Search
  • Avantia Threat Update

At UBER "Mums the word"

Updated: Oct 26, 2018


UBER fined US$148,000,000 for Cover Up!

This week Magecart is at it AGAIN! Plus, a payroll social engineering attack? UBER fiddles while Rome burns.

Trends in Data found on the Dark Web This Week

  • Total New Compromises: 13,394

  • Top Source Hits: ID Theft Forum

  • Top PIIs compromised: Domains (13,916)

  • New Clear Text Passwords Found: (7,014)

  • (PII is Personally Identifiable Information.)

  • Top Company Size Hacks: 1-10 (4,172)

  • Top Industry Hacks: Education & Research (1,232)

In Other News


Mum’s the Word at Uber.

Uber will pay $148m and tighten data security after the ride-hailing company failed for a year to notify drivers that hackers had stolen their personal information, according to a settlement announced on Wednesday.


The company reached the agreement with all 50 states and the District of Columbia after a vast data breach in 2016. Instead of reporting it, Uber hid evidence of the theft and paid ransom to ensure the data wouldn’t be misused.


“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Lisa Madigan, the Illinois Attorney General, told the Associated Press. “And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches.”


Uber learned in November 2016 that hackers had accessed personal data, including driver’s license information, for roughly 600,000 drivers in the US. The on-demand ride company acknowledged the breach in November 2017, saying it had paid $100,000 in Ransom for the stolen information to be destroyed. The hack also took the names, email addresses and cellphone numbers of 57 million riders around the world. After significant management changes in the past year, Tony West, Uber’s chief legal officer, said the decision by current managers was “the right thing to do”.


Double Stuffed Credential stuffing has been around, but its appearance in the financial sector has grown. For example, botnets (Networks of Computers) targeting a network with credential stuffing will effectively DDoS (Distributed Denial Of Service) attack a site while attempting to log in. Credential stuffing is where a hacker or a hacker’s botnet (Zombie Network) attempts to log into online services using credentials obtained through a data breach. From November 2017 to June 2018 there were 30 billion malicious login attempts. This shows off the power these large botnets (Networks) have when it comes to taking advantage of the breaches that happen all the time. (A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.)


Paystole There is a new trend of social engineering attacks targeting employees whose credentials can let the bad actor access online payroll accounts. The FBI Internet Crime Complaint Center has seen an uptick in starts with a phishing email and then evolves into accessing payroll, changing bank account data, and changing settings so the target does not receive an alert when their direct deposit changes. Make sure to be diligent in sifting through emails!



Threat Focus: Newegg - USA

Newegg: One of the United States largest online retailers of electronics.

Exploit: Code injection by Magecart, the group responsible for the Ticketmaster and British Airlines breaches.

Risk to Small Business: 2.111 = Severe*: A breach including sensitive payment information such as this could dismantle customer trust, especially in a company that is first and foremost an online retailer.

Individual Risk: 2.714 = Moderate Risk*: Those affected by this breach should contact their credit card companies immediatley. Magecart is no joke, as demonstrated by their wide range of attacks across various industry and the scope of their abilities.

Customers Impacted: Unclear, but the site has 45 million monthly unique visitors and was breached for over a month.

How it could effect SME’s: Magecart is back, and they mean business. The group that is responsible for the Ticketmaster and British Airlines breach has now targeted Newegg. This shows that the group isn’t limited to one industry or country. Magecart is a global operation that can target any organization that processes payments online.


Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


Threat Focus: Independence Blue Cross – USA

Independence Blue Cross: A healthcare organization based in Philadelphia

Exploit: Exposed database.

How it could effect SME’s: 1.888 = Severe Risk*: The exposed database is a classic example of how one mistake can have disastrous consequences on a business. Leaving a database, and even more so, a database with medical information or medical related information is a betrayal of customer trust that cannot always be earned back.

Individual Risk: 2.428 = Severe Risk*: The data exposed could be used for insurance fraud or identity theft.

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Customers Impacted: 17,000 patients.

How it could effect SME’s: A breach that contains medical or insurance information is never pretty. This can greatly reduce customers trust in a business and the government (depending on the country) can levy a significant fine for the inability to secure the sensitive information.


Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



Postscript:


Magecart is Ruffling Through Your Cart. With the Magecart group taking on companies such as British Airlines, Ticketmaster and now Newegg, It’s a good time to talk about online retail security. Researchers at Security Scorecard analyzed 1,444 domains within the sector for 5 months to collect data on how secure the industry is. What they found… was not pretty.

The retail industry was not the lowest scoring sector, but it was the second lowest scoring, with entertainment being the only major industry more vulnerable. Not only is the retail sector highly vulnerable, but it also has gotten worse over the last year because it moved down 2 spots in rankings. The retail sector was last in its ability to protect against social engineering attacks, which is concerning because the retail industry is the third most targeted industry behind banking and finance.

Many credit card associations have called for changes to be made within the sector, but many organizations are not fully compliant or not at all. In fact, 91% would fall under noncompliance. The combination of the popularity of online retailing with the fact that there is a very serious hacker group targeting websites that process payments, means the retail sector needs to look into buckling down because these threats aren’t going to go away.



Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING



* Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication to the reader for general information only and has compiled the content from a number of sources in the USA and up to 56 other countries who provide cyber breach information to us in real time.  Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.

© 2020 by Avantia CORPORATE SERVICES . All Rights Reserved.