Category: data breach

Facebook Faces Data Breach Concerns

Facebook, the social media giant founded by Mark Zuckerberg, has once again found itself under scrutiny due to reports of a significant data breach. A recent disclosure by the India-based non-profit organization known as the ‘CyberPeace Team’ revealed that data belonging to over 100,000 users has surfaced on an information-sharing forum.

The leaked data comprises sensitive user information including names, profiles, email addresses, contact details, and locations. Such a breach raises serious concerns regarding potential phishing scams and other social engineering attacks that exploit this information.

The exact origin of the data breach remains unclear, as does the geographic distribution of the affected users. However, speculations regarding these aspects often prompt government investigations and can tarnish the company’s reputation. Notably, in 2021, the Ireland Data Protection Commission imposed a significant penalty on Facebook‘s parent company, Meta, for a massive data leak affecting over 533 million users.

Akira Ransomware Emerges, Prompts FBI Alert

The emergence of a new ransomware variant known as Akira Ransomware has sent shockwaves across the cybersecurity landscape, particularly in Singapore, where businesses have become targets. The Singaporean government has responded by issuing advisories urging local businesses not to entertain ransom demands from hackers.

Authorities stress that paying a ransom does not guarantee the provision of decryption keys or prevent the public disclosure of stolen data. Moreover, hackers may exploit the situation by repeatedly extorting organizations, as exemplified by the recent case involving Change Healthcare, which paid a staggering $22 million to the ALPHV or BlackCat ransomware group, only to face renewed threats from another group known as RansomHub.

In response to the escalating threat, the FBI has issued a public warning regarding the Akira ransomware gang’s modus operandi. Instead of directly contacting victims after encrypting their databases, the gang leaves a contact email address in a pop-up note displayed post-encryption, adding another layer of complexity to the ransomware landscape.

The post News about Facebook Data Breach and FBI alert on Akira Ransomware appeared first on Cybersecurity Insiders.

A 16-year-old youth has been arrested in France on suspicion of having run a malware-for-rent business. The unnamed Frenchman, who goes by online handles including "ChatNoir" and "Casquette", is said to be a key member of the Epsilon hacking group, which has in the recent past stolen millions of records from hackd firms. Read more in my article on the Hot for Security blog.

In an increasingly digital world, where concerns about online data security are rampant, it’s easy to overlook the vulnerabilities that exist offline. While much attention is rightfully directed towards protecting data in the virtual space, offline data theft remains a significant threat that can be just as insidious and damaging. Understanding how data steal occurs offline is essential for safeguarding personal and sensitive information comprehensively.

1. Physical Theft and Tampering: One of the most straightforward methods of offline data theft is physical theft or tampering with devices that store personal data. This includes stealing laptops, smartphones, external hard drives, or even paper documents containing sensitive information. Once in the wrong hands, this data can be exploited for various malicious purposes, including identity theft and financial fraud.

2. Interception of Postal Mail: Traditional mail, despite its diminishing relevance in the digital age, still poses a risk for data theft. Intercepting postal mail containing sensitive documents, such as bank statements, invoices, or official correspondence, provides attackers with valuable personal information. This information can be used to perpetrate identity theft or gain unauthorized access to financial accounts.

3. Skimming and Eavesdropping: Skimming devices installed on ATMs, point-of-sale terminals, or even gas pumps can capture credit card information when users swipe their cards. Similarly, eavesdropping on conversations in public places, such as cafes or public transportation, can yield valuable information, such as passwords or account details, which can then be exploited by attackers.

4. Dumpster Diving: Despite its rudimentary nature, dumpster diving remains a viable method for harvesting sensitive information. Discarded documents, such as bank statements, invoices, or discarded electronic devices, can contain a treasure trove of personal data. Attackers sift through trash bins or dumpsters in search of such discarded items to exploit for their gain.

5.  Social Engineering and Impersonation: Offline data theft can also occur through social engineering tactics, where attackers manipulate individuals into divulging sensitive information. This can involve impersonating authority figures, such as government officials or company representatives, to gain access to confidential information or tricking individuals into revealing passwords or account details over the phone.

6.Insider Threats: Employees or individuals with authorized access to sensitive data can also pose a significant threat to data security offline. Whether through negligence, malicious intent, or coercion, insiders can leak or misuse sensitive information, compromising data security from within an organization.

Protecting Against Offline Data Theft:

1. Secure Physical Storage: Store physical devices containing sensitive information in secure locations, such as safes or locked cabinets, when not in use. Encrypt data stored on devices to prevent unauthorized access in case of theft or loss.

2. Monitor Postal Mail: Be vigilant for signs of tampering or interception of postal mail. Consider using secure mail services or electronic delivery for sensitive documents whenever possible.

