by Connor Madsen | Jan 10, 2020 | Industry Intel
Snake Ransomware Slithers Through Networks
A new ransomware variant, dubbed “Snake,”
has been found using more sophisticated obfuscation while targeting entire
networks, rather than only one machine. In addition, Snake will append any
encrypted file extensions with five random characters following the filetype
itself. Finally, the infection also modifies a specific file marker and replaces
it with “EKANS,” or SNAKE spelled backwards. A free decryptor hasn’t been
released yet, and the malware authors have specified that that encryption will
be for entire networks only.
Minnesota Hospital Data Breach
Sensitive information belonging to nearly 50,000 patients of
a Minnesota
hospital has been illicitly accessed after multiple employee email
addresses were compromised. While in most cases the information accessed was
medical data and basic contact info, some patients may have also had their
Social Security and driver’s license numbers compromised. Alomere Health has
already contacted affected patients and begun providing credit and identity
monitoring services.
Cyberattack Finally Cracks Las Vegas Security
For a city that is the target of roughly 280,000 cyber
attacks every month, one attack was finally able to make it through Las
Vegas security protocols. The attack appears to have stemmed from a
malicious email but was quickly quarantined by city IT officials before it
could do any critical damage. Earlier in 2019, Las Vegas officials proposed a
measure to refuse payments to any cybersecurity threat actors.
Travelex Falls Victim to Sodinokibi Ransomware
On the first day of 2020, foreign travel service provider Travelex
experienced a ransomware attack that used unsecured VPNs to infiltrate their
systems. To make matters worse, a demand of $6 million has been placed on the
company for the return of their data, or else the ransom will be doubled. Since
this attack, a scoreboard has been created to track the six additional victims
of the Sodinokibi/REvil ransomware campaign.
ATM Skimmer Arrested in New York
At least one individual has been arrested in connection to
an ATM
skimming ring that has taken over $400,000 from banks in New York and surrounding
states. From 2014 to 2016, this group installed card skimmers in an
unidentified number of ATMs in order to steal card credentials and build up
fraudulent charges. Eleven other people are connected with this incident and
will also likely be charged.
by Connor Madsen | Jan 3, 2020 | Industry Intel
US Coast Guard Facility Hit with Ransomware
During the last week of December a US
Coast Guard facility was the target of a Ryuk ransomware attack that shut down
operations for over 30 hours. Though the Coast Guard has implemented multiple
cybersecurity regulations in just the last six months or so, this attack broke
through the weakest link in the security chain: human users. Ryuk typically
spreads through an email phishing campaign that relies on the target clicking
on a malicious link before spreading through a network.
Crypto-trading Platform Forces Password Reset After Possible Leak
Officials for Poloniex, a cryptocurrency trading platform, began pushing out forced password resets after a list of email addresses and passwords claiming to be from Poloniex accounts was discovered on Twitter. While the company was able to verify that many of the addresses found on the list weren’t linked to their site at all, they still opted to issue passwords reset for all clients. It’s still unclear where the initial list actually originated, but it was likely generated from a previous data leak and was being used on a new set of websites.
Cybersecurity Predictions for 2020: What Our Experts Have to Say
850 Wawa Stores Affected by Card-skimming
Nearly every one of Wawa’s
850 stores in the U.S. were found to be infected with a payment
card-skimming malware for roughly eight months before the company discovered
it. It appears Wawa only found out about the problem after Visa issued a
warning about card fraud at gas pumps using less-secure magnetic strips. WaWa has
since begun offering credit monitoring to anyone affected. In a statement, they
mention skimming occurring from in-store transactions as well, so card chips
would only be effective if the malware had been at the device level, rather
than the transaction point.
Microsoft Takes Domains from North Korean Hackers
Microsoft recently retook control of 50 domains that were being used by North Korean hackers to launch cyberattacks. Following a successful lawsuit, Microsoft was able to use its extensive tracking data to shut down phishing sites that mainly targeted the U.S., Japan, and South Korea. The tech company is well-known for this tactic, having taken down 84 domains belonging to the Russian hacking group Fancy Bear and seizing almost 100 domains linked to Iranian spies.
