Cyber Alert Monday, Data Breach-We are falling prey to the phenomenon of “data breach fatigue.” Indoctrinated with daily news of compromises, we’re beginning to ignore the possibility of future cyber-attacks.
Why data never expires on the Dark Web
In the ongoing slew of mega data breaches, it’s likely that our personal information has been breached and is being auctioned off on the Dark Web. Hackers are not only scooping up more personally identifiable information (PII) than ever before, but also additional information that can be leveraged to conduct damaging fraud. At the same time, we are falling prey to the phenomenon of “data breach fatigue.” Indoctrinated with daily news of compromises, we’re beginning to ignore the possibility of future cyber-attacks.
Simply changing a few passwords is not enough. When a hacker gets his hands on persistent records such as a customer name, SSN, or permanent address, it almost never expires. The only way to survive in this new reality is by protecting employees and customers from identity theft. How can this be accomplished? Investing in identity theft solutions that can detect compromises proactively by monitoring for an organization’s employee and customer data on the Dark Web.
Last week's Hacks, Attacks, Breaches and More...
Sizmek: American online advertising platform based in Austin
Exploit: User account takeover.
Risk to Small Business: Severe: Security researcher Brian Krebs caught hackers auctioning access to a Sizmek user account on the Dark Web, specifically a Russian-language cybercrime forum. The bidding began at $800 per account. With account access in hand, threat actors are capable of infecting ongoing ad campaigns or siphoning profits from ads in the system. After investigating, Sizmek believes that the account in question was simply a regular user account, without higher level administrator access. Nevertheless, the platform will be forced to upgrade security and deal with a PR nightmare to retain customers and continue to do business.
Individual Risk: Severe: Given that the company connects over 20,000 advertisers with 3,600 agencies across 70 countries, such a compromise could have displaced advertising revenue from clients and passed undetected for quite some time. This type of attack poses a high risk for Sizmek clients and their end-users, who have the most to lose in the event of a breach.
Customers Impacted: To be determined.
How it Could Affect Your Business: In an ecosystem of evolving B2B2C business models, companies that provide services for business users must acknowledge the possibility and gravity of a cyber-attack. As evidenced by this event, cybercriminals are peddling access to attack vectors that have the potential to cripple businesses on the Dark Web. Partnering with an MSP who can proactively monitor and navigate the inner workings of the Dark Web is crucial to securing small business customers and end users.
Delaware Guidance Services: Non-profit that offers mental health services for children, youth, and families.
Exploit: Ransomware attack.
Risk to Small Business: Severe: The Delaware-based organization issued letters to 50,000 patients notifying them of a ransomware attack that took place on December 25, 2018. After records were locked by hackers, DGS ended up paying a ransom in exchange for a decryption key to regain access. Although their investigation concluded that no data was compromised, they are offering free credit monitoring and reporting services for one year to those affected.
Individual Risk: Severe: Personal details including names, addresses, DOBs, SSNs, and medical information was impacted. All members have been advised to review financial and credit reports for any suspicious activity.
Customers Impacted: 50,000 patients.
How it Could Affect Your Business: The threat of ransomware is increasing at alarming rates, and small businesses must begin to consider the potential impact of an attack on their systems. In the event of a breach, management is forced to decide whether to pay the ransom or risk losing access to customer records forever. Source
Orchard View School District: A high school district in Muskegon Township, Michigan.
Exploit: Internal data breach.
Risk to Small Business: Severe: Students allegedly hacked the school’s information system, PowerSchool, and altered grades and attendance records. The school has notified parents of the students who may be responsible and is investigating the incident. However, what data was modified and how accessed has yet to be determined.
Individual Risk: Moderate: Depending on whether a ledger of the previous data was stored or removed, other students could be at risk for having their grades modified. Regardless, the possibility of losing such data can be upsetting for students, to say the least.
Customers Impacted: To be determined.
How it Could Affect Your Business: Organizations that store important information must remain vigilant for cyber-attacks, especially originating from within. To protect valuable data from getting in the hands of the wrong people, internal systems must be “fool-proofed” by partnering with the right security provider.
The right security partner can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Source.
FILA: UK branch of sportswear brand
Risk to Small Business: Severe: Russian security vendor Group-IB discovered that a malware dubbed GMO was installed into the clothing brand’s website for at least the past four months. The attacker responsible was able to secretly collect card data entered by customers through the company’s server, researchers reported. However, the company was unable to remove the card-stealing code from their site until very recently. Along with the threat of fines and lawsuits, the business will certainly face customer churn.
Individual Risk: Severe: Anyone who ordered from the FILA.co.uk website should be contacting their bank and checking their statements. Since the company has yet to issue a statement, it could be months before customers are notified and able to act, potentially putting them at severe risk.
Customers Impacted: An estimated 5,600 cardholders.
How it Could Affect Your Business: As the world of e-commerce grows increasingly competitive, especially in the lens of the apparel industry, businesses should know that such a breach can produce catastrophic consequences. Keeping online shoppers on your website is hard enough as-is, and companies must avoid breaches at all costs to retain trust. In order to do so, it becomes a simple matter of enlisting the help of an IT security provider. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!