Breach Report – August 2019
Want to know what’s going on in the world of cybersecurity? You’ve come to the right place. Dive into the hot topics of the moment and learn lessons from recent data breaches.
Security Topics of the Month
Ransomware Bursts Back Onto the Scene
As a tool for targeting individual computer systems, ransomware fell out of favor with cybercriminals because it failed to net significant returns. That changed when cybercriminals began targeting local governments and small and medium-sized businesses – where they can pocket thousands of dollars using this relatively inexpensive attack method.
Many attribute this shift in approach to the WannaCry ransomware virus, which captured national headlines and set a new direction for future cybercriminals.
As municipalities and organizations grapple with the best response plan, it’s clear that bad actors will continue to wreak havoc with new iterations of ransomware. A strong defense is the most affordable and advantageous approach to these attacks. Getting expert eyes (like ours!) on your cybersecurity landscape can ensure that your vulnerabilities are accounted for.
The Increasing Costs of a Data Breach
Data breaches are a prominent problem for organizations of any size in any sector. The bad news, according to IBM’s annual report on the cost of data breaches, is that they are also becoming more expensive.
In 2019, companies can expect to spend $3.92 million on a data breach, a 12% increase in just five years. The average cost of a breach in the U.S. is $8.19 million, more than double the worldwide average.
The report is especially troubling for SMBs. IBM concluded that companies with fewer than 500 employees will still incur losses in excess of $2 million if a data breach occurs. And they can expect these costs to continue for several years after a breach.
The high cost of a data breach makes investing in cybersecurity tools and training a relatively inexpensive way to protect your organization from the catastrophic consequences that accompany a breach.
Watch Out For SystemBC Malware
A new malware strain, SystemBC, targets Windows computers with a multifaceted attack that can wreak havoc.
In addition to infecting computers with the primary strain of malware, SystemBC contains an on-demand proxy component that allows other malware stains to integrate with infected computers.
SystemBC’s main role is to create a SOCKS5 proxy server through which the other malware can create a tunnel to bypass local firewalls, skirt internet content filters, or connect to its command-and-control server without revealing its real IP address.
Bad actors can use this arrangement to install trojans, ransomware, and other malware on users’ computers.
SystemBC illustrates the ever-changing cybersecurity landscape that threatens every organization. With the cost of a data breach growing each year, companies have every incentive to protect their IT infrastructure. Partnering with qualified professionals (like us!) can ensure that your organization is always ready to combat the latest threats.
Data Breaches On the Rise
A recent report by Risk Based Security confirmed what many people already knew: data breaches are increasing in frequency and scope.
In the first half of 2019, there were 3,816 data breaches, a 54% increase from the same period in 2018. In total, more than 4 billion records were stolen. While the majority of these records (3.2 billion) were stolen as part of 8 high-profile breaches, more than one billion records were taken in lesser-known data heists from smaller organizations.
The healthcare sector led all industries with 224 data breaches, while retail and finance accounted for 199 and 183 breaches respectively. Meanwhile, government and education have collectively endured nearly 300 data breaches.
According to the report, email addresses and passwords were the most sought after data, occurring in more than 70% of data heists. In contrast, only 11% of data breaches contained financial information like credit card numbers.
Email addresses and passwords can be used to commit additional cybercrimes. Implementing comprehensive awareness training can help employees not fall prey to phishing scams and better protect your company’s valuable email addresses and passwords.
Google: 1.5% of All Internet Passwords Vulnerable to Spearphishing
Sometimes cybercriminals get too much credit for their ability to infiltrate businesses’ IT infrastructure. In many cases, employees’ bad password practices actually cause the vulnerability, a reality that was confirmed in a recent Google study.
Google estimates that 1.5% of all logins used on the internet are vulnerable to credential stuffing attacks because they were disclosed in previous data breaches. What’s more, even when companies or employees were notified of this vulnerability, only 26% of people changed their passwords to secure their accounts.