Landry’s Suffers Payment Card Breach
One of the largest restaurant chain and property owners, Landry’s,
recently disclosed that many of their locations were potentially affected by a
payment card leak through their point-of-sale systems. The company discovered
that from January through October of 2019, any number of their 600 locations
had been exposed to a card-skimming malware if not processed through a main
payment terminal that supported end-to-end encryption.
by Connor Madsen | Dec 20, 2019 | Industry Intel
Honda Customer Database Exposed
Officials have been working over the past work to secure a
database containing highly sensitive information belonging to more than 26,000
North American customers of the Honda
motor company. The database in question was originally created in October and
was only discovered on December 11. While no financial information was included
in the leak, the records did contain names, VIN numbers, and service details
for thousands of customers.
Boeing Contractor Data Leak
Nearly 6,000 defense contractors working for Boeing
have had personal information leaked after a user error left an Amazon web
service bucket publicly exposed. The 6,000 Boeing staff are only a small
portion of the 50,000 individual records found on the leaked server, many of whom
were involved in confidential projects for the Department of Defense. These
types of data leaks are increasingly common as more users are not properly
securing their servers or using any form of authentication.
Sextortion Email Campaign Shutdown
After months spent chasing them across Europe, authorities
have arrested the authors responsible for the Nuclear
Bot sextortion campaign. With their Nuclear Bot banking trojan, the team was
able to compromise roughly 2,000 unique systems and use them to help distribute
malicious emails. Though it’s been verified that the original authors are in
custody, the source code for Nuclear Bot was made public in the hope no money
would be made from its sale.
Emotet Sent from Phony German Authorities
A new email campaign has been disguising itself as several German
government agencies and spreading the Emotet trojan, infecting multiple
agency systems. This campaign differs from previous Emotet attacks by appearing
as a reply from a prior email to appear more legitimate. To best defend against
these attacks, users are strongly encouraged to check both the sender’s name
and address as well as ensuring that macros aren’t enabled in their Office
apps.
LifeLabs Pays Ransom After Cyber-Attack
Canadian testing company LifeLabs decided to pay a ransom
after attackers illicitly accessed the sensitive information for all 15
million of its customers. Oddly, many of the records being found date back
to 2016 or earlier and have yet to be identified on any illicit selling sites.
LifeLabs has since contacted all affected customers and has begun offering
identity monitoring services.
by Kyle Fiehler | Dec 18, 2019 | Business + Partners
As the year draws to a close, the cybersecurity analysts at Webroot and Carbonite pull out their crystal balls to make their predictions for the year ahead.
Our experts predict many of the trends they’ve been tracking throughout the year—well-researched attacks, RDP compromise, and the importance of user education—will continue into the New Year. But they’ll be affected by new industry developments such as impending privacy regulations, AI-enabled attacks, and attacks targeting developing nations.
Highly Targeted Ransomware Will Continue to Devastate Businesses
Unsurprisingly, our experts predict the strong trend toward highly targeted ransomware will bleed into 2020.
“Highly targeted ransomware will likely continue,” predicts Webroot Software Management Manager Eric Klonowski. “Next year, we predict ransom-motivated attackers will more pointedly observe automatic backup solutions and make attempts to remove and alter the backup data or the task itself.” Klonowski said.
High-effort, low-volume surveillance techniques are now favored by ransomware operators like the Bitpaymer Group, which has been known to customize ransomware only hours before deploying an attack, first tailoring it to observations gathered on their targets.
We should expect actors like these to continue to gain access to networks from where they can observe financial transactions and valuable information before determining the most profitable way to strike at their intended targets.
Phishing will likely also become more targeted as data collected from breaches is incorporated into phishing emails. Things like passwords and recent transactions can go a long way in convincing people an email is legit.—Grayson Milbourne, Security Intelligence Director, Webroot
Long-Awaited Privacy Legislation Will Finally Arrive in the U.S.
