A reported 90% of all data breaches affect small businesses, and these breaches can be quite costly. Cyber insurance is one way to help protect your organization.
Incidents
How a company’s culture can limit data breaches
It is undeniable that internal controls facilitate data security, but a company’s culture can play an even larger role. Awareness is key, and it starts at the top.
Dropbox Acknowledges Leak of 68 Million Passwords
The cloud-storage site has confirmed that 68 million users’ passwords have been compromised. While the hack was in 2012, new information has just recently confirmed that passwords were included in the breached data.
Vietnamese Bank Blocks $1 Million SWIFT Heist
A statement by Tien Phong Commercial Joint Stock Bank indicates the bank thwarted an attempt to transfer $1.36 million via a malware attack. The fraudsters attempted to transfer the funds via the interbank SWIFT messaging system, which is used by 11,000 banks worldwide.
Invest Bank UAE Appears to be Victim of 10GB Breach
A Turkish hacking group is likely responsible for the release of 10GB of UAE-based Invest Bank files. The archive is said to contain internal files and sensitive financial documents, including customer data.
Anonymous Threatens Bank DDoS Disruptions
The hacktivist group is waging a “a 30-day campaign against central bank sites across the world,” according to a new video posted on the group’s YouTube page. The Target List includes the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis.
Verizon Confirms Breach Affecting Business Customers
Verizon has released a statement confirming that “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.” Experts believe the exposure of the clients’ contact information leaves them more vulnerable to phishing attacks.
Cancer Center Chain: Hacker Attack Affects 2.2 Million
21st Century Oncology was notified by the FBI in November 2015 that a third party may have gained access to a 21st Century database. A forensic firm confirmed what the FBI suspected, noting that a possible 2.2 million patients’ names, Social Security numbers, physicians’ names, diagnosis and treatment information, and insurance information was obtained.
California Hospital’s Systems Held Ransom for $3.6 Million
Hollywood Presbyterian Medical Center is in the midst of what is is describing as an ‘internal emergency.’ Staff have been locked out of computer systems for over a week now as hackers demand 9,000 bitcoin. The FBI, the LAPD and a cyber forensic team are investigating the ransomware attack.
Hackers Claim FBI Information-Sharing Portal Breached
A group of hackers claims to have breached the FBI’s Law Enforcement Enterprise Portal (LEEP), which includes records of individuals who have been arrested by U.S. federal agencies as well as tools for sharing information between U.S. federal agencies and partners located both domestically and abroad.
FFIEC Releases Statement on Cyber Attacks Involving Extortion
Members of the Federal Financial Institutions Examination Council issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion. The statement includes steps financial institutions should take to respond to these attacks and highlights resources that can be used to mitigate the risks posed by such attacks.
Technical Alert on Dridex P2P Malware Released
The FBI, DOJ and DHS have released a Technical Alert on the Dridex P2P Malware. A system infected with Dridex may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks and harvest users’ credentials for online services, including banking services.
Wire Fraud: $39 million
Ubiquiti Networks victim of $39 million social engineering attack
The company Ubiquiti Networks fell victim to a phishing scam. An employee received a phishing email that resulted in submitting multiple wire transfers totaling $39 million.
http://www.csoonline.com/article/2961066/supply-chain-security/ubiquiti-networks-victim-of-39-million-social-engineering-attack.html
Infusion Pumps Discontinued
FDA: Discontinue Use of Flawed Infusion Pumps
The FDA issued a statement encouraging the transition away from a specific type of medical device. The device has several flaws one of which allows remote access. These types of warnings may become more common in the future. It’s imperative to apply cybersecurity controls to medical devices.
U.S. Army Website Defaced
U.S. Army’s website was defaced with propaganda from the Syrian Electronic Army. Attackers gained access to the website control panel most likely via a phishing attack or brute force.
Heartland’s 2nd breach
Heartland has reported a breach due to physical theft. Several systems were stolen and one of these systems may have stored “Social Security number and/or bank account information processed for [customers’] employer.” The previous data breach in 2008 involved a breach of card data.
Beacon Health System – Latest Phishing Victim
Beacon Health Is Latest Hacker Victim
Beacon Health System is a healthcare provider organization based out of South Bend, Indiana. Employees fell victim to phishing attacks and hackers were able to gain access to email accounts that contained patient information. This breach affected 220,000 patients.
IRS Taxpayer Accounts Breached
IRS: 100,000 Taxpayer Accounts Breached
100,000 taxpayer accounts were breached via the IRS Get Transcript service. Taxpayers’ transcripts were accessed after hackers authenticated to the system using the service’s multi-step authentication process. Several pieces of personal information were utilized to successfully authenticate to the system. It is likely that the attackers acquired the personal data utilized in this breach from a previous data breach unrelated to the IRS.
Federal Reserve Bank of St. Louis DNS Hacked
St. Louis Fed Confirms DNS Hijacking
Attackers gained access to the DNS records for the St. Louis Federal Reserve Bank’s website and redirected users accessing research.stlouisfed.org. The fake site resembled the actual website to trick users into disclosing credentials and/or downloading malware. Details of the actual intent of the fake site have not been released.
Apple Pay Exploit #2
How Apple Pay Is Exploited For Fraud
The technology of Apple Pay has not been exploited; however, weaknesses in setting up Apple Pay do exist. The first method, reported earlier this year, involved fraudsters setting up stolen credit cards on Apple Pay due to weak or non-existent customer authentication methods. Now fraudsters are continuing this practice; however, this time they are using out-of-band authentication methods, such as verification by phone. The fraudsters are porting phone numbers, most commonly customers’ landlines.
New POS Malware Undetected by Anti-virus Program
POS Vendor Reports Malware Attack
Layered security controls are crucial! Latest POS malware incident involved Harbortouch Payments POS systems and the anti-virus program did not detect the advanced malware.
Zero-Day Exploit: Ransomware in Adobe Flash
Zero-Day Malvertising Attack Went Undetected For Two Months
Vulnerability in Adobe Flash was exploited by cybercriminals to inject ransomware malware in the ads on popular web sites including Dailymotion, Huffington Post, answers.com, New York Daily News and HowToGeek.com. Adobe released the patch on February 2nd; however, the vulnerability had been exploited since December 2014.