However, there is one silver lining. For those who did update their information, 94% created a password that was as strong as or stronger than the original password. Ultimately, it’s a reminder that many security vulnerabilities are fixable. Partnering with qualified cybersecurity experts can help you identify these vulnerabilities before they create a catastrophe.
The Month in Breach
Cancer Treatment Centers of America Falls to Phishing Attack
On June 6th, the Cancer Treatment Centers of America detected unauthorized email account access at its Philadelphia-based medical center. The account was compromised when an employee fell for a phishing scam in early May. That means intruders had access to patient data for more than a month before it was detected. As a result, the company will face enhanced regulatory scrutiny even as they grapple with the technological and public relations implications associated with a data breach.
A single phishing scam compromised the personally identifiable information of nearly 4,000 patients. This included their names, addresses, phone numbers, dates of birth, medical record numbers, and other patient-related information.
Ameritas Employees Take the Phishing Bait
Several employees fell for a phishing scam and provided their credentials to hackers who used that information to access customer data. The insurance company disabled the affected accounts and issued a company-wide, mandatory password reset.
The company’s quick actions prevented the data breach from becoming more expansive, but even temporary access can allow hackers to significantly damage a company’s data security.
Hackers accessed customers’ personally identifiable information, including names, addresses, email addresses, social security numbers, and policy numbers.
Because Ameritas failed to adequately prepare their employees for a phishing scam, they will now incur the significant cost of hiring an external security firm to shore up their data integrity, even as they face the less quantifiable reputational cost that always accompanies a data breach.
Hackers Steal Poshmark Customer Data
Hackers gained access to the company’s database storing customers’ personal information. Poshmark hashed and salted users’ passwords, making it difficult for hackers to use this information to directly access user accounts. However, similar breaches at online retailers eventually saw the customers’ data sold on the Dark Web.
Only US-based accounts were impacted by the breach. Usernames, passwords, names, gender, and city of residence were compromised. In addition, some platform-related content, like clothing size, was also made available.
Poshmark has hired a third-party cybersecurity team to update their protocols in the wake of the breach.
Former Software Engineer Hacks Capital One
An expansive data breach at Capital One Financial has compromised the personal information of more than 100 million US and Canadian customers.
Capital One, which provides Mastercard credit cards for retailers like Costco Wholesale and Hudson Bay Company, noted that the data is primarily restricted to consumers and small businesses who applied for a credit card between 2005 and 2019.
The data includes names, addresses, postal codes, phone numbers, dates of birth, and incomes. For US customers, the stolen data also includes 80,000 linked bank account numbers and 140,000 social security numbers.
The breach also compromised an undisclosed number of people’s names, addresses, credit scores, credit limits, balances, and other information.
The hacker, 33-year-old Paige Thompson, had previously worked as a tech company software engineer for Amazon Web Services, the cloud hosting company that Capital One was using. She gained access by exploiting a misconfigured web application firewall.
MageCart Strikes Again at the National Baseball Hall of Fame
The notorious hacking group MageCart infiltrated the National Baseball Hall of Fame, compromising the personal information of customers shopping on their e-commerce store. Hackers had access to shopper information for seven months, beginning in November 2018. The hackers injected a malicious script into the checkout page that forwarded user information to the hacking group.
MageCart scams steal customer data at checkout. Online shoppers between November 15, 2018, and May 14, 2019, could have had their information stolen. This data includes customers’ names, addresses, and payment information, including CVV codes.
Now, the museum will incur the inevitable repair costs that always accompany a data breach. The reputational damage to their online store will likely cost them revenue and loyal customers moving forward.
Unauthorized Database Access at Hy-Vee
Unauthorized activity involving payment processing software compromised transaction data at Hy-Vee’s fuel pumps, coffee shops, and restaurants.
However, card data involving the company’s supermarket check lanes and other payment systems was not impacted by the breach.
Hy-Vee took steps to eradicate the malicious activity, but the company has not revealed the specific data compromised in the breach. Given that the breach focused on point-of-sale platforms, it’s possible that names and payment information were made available to hackers.