Thursday, February 21, 2019

February Newsletter: Understanding How the Cloud Works

How will you recover after a cyber incident?

Breached - US, Canada and more!

correct severe gauge
Exploit: Credential stuffing attack
Dunkin' Donuts: One of the world's leading baked goods and coffee chains
>> Read full details on our blog. 
correct severe gauge
Exploit: Malware injection into point-of-sale (POS) systems
Truluck's: Houston-based chain restaurant.
>> Read full details on our blog. 
correct severe gaugeExploit: Unauthorized system access
DataCamp: Online learning platform for data science
>> Read full details on our blog. 
extreme gauge
Exploit: Server hack
500px: Photo-sharing platform 
>> Read full details on our blog. 
correct severe gauge
Exploit: Employee breach
eHealth Saskatchewan: Electronic health record system
>> Read full details on our blog. 
correct moderate gauge
Exploit: Human error resulting in data leak
CLUSIF: Paris-based information security society
>> Read full details on our blog. 
correct severe gauge
Exploit: Database leak
LandMark White: Large property evaluation firm
>> Read full details on our blog. 

correct severe gauge
Exploit: Website glitch and phishing
Optus: Telecommunications company seeking to be first-in-market with 5G home broadband service
>> Read full details on our blog. 

Dark web Trends

This week, Dunkin’ faces a 2nd credential stuffing attack, a Canadian photo-sharing platform discovers hack, a French cybersecurity society is compromised and Australian property data is leaked.
Dark Web ID Trends:Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Medical and Healthcare
Top Employee Count: 1 - 10 Employees (94%)

United States - Valley Hope Association

extreme gauge
Exploit: Database leak.
Valley Hope Association: Kansas-based group of addiction treatment centers.
Risk to Small Business: 1.777 = Severe
Customers Impacted: 70,000 patients.
>> Read full details on our blog. 

Wednesday, February 20, 2019

How secure is your password?

How to save your IT system from its own users: Zero Trust Browsing

How to save your IT system from its own users: Zero Trust Browsing
2017: The Year of Cryptojacking. 2018: The Year of Ransomware. 2019? It’s shaping up to be the Year of Phishing.
Historically, we’ve labeled phishing as a nuisance that only a select few fall for. However, the increasing sophistication of social engineering, along with a gradual evolution of phishing techniques, have leveled the game. For example, hackers have realized the importance we place on SSL certification, and have found ways to exploit it in order to give us a false sense of reassurance. Browsers such as Edge, Chrome, and Firefox have created advanced filtering techniques, but they are still unable to identify 10-25% of phishing sites...

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (98%) 
Top Compromise Type: Domain (99%)
Top Industry: Service Provider
Top Employee Count: 1 - 10 Employees (96%)

Tuesday, February 19, 2019

United States - Graeter's Ice Cream

correct severe gauge
Exploit: Malware on website checkout page.
Graeter’s Ice Cream: Regional ice cream brand based in Cincinnati.
Risk to Small Business: 1.888 = SevereCustomers Impacted: Approximately 12,000.
>> Read full details on our blog. 

Friday, February 15, 2019

Does anyone actually know how consumers are affected by a data breach?

Does anyone actually know how consumers are affected by a data breach?If you take a peek into a recent newspaper, you’re likely to see the words ‘data breach’ flash across headlines. The conversation surrounding data privacy is becoming increasingly commonplace, yet surprisingly scarce in acknowledging the actual consequences or outcomes for affected consumers. Although we are able to speculate as to what might happen to consumers, we are usually left wondering what actually does.
This void in information results in our entire industry viewing only part of the problem, as we cannot understand the link between the efficacy of security measures and the level of harm caused to end-users. As a sector, we know very little regarding how hackers transform data breaches into financial gain for themselves. What can we do to solve this?
Tapping into the vast resources of law enforcement agencies, large banks, and major card providers. Through collaboration, they can offer financial forensics, fraud detection, and task forces that can help attribute breaches to thefts and fraud. Some would argue that investments and partnerships must be made to acquire such information, but enhancing awareness could be the match that lights the fire, illuminating the path towards global data accountability by consumers and businesses alike.