We expect that privacy and security will continue to jockey for primacy of concern in the minds of U.S. citizens. California, which has long led the fight for more stringent data privacy for consumers, is set to enact a law in early 2020 that has often drawn comparisons to Europe’s GDPR.
As noted by Tech Crunch, California’s new data privacy act, like GDPR, will extend to all organizations that do business with Californians, effectively making it the law of the land nationwide. But Webroot Product Marketing Director George Anderson predicts a groundswell of support among U.S. citizens for stricter data privacy regulations.
“U.S. citizens will step up their demands for privacy in 2020,” he says. “Privacy legislation in the U.S., which has lagged behind other nations, will be a central issue.”
But rather than settling for a new set of standards, Anderson wouldn’t be surprised if entirely new revenue models are explored. Models that rely less on selling personal data than, say, subscription fees or some other alternative.
“I would expect an alternative paid for services that don’t abuse data will emerge, Anderson says. “The existing, untrusted purveyors of convenience will try to pivot, but ultimately lose out heavily. Legislation and technology are starting to converge due to so many abuses of privacy.”
“Adversarial attacks against AI-based security products will likely grow in scope and complexity, which would highlight the fact that there are fundamentally two types of AI in cybersecurity: AI which acts like a smarter conventional signature and AI which is built into every facet of an intelligent, cloud-based platform capable of cross-referencing and defending itself against adversarial attacks.” —Joe Jaroch, Senior Director of Cybersecurity Strategy, Webroot
Small and Medium-Sized Businesses will Bear the Brunt of Cyberattacks
Findings regarding cybersecurity readiness among small and medium-sized businesses (SMBs) continue to be grim. Despite commonly falling victim to data breaches and other attacks, an attitude still pervades that they are either too small to catch the eye of cybercriminals or that their data isn’t valuable enough to warrant an attack.
In a study conducted by Webroot and 451 Research, 71 percent of SMBs admitted to experiencing a breach or attack within the previous 24 months that resulted in “operational disruption, reputational damage, significant financial losses or regulatory penalties.”
According to Webroot Security Analyst Tyler Moffitt, that trend is unlikely to abate.
“We expect that SMBs will continue to be targets for cybercriminals because, just like the public, education, and healthcare sectors, they maintain the same vulnerable environment. They’re low budget, understaffed, and often under-educated on matters of cybersecurity.”
Findings from the 451 Research report confirm Moffitt’s suspicions. A full 36 percent of SMBs surveyed in that study reported that they had no full-time staff on hand dedicated to cybersecurity.
“The SMBs typically targeted have under 50 employees, and it often falls to a lone IT admin or someone in finance or sales to shore up cybersecurity at the company,” Moffitt says. “Almost always it’s a person who wears many hats and doesn’t have much of a budget or expertise.”
It’s the easily overlooked yet easily exploited security gaps like an unsecured RDP that most worry Moffitt. Without dedicated cybersecurity consulting, these can easily be exploited, yet they are easy to fix.
“Expect to see more attacks against less developed nations. Attacks like this don’t generate revenue, rather they are meant to disrupt and destroy” —Grayson Milbourne, Security Intelligence Director, Webroot
We Want to Hear Your 2020 Predictions
Are these the developments you expect to see to kick off the new decade? Have some other ideas? We want to hear what hacks, news stories, or trends in cybersecurity you anticipate in the New Year. You can read additional predictions from our staff for the year ahead, plus submit your own, on the Webroot Community. Click here to visit the Community and share your 2020 predictions.
by Justine Kurtz | Dec 13, 2019 | Home + Mobile
The holiday shopping season is prime time for digital
purchases and cybercriminals are cashing in on the merriment. With online
shopping officially becoming more popular than traditional
in-store visits this year, all signs point to an increase in cyberattacks.
It’s more important than ever to be mindful of potential dangers so you can avoid
getting Scrooged when buying online. Follow these top tips for secure online
shopping.
