New Phishing Campaigns are Targeting World Cup Fans 

Two new phishing campaigns have emerged in recent weeks due to the start of the 2018 FIFA World Cup. Bad actors are targeting fans of the hugely popular World Cup and one of its long-time partners and sponsors, Adidas. One campaign disguises itself as an interactive World Cup schedule that tracks game results in real time, while the other falsely promises a free $50-per-month subscription for new Adidas sneakers. 

A World Cup Phishing Campaign 

First identified on May 30 by the security firm Check Point, this phishing campaign peaked around June 5 and has since began to re-appear now that the World Cup games have started. The campaign utilizes a well-known type of malware typically used to deliver PUPs, adware, and toolbars called ‘Downloader Guide’. 

Emails with the subject line: “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager” invite recipients to download an attachment that supposedly contains an interactive World Cup schedule. Researchers found 9 different malicious executable files embedded within the attachment. 

Adidas Fans Beware 

The other phishing campaign is targeting Adidas fans using a common trick now-a-days among hackers: masquerading as a legitimate company or brand by creating a link that appears to be from an accredited website. These emails deceptively appear to be from Adidas & contain a link using a vertical line instead of the “i” in Adidas. Prospective victims are encouraged to click the link to receive a free $50-per-month subscription towards Adidas shoes.  

Why the World Cup? 

Cyber criminals love to launch malicious campaigns around big sporting events because they garner huge amounts of popular interest, and it doesn’t get much bigger on a global scale than the World Cup.  

Hackers are hoping to capitalize on sports fans’ excitement and catch end-users with their guards down. In fact, it’s not just phishing campaigns; various fake and malicious websites, giveaways, and tickets have been reported in connection to the World Cup. 

How to Protect Yourself From Online Phishing Schemes 

Phishing attacks are becoming more and more sophisticated, so it is important to implement several layers of protection. On an individual basis, always ensure software is updated, keep an eye out for suspicious emails, and never click a link if you have even the tiniest doubt regarding its validity.  

From an organizational standpoint, companies should put in place automated email security controls that can stop malicious emails from ever reaching employees’ inboxes. Multi-layered security strategies can also mitigate the damage done by a phishing attack if the initial campaign successfully infiltrates your network. 

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/news/phishing-campaigns-target-sports/ 

ransomware attacks on law firms

Two new phishing campaigns have emerged in recent weeks due to the start of the 2018 FIFA World Cup. Bad actors are targeting fans of the hugely popular World Cup and one of its long-time partners and sponsors, Adidas. One campaign disguises itself as an interactive World Cup schedule that tracks game results in real time, while the other falsely promises a free $50-per-month subscription for new Adidas sneakers. 

A World Cup Phishing Campaign 

First identified on May 30 by the security firm Check Point, this phishing campaign peaked around June 5 and has since began to re-appear now that the World Cup games have started. The campaign utilizes a well-known type of malware typically used to deliver PUPs, adware, and toolbars called ‘Downloader Guide’. 

Emails with the subject line: “World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager” invite recipients to download an attachment that supposedly contains an interactive World Cup schedule. Researchers found 9 different malicious executable files embedded within the attachment. 

Adidas Fans Beware 

The other phishing campaign is targeting Adidas fans using a common trick now-a-days among hackers: masquerading as a legitimate company or brand by creating a link that appears to be from an accredited website. These emails deceptively appear to be from Adidas & contain a link using a vertical line instead of the “i” in Adidas. Prospective victims are encouraged to click the link to receive a free $50-per-month subscription towards Adidas shoes.  

Why the World Cup? 

Cyber criminals love to launch malicious campaigns around big sporting events because they garner huge amounts of popular interest, and it doesn’t get much bigger on a global scale than the World Cup.  

Hackers are hoping to capitalize on sports fans’ excitement and catch end-users with their guards down. In fact, it’s not just phishing campaigns; various fake and malicious websites, giveaways, and tickets have been reported in connection to the World Cup. 

How to Protect Yourself From Online Phishing Schemes 

Phishing attacks are becoming more and more sophisticated, so it is important to implement several layers of protection. On an individual basis, always ensure software is updated, keep an eye out for suspicious emails, and never click a link if you have even the tiniest doubt regarding its validity.  

From an organizational standpoint, companies should put in place automated email security controls that can stop malicious emails from ever reaching employees’ inboxes. Multi-layered security strategies can also mitigate the damage done by a phishing attack if the initial campaign successfully infiltrates your network. 

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/news/phishing-campaigns-target-sports/ 

ransomware attacks on law firms

FBI Issues Malware Public Service Announcement, Learn How to Protect Your Data

The FBI recently issued a public service announcement stating that all owners of small office / home office (SOHO) routers should immediately reboot their devices. Why? The FBI believes that hundreds of thousands of routers worldwide have been infected with a form of malware called “VPN Filter”.  

