Breach Report – July 2019
Stay up-to-date on the biggest news in cybersecurity and learn lessons from major cyberattacks in this monthly roundup.
Security Topics of the Month
Cybercriminals Creating “Secure” Websites to Fool Victims
We’ve been told that the padlock icon next to a web address or a web address beginning with “https” means the site is secure and safe. Unfortunately, that’s no longer always the case.
According to the FBI, cybercriminals are now creating their own “secure” web pages as part of phishing campaigns. An unsuspecting user opens a phishing email and clicks a link that takes them to a page with all the trappings of a secure page. The “secure” page tricks them into trusting the attacker-controlled site and handing over sensitive personal information.
In many cases, bad actors will get their own SSL certificates to secure their pages. Other hackers simply abuse pages hosted on cloud services which automatically inherit the certificates.
Comprehensive user training is the best way to help users identify phishing emails and fake secure sites.
3.4 Billion Phishing Emails Sent Every Day
That’s a scary thought. Thankfully, phishing is ultimately the most defensible cyber threat. These attacks not only need to make it through email filters, but recipients also have to directly act upon the message.
However, with so many phishing emails flooding in, it becomes increasingly probable an employee will accidentally engage with the message. Once again, proper training can help prevent users from falling victim to a phishing ploy.
Ransomware: To Pay Or Not To Pay
Local governments agree that getting hit with ransomware really sucks. But they disagree on how to respond to an attack.
Some governments choose to pay the ransom because it’s the less expensive option. But this makes other governments more vulnerable to a similar attack. Why? It tells hackers authorities are willing to pay to restore access to their systems.
However, a national conference of mayors recently adopted a resolution vowing not to pay any more ransom demands. It’s hoped this resolution will discourage cybercriminals from making ransomware attacks on local municipalities.
But what really happens when a local government refuses to pay? Baltimore authorities refused to pay a $75,000 ransom to regain access to their city’s network. But a full system restore could cost $10 million – and other ancillary disruptions may cost another $8 million.
Darned if you do and darned if you don’t, what’s a government to do? Simple: they need to do everything they can to prevent a ransomware attack in the first place. Dependable data backups and cyber insurance are critical for responding to an attack. Also, employee awareness training and threat analysis can prevent ransomware attacks.
Storage Devices are the Hot New Ransomware Target
A new form of ransomware dubbed eChoraix is being used to attack network attached storage (NAS) devices – specifically QNAP NAS devices.
These devices are used around the world and have several known vulnerabilities. And while patches exist for these vulnerabilities, many companies struggle to apply them in a timely manner.
NAS devices make a juicy target for hackers because they’re already connected to the internet and often have weak login credentials that are easily overcome.
Protect your NAS devices by restricting external access so they can’t be found from the outside internet. Also, ensure all security patches are applied and use strong credentials.
BlueKeep Vulnerability Still a Huge Threat
BlueKeep is a backdoor hackers use to access networks where they can directly deliver malware. The flaw can cause significant damage, but neutralizing the threat is surprisingly easy. A simple software update, which Microsoft issued in May, nullifies the vulnerability.
However, according to data compiled by a New Internet scan, less than 20% of eligible systems were updated in the past month. That means more than 800,000 systems are still not protected from the threat.
The U.S. National Security Agency and the U.S. Department of Homeland Security are urging people to patch older versions of Windows immediately.
The Month in Breach
Cyberattack Snags U.S. Customs and Border Protection Info
Yet another subcontractor has leaked sensitive data due to poor cybersecurity practices. License plate numbers and photos of vehicles and individuals crossing the U.S. border were stolen in a cyberattack on a subcontractor’s network.
The subcontractor, Perceptics, violated CBP’s security and privacy protocols by transferring the data and images to its own company network.
The stolen data included license plate and travel images from certain lanes at a particular border crossing. No passport or other travel information was compromised in the breach.
In response, CBP is monitoring the dark web for evidence of this data, and they are reevaluating their cybersecurity and privacy standards.
In addition, Perceptics has been suspended from procuring government contracts despite a 30-year working relationship with CPB. The end of the Perceptics contract shows just how important impeccable cybersecurity standards are for companies handling sensitive personal information on behalf of the government.
Inviting Trouble With a Slow Response
One of the biggest sites on the internet, Evite, is finally admitting that ten million user records were stolen and put up for sale on the dark web in a data breach that began in February of this year.
The compromised information could include:
- Email addresses
- Dates of birth
- Phone numbers
- Mailing addresses
Fortunately, social security numbers and financial data were not included as part of the breach. The hacker obtained the user records by stealing an inactive data storage file (likely an old backup file).
As part of its remediation efforts, Evite is prompting users to reset their passwords during their next login. However, since the stolen information was already discovered on the dark web, those impacted by the breach should take immediate steps to secure their credentials.
Their slow response time and lax security standards mean Evite will incur fees from third-party cybersecurity analysts as well as cascading reputational costs.
City of Sun Prairie Email Accounts Breached
Hackers gained access to employee accounts from January-March 2019. The compromised email accounts contained personally identifiable information for residents of Sun Prairie, including:
- Social security numbers
- Account login ID and passwords
- Driver’s license and state identification numbers
- Bank account numbers
- Medical information
- Payment card information
City officials don’t know which specific accounts were accessed, so anyone doing business with Sun Prairie should monitor their credit and identity to ensure their personal information is safe.
The lengthy communications delay and uncertainty surrounding the data breach leads to the conclusion the city was unprepared for a cyberattack. The city is now updating its cybersecurity protocols.