both the Bank Negara Malaysia and Bancomext were targeted in SWIFT-related attacks while two Canadian banks’ data was held at ransom in a massive breach. The largest three banks in the Netherlands were hit by DDoS attacks, the Swiss Financial Market Supervisory Authority stated that cyber-attacks were the greatest threat to their banks, while at the same time British banks spending on fighting financial crime sits at 5 billion pounds.

While no sector is immune from cyber-attack, the nature of the financial industry makes an attractive target. The sector is made up of institutions that store large quantities of sensitive data that can be sold on the Dark Web, as well as institutions that have access to large sums of capitol.

Additional Sources:
https://www.hstoday.us/uncategorized/cyber-attacks-on-banking-infrastructure-increase/