3. Be Cautious in Public Spaces: Exercise caution when handling sensitive information in public spaces. Shield PINs when entering them on ATMs or point-of-sale terminals, and avoid discussing confidential matters in public where conversations could be overheard.

4. Shared Documents: Dispose of documents containing sensitive information securely by shredding them before discarding. This prevents attackers from reconstructing discard-ed documents and extracting valuable data.

5. Educate Against Social Engineering: Raise awareness among individuals about the risks of social engineering tactics and the importance of verifying the identity of individuals requesting sensitive information, especially over the phone or via email.

6.Implement Insider Threat Mitigation: Implement measures to monitor and mitigate insider threats, including employee training, access controls, and regular audits of access to sensitive data.

In conclusion, while the digital landscape presents numerous challenges for data security, offline data theft remains a prevalent and often overlooked threat. By understanding the various methods through which offline data theft occurs and implementing appropriate safeguards, individuals and organizations can better protect themselves against this insidious form of data breach.

The post Unveiling the Mechanics of Offline Data Theft: How Your Information Can Be Compromised Beyond the Digital Realm appeared first on Cybersecurity Insiders.

Ransomware attack on NHS in May 2024

A recent ransomware attack on a key technology service provider has caused significant disruptions in several major hospitals across London, rendering medical staff unable to access crucial pathology and other medical IT services.

The attack targeted a company called ‘Synnovis,’ resulting in numerous NHS hospitals losing access to essential healthcare services such as blood tests and imaging. Among the affected hospitals are Harefield Hospitals, King George Hospital NHS Foundation Trust, and Royal Brompton.

NHS England, in collaboration with the National Cyber Security Centre (NCSC) and the Department of Health and Social Care, is actively investigating the incident. Officials are confident in their ability to recover encrypted data from backups. However, the specific ransomware variant that targeted the NHS has yet to be disclosed. Reports indicate that the attackers infiltrated databases in May 2024, with the breach only being detected in the early hours of June 3, 2024.

Google Data Breach 2024 details

In a separate development, recent revelations regarding a data breach at Google have raised concerns about the security of user data stored by tech companies. A document uncovered by 404 Media reveals a series of security incidents experienced by Google between 2013 and 2019. These incidents include unauthorized data collection by various Google online services, errors made by staff and contractors, and vulnerabilities in products and third-party vendors, leading to fraudulent data access by hackers.

The document highlights troubling instances such as the collection of audio files of children speaking via Alexa, retention of users’ deleted watch history on YouTube, and transcription of license plates captured in Google Street View images.

In response to the leak, Alphabet Inc.’s subsidiary, Google, has swiftly issued a statement. They assert that over the past six years, the company has implemented numerous security measures to protect users’ data. Google deems the latest revelations as unfounded and calls for a thorough investigation into the matter.

The post Ransomware attack on NHS and Google Data Breach 2024 details appeared first on Cybersecurity Insiders.

US spyware vendor pcTattletale has shut down its operations following a serious data breach that exposed sensitive information about its customers, as well as data stolen from some of their victims. pcTattletale was promoted as "employee and child monitoring software" designed to "protect your business and family." Of course, what it actually was, was a way to surreptitiously spy upon other people's phones and computers - secretly viewing everything they did. Read more in my article on the Hot for Security blog.

A cyber assault targeting internet routers operating in the United States has caused widespread disruption, affecting over 600,000 devices and marking one of the most significant router attacks in American history.

Discovered by Black Lotus Labs, a division of Lumen Technologies, in April 2024, the attack occurred during October and November of the previous year but was only disclosed to the public recently.

While security experts believe the attack to be the work of state-sponsored hackers, official details regarding the breach have yet to be revealed as investigations are ongoing.

Reports indicate that the attack utilized a malicious software update that continues to circulate online, capable of deeply infecting routers by deleting their operational code, rendering them inoperable.

The perpetrators engineered the malware disguised as a firmware update and distributed it through the software update servers of Windstream, a prominent telecommunications company based in Arkansas and a major Internet Service Provider (ISP).

In response to the incident, the FBI and other national security agencies have dispatched agents to Windstream’s facilities for further investigation. However, Windstream has refrained from issuing any official statements as its internal inquiry is still underway.

Lumen’s reports shed light on complaints from Windstream customers, who expressed frustration on platforms like Reddit regarding disruptions experienced between October 25th and October 28th, 2023. During this period, Windstream advised affected users to request device replacements, which were fulfilled within two weeks. However, the company has remained silent regarding the router hack incident.

Notably, neither the FBI nor any other law enforcement agencies, including the SEC, have acknowledged the incident, which, according to existing data breach laws, should have been reported within 30 days of discovery.

The post Over 600K routers in USA were disrupted by Cyber Attack appeared first on Cybersecurity Insiders.

