Breach Report – April 2019
It’s baaaaaaack. Enjoy our monthly overview of major cyberattacks from around the world as well as the latest tips and hottest topics in cybersecurity.
Security Topics of the Month
Business Email Compromise (BEC) Scams
Hackers use BEC scams to trick companies that pay their bills through wire transfers. The scammers impersonate C-suite employees and leverage social engineering techniques to route funds to themselves instead of the actual intended recipient. In 2016, companies the world over lost an average of $140,000 to BEC attacks.
BEC scams are particularly dangerous because they can circumvent email protection tools since they don’t contain any malicious links or attachments that can be flagged. Watch out for these 5 most common forms of BEC fraud:
The Bogus Invoice: Fraudsters pose as vendors requesting payments to accounts they own.
CEO Fraud: Cybercriminals assume the role of an executive and request fund transfers from their finance teams.
Account Compromise: Employee accounts are hacked and leveraged to request invoice payments from vendors.
Attorney Impersonation: Attackers pretend to be lawyers in charge of confidential information and ask for unusual requests via phone or email. This form of BEC tends to occur toward the end of a business day.
Data Theft: Hackers go after HR and finance employees to gain the personally identifiable information and tax statements of employees, which can be used for future attacks.
Digital Fingerprints For Sale on the Dark Web
When we say digital fingerprints, we mean full user profiles – your fingerprint in the digital world. A new marketplace called Genesis is selling 60,000 digital fingerprints for as little as $5 each.
A full user profile doesn’t just include your login information. It provides thieves with your account cookies, browser details, and other features. This information helps cybercriminals evade many of the security standards that currently detect abnormal or fraudulent account behavior.
To prevent misuse of your digital fingerprint, enable two-factor authentication whenever possible. Also, keep an eye on your digital information with software solutions like BullPhish ID.
Hotel Websites Leaking Customer Data
A recent study by Symantec discovered that two in three hotel websites leak guest booking details and allow access to personal data. This exhaustive study included 1,500 hotels in 54 countries and covered a range of lost-cost and high-end hotels.
Most hotels send guests a link to manage their reservation, but some hotels fail to encrypt this data, making it easily accessible to hackers. Also, hotels collaborating with discount sites and advertisers make guest data available to these third-party partners, furthering the exposure.
The Month in Breach
Toyota Gets Hacked
Hackers successfully targeted Toyota’s main offices in Japan to access sales information for up to 3.1 million customers. Thankfully, the compromised servers didn’t contain customer financial information. Security experts believe the likely culprits are APT32, a Vietnamese cyber-espionage group known to focus on the automotive industry.
Weeks earlier, the company’s Australian subsidiary was breached. Investigators believe the hackers leveraged the data they stole in the Australian heist to execute this latest attack on the more secure Toyota headquarters central network.
Phishing for Information at the MN Dept. of Human Services
An employee’s e-mail account was compromised as a result of a cyberattack in March 2018, though it was only made public this month. It’s the third cyberattack against the agency in the space of a year. A hacker unlawfully logged into the state e-mail account of a DHS employee and used it to e-mail one of the employee’s co-workers, asking them to pay an “invoice” by wiring money.
This data breach may have exposed the personal information of about 11,000 people. At the time of the attack last March, the compromised e-mail account contained a wide range of personal information about DHS clients, employees, and applicants.
Credential Stuffing at Chipotle?
Customers are reporting their Chipotle accounts have been hacked and used to place fraudulent orders charged to their credit cards – sometimes for as much as hundreds of dollars.
Chipotle states this occurred due to a credential stuffing attack. Hackers take lists of usernames and passwords from other breached sites and brute-force their way into other accounts.
However, some of the customers impacted used passwords unique to their Chipotle accounts. Even customers who ordered through Chipotle’s guest checkout option were victims, calling the restaurant’s credential stuffing stance into question.
A simple way to prevent these attacks from harming customers is to allow people to use two-factor authentication, which Chipotle has not yet announced it will do.
The Weather Channel Attacked With Ransomware
The Weather Channel’s daily morning show AMHQ was unable to air at its regular time because of a ransomware attack that temporarily incapacitated the network. The downtime lasted for more than 90 minutes.
Unlike many ransomware victims, the Weather Channel was prepared to deal with the ransomware outbreak. AMHQ was back on the air so quickly because there was a proper backup system in place.