Want to give the gift of cybersecurity? Internet Security Complete includes Identity Shield, designed to protect your browsing, shopping, banking, and social media.
Only use credit cards. If your debit card gets compromised, it has the
potential to cascade in catastrophic ways; automatic bill payments may bounce
or overdraft protections may drain secondary accounts. Some banks also have
strict rules about when you need to notify them of suspected fraud, or else you
could be liable for the costs.
On the other hand, the Fair Credit
Billing Act provides some protections for consumers from
unauthorized charges on credit cards. Additionally, it’s much easier to have
your credit card replaced with new, uncompromised numbers and details than it
is with bank account info.
Be
cautious of deal and discount emails. During the holidays, there’s always a spike in
physical and electronic mailers about special deals. At this point, we’re all
used to that. We might even wait to buy something we want, knowing that it’ll
probably go on sale during holiday clearance. Unfortunately, criminals use this
expectation against us by sending cleverly crafted phishing emails to trick us
into compromising our data.
Always be cautious about emails from unknown senders or even trusted
third-party vendors, especially around the holidays. Always navigate to the
deal website separately from the email — don’t just click the link. If the deal
link can only be accessed through the email, it’s best to pass up on those
supposed savings. It is also prime time for emails offering “free
giftcards” avoid those like the plague.
Never make purchases without HTTPS. Check the URL—if it doesn’t start with HTTPS,
it doesn’t have SSL encryption. SSL (secure sockets layer) encryption is a
security standard for sharing information between web servers and a browser.
Without it, your private information, including your credit card number, can be
more easily intercepted by cybercriminals.
Keep in mind: HTTPS only ensures that the data you send will be encrypted on
the way, not that the destination is legit. Cybercriminals have started to use
HTTPS to trick website users into a false sense of security. That means, while
you should never send private or financial data through a site that doesn’t
have HTTPS, you shouldn’t rely on the presence of HTTPS alone to guarantee the security of the page.
Don’t make purchases on devices you don’t personally
own. If you’re using a borrowed or shared device, such as a computer at
a library or a friend’s phone, don’t make any purchases. Even if it’s a
seemingly safe device that belongs to a person you know and trust, you have no
way of knowing how secure it really is. It’s pretty unlikely that you’ll encounter
a lightning deal that’s worth the hassle of financial fraud or identity theft.
So just wait on that purchase until you can make it on your own device.
Never use unsecured public WiFi for online purchases. Many public WiFi networks, like the ones at your local café, the gym, a hotel, etc., are completely unsecured and unencrypted. That means anyone with the know-how can easily track all of your online activities while you’re using that network, including any login or banking information. Even worse, hackers are capable of dropping viral payloads onto your device through public networks, which can then spread to your other devices at home.
Always use a VPN when you’re on public WiFi, if you have to use it at all. Otherwise, we suggest using a private mobile hotspot from your phone instead. (See our section on VPNs below.)
Use a password manager to create strong passwords.
You
can often stop a security breach from spreading out past the initial impact
point just by using a trusted password manager, such as LastPass, which will
help you create strong passwords. A password manager will create and store them
for you, conveniently and securely, so you don’t have to remember them or write
them down somewhere. Taking this step will help protect you from potential
third-party breaches as well, like the one Amazon
announced just before Black Friday in 2018.
Encrypt your traffic with a virtual private network (VPN).
A
VPN allows you browse privately and securely by shielding your data and
location in a tunnel of encryption. So even if you are unwittingly using a
compromised network, such as the unsecured public WiFi at your favorite morning
coffee stop, your VPN will prevent your private data from being scooped up by
cybercriminals. But be sure you’re using a trusted
VPN—many free options secretly collect and sell your data to turn a
profit.
Install antivirus software and keep it up to date. A
VPN will protect your data from being tracked and stolen, but it can’t protect
you if you click on a malicious link or download a virus. Make sure your antivirus
software is from a reliable provider and that it’s not only installed, but up
to date. Most antivirus products today will even update themselves
automatically (as long as you don’t turn that feature off), so make sure you
have such settings enabled. It may make all the difference when it comes to
preventing a security breach.
