Information Technology Professionals - IT Pros USA

1.833.223.3668

The Breach Report – Jan 2019

Welcome back to the Breach Report.

As we introduced last month – this is a monthly look at the major technology breaches and data hacks happening around the world. As you see these stories pile up month over month, hopefully, you’ll begin to realize the importance of data security – both personal and in business. IT security and data security is constantly evolving to battle the ever-changing digital attacks. Cybercriminals are responsible for some of the biggest crimes and the most headaches for the everyday, average person. With the Breach Report, we hope to keep you in the know regarding major breach events, as well as how to combat them with a few security tips and topics each month.

Security Topics of the Month

Cybercrime is More Lucrative Than Drug Trade

According to cybersecurity researchers, cybercrime is the world’s fastest growing criminal industry. This may come as a surprise to some, considering cybercrime in this comparison goes head to head with the infamous and profitable illegal drug trade. However, as cybercrime grows, so does the defense industry. Cyber defense spending will increase rapidly in the next decade, with the report predicting over $1 trillion in spending on cybersecurity between 2017 and 2021 and keeping the cybersecurity unemployment rate around 0%.

Keep your Email in Check!

According to the FBI, business email compromise (BEC) schemes have amounted to $12.5B in losses to companies in 2018 alone. From Q1 to Q3, there was a 46% lift in the number of attempts recorded, signaling that hackers are doubling down on email fraud due to its simplicity and effectiveness. The top three countries most often targeted by email scammers? The United States, Australia, and the United Kingdom.

Twitter Memes a Front for Malware

Researchers have discovered a malware that is being distributed by hackers, which receives instructions from… memes. That’s right, this form of malware that targets Windows systems can “capture local screenshots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker.” It also can receive instructions from Twitter memes. This type of communication is known as stenography and hypothetically could be used to instruct many people at once with memes, while surpassing most detection systems. So, make sure all your systems are up to date and your credentials aren’t compromised… better to enjoy this season!

How Work-From-Home Can Open Your Business Up to Breach

As the historical debate surrounding work-from-home (WFH) policies continues to reach news headlines, an additional consideration has surfaced: IT security. Home networks in WFH environments can expose your company to security risks, as devices are connected to the internet and can serve as an entry point for hacks. With the advent of remote working arrangements and rising adoption of smart devices, employees are accessing enterprise software such as cloud-based apps, video conferencing software, and file sharing regularly, resulting in vulnerabilities that black hats can tap into with little to no difficulty. Of course, this doesn’t necessarily mean you should discontinue your WFH policy. Instead, consider how you can arm your employees with best practices for securing their devices and networks to avoid breach possibilities.

The Month in Breach

As we initially discussed last month, hackers will always find ways to cheat businesses and plunder data. Remember, if you happen to use the same password in more than one location, you’re basically opening the gates for hackers to walk right in. Be safe… use a different password for everything!

Caribou Coffee Hack Brewing Danger

In a breach that will affect all Caribou Coffee members and credit card users, cyber criminals hacked the major coffee chain, impacting more than 235 stores nationwide – roughly 40% of all locations. This represents a severe risk for both the business and the individuals, even those who aren’t members but simply used a credit card at a Caribou coffee between 8/28/2018 – 12/3/2018. This will absolutely be a detriment for Caribou. Credit card information being accessed is never good for business. Customers tend not to forget the company whose breach resulted in them losing money.

Hackers Breach Nest Security System

In an alarming personal story, a hacker compromised a user’s system and then started talking to him from his own Nest security system.  In a circumstance that could only be described as ‘alarming’, a hacker who claimed to be with Anonymous told the Arizona man, through his own Nest security system he had installed, that he had been hacked. The hacker then listed passwords the man had on other sites. If you have a Nest security system, you may want to consider contacting the manufacturer to make sure your data is secure. 

Facebook, What Are You Doing?

Facebook continues to let down its users… this time by providing user data to a wide variety of large companies for commercial purposes. Some of the companies that took advantage of Facebook’s fast and loose outlook on its customers’ data include Apple, Amazon, Microsoft, Spotify, and Netflix. The information even included private messages between users. When Amazon was asked about how it used the user data Facebook provided them, their official statement stated they used the data “appropriately,” which is not very comforting.

Booze Buyers Beware of BevMo Breach

Hot dang do we love an alliterative title, but this breach is no laughing matter. BevMo – an online alcohol retailer – experienced a website breach, with hackers adding a piece of malicious code to the e-commerce checkout page. The malicious code placed on the checkout page was able to siphon customer names, credit/debit card numbers, expiration dates, CVV2 codes, billing addresses, shipping addresses, and phone numbers, potentially affecting over 15,000 users. Visitors who entered payment details into the website are at an increased risk for account fraud. As payment security continues to rise in importance to online shoppers, such an attack can strike a crushing blow to sales and bottom-line profits. Competition in the online retail landscape is cutthroat as is, so a newsworthy breach like this has the potential to turn customers away by shining a spotlight on personal and payment information concerns.

Read Past Breach Articles:

Or maybe you want to check out other IT Security blogs:

For those of you who want to read more about cybersecurity, check out our other recent blogs:

You can also visit the Security page on our site.

FREE ASSESSMENT

Get Started