The recent WebTPA data breach has impacted approximately 2.4 million individuals, with unauthorized access to a network server leading to potential exposure of personal information. The breach, detected on December 28, 2023, is believed to have occurred between April 18 and April 23, 2023. Compromised data may include names, contact information, dates of birth and death, Social Security numbers, and insurance details.  However, financial and health treatment information were reportedly not affected.

WebTPA has since notified affected parties and offered credit monitoring and identity theft protection services while enhancing network security to prevent future incidents. Multiple class action lawsuits have been filed, alleging negligence in data security and delayed breach notification.

Experts share their thoughts on the breach and the impact breaches on the healthcare system continue to have on the public at large.

Kiran Chinnagangannagari, Co-Founder, Chief Product & Technology Officer, Securin

“The sheer number of healthcare data breaches this year is staggering – 283 and counting since January. It’s a stark reminder of the fragility of our healthcare system and the fact that adversaries are deliberately targeting critical infrastructure. Just look at the recent breaches at Change Healthcare, Ascension Hospital Chain, MediSecure, and WebTPA – it’s a veritable who’s who of healthcare organizations falling prey to cyber threats.

And if that’s not alarming enough, consider this: there are nearly 118,500 exposed internet-facing OT/ICS devices worldwide, with the U.S. accounting for a whopping 26% of those devices. It’s a ticking time bomb, waiting to unleash chaos on our already fragile healthcare system. Organizations need to wake up and take responsibility for monitoring and securing their attack surface – it’s no longer a nicety but a necessity.

On a more optimistic note, CISA’s Eric Goldstein testified in a House of Representatives hearing that real-time visibility into vulnerabilities has led to a whopping 79% reduction in the surface of the federal civilian agency attack. That’s a huge win! It just goes to show that binding operative directives can make a real difference in reducing cyber risk. It is crucial that these measures are extended beyond federal civilian agencies to achieve a broader impact.

The WebTPA breach also underscores a disturbing trend: many security breaches originate from third-party partners or suppliers within an organization’s supply chain. It’s a harsh reality, but organizations need to get real about evaluating their partners’ cybersecurity practices. To take it a step further, the SEC should mandate incident and breach reporting in 8-K filings – even when caused indirectly by suppliers. It’s time for some accountability in the cybersecurity space.”

Ilona Cohen, Chief Legal and Policy Officer, HackerOne 

“This latest breach adds to a troubling increase in cyberattacks affecting the healthcare industry.  Healthcare organizations must use every tool available to reduce the chance of a breach, especially when the exploitation of healthcare data places patients’ privacy and safety at risk.

Ethical hacking is an underutilized solution in the healthcare industry that offers significant protection from cyber threats. Still, laws like HIPAA don’t clearly distinguish between good-faith security research and malicious data exploitation.

Collaborating with ethical hackers can help the healthcare sector prevent cyberattacks before they occur, ultimately safeguarding sensitive patient data, medical devices, and health delivery infrastructure.

Lawmakers can aid the healthcare industry by clarifying that discovering vulnerabilities in good faith does not constitute a breach. Otherwise, the healthcare industry loses a significant advantage in identifying vulnerabilities and fixing them before cyberattacks occur.”

Nathan Vega, Vice President, Product Marketing and Strategy, Protegrity  

“Organizations rely on the exchange of data for their vitality. Consumers share sensitive information like emails, addresses, Social Security numbers, and other personal identifiable information (PII) with the belief that these businesses will protect them as customers and the impression that they will abide by data protection and privacy laws to prevent their data from getting into the wrong hands.

The WebTPA data breach is an example of the growing concerns regarding the assumed trust between businesses and their customers. This attack is impacting almost 2.5 million people and has exposed Social Security numbers and insurance information. Having occurred in April of 2023, this data has been floating around for public consumption without customer knowledge for over a year.

This breach illustrates that de-identifying sensitive data is critical to protecting consumer information. Organizations must go beyond layering defenses to protect sensitive data and instead move towards regulator-recommended data protection methods. This includes encryption and tokenization to render data useless to attackers, making it impossible to steal and use data maliciously. When this is done, businesses are lowering the value of stolen data and avoiding the lasting effects of ransom payments or fraudulent activity.”

John Stringer, Head of Product, Next DLP

“Healthcare companies, being a repository of vast volumes of personal and financial data, make them exceptionally enticing prey for threat actors, as made evident with the information targeted in the recent WebTPA breach. This incident should serve as a reminder of the importance of data loss prevention solutions, combined with other security measures, to mitigate the impact of a breach.

While WebTPA has offered identity monitoring services and claimed to be unaware of the misuse of any benefit plan member information, it doesn’t mean the end of the story for the consumers. To them, this loss of PII will likely lead to further phishing and fraud attempts.”

The post Breaking Down the WebTPA Data Breach: Expert Analysis and Perspectives appeared first on Cybersecurity Insiders.