Keep a close eye your bank and credit accounts for suspicious
activity. The fact of the matter is that the holiday season
causes a peak
in malicious online activity. Be proactive and check all of
your financial records regularly for suspicious charges. The faster you can
alert your bank or credit provider to these transactions, the faster you can
get a replacement card and be back on your merry way.
Don’t fall victim to cybercrime this holiday season.
Be mindful of all the links you click and online purchases you make, and be
sure to protect your devices (and your data and identity) with a VPN and strong
antivirus software!
by Connor Madsen | Dec 13, 2019 | Industry Intel
Zeppelin Ransomware Spreading
Over the last month, researchers have been monitoring the
spread of a new ransomware variant, Zeppelin.
This is the latest version of the ransomware-as-a-service that started life as
VegaLocker/Buran and has differentiated itself by focusing on healthcare and IT
organizations in both the U.S. and Europe. This variant is unique in that
extensions are not appended, but rather a file marker called Zeppelin can be
found when viewing encrypted files in a hex editor.
German ISP Faces Major GDPR Fine
The German internet
service provider (ISP) 1&1 was recently fined for failing to protect
the identity of customers who were reaching out to their call centers for
support. While the incident took place in 2018, GDPR is clear about imposing
fines for organizations that haven’t met security standards, even if retroactive
changes were made. 1&1 is attempting to appeal the fines and has begun
implementing a new authentication process for confirming customers’ identities
over the phone.
Turkish Credit Card Dump
Nearly half a million payment cards belonging to Turkish
residents were found in a data dump on a known illicit card selling site.
The cards in question are both credit and debit cards and were issued by a variety
of banking institutions across Turkey. This likely means that a mediating
payment handler was the source of the leak, rather than a specific bank. Even
more worrisome, the card dump contained full details on the cardholders,
including expiration dates, CVVs, and names; everything a hacker would need to
make fraudulent purchases or commit identify theft.
Pensacola Ransomware Attack
The city of Pensacola,
Florida was a recent victim of a ransomware attack that stole, then
encrypted their entire network before demanding $1 million ransom. In an
unusual message, the authors of the Maze ransomware used explicitly stated that
they had no connection to the recent shootings at the Pensacola Naval Base, nor
were they targeting emergency services with their cyberattack.
Birth Certificate Data Leak
An unnamed organization that provides birth
certificate services to U.S. citizens was contacted earlier this week in
regard to a data leak of nearly 750,000 birth certificate applications. Within
the applications was sensitive information for both the child applicant and
their family members, which is highly sought after by scammers because it is
relatively easy to open credit accounts for children with no prior credit
history. Researchers are still waiting to hear back from the organization after
finding this data dump in an unsecured Amazon Web Services bin.
by Connor Madsen | Dec 6, 2019 | Industry Intel
ZeroCleare Malware Wiping Systems
IBM researchers have been tracking the steady rise in ZeroCleare
deployments throughout the last year, culminating in a significant rise in
2019. This malware is deployed on both 32 and 64-bit systems in highly targeted
attacks, with the capability to completely wipe the system by exploiting the
EldoS RawDisk driver (which was also used in prior targeted attacks). The
malware itself appears to be spreading through TeamViewer sessions and, though
the 32-bit variant seems to crash before wiping can begin, the 64-bit variant
has the potential to cause devastating damage to the multi-national
corporations being targeted.
FTC Scam Threatens Victims with Terrorism Charges
FTC officials recently made an announcement regarding scam letters purporting to be from the commission and the numerous complaints the letters have sparked from the public. Victims of the scam are told that, due to some suspicious activity, they will be personally and financially monitored as well as face possible charges for terrorism. These types of scams are fairly common and have been in use for many years, often targeting the elderly with greater success.
Take back your privacy. Learn more about the benefits of a VPN.
