The Week in Breach: 09/09/18 – 09/15/18
This week an Australian Mint was breached, as well as an airline from the UK. While searching for user credentials on the Dark Web, our team collects statistics on a wide variety of variables related to the data we unearth. The trends we see have been kept in house…until now. Introducing the newest addition to This Week in Breach:
Trends in data found on the Dark Web this week:
- Top Source Hits: ID Theft Forums (8,534)
- Top PIIs Compromised: Clear Text Passwords (8,460)
Australia – The Perth Mint
http://www.abc.net.au/news/2018-09-08/perth-mint-data-breach/10217258
Exploit: Under investigation.
The Perth Mint: The Online Depository of The Perth Mint that was breached allows users to buy and sell precious metals.
Risk to Small Business: Severe: A breach with sensitive data such as account information can deal a significant blow to customer trust.
Individual Risk: Severe: The victims of this breach are at risk of identity theft.
Customers Impacted: 13.
How it Could Affect Your Customers’ Business: The Mint was breached via a third – party provider. The breach was contained to customers of their online depository, and the organization has confirmed that all investments held at the mint are secure.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Average: 2.22 = Severe*
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
United Kingdom – British Airways
https://www.wired.com/story/british-airways-hack-details/
Exploit: cross-site scripting.
British Airways: A UK based airline.
Risk to Small Business: Severe: This was a targeted breach by a group that is linked to the Ticketmaster breach, the extent and type of data accessed could erode customer trust
Individual Risk: Severe: Those affected by this breach have a much higher risk of identity theft.
Customers Impacted: 380,000 payment cards.
How it Could Affect Your Customers’ Business: This was a targeted breach by a group that is linked to the Ticketmaster breach, dubbed ‘Magecart’ by researchers that is known for credit card skimming on the web. The attack was tailored specifically to British Airways infrastructure and shows a level of sophistication to the attack group and leads researchers to believe the group is increasing their efforts.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
Average: 2 = Severe*
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
In Other News:
Bluetooth Bite Millions of mobile devices are vulnerable to Bluetooth exploits, with a almost half of the devices being Android phones running older versions of the operating system. This vulnerability can be used to facilitate ‘Airborne’ attacks, which allow Bluetooth devices to broadcasts malware to other devices in close proximity. This is significant because BlueBorne, a malware exploiting this vulnerability, does not need to pair with a device to infect it… in fact the target device does not even need to be in discoverable mode.
Search and Destroy
Researchers have noticed an increased presence of malware that assesses the target device before delivering the full payload. This is useful for the attacker because they can now target specific computers. . Customizing the payload delivered by the malware can lead to some very tailored and hard-to-detect exploits. As of now these ‘scouting’ tactics are far from the standard, but it is likely we will continue to see these methods increase in popularity.
Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show
A note for your customers:
Your Best Bet Is to Vet.
Two thirds of organizations sampled across sectors experienced a software supply chain attack in the last 12 months (Crowdstrike). The increase in supply chain attacks can be linked to many things, but one of the most significant factors is the fact that cyber security is becoming a priority for organizations across the board. This pushes bad actors to try and find new ways to infiltrate their target.
These attacks often utilize compromised credentials and are widespread, attacking an organization with legitimate software packages to make the attack difficult to detect. One way that businesses can prevent supply chain attacks is better supplier vetting. If an organization can effectively vet their suppliers and hold them to the same cybersecurity standards that they hold themselves, then the chance of an attacker being able to infiltrate the network is significantly reduced. With the right tools and knowledge, supply chain attacks can be made less dangerous or avoided entirely.https://www.darkreading.com/risk/the-increasingly-vulnerable-software-supply-chain/a/d-id/1332756