Luckily, all that is necessary to turn off the malware is a simple reboot and reset to default factory settings. Rebooting the devices will also help the FBI determine which devices were infected in the first place. Don’t assume that a malware infection can’t happen to you, reboot your router today. 

What is VPN Filter? 

According to the FBI, VPN Filter is a form of malware targeting small home or office routers. This form of malware can collect private and personal information, exploit devices, and block network traffic.  

In the FBI’s own words, the size and scope of VPN Filter’s impact is “significant”, and it does not discriminate based on manufacturing company or location. The malware’s use of encryption and hidden networks makes its activity especially hard to track and analyze. 

How to Protect Yourself and Your Data 

The FBI is recommending that anyone (yes, that means you) who owns a small home or business router immediately reboot their devices. This will disrupt the malware, at least temporarily, and help the FBI identify infected devices. 

Unfortunately, if the malware is still in its early stages on your device, a reboot may not be enough to completely delete it. That is why we are advising users to reboot and reset their routers to default, factory settings.  

How to Reset Your Router to Factory Settings 

Resetting a small router back to default, factory settings can usually be achieved easily by pressing down on a small button in the rear of the router. While you will have to re-organize your configuration settings, this should be all you need to do to wipe the malware from your device. 

How Else Can I Protect My Data? 

While rebooting and resetting your router is an adequate strategy for this form of malware, there are countless other malicious cyber-attacks and data breaches just waiting to strike. It is important to be prepared and take the necessary steps to protect yourself, your devices, and most importantly your personal and private information. 

Make sure you are always changing your passwords every 90 days and using at least 6 characters and a mix of different numbers and symbols.  

Try and avoid using public wi-fi, but if you must, never input sensitive passwords or information. 

Finally, you should always enable two-actor authentication for all your accounts. This way, even if your password is compromised, bad actors will not be able to access your accounts. 2FA is an essential wall of security that everyone should be using in 2018. 

We Can Help 

Keeping up with the ever-evolving world of cyber security can be a challenge. JDL Group can help you and your business deal with all these new threats. As an MSSP, we are equipped to help you prepare for any cyberattack or malicious software. Contact us today. 

 References:

https://www.ic3.gov/media/2018/180525.aspx 

ransomware attacks on law firms

The FBI recently issued a public service announcement stating that all owners of small office / home office (SOHO) routers should immediately reboot their devices. Why? The FBI believes that hundreds of thousands of routers worldwide have been infected with a form of malware called “VPN Filter”.  

Luckily, all that is necessary to turn off the malware is a simple reboot and reset to default factory settings. Rebooting the devices will also help the FBI determine which devices were infected in the first place. Don’t assume that a malware infection can’t happen to you, reboot your router today. 

What is VPN Filter? 

According to the FBI, VPN Filter is a form of malware targeting small home or office routers. This form of malware can collect private and personal information, exploit devices, and block network traffic.  

In the FBI’s own words, the size and scope of VPN Filter’s impact is “significant”, and it does not discriminate based on manufacturing company or location. The malware’s use of encryption and hidden networks makes its activity especially hard to track and analyze. 

How to Protect Yourself and Your Data 

The FBI is recommending that anyone (yes, that means you) who owns a small home or business router immediately reboot their devices. This will disrupt the malware, at least temporarily, and help the FBI identify infected devices. 

Unfortunately, if the malware is still in its early stages on your device, a reboot may not be enough to completely delete it. That is why we are advising users to reboot and reset their routers to default, factory settings.  

How to Reset Your Router to Factory Settings 

Resetting a small router back to default, factory settings can usually be achieved easily by pressing down on a small button in the rear of the router. While you will have to re-organize your configuration settings, this should be all you need to do to wipe the malware from your device. 

How Else Can I Protect My Data? 

While rebooting and resetting your router is an adequate strategy for this form of malware, there are countless other malicious cyber-attacks and data breaches just waiting to strike. It is important to be prepared and take the necessary steps to protect yourself, your devices, and most importantly your personal and private information. 

Make sure you are always changing your passwords every 90 days and using at least 6 characters and a mix of different numbers and symbols.  

Try and avoid using public wi-fi, but if you must, never input sensitive passwords or information. 

Finally, you should always enable two-actor authentication for all your accounts. This way, even if your password is compromised, bad actors will not be able to access your accounts. 2FA is an essential wall of security that everyone should be using in 2018. 

We Can Help 

Keeping up with the ever-evolving world of cyber security can be a challenge. JDL Group can help you and your business deal with all these new threats. As an MSSP, we are equipped to help you prepare for any cyberattack or malicious software. Contact us today. 

 References:

https://www.ic3.gov/media/2018/180525.aspx 

ransomware attacks on law firms

After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

The discovery of the Spectre and Meltdown vulnerabilities earlier this year was major news throughout the tech industry. These processor vulnerabilities potentially exposed the data of hundreds of millions of popular devices including servers, tablets, and smartphones. 