Misreported Data Breach Costs Hospital Millions
Following an April 2017 complaint, the Office of Civil
Rights has issued a fine of $2.175 million after discovering that Sentara
Hospitals had distributed the private health information for 577 patients,
but only reported eight affected. Moreover, it took over a year for the
healthcare provider to take full responsibility for the breach and begin
correcting their security policies for handling sensitive information. HIPAA
violations are extremely time-sensitive and the slow response from Sentara
staff could act as a lesson for other organizations to ensure similar events don’t
reoccur.
Android Vulnerability Allows Hackers Easy Access
Researchers have identified a new Android
exploit that allows hackers access to banking applications by quickly
stealing login credentials after showing the victim a legitimate app icon,
requesting additional permissions, and then sending the user to their expected
app. Even more worrisome, this vulnerability exists within all current versions
of AndroidOS and, while not found on the Google Play Store, some illicit
downloaders were distributing it.
Smith & Wesson Hit by Magecart
In the days leading up to Black Friday, one of the largest
retail shopping days of the year, malicious skimming code was placed onto the
computer systems and, subsequently, the website of Smith
& Wesson. In a slight break from the normal Magecart tactics, they
attackers were masquerading as a security vendor to make their campaign less
visible. The card-skimming code was initially placed onto the website on November
27 and was still active through December 2.
by Emma Furtado | Dec 3, 2019 | Home + Mobile
Have you noticed a decrease in your child’s happiness or an
increase in their anxiety? Cyberbullying
might be the cause
to these behavioral changes.
Bullying is no longer confined to school playgrounds and neighborhood
alleys. It has long moved into the online world, thanks to the easy access to
technology. Between Twitter, SnapChat, TikTok, Instagram, WhatsApp, or even
standard SMS texts, emails and instant messages, cyberbullies have an
overwhelming number of technical avenues to exploit.
While cyberbullying can happen to anyone, studies
have shown that teens are usually more susceptible to it. The percentage of
individuals – middle and high school students from across the U.S. — who have
experienced cyberbullying at some point, has more than doubled (19% to 37%)
from 2007 to 2019, according to data
from the Cyberbullying Research Center.
Before you teach your kids how to respond to cyberbullying, it
is important to know what it entails.
Check out our Cybersecurity Education Resources
What is Cyberbullying?
Cyberbullying is bullying that takes place over digital devices like cell phones, tablets, or computers. Even smaller devices like smartwatches and iPods can facilitate cyberbullying. Today, social media platforms act like a breeding ground for cyberbullying.
Cyberbullying usually begins with teasing that turns to
harassment. From there it can evolve in many ways, such as
impersonation and catfishing, doxxing, or even blackmail through the use of
compromising photos.
Catfishing is the process of creating a fake identity online and using it to lure people into a relationship. Teens often engage in impersonation online to humiliate their targets and it is a form of cyberbullying.
Doxxing is used
as a method of attack that includes searching, collecting and publishing
personal or identifying information about someone on the internet.
Identifying the Warning Signs
When it comes to cyberbullying, just like traditional bullying, there are warning signs for parents to watch for in their child. Although the warning signs may vary, Nemours Children’s Health System has identified the most common ones as:
- being upset or emotional during or after
internet or phone time
- being overly protective of their digital life
and mobile devices
- withdrawal from family members, friends, and
activities
- missing or avoiding school
- a dip in school performance
- changes in mood, behavior, sleep, or appetite
- suddenly avoiding the computer or cellphone
- being nervous or jumpy when getting an instant
message, text, or email
- avoiding conversations about their cell phone
activities
Remember, there are free software and apps available
to help you restrict content, block domains, or even monitor
your child’s online activity.
While having a child who is being cyberbullied is every
parent’s nightmare, it’s equally important to understand if your child is
cyberbullying others.
Do you believe your child is a cyberbully? That difficult
and delicate situation needs its own blog post—but don’t worry, we have you covered.
