Breach Report – June 2019
Welcome to the June Breach Report. Stay updated on the latest cyberattack methods and learn best practices for protecting your company’s data. It’s all right here.
Security Topics of the Month
Mobile Banking Malware on the Rise
According to a Kaspersky Lab report, instances of mobile banking malware trojans more than tripled in Q1 2019. In addition, there was a 58% increase in modifications to banking trojans.
Banking trojans steal both credentials and funds from users’ bank accounts. A single piece of malware, dubbed Asacub, accounted for more than half of the banking trojans detected during Q1, attacking approximately 8,200 users a day.
The report also identified nearly 30,000 different modifications of banking trojans, each one a new attempt to thwart banks’ cyber defenses.
There are 57 million mobile banking users in the U.S. And 86% of U.S. banks offer bill pay via mobile banking. As more and more financial services are conducted online, it’s troubling to see an uptick in the scope and complexity of mobile-focused malware attempts.
Beware This Office 365 Phishing Campaign
The latest phishing attack making the rounds will really put your employees’ cybersecurity awareness to the test.
The phishing email pretends to be from the “Office 365 Team.” It states it’s alerting recipients of an unusual amount of file deletions occurring on their account. It then encourages them to click a link to review the alert. The link takes them to a fake Microsoft login page that captures their login credentials.
For Microsoft accounts and Outlook.com logins, login forms will come from microsoft.com, live.com, microsoftonline.com, and outlook.com domains only. If you encounter a Microsoft login form from any other URL, avoid it.
Unpatched Vulnerabilities Cause ¼ of Global Data Breaches
More than one in four (27 percent) organizations globally have faced security breaches because of unpatched vulnerabilities. It highlights the necessity of patching security vulnerabilities and getting employees to update their software.
Different organizations take different approaches to this problem, including scanning for vulnerabilities, running simulations, and collaborating with MSPs to identify and solve for possible pain points. But the patching challenge is ubiquitous throughout all sectors and among companies of all sizes.
Stolen NSA Tool May Be Behind Rash of Gov’t Ransomware Attacks
The increasing number of ransomware attacks on local governments may have an unlikely source – a cyber weapon developed by the U.S. National Security Agency (NSA).
In 2017, the NSA lost control of one of its most impactful weapons, code-named EternalBlue. Now it’s in the hands of independent bad actors and state-sponsored hackers who are paralyzing vulnerable American towns.
While some cities refuse to cough up the ransom, many have no choice but to pay to restore access to their digital infrastructure. At the same time, the additional security costs to protect against EternalBlue make it difficult for cash-strapped governments to combat the threat.
Since most ransomware originates as phishing scams sent to employee email accounts, proper employee training can be worth its weight in gold – or at least in Bitcoin.
Phishing Scams Becoming More Complex
A recent study found nearly half of all phishing attacks are polymorphic. In polymorphic phishing, an attacker makes small changes to an email’s content, copy, subject line, sender name, or template during or after an initial attack has deployed.
Polymorphic phishing attacks trick signature-based email security tools because they aren’t built to recognize such modifications to threats. This ultimately allows different forms of the same attack to land undetected in employee inboxes. Thus, recipients are forced to fend off various versions of the same attack.
The Month in Breach
Georgia Tech Hack Exposes Personal Info of 1.2 Million People
In late March 2019, Georgia Tech discovered an unauthorized person was sending queries through a Georgia Tech web server to an internal database. It appears the unauthorized database access began four months earlier in December 2018.
Information that may have been accessed includes names, addresses, Institute IDs, dates of birth, and Social Security numbers of current and former faculty, staff, students, alumni, student applicants, and affiliates.
Georgia Tech is notifying the 1.265 million people impacted. It’s offering credit monitoring and identity theft protection services to those whose Social Security numbers were involved in the incident.
Hackers Penetrate News Service Flipboard
Cybercriminals had access to Flipboard’s customer information databases for more than nine months – first between June 2, 2018, and March 23, 2019, and then for a second time between April 21 and April 22, 2019.
These databases stored Flipboard usernames, hashed and uniquely salted passwords, and emails or digital tokens linking Flipboard profiles to accounts on third-party services.
However, there is some good news. The vast majority of passwords were hashed with a strong password-hashing algorithm named bcrypt, currently considered very hard to crack.
Although Flipboard has reset all user passwords and disconnected or deleted all tokens, impacted individuals should be mindful that their credentials could be compromised. Flipboard users should be especially careful about using their old Flipboard passwords on other services.
Checkers Drive-In Point-of-Sale Systems Infected with Malware
Hackers successfully infected more than 100 of the company’s point-of-sale systems with malware that stole customers’ payment information from the magnetic stripes of payment cards.
The information stored on your card’s magnetic stripe includes cardholder name, payment card number, card verification code, and expiration date.
Although Checkers has removed the malware, it now faces digital infrastructure repair costs and reputational costs that could discourage people from visiting their restaurants.
Data Breach at Quest Diagnostics Affects Nearly 12 Million Patients
A collection firm partnering with Quest Diagnostics encountered a data breach that directly impacted nearly 12 million of the lab’s patients. American Medical Collection Agency (AMCA), a billing collections service provider, reported an unauthorized user accessed its system. ACMA’s systems contains personal information from various entities, including Quest.
The data involved in the breach includes patient information, financial data, Social Security numbers, and other medical data.
Even though the breach occurred at a separate company, Quest Diagnostics will bear its financial and reputational burden.