Category: data breach

Someone called OxShagger thinks he has come up with the perfect Valentine’s surprise for Oxford students, but is the way he has gone about “bookworms with benefits” really a good idea? Robot security guards are trundling the streets of – you guessed it – America. And a writer of paranormal bully romances (no, we don’t know what that means either) returns from the grave... All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Andrew Agnês.

News is breaking that the popular fast food chain Five Guys has disclosed a data breach impacting job applicants, and the company may be facing a lawsuit over the cybersecurity incident.

On December 29th, Five Guys started notifying customers of the incident, which is the same date the company notified state authorities about the breach. The notification garnered the attention of Turke & Strauss, a law firm specializing in data breaches.

The law firm has since begun urging impacted individuals to get in touch to discuss potential legal actions against the fast food chain after it was revealed the incident exposed sensitive information including applicant names, social security numbers and driver’s license numbers.

Currently, there is little known about the incident. Five Guys conducted an internal investigation in early December that revealed unauthorized access to files on a server containing information submitted to the company in the connection with its employment process. However, it still remains unclear if the incident was part of a ransomware attack and how many people have been impacted.

Here is what cybersecurity experts say:

Neil Jones, Director of CyberSecurity Evangelism, Egnyte

“The recent data breach at Five Guys is particularly concerning, because employment data inherently includes PII (Personally Identifiable Information) that’s captured in companion identification and work authorization documents. Collectively, those resources represent a treasure trove for cyber-attackers.

In this case, the breach involved the sensitive data of residents of states as diverse as Massachusetts and Montana. Although there’s no current evidence that the breached information has been used maliciously, it is not uncommon for attackers to wait for just the right moment to post their breached data to the Web.

There are several key lessons that can be learned from this incident: 1) Organizations need to combine intrusion detection solutions with effective data recovery programs. 2) Companies need to have incident response plans in place, to effectively notify their customers, employees, business partners and the news media of potential breaches. 3) During these dynamic times, routine technological audits need to occur on a more frequent basis than they did before, to prevent vulnerabilities from being exploited.”

Arti Raman, CEO and founder, Titaniam

“It is unclear if the Five Guys data leak was part of a ransomware attack or if someone simply stumbled upon an unprotected cloud storage. The first thing to do, as a community, is to extend empathy to those impacted. When it comes to data breaches and unauthorized access to files, any of us could find ourselves in the midst of a data leak having our PII exposed. With over 65% of attacks rooted in some type of human compromise, attackers can find a foothold in even the best-defended enterprises.

In times like this, it is essential to reflect on best practices so that all can benefit from each others’ experiences. In turn, this helps build resiliency based on attacks that have happened and still could happen again.

Based on our work, Titaniam has found that cyberattack immunity is a three-part solution. First, enterprises must look into prevention and detection solutions so that attacks can be stopped before they execute or be identified before infection spreads. Second, data security focuses on preventing large-scale data exfiltration. This can be achieved through encryption at rest, in transit, and, most importantly, encryption-in-use. Encryption-in-use is an extremely powerful new technology that dramatically reduces ransomware, extortion, and other data-related attacks. This is potentially what can help in the case of unauthorized access to files. Finally, the third piece is backup and recovery. This is in place so that even if attackers successfully bring down systems, these can be recovered without expensive payouts. Implementing a three-part defense helps significantly neutralize attacker leverage and protect data and enterprises.”

The post Expert Comments on Five Guys Data Breach appeared first on Cybersecurity Insiders.

By Brad Liggett, Technical Director, Americas for Cybersixgill

Technology’s rapid and relentless progress promises to continue apace in 2023, to everyone’s benefit – including cybercriminals’. The year promises a “Spy vs. Spy”-type cyberspace race as both criminals and defenders vie to gain the upper hand using new and emerging technologies.

Every technology that enables our cyber teams to pinpoint and resolve threats and prevent attacks more quickly and accurately also benefits cybercriminals. In those same technologies they find new breach pathways and targets, and more sophisticated intrusion techniques.

The result can be a cat-and-mouse game in which we run in circles without either actually getting ahead.

For cyber professionals, awareness is the first and perhaps most important step toward breaking out of this cycle. While predictions are always risky – perhaps even more so in the unpredictable digital realm – we can gird ourselves against the coming year by looking at what’s happening now, knowing our adversaries will be sure to step up their game.

We see these three cyber trends looming in 2023:

  1. Advanced Persistent Threat (APT) software will level the playing field between less-experienced, profit-driven cybercriminals and more politically motivated state-backed groups. As a result, these disparate perpetrators will work together, irrespective of where they’re located, as supporting governments look the other way.Even as nation-state-supported groups launch APT attacks on their governments’ behalf – such as the China-baked APT5’s recently discovered exploit of a Citrix application – we’re seeing software for sale on the dark web that gives lone wolf and profit-driven groups similar capabilities. We call these threat actors “Quasi-APTs.”

