The Week in Breach 06/18 – 06/22
Breach news to share with your customers!
Highlights from The Week in Breach:
It’s no surprise that this week has been busy for cyber-attacks on the web, targeting big events such as the World Cup but also continuing to pursue small-and medium-sized businesses across the globe.
– Google is still leaking!
– Another Dark Web marketplace down in a big win for French authorities.
– Do androids dream of electric… rats? A new malware for Android!
– Going phishing at the World Cup.
In other news…
Google has announced that Chromecast and Google Home devices, that are easily scripted to reveal precise location data to the public, will be patched in the coming weeks. Disclosed by a researcher at Tripwire, the simple script running on a website can collect location by revealing a list of internet connections available to the device. Researchers go on to describe how easy it would be to remote into an exposed individual’s device and network.
https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/
The Dark Web marketplace known as ‘Black Hand’ was shut down by French authorities this week. The marketplace was used to sell drugs, weapons, stolen personal information and banking data, as well as fake documents. The site had over 3,000 users from France and was highly active for selling illicit materials.
https://www.hackread.com/authorities-shut-down-dark-web-marketplace-black-hand/
Researchers have come across a new malware family that takes form as an Android remote administration tool (or RAT). The malware uses the messaging app Telegram both to spread and to operate the RAT. When an attacker gains access to a device, he or she operates it by using Telegram’s bot functionality and can intercept text messages, send text messages, make calls, record audio or screen, and locate the device.
https://www.welivesecurity.com/2018/06/18/new-telegram-abusing-android-rat/
With the World Cup in full swing this week, bad actors are taking advantage of the attention on the event and spinning up malicious email campaigns. The idea is that people are less vigilant about clicking emails from unknown sources when related to an event that only occurs every couple of years. Sites selling fake tickets, offering fictitious giveaways and luring unsuspecting induvial to click on malicious links related to the World Cup are popping up all over the place.
https://www.darkreading.com/attacks-breaches/wallchart-phishing-campaign-exploits-world-cup-watchers/d/d-id/1332080
A network worm called ‘Olympic Destroyer’ that debuted at the 2018 winter Olympics is still doing damage across Europe. Since the Olympics, the group has taken an interest in financial and biochemical organizations and oftentimes uses spear phishing as a way to gain illegal access to systems. The group has so far remained anonymous, using a complex combination of false flags and other deceptive behavior to avoid being revealed.
https://www.darkreading.com/vulnerabilities—threats/olympic-destroyer-reappears-in-attacks-on-europe-russia/d/d-id/1332094
What we’re listening to this week!
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!
Indian Government
Exploit: Leaky websites, lack of basic website/ internet security controls.
Risk to Small Business: High: Demonstrates that poor cyber hygiene and complete disregard for basic website/ internet security can be highly damaging.
Risk to Exploited Individuals: High: Sensitive personally identifiable information that can be used for identity theft.
Indian Government: The Republic of India’s government.
|
Date Occurred/Discovered |
The government has experienced a wide variety of breaches over a long span of time, but with their websites being audited in May of 2018, their continuing lack of security with such highly sensitive information proves to be a continuing problem. |
|
Date Disclosed |
June 20, 2018 |
|
Data Compromised |
· Names and phone numbers of those who bought various medicines from state-run pharmacies Recently but not this week: · Aadhaar number · Data collected in ‘Smart Pulse Survey’ · Geolocation of people based on caste/religion · Geolocation of ambulances, why they were summoned, and the hospital destination |
|
How it was compromised |
Leaky websites and dashboards allowing anyone to look up HIGHLY sensitive medical and personal information. |
|
Customers Impacted |
Anyone who has purchased medicine from the state-run pharmacies. |
|
Attribution/Vulnerability |
Poorly configured database. |
Med Associates
Exploit: Supply Chain/Trusted Vendor Compromise
Compromised Workstation, most likely compromised credentials and a lack of multi-factor authentication.
Risk to Small Business: High: At least 42 physician practices had their customer’s PII compromised. Lack of situational awareness within the supply chain will create significant challenges for the vendors that replied on the claims processing vendor.
Risk to Exploited Individuals: High: This breach has disclosed a massive amount of HIGHLY sensitive personal and health information leaving customers impacted significant risk of identity theft and fraud.
Med Associates: A New York-based claims processing company.
|
Date Occurred/Discovered |
March 2018 |
|
Date Disclosed |
June 2018 |
|
Data Compromised |
· Patient names · Dates of Birth · Addresses · Dates of service · Diagnosis codes · Procedure codes · Insurance information, such as insurance ID numbers |
|
How it was compromised |
Not disclosed, but it was specified that the attack did not involve ransomware or phishing. |
|
Customers Impacted |
270,000 |
|
Attribution/Vulnerability |
Still under investigation, but the third party gained remote access to the workstation without phishing or ransomware. |
https://www.govinfosecurity.com/hacking-incident-at-billing-vendor-affects-270000-patients-a-11116
Chicago Public Schools
Exploit: Negligence
Risk to Small Business: High: If a breach of this magnitude happened to a small business, it is unlikely it would recover. This kind of negligence causing a breach tarnishes a name to a great degree, but people do not have a choice but to continue using Chicago public schools because it is a government-run program.
Risk to Exploited Individuals: High: Unfortunately, a minor’s personally identifiable information is highly sought after and valuable as its often not monitored.
Chicago Public Schools: School district in the Illinois city of Chicago
|
Date Occurred/Discovered |
June 16, 2018 |
|
Date Disclosed |
June 16, 2018 |
|
Data Compromised |
· Children’s names. · Home phone numbers. · Cell phone numbers. · Email addresses. · School ID numbers |
|
How it was compromised |
When sending out an email about applications to selective enrollment schools, an employee attached a spreadsheet containing the sensitive data which was then sent out to families in the district. The person who made the critical mistake is going to lose their job according to the superintendent. |
|
Customers Impacted |
3,700 students and families |
|
Attribution/Vulnerability |
Negligence |
https://chicago.suntimes.com/news/cps-data-breach-exposes-private-student-data/
An important takeaway for your customers is how easy it is to unknowingly leak personal information! A study conducted by Positive Technologies found some alarming statistics on the vulnerabilities of web applications.
The study uncovered that almost half (48%) of the web applications tested were vulnerable to unauthorized access from a third party, with 17% of the tested applications being so unsecured that full control could be acquired. Every single web app that the study looked had vulnerabilities with just over half of them (52%) being high risk. A little under half (44%) of web apps examined that processed personal data leaked that personal data and 70% of all applications were at risk of leaking critical information to the business. The study found an average of two critical vulnerabilities per web application, and where the researchers had access to the source code of the web app they uncovered high-severity vulnerabilities 100% of the time. The industries used in this study of web applications include: finance, IT, e-commerce, telecom, government, mass media, and manufacturing.
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Web-application-vulnerabilities-2018-eng.pdf
When using this week’s breach information to educate your customers and prospects, explain the critical importance of using web applications, both professionally and personally, with extreme caution. Even when users are careful, log-in credentials and PII can end up on the Dark Web – but when all else fails, constant dark web monitoring will atone for human error.
MSP Partners, please feel free to share this information with your customers!
Are you looking to see how Dark Web ID™ can help you protect your customers’ credentials? Learn about ID Agent’s Partner Program now!