The Week in Breach: 09/16/18 – 09/22/18

This week Magecart is at it AGAIN! Plus, a payroll social engineering attack? Find out in The Week in Breach.

Trends in data found on the Dark Web this week:

  • Total Compromises: 13,394
  • Top Source Hits: ID Theft Forum
  • Top PIIs compromised: Domains (13,916)
    • Clear Text Passwords (7,014)
  • Top Company Size: 1-10 (4,172)
  • Top Industry: Education & Research (1,232)

United States - Newegg

https://techcrunch.com/2018/09/19/newegg-credit-card-data-breach/

https://cyware.com/news/electronics-retailer-newegg-becomes-the-latest-victim-of-magecart-43d6db94

Exploit: Code injection by Magecart, the group responsible for the Ticketmaster and British Airlines breaches.

Newegg: One of the United States largest online retailers of electronics.

Risk to Small Business: 2.111 = Severe*: A breach including sensitive payment information such as this could dismantle customer trust, especially in a company that is first and foremost an online retailer.

Individual Risk: 2.714 = Moderate Risk*: Those affected by this breach should contact their credit card companies IMMEDIATELY. Magecart is no joke, as demonstrated by their wide range of attacks across various industry and the scope of their abilities.

Customers Impacted: Unclear, but the site has 45 million monthly unique visitors and was breached for over a month.

How it Could Affect Your Customer’s Business: Magecart is back, and they mean business. The group that is responsible for the Ticketmaster and British Airlines breach has now targeted Newegg. This shows that the group isn’t limited to one industry or country. Magecart is a global operation that can target any organization that processes payments online.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Independence Blue Cross

https://www.ibx.com/pdfs/privacy/ibx-data-security-notice.pdf

https://cyware.com/news/data-breach-hits-independence-blue-cross-impacting-around-17000-patients-26e1a636

Exploit: Exposed database.

Independence Blue Cross: A healthcare organization based in Philadelphia.

Risk to Small Business: 1.888 = Severe Risk*: The exposed database is a classic example of how one mistake can have disastrous consequences on a business. Leaving a database, and even more so, a database with medical information or medical related information is a betrayal of customer trust that cannot always be earned back.

Individual Risk: 2.428 = Severe Risk*: The data exposed could be used for insurance fraud or identity theft.

Customers Impacted: 17,000 patients.

How it Could Affect Your Customer’s Business: A breach that contains medical or insurance information is never pretty. This can greatly reduce customers trust in a business and the government (depending on the country) can levy a significant fine for the inability to secure the sensitive information.

ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Double Stuffed 
Credential stuffing has been around, but its appearance in the financial sector has grown. For example, botnets targeting a network with credential stuffing will effectively DDoS attack a site while attempting to log in. Credential stuffing is where a hacker or a hacker’s botnet attempts to log into online services using credentials obtained through a data breach. From November 2017 to June 2018 there were 30 billion malicious login attempts. This shows off the power these large botnets have when it comes to taking advantage of the breaches that happen all the time.
https://www.bleepingcomputer.com/news/security/credential-stuffing-attacks-generate-billions-of-login-attempts/

Paystole
There is a new trend of social engineering attacks targeting employees whose credentials can let the bad actor access online payroll accounts. The FBI Internet Crime Complaint Center has seen an uptick in starts with a phishing email and then evolves into accessing payroll, changing bank account data, and changing settings so the target does not receive an alert when their direct deposit changes. Make sure to be diligent in sifting through emails!

https://www.darkreading.com/threat-intelligence/fbi-phishing-attacks-aim-to-swap-payroll-information/d/d-id/1332845

Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!


 A note for your customers:

Magecart is Ruffling Through Your Cart.
With the Magecart group taking on companies such as British Airlines, Ticketmaster and now Newegg, I think it’s a good time to talk about online retail security. Researchers at SecurityScorecard analyzed 1,444 domains within the sector for 5 months to collect data on how secure the industry is. What they found… was not pretty.

The retail industry was not the lowest scoring sector, but it was the second lowest scoring, with entertainment being the only major industry more vulnerable. Not only is the retail sector highly vulnerable, but it also has gotten worse over the last year because it moved down 2 spots in rankings. The retail sector was last in its ability to protect against social engineering attacks, which is concerning because the retail industry is the third most targeted industry behind banking and finance.

Many credit card associations have called for changes to be made within the sector, but many organizations are not fully compliant or not at all. In fact, 91% would fall under noncompliance. The combination of the popularity of online retailing with the fact that there is a very serious hacker group targeting websites that process payments, means the retail sector needs to look into buckling down because these threats aren’t going to go away.

https://www.darkreading.com/application-security/retail-sector-second-worst-performer-on-application-security/d/d-id/1332860


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today! 

comments
0