How to prepare: CISOs must be more vigilant than ever before, and make sure their organizations can track, monitor, and remediate threats from multiple points, around the clock. These threats aren’t coming only from state-sponsored APT groups anymore, but also from your garden-variety dark web actor or Anonymous chapter.

Automated threat intelligence and robust vulnerability management programs are now more critical than ever for enterprises. As your technologies proliferate so, too, do your endpoints, each a potential avenue for breach – and they may number in the thousands. Without automation, continuously protecting them all will be impossible.

  1. Artificial Intelligence (AI) will play an increasingly important role on both sides, as threat actors use malicious AI and enterprises employ the technology to proactively find and preemptively eliminate threats.

Everyone’s talking about ChatGPT, the OpenAI chatbot that can “speak” with users intelligently – answering questions, admitting mistakes and correcting itself, rejecting inappropriate requests, and more. It’s an exciting advance for enterprises wanting to use AI to better serve customers – and it’s most likely exciting for cybercriminals, as well.

Already some have used the OpenAI platform to have ChatGPT write phishing emails and insert malicious links. The emails don’t have the usual spelling, grammar, and syntax errors that today’s phishing messages composed by non-native-English speakers tend to contain – errors that serve as a tip-off to recipients.

Likewise, this technology could make misinformation and disinformation that much more credible, writing articles and posts using persuasive techniques pretty much reserved for humans now.

How to prepare: Governments and enterprise organizations will need to use natural language processing and AI to shift to a more proactive approach to cybersecurity. Automation using AI will play an essential role. By listening in on chatter among threat actors, AI can determine which threats are most likely to materialize, and send defense and response resources to where they’re needed, before they’re needed.

  1. The use of “wiper” malware will proliferate, erasing data from government and critical infrastructure systems as well as mobile phones.

Originally intended to help companies erase data from company devices – a security technology – wiper software has morphed into wiper malware.

We’re seeing an increase in dark-web chatter about planting malware in Android marketplaces, including the use of “wiper” malware that erases data.

Many federal agencies already use Android phones, and will need to up their vigilance against this devastating tool.

The “NotPetya” attack of 2017 – the most financially damaging cyberattack in history – and the 2018 “Olympic Destroyer” attack, which took down the entire technology system of the Winter Olympics in Seoul, South Korea, used wiper malware.

These attacks, both attributed to cybercriminals in Russia, almost certainly weren’t motivated by money, since the attackers didn’t deploy ransomware or demand pay. This emerging tactic warrants the attention of not only governments but critical infrastructure providers, as well, and possibly even individuals as criminals move to wiping clean mobile phones.

The good, the bad, and the ugly

As the new year progresses, it’s important to remember that pretty much everything has a good side and a bad side. Technology offers many upsides, including helping us to work and live more efficiently and securely. But cybercriminals pay attention to technological trends perhaps even more closely than most. When one catches on, they’ll be there, hoping to cash in.

If these predictions – based on information gleaned from our observations in the areas of the internet most can’t see – tell us anything, it’s this: in 2023, businesses will need to work harder to stay ahead of cybercrime. Old, reactive paradigms won’t do, not anymore, and we all know what happens when you run in circles: you go nowhere.

 

The post Three cybercrime technology trends to watch in 2023 appeared first on Cybersecurity Insiders.

Next time when you are hit by a cyber attack, you better be aware that the UK’s Information Commissioner’s office (ICO) will soon make the information public by posting it on its website. Yes, this is what the ICO has decided as it believes that naming and shaming will make company heads take measures to safeguard their IT infrastructure and data of users.

With little trumpeting, the data from the fourth quarter of 2021, naming the victimized organization and sector, is already available on the website of the commissioner’s office and soon more is expected to be revealed.

How the European data regulators are eligible to reveal such information on a public platform is yet to be known. But if you go through the website, a large data-set belonging to a notified company is available in the section already at present.

Companies involved in repeated hacks and having established a permanent place on the ICO website will be prosecuted by mid next year.

It is worth noting that the name and shame session started by the Information Commissioner Officer in this year’s end is followed by the increase in ICO fines by 3 times from the past 12 months.

As a report from law firm RPC claims that the year 2022 witnessed a penalties accounting for £15.2 million up from £4.6m witnessed in the year 2020-21.

Wonder how the breached firms will react to such public shaming?

 

The post UK Data Regulator publishes information of firms hit by data breaches appeared first on Cybersecurity Insiders.