Spectre and Meltdown left the door wide open for hackers to manipulate a CPU data processing efficiency technique to gain access to sensitive information. Companies like Apple and Microsoft have worked to develop patches and updates to fix these vulnerabilities, but some have resulted in slower CPU performance. 

Now, a new vulnerability has emerged that is similar to Spectre and Meltdown. Microsoft and Google’s Project Zero have just announced the discovery of a flaw called Speculative Store Bypass-Variant 4 

Speculative Store Bypass 

The vulnerability is called Variant 4 because Spectre and Meltdown make up Variants 1-3. Bad actors can potentially use Variant 4 to access data that is supposed to be locked on Intel, ARM, and AMD processors. This process, called ‘Speculative Store Bypass’, manipulates processors into loading private data into insecure files.  

US-CERT’s advisory mentioned that hackers could access older CPU memory values using Variant 4, and experts also believe it could expose certain web browsing components, such as Javascript ad modules. 

Is Variant 4 a Major Vulnerability? 

Microsoft has classified Variant 4 as a low-level risk, while Intel and Google have classified it as a medium risk. Intel also says there is no current evidence that this vulnerability has been used by hackers, yet. 

Many patches and updates for the Spectre and Meltdown vulnerabilities already include safeguards against Speculative Store Bypass, but Intel says it will be releasing a comprehensive fix for Variant 4 within the next few weeks. In fact, the update is already available for manufacturers and software vendors. 

Protecting Your Data Moving Forward 

Companies will be rolling out Variant 4 patches and fixes over the next few weeks and months, but another CPU flaw will undoubtedly emerge at some point. Researchers had been expecting additional vulnerabilities to appear ever since Spectre and Meltdown, and Variant 4 is likely only the first. 

JDL Group can set up the right IT and security systems to properly defend your CPUs and network against vulnerabilities like Variant 4. JDL Group can also make sure your processors are always updated with the latest patches and fixes. Contact us today. 

References: 

https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ 

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/ 

 

After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

The discovery of the Spectre and Meltdown vulnerabilities earlier this year was major news throughout the tech industry. These processor vulnerabilities potentially exposed the data of hundreds of millions of popular devices including servers, tablets, and smartphones. 

Spectre and Meltdown left the door wide open for hackers to manipulate a CPU data processing efficiency technique to gain access to sensitive information. Companies like Apple and Microsoft have worked to develop patches and updates to fix these vulnerabilities, but some have resulted in slower CPU performance. 

Now, a new vulnerability has emerged that is similar to Spectre and Meltdown. Microsoft and Google’s Project Zero have just announced the discovery of a flaw called Speculative Store Bypass-Variant 4 

Speculative Store Bypass 

The vulnerability is called Variant 4 because Spectre and Meltdown make up Variants 1-3. Bad actors can potentially use Variant 4 to access data that is supposed to be locked on Intel, ARM, and AMD processors. This process, called ‘Speculative Store Bypass’, manipulates processors into loading private data into insecure files.  

US-CERT’s advisory mentioned that hackers could access older CPU memory values using Variant 4, and experts also believe it could expose certain web browsing components, such as Javascript ad modules. 

Is Variant 4 a Major Vulnerability? 

Microsoft has classified Variant 4 as a low-level risk, while Intel and Google have classified it as a medium risk. Intel also says there is no current evidence that this vulnerability has been used by hackers, yet. 

Many patches and updates for the Spectre and Meltdown vulnerabilities already include safeguards against Speculative Store Bypass, but Intel says it will be releasing a comprehensive fix for Variant 4 within the next few weeks. In fact, the update is already available for manufacturers and software vendors. 

Protecting Your Data Moving Forward 

Companies will be rolling out Variant 4 patches and fixes over the next few weeks and months, but another CPU flaw will undoubtedly emerge at some point. Researchers had been expecting additional vulnerabilities to appear ever since Spectre and Meltdown, and Variant 4 is likely only the first. 

JDL Group can set up the right IT and security systems to properly defend your CPUs and network against vulnerabilities like Variant 4. JDL Group can also make sure your processors are always updated with the latest patches and fixes. Contact us today. 

References: 

https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ 

https://www.cnet.com/news/intel-microsoft-reveal-new-variant-on-spectre-meltdown-chip-security-flaws/ 

 

After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 

Atlanta’s Computer Systems Infected with Ransomware, Hackers are Demanding Over $50,000 in Bitcoin

The city of Atlanta is reeling due to its computer systems being hacked by ransomware last week, and many city departments are still offline. The hackers responsible for the attack are demanding a ransom of $51,000 worth of Bitcoin. This type of brazen cyberattack by hackers shows just how confident cybercriminals are becoming.

An Early Morning Ransomware Attack

Atlanta officials first noticed a problem