Breach Report – March 2020
This month in cybersecurity news, COVID-19 scams abound, hackers make millions on the Dark Web, and data breach dangers continue.
Security Topics of the Month
As COVID-19 spreads around the globe, hackers are exploiting the atmosphere of panic and fear created by the pandemic to steal peoples’ personal information. More than 4,000 coronavirus-related domains have been registered since the beginning of the year.
Experts consider 3% of these to be outright malicious and 5% are categorized as suspicious – more than double the usual number. Hackers are likely to target organizations with phishing attacks in an attempt to steer employees toward these malicious sites where they can steal critical data.
It’s a reminder that while phishing scam awareness training is an effective defense against cybercrime, security education isn’t a static endeavor. It must always adapt to address today’s shifting threats in order to keep your organization a step ahead of tomorrow’s bad actors.
Payment card skimming malware is a growing threat to both customers and retailers – and a profitable business for the bad guys. According to cybersecurity researchers, hackers recently hauled in $1.6 million from selling 239,000 stolen payment cards on the Dark Web.
Unfortunately, the high yield is likely to incentivize other cybercriminals to pursue payment card skimming, creating a serious liability for companies and customers processing payments online.
Customers routinely demonstrate an unwillingness to shop at online retailers after a data breach. Making cybersecurity at the point of sale a top priority could be the difference between a flourishing online store and a floundering operation. Any business planning to implement online sales needs to have a strong cybersecurity strategy, including regular malware assessments and Dark Web monitoring.
Avoid Data Breaches While Working From Home
Around the globe, more than 40% of all workers are currently working from home, a significant jump even in just the past week. In addition to phishing scams, cybersecurity researchers identified a spike in malicious remote access attempts.
Cybercriminals are taking advantage of the jump in employees teleworking to mask their activity and gain access to company data. The U.S. Department of Homeland Security recommends that organizations remain vigilant about equipping employees to identify phishing scams and that they enable two-factor authentication to protect accounts from unauthorized access.
The Month in Breach
Clothing retailer J. Crew recently revealed that an April 2019 data breach by an unauthorized party impacted customers’ account login credentials, email addresses, and passwords. Partial payment card data and order information was also compromised.
The company has closed the affected accounts, but this incident comes when many consumers are shunning companies that don’t secure their information.
In an ironic twist of fate, Whisper, an anonymous secret-sharing app, failed to keep messages or profiles private.
Developers overlooked basic security protocols when they left a database containing customer information unprotected by even a password, and hackers pounced. As a result, 900 million files dating back to the company’s launch in 2012 were made available online. Although the company was quick to secure the database, its reactive efforts will do little to assuage the doubts and concerns of its privacy-minded customer base.
Users’ names were not stored in the exposed database, but nicknames, ages, ethnicities, genders, hometowns, group memberships, and location data were all available. Some personal information was highly sensitive and could be used to execute spear phishing campaigns or targeted ransomware attacks.
Hospital workers are receiving an email purportedly from Dr. Tedros Adhanom Ghebreyesus, director of the World Health Organization (WHO). The email contains a personalized message using the recipients’ valid username and an innocuous-looking attachment.
Unfortunately, it’s a phishing attack. When the attachment is opened, it installs malware capable of stealing credentials from the computer. According to cybersecurity researchers, the messages specifically prey on the altruism of recipients, by purporting to include information about novel, preventative drugs and COVID-19 cures.
At this time, there are no reports of recipients falling for this scam. However, anyone who does click on the attachment has likely allowed malware to compromise their credentials. In that case, they should immediately take steps to remove the malware, reset account passwords, and notify their employers of the incident.