100,000,000 unsuspecting victims nailed.
Updated: Aug 10, 2018
This week shows no shortage of targeted attacks designed to extract large datasets from a broad range of consumer sites. Travel, Finance, Recruitment and Entertainment sites were targeted, impacting more than 100,000,000 unsuspecting victims. The events clearly demonstrate why businesses must monitor for compromised Username/Passwords that can be used to exploit internal systems and to compromise or takeover customer accounts.
1. Leaked credentials from a 3rd party data breach used to exploit 45,000 Transamerica customers
2. No Tickets for You! - TicketFly shuts down to identify and fix the source of leak impacting 26,000,000 customers
3. Booking.com shows that phishing attacks never take a vacation
4. Google Groups - taking a page right out of Amazon’s leaky bucket playbook? In other news…The US City of Atlanta’s losing streak continues thanks to ransomware hacks! This time, the city’s evidence chain of custody was breached, allowing police evidence to be destroyed - impacting investigations and prosecutions.
5. Europol has a new team dedicated to cybercrime on the Dark Web, hoping to monitor and mitigate criminal activity. Multiple law enforcement agencies throughout Europe are participating in this team, in addition to some non-European organizations.
6. Google Groups can’t get its act together when it comes to privacy settings, resulting in accidental disclosure of users’ private documents. If your business uses Google Groups, make sure to set your group to private! It looks like there’s more than just alligators to watch out for in the US sunshine state… Florida named the worse state in consumer cybersecurity.
Threat Focus: MyHeritage - ISRAEL
Business Type: Unsecured/misconfigured data store. Poor data at rest encryption. Poor password encryption.
Risk to Small Business: High: Demonstrates the impact of database misconfiguration, security controls and weak encryption.
Risk to Exploited Individuals: Moderate: Email addresses leaked but DNA/family history data supposedly stored separately. MyHeritage: Users search historical records and create a family tree using this web-based service from Israel.
Date Breach Discovered & Disclosed: October 26, 2017 - June 4, 2018 How it was Compromised: The CISO of MyHeritage received a message from a researcher that he had found a great deal of MyHeritage’s data on a server not connected with the site. The CISO confirmed that the data originated from their site but exactly how the data was acquired is not clear as of now.
Customers Impacted: 92,283,889 Users Attribution/Vulnerability: Unclear, but MyHeritage did not store passwords, instead of storing a one-way hash of each password that has a key unique to each user. All credit card information is located on third party sites and the most sensitive information the website holds such as family tree and DNA data is stored in segregated systems with additional layers of security.
Threat Focus: Transamerica - USA
Exploit: Compromised credentials
Risk to Small Business: High: Demonstrates the need to proactively monitor for compromised credentials from 3rd party data breaches and phishing attack mitigation.
Risk to Exploited Individuals: High: Highly sensitive personal information was stolen and could be used to impersonate an employee; or an outside agent could pose as a relative of an employee to phish for information 3 Transamerica: This company offers mutual funds, retirement strategies, insurance, and annuities.
Date Breach Discovered & Disclosed: March 2017 – May 2018
Data Compromised: Names; Addresses; Social Security Numbers; DOB; Financial Data; Employment Information.
How it was Compromised: Third party compromised Username/Password were used to access user’s account data.
Attribution/Vulnerability: Malicious Actor
Threat Focus: Booking. Com - USA
Risk to Small Business: High: Demonstrates how well-crafted phishing attacks can lead to massive data loss even with strong end-user security awareness training program and security tools in place.
Risk to Exploited Individuals: High: Money was stolen from the individuals who responded to the convincing email, and their stolen personal information could be used again. Booking. com: A popular site for booking hotels, houses, apartments and boats.
Date Breach Discovered & Disclosed: June 2018 - June 3, 2018
Data Compromised: Names; Addresses: Phone Numbers; Dates; Price of bookings; Reference Numbers
How it was Compromised: Certain properties of Booking.com received a link that detailed a security breach and urged them to change their password. Once the link was clicked the hackers had access to booking information that they used to send highly convincing phishing emails to customers asking for advance payments. The emails contained booking and pricing info for previously booked rooms, making the emails almost indistinguishable from an actual email from the company. The company reported that there was no compromise on their systems and that any customers who lost money due to the incident will be reimbursed.