Thursday, February 14, 2019

In Other News:

In Other News:
An Emerging Target for Data Breaches: HR and Finance EmployeesAs phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the crosshairs. Historically, such departments have been able to fend off poorly executed phishing campaigns. However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.
Many times, employee data can command a higher price tag on the Dark Web than customer data, since it is more likely to include social security numbers, dates of birth, names of dependents, and other lucrative data that can be used in perpetuity, instead of a one-time payment card fraud. When it comes to phishing attacks, it’s important to remember that human users are the weakest link the security chain.

Wednesday, February 13, 2019

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: Domains (99%) 
Top Compromise Type: ID Theft Forums (99%)
Top Industry: High-Tech / IT 
Top Employee Count: 11 - 50 Employees 

Monday, February 11, 2019

The long-term consequences of data breaches on consumer trust

In Other News:
The long-term consequences of data breaches on consumer trust
Most news coverage surrounding data breaches will hint at the erosion of customer loyalty, but what does it truly look like? With industries being disrupted at unprecedented rates, companies that are caught in the cross-hairs of highly publicized breaches must face the reality of losing customers to their competitors.
Additionally, an emphasis on post-breach damage control can impede an organization’s marketing and communication efforts to regain trust with their customers. The involvement of legal teams usually results in radio silence that can span months or years, causing brands to gradually diminish from the minds of their audiences.
As cyber-attacks continue to become more commonplace, marketers will begin to assume a role in shaping security efforts. Third-party marketing technologies are rife with vulnerabilities that hackers are waiting to explore, and everyone will be responsible for prioritizing privacy over data management.

Cybercrime is More Lucrative Than Drug Trade

Cybercrime is More Lucrative Than Drug TradeAccording to researchers, cybercrime is the world’s fastest growing criminal industry. This may come as a surprise to some, considering cybercrime in this comparison goes head to head with the infamous and profitable illegal drug trade.
Cyber defense spending will increase as well, with the report predicting over $1 trillion in spending on cybersecurity between 2017 and 2021 and keeping the cybersecurity unemployment rate around 0%.

Sunday, February 10, 2019

In Other News:

In Other News:Alarming News A hacker warned an unsuspecting homeowner of his ability to hack the man’s home security system by speaking to him through it. In a circumstance that could only be described as ‘alarming’, a hacker who claimed to be with anonymous told the Arizona man, through the Nest security system he had installed, that he had been hacked. The hacker then listed passwords the man had on other sites. If you have a Nest security system, you may want to consider contacting the manufacturer about this incident.

Saturday, February 9, 2019

Brazil - Cadastro de Pessoas Físicas Database - BREACH

Exploit: Exposed database.
Cadastro de Pessoas Físicas (CFP) Database: CFP is a Brazilian national identifying number attributed by the Brazilian Federal Revenue, that must be issued before opening a bank account, creating a business, paying taxes, or getting a loan.
correct severe gaugeRisk to Small Business: 1.777= SevereThe breach only
contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
correct moderate gaugeIndividual Risk: 1.857= SevereThere is a significant amount of personal information that was exposed during this breach that would be highly useful to a bad actor wishing to engage in a spear phishing campaign.
Customers Impacted: 120 million Brazilians.How it Could Affect Your Customers’ Business The personal data of customers was exposed which would be highly damaging for any organization. In many countries, the organization would also face consequences from the government such as fines.ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Friday, February 8, 2019

China - Boomoji

China - Boomoji
Exploit: Exposed database.
Boomoji: A Chinese company that makes personalized animated avatar to be sent over text and other various apps.
correct severe gauge
Risk to Small Business: 2.111 = SevereExposed databases can be very embarrassing for a company because there is no excuse for leaving the database where customer information is stored unsecured. Customers are unlikely to return to the service, and if they do could be hesitant to enter in credit card information or reveal more of their data because they figure it could be at risk as well.
correct moderate gauge
Individual Risk: 2.111 = Severe: Those affected by this breach are at an increased risk of phishing attacks. This is made a severe risk in this case because the exposed information included the contact books of the users who gave the app permission to access it.
Customers Impacted: Over 5 million users.
How it Could Affect Your Customers’ BusinessNot only is the exposed database embarrassing for the organization, but the company lied about the extent of the breach by stating the databases were for testing purposes only. Not being upfront about the breach can result in a further loss of trust in the company by the customer.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.