You’ll also find many cyberbullying prevention and resolution resources on both
federal and local levels, as well as support from parents going through similar
issues on our community
forum.
Preparing your kids for a world where cyberbullying is a
reality isn’t easy, but it is necessary. By creating a safe space for your
child to talk to you about cyberbullying, you’re setting the foundation to
squash this problem quickly if it arises.
by LeVar Battle | Nov 22, 2019 | Product Blog
Webroot has evolved its secure login offering from a secondary security code to a full two-factor authentication (2FA) solution for both business and home users.
Webroot’s 2FA has expanded in two areas. We have:
- Implemented a time-based, one-time password (TOTP) solution that generates a passcode which is active for only a short period of time.
- Given our users the option to either opt-in or opt-out, especially those that leverage Webroot for home and personal use.
Starting in December, with the new updates, users will find it easier to use industry-vetted options, including Google Authenticator, Microsoft Authenticator, LastPass Authenticator, and Authy 2-Factor Authentication.
Why Two-Factor Authentication?
First and foremost, we encourage all users to opt-in to maintain a higher level of security. Two-factor authentication adds an extra layer of security to your basic login procedure. When logging into an account, the password is a single factor of authentication, and requiring a second factor to prove you are who you say you are adds a layer of security. Each layer of security you add exponentially increases protection from unauthorized access and makes it harder for brute force and credential stuffing attacks to occur.
A Note to Businesses
Users will have the option to opt-in or opt-out of the new Webroot 2FA feature. The Admins tab within our console will show you which of your users have or have not enabled 2FA.
To learn how to enable two-factor authentication, visit the Webroot Community.
by Connor Madsen | Nov 22, 2019 | Industry Intel
Shade Ransomware Takes Crown as Most Distributed Variant
Over the course of 2019, one ransomware variant, known as Shade, has taken over 50 percent of market share for
ransomware delivered via email. Otherwise known as Troldesh, this variant receives
regular updates to further improve it’s encrypting and methods of generating
additional revenue from both cryptomining and improving traffic to sites that
run ads. In just the first half of 2019, attacks using Troldesh dramatically
rose from 1,100 to well over 6,000 by the second calendar quarter.
PayMyTab Leaves Customer Data Exposed
For more than a year sensitive customer data belonging to
users of the mobile payment app PayMyTab
has been publicly exposed in an online database using no security protocols.
Even after being contacted multiple times regarding the data breach, the
company has yet to fully secure customer data and may have to take drastic
measures to fully secure their data storage after allowing virtually unlimited
access to anyone with an interest in personal data.
Credentials Dump for Major Service Sites
Login credentials for two highly-trafficked websites were
discovered in a data
dump earlier this week. One dump belonged to GateHub, a cryptocurrency
wallet with potentially up to 1.4 million user credentials stolen, including
not only usernames and passwords, but also wallet hashes and keys used for
two-factor authentication. The second dump contained information on 800,000
users of EpicBot, a RuneScape bot used to automate tasks in the skill-centric
MMORPG. While both dumps appeared on dark web marketplaces on the same day, it
also seems coincidental that both sites use bcrypt hashing for passwords, which
should make them exceedingly difficult to crack assuming it was set up
properly.
Louisiana Government Systems Hit with Ransomware
Multiple Louisiana state service sites were taken offline
early Monday morning following a ransomware
attack that affected mostly transportation services. All 79 of the state’s
DMV locations were forced to close until systems were returned to normal, as
they were unable to access DOT services to assist clients. While it is still
unclear what variant of ransomware was used, the state of Louisiana did have a
cybersecurity team in place to stop any further spread of the infection.
Magecart Targets Macy’s Online
Nearly a week after the initial breach, Macy’s
officials noticed some unauthorized access between their main website and an
undisclosed third-party site. The breach itself appears to have compromised
payment card data for any customers who input their credentials during the
first couple weeks of October. Macy’s has since removed the illicitly added
code from their sites as well as contacted both payment card providers and
affected customers regarding the breach.