The Week in Breach: 12/29/18 – 01/04/19
Breach news to share with your customers!
This week, it was all fun and games until the Town of Salem game maker got breached, an Irish tram service dealt with ransom, and German politicians were besieged by cyber criminals.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Manufacturing
Top Employee Count: 11-50 employees (36%)
United States – BlackMediaGames (Town of Salem)
https://www.scmagazine.com/home/security-news/town-of-salem-breach-affects-7-million-accounts/
Exploit: LFI/RFI attack that injected malicious code into database.
BlankMediaGames: Game maker of ‘Town of Salem’.
Risk to Small Business: 2 = Severe: With a number as high as 7.6M users exposed, this cyberattack has the potential to be game-changing. News broke that DeHashed, a commercial breach indexing service, discovered the successful attack before Christmas and tried alerting the company, but no actions were made to secure the hacked servers and notify users until later on. Cybersecurity experts are claiming that the company’s hashing technique (PHPBB) for securing passwords was relatively weak, meaning that it is only a matter of time until hackers were able to crack them. | |
Individual Risk: 2.428 = Severe: Stolen user data included usernames, email addresses, hashed passwords, IP addresses, and game/forum activities. Payment information or credit card details were not exposed, but compromised information can still be leveraged to gain access to payment details on other similar accounts. |
Customers Impacted: 7.6M users of ‘Town of Salem’.
How it Could Affect Your Customers’ Business: Although BlankMediaGames clarified that it does not handle payment information, users may not fully grasp what this means. When they hear breach, they feel exposed. To further compound the issue, the company admitted that its hashing platform for passwords was not as secure as it could be. Overall, video game services are becoming “low hanging fruits” for cybercriminals due to the emphasis of user experience over security and increasingly growing value of digital “in-game” goods or purchases.
ID Agent to the Rescue: SpotLight ID™ is backed by our $1M identity theft restoration policy, and can help MSPs’ clients proactively protect customers while enhancing overall cyber security awareness. Learn more at: https://www.idagent.com/identity-monitoring-programs.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
France and Spain – Orange
https://www.zdnet.com/article/over-19000-orange-modems-are-leaking-wifi-credentials/
Exploit: Device vulnerability in modems that reveals Wi-Fi credentials.
Orange: Telecommunications operator that offers a router product.
Risk to Small Business: 2.333= Severe: Although such an attack can be contained by finding all the hardware products with vulnerabilities, the breach can negatively impact customers and result in the erosion of brand loyalty. | |
Individual Risk: 2.571= Moderate: Such a compromise can be dangerous because it enables hackers to execute on-location proximity attacks, which means they can travel to a company headquarters or home to access a network and then hack into connected devices nearby. Also, Wi-FI passwords might be reused elsewhere, such as the backend administration panel, allowing hackers to control the system infrastructure and create online botnets. |
Customers Impacted: 19,500 customers using Orange Livebox modems.
How it Could Affect Your Customers’ Business: Security vulnerabilities in hardware can be financially catastrophic, as they usually result in expensive patches, product recalls, reinvention, and customer churn.
ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web and can help discover this form of breach before it hits the news cycle. We work with MSP and MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
Ireland – Luas
Exploit: Website compromise via newsletter hack.
Luas: Light rail system in Dublin.
Risk to Small Business: 2.111 = Severe: Since the investigation is ongoing, the extent of damage is not determined. However, the hacker responsible for the attack threatened to publish all compromised data if the demanded ransom of 1 bitcoin was not met within 5 days. Currently, no financial information has been exposed, but complete access to a company’s website can result in theft of IP, IT system interference, and entry into sensitive data. | |
Individual Risk: 3 = Moderate: Given that the attack was limited to the 3,226 that signed up for the Luas newsletter and did not include payment details, the threat to individual compromises is relatively low. Nevertheless, it remains to be seen if there will be other repercussions. |
Customers Impacted: 3,226 people who signed up for the Luas newsletter.
How it Could Affect Your Customers’ Business: Situations where ransom is involved can be sticky, since there is no assurance that the hacker will not leak the data even if the ransom is paid. On the other hand, the group or person responsible has threatened to publish all data and send emails to the users, which could cause customers to avoid visiting the website or trusting their payment information with the tram service. Also, the hacker could virtually destroy the website, resulting in the company having to rebuild their entire platform.
ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web, helping reduce the impact of such a breach. See how you can benefit here: https://www.idagent.com/dark-web/.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
Australia – Victorian Government
https://www.abc.net.au/news/2019-01-01/victorian-government-employee-directory-data-breach/10676932
Exploit: Phishing attack on government employee directory.
Victorian Government: State government of Victoria.
Risk to Small Business: 2.333 = Severe: Even though the stolen directory included work details for 30,000 government employees, the list only contained work emails, job titles, work phone numbers, and in some cases, mobile phone numbers. However, there is the possibility that public servants who were compromised may feel exposed and choose to leave, causing employee turnover.
|
|
Individual Risk: 2.714 = Moderate: Payment and banking information was not compromised, but the compromised information can still be manipulated by hackers to orchestrate future phishing, spam, and social engineering attacks. Those who were affected should remain vigilant in order to protect themselves. |
Customers Impacted: 30,000 government employees.
How it Could Affect Your Customers’ Business: Following last week’s coverage of the Nova Entertainment compromise, it is clear that data breach notifications are piling up in Australia after the introduction of the Notifiable Data Breaches (NDB) scheme. Businesses and consumers alike are beginning to realize the magnitude of breaches that are seemingly benign but can be leveraged to execute complex cybercrime.
ID Agent to the Rescue: Dark Web ID by ID Agent can help proactively monitor stolen employee and customer data, mitigating losses from this breach type. Learn more at: https://www.idagent.com/dark-web/.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
In Other News:
German Politicians and Celebrities are Under Attack
Hundreds of German parliament members, most notably Chancellor Angela Merkel, and celebrities are having their personal details leaked in what seems to be a politically motivated cyber-attack. Information including financial details, contact information, private conversations, and more was originally leaked in December on a Twitter account, which was only recently discovered and suspended.
Although six of seven main political parties were among those affected, no members from the far-right Alternative party (AfD) seem to be impacted. Officials are saying that the data could have been obtained by hackers using stolen passwords to log into email accounts, social networks, and cloud-based services.
https://www.bankinfosecurity.com/hackers-leak-hundreds-german-politicians-personal-data-a-11915
What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e
A Note for Your Customers:
How Work-From-Home Can Open Your Business Up to Breach
As the historical debate surrounding work-from-home (WFH) policies continues to reach news headlines, an additional consideration has surfaced: IT security. Home networks in WFH environments can expose your company to security risks, as devices are connected to the internet and can serve as an entry point for hacks.
With the advent of remote working arrangements and rising adoption of smart devices, employees are accessing enterprise software such as cloud-based apps, video conferencing software, and file sharing regularly, resulting in vulnerabilities that black hats can tap into with little to no difficulty.
Of course, this doesn’t necessarily mean you should discontinue your WFH policy. Instead, consider how you can arm your employees with best practices for securing their devices and networks to avoid breach possibilities.
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2019
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!