Attribution/Vulnerability: Outside malicious actors, deployed through spam email campaign
Threat Focus: PageUp - AUSTRALIA
Exploit: Malware Risk to Small Business Risk: High: Demonstrates that malware exploits are often very difficult to detect and defend against. Risk to Exploited Individuals: High: It is unclear what information has been compromised and from which customers of PageUp, but given the nature of the company and the information they store, the risk is serious. PageUp: A large Australian company that provides HR, career, and recruitment service to large and small businesses around the world. Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication for general information only and has compiled the content from number of sources believed to be reliable. No warranty, implied or otherwise, is given as to its accuracy or fitness for use, no validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
Date Breach Discovered & Disclosed: May 23, 2018 - June 6, 2018
Data Compromised: Unclear, but passwords were hashed and salted (‘salted’ = when pain is inflicted by means of insult, blackmail, or general embarrassment.)
How it was Compromised: The investigation into the breach is ongoing, but due to the new implementation of GDPR in Europe and Australia’s Notifiable Data Breaches Scheme, PageUp disclosed the breach in compliance with the laws. Attribution/Vulnerability: Malware was found on one of PageUp’s IT systems, but how the malware entered the system is still being investigated.
Quarterly Breach Statistics Report: Australian Government The Office Of The Australian Information Commissioner released its report on Data Breaches notified to it as per the Notifiable Data Breeches Scheme which came into effect on 22nd February, 2018.
The NDB Scheme advised that 63 Data breaches were notified between 22nd Feb & 18th March. The top 5 Industry Sectors breached were: (1) Health Service Providers (2) Legal, Accounting & Management Services (3) Finance (incl Superannuation) (4) Education and (5) Charities. Information stolen included Contact Information; Financial Details; Health Information; Identity Information; Tax File Numbers and Other sensitive Information.
73 per cent of eligible data breaches reported involved the personal information of under 100 individuals, with just over half of the notifications involving the personal information of between 1 and 9 individuals. 27 per cent of notifications under the NDB scheme involved more than 100 individuals.
POSTSCRIPT An important takeaway from this week finds its origin in research done by Dr. Michael McGuire, funded by Bromium and titled ‘The Web of Profit’: The unfortunate truth is that crime does pay. Cybercrime produces 1.5 Trillion each year, which rivals Russia’s GDP and would place cybercrime at number 13 in a comparison of the world’s highest gross domestic product. $500 Billion of that can be contributed to intellectual property theft and data trading accounts for $160 Billion. The scope of cybercrime profits and influence points to the conclusion that it is an economy in and of itself, a conclusion that is supported by the growth of platform criminality. Platform criminality is much like the business models of platform businesses such as Google, Uber, or Amazon that trade in data. Data is a profitable business as demonstrated by these famous companies (or at least two of them), and criminals have taken note. Using the Dark Web as a means of facilitating transactions, cyber criminals are able to buy and sell anything from data to a day-zero exploit. The main takeaway from looking at how cybercrime has evolved is that cyber criminals are selling crime rather than committing it. Much like how Uber is selling a platform where drivers are paired with passengers, criminals are selling the tools and data needed to commit cybercrime over ‘back alley’ marketplaces.
The research done by Dr. McGuire also highlights the importance of monitoring the Dark Web for personal information, stating: “New kinds of software tools are required for uncovering how cybercriminals are using digital technologies for hiding and laundering revenues. One example would be virtualization tools that can generate safe havens, isolated from the internet, where illicit revenue-generating activity can be diverted and neutralized. Another would be more sophisticated scanning tools capable of better tracking and locating items of value across the net – in particular, personal data”(125).
The Dr. also concluded that while Dark Web monitoring is vital to combatting the economy of cybercrime, it is far from an easy task. The difficult nature of monitoring the Dark Web is not just because it is harder to navigate than the traditional web… explains McGuire, it is “because many of the sites only grant access by word of mouth, or on the basis of ratings status and trust, which may take some time to build up” (57). The Dark Web and the economy surrounding it is nothing to take lightly, and ignoring its existence only adds to the ability for cyber criminals to go about their work unscathed. Avantia Digital Solutions US Partners fulfil
s this need for Dark Web monitoring, instead of turning a blind eye to the complex and dynamic reality of the cybercrime economy our services dive right in.
Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING
Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication for general information only and has compiled the content from number of sources believed to be reliable. No warranty, implied or otherwise, is given as to its accuracy or fitness for use, no validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.