Tag: dark web credential loss

April 18, 2019

The Wipro Breach: A Demonstration of Third-party and Supply Chain Risk

Advanced phishing and supply chain vulnerabilities – these seem to be the successful attack vectors that hackers have used to compromise Wipro, an Indian multinational corporation that provides information technology, consulting and business process services. Notable security researcher, Brian Krebs, reports confirmation that a nation-state actor had been inside the company’s systems for months, identifying opportunities to attack its vast customer base – currently, at least a dozen of the firm’s clients have been targeted as a direct result of this breach. Additional sources have claimed that Wipro’s corporate e-mail system had also been compromised for some time, forcing the company to build out a new private system. Who’s the Bad Guy? While the attack has not been attributed to a specific group, security researchers note that it bears a resemblance to those launched by the Chinese hacking group APT10 – almost always beginning with a phishing campaign targeted against a third-party partner. The group has a demonstrated history of attacking Managed Service Providers in order to gain access to a larger swath of targets. Last year, the Australian Cyber Security Center blamed APT10 for attacks on at least nine global service providers, and the UK’s National Cyber Security Centre said it is aware of malicious activity currently affecting UK organizations across a broad range of sectors. Takeaways The Wipro breach seems to be a textbook case of exactly how not to handle a breach. Refusal to acknowledge and inconsistencies in what they will acknowledge have done nothing but increase not only confusion in reporting on the incident, but also mistrust in the company. Additionally, it highlights how critical it is that organizations properly protect their assets and address the vulnerabilities inherent to human error. Companies must extend beyond robust network security and incorporate systematic employee training, supply chain security assessment and ongoing monitoring, and third-party security, among other methods of defense. Last October, the FBI warned Managed Service Providers about the increasing occurrence of Chinese hacking groups targeting them specifically. MSPs have unparalleled access to their clients’ networks, so compromising an MSP can give these groups direct access into dozens, hundreds, or even thousands of businesses and their client data. The number one way attackers penetrate networks is with stolen credentials, according to the alert. ID Agent provides a robust suite of services to address the risks highlighted in the Wipro breach. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps like those used to infiltrate Wipro’s systems. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More
April 15, 2019

Cyber Scams to Avoid This Tax Season

They say nothing is certain except for death and taxes. In 2019, it’s time to add cyber tax scams to the list. The Internal Revenue Service (IRS) has released its annual “Dirty Dozen” list of tax scams – and it’s no surprise that nefarious online schemes top the list. Here are some of the most common (and clever) techniques that hackers are using to defraud Americans of their personal information and hard-earned income.

Read More
February 22, 2019

Webinar Recap: An Update on Data Security Breach Laws in the U.S. & Canada

Data Security Breach Laws Becoming Stricter The webinar “An Update on Data Security Breach Laws in the U.S. & Canada” was offered February 13 by ID Agent. The top-line message is that the many overlapping laws and regulations governing data security are becoming stricter. Moderated by Jessica Retka, an associate in the Intellectual Property and Technology Group at Baltimore law firm Whiteford Taylor Preston LLP, the webinar featured legal experts S. Keith Moulsdale, a partner in the Cyber Security, Information Management and Privacy Group at Whiteford Taylor Preston, and Judith Payne, a partner at Winnipeg-based Pitblado Law who specializes in privacy, regulatory compliance, and information technology in corporate and commercial enterprises.

Read More
November 28, 2018

Winner Announced in Dark Web ID Contest!

We are excited to announce the winner of our “Tell Us Your Story” contest! Jeff Reiter of RWK IT Services in Frankfort, IL submitted our winning testimonial, as voted on by a committee of 10!

Read More
November 20, 2018

Stay Cyber-Safe When Shopping Online

We were thrilled to see how many of our MSP Partners utilized the resources we provided to help educate their customers during National Cybersecurity Awareness Month in October.

Read More
September 06, 2018

The Week in Breach

Breaches are flying high this week thanks to Air Canada! China’s hospitality industry targeted and the data shows up on the Dark Web. And, in an effort to cut out Google’s cut, the creators of the game Fortnite create massive security challenges for unwitting gamers.

Read More
June 12, 2018

The Week in Breach: 6/04/2018 – 6/10/2018

Breach news to share with your customers! This week shows no shortage of targeted attacks designed to extract large datasets from a broad range of consumer sites. Travel, finance and entertainment sites were targeted, impacting more than 100,000,000 unsuspecting victims. If anything, this week clearly demonstrates why individuals need to proactively monitor for their compromised data with tools like ID Agent’s SpotLight ID – Personal Identity & Credit Monitoring Solutions. The events of this week also clearly demonstrate why businesses must monitor for compromised credentials that can be used to exploit internal systems and to compromise or takeover customer accounts.

Read More
May 23, 2018

The Week in Breach: 5/14/18 – 5/20/18

The Week in Breach: 5/14/18 – 5/20/18 Breach news to share with your customers! Highlight’s from The Week in Breach: Ransomware still plaguing state and local agencies Accidental data disclosures on the rise AWS implementation flaws create security flaws compromised

Read More
May 02, 2018

The Week in Breach 4/23 – 4/30

Breach Updates and News Small Business Can Use! Not Worried About that Public Data Breach? You Should be! Credential Stuffing Bots are on the rise and working overtime to exploit you!

Read More
April 26, 2018

A New Wave of Brute Force Attacks: Here’s What You Should Know

Last month, the United States Department of Justice indicted nine Iranian hackers for a wave of brute force attacks. These attacks resulted in the digital theft of more than 31 terabytes in information worth $3 billion in intellectual property.

Read More

Please fill in the form below to subscribe to our blog