Week in Breach
Kevin Lancaster on Nov 28, 2018 12:43:39 PM
Breach news to share
This week, Amazon experienced technical issues, and cybersecurity culture isn’t where it needs to be in 95% of organizations.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums (98%)
Top Compromise Type: Domains
Top Industry: Manufacturing
Top Employee Count: 11-50 employees (36%)
Global Breach – Amazon
https://www.theregister.co.uk/2018/11/21/amazon_data_breach/
Exploit: Technical error.
Amazon: Online shopping behemoth. Amazon is based out of Washington in the United States.
Business Risk: 2.333 = Severe: Customers get concerned when they receive an email that informs them that their data has been disclosed, and despite the problem being a technical issue rather than an external actor hacking into the network, the image of the organization is still tarnished. | |
Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks. When people are addressed by their name or if there is any personal info in a phishing email, it is more likely to opened. |
Customers Impacted: Unclear at this time.
How it Could Affect Your Customers’ Business: The severity of this breach is not the most damaging part, contrary to most breaches. In fact, the most damaging part of this breach has been Amazon’s poor transparency which causes speculation and paints the organization in a very negative light. The behavior of the company indicates that if a seriously damaging breach were ever to occur, they would not be transparent to their customers.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
United States – Make-A-Wish Foundation
https://threatpost.com/cryptojacking-attack-targets-make-a-wish-foundation-website/139194/
Exploit: Crypto jacking.
Make-A-Wish Foundation: Non-profit that arranges for children with critical illnesses to have experiences they would not be able to otherwise.
Business Risk: 2.333 = Severe: The negative public image associated with being breached does not give a break to even the most just of causes, non-profit or for profit. Those who have visited the Make-A-Wish foundation international site have been lending CPU power to mine for cryptocurrency which will deter visitors in the future. | |
Individual Risk: 3 = Moderate: No information related to the individual has been compromised. |
Customers Impacted: Unclear at this time.
How it Could Affect Your Customers’ Business: While the personal data of customers was not accessed or breached, the site itself has been stealing CPU power from those visiting the site in order to mine cryptocurrency. This would affect how many customers would use a site, and also is a prime example that non-profit organizations are not immune to being targeted by hackers.
ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/
Risk Levels:
1 – Extreme Risk
2 – Severe Risk
3 – Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
In Other News:
Dark Web Down
One of the largest hosting services for Dark Web sites has been hacked, with devastating results to the sites that used the service. 100% of the accounts hosted by Daniel’s Hosting were deleted, including the root account. Over 6,500 Dark Web sites were hosted by the service and it is unlikely they will see their data again.
https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/
What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e
National Computer Security Day is Upon Us
Friday the 30th of November is National Computer Security Day, and the perfect chance for you to convey what it means for your clients to have good cyber hygiene! Offering tips makes both of your jobs easier. Starting this conversation not only shows your expertise as their MSP but it gives clients real examples of how your other security services will protect their network and pair well in their current security stack.
A Note for Your Customers:
Do It for The Culture
According to a report by ISACA, 95% of organizations find there is a gap between their desired culture surrounding cybersecurity and what their culture actually looks like. This is concerning, especially because 87% of those surveyed said that their organization would be more profitable if their cybersecurity culture improved.
What is causing this gap? A variety of factors come into play, including a lack of understanding on the part of leadership, lack of funding, and a lack of employees respecting the cybersecurity procedures.
With the holidays approaching and employees shopping across the web, now is the perfect time to reinforce cybersecurity culture at your organization. A breach on a popular retail site could lead to a breach within your organization if employees use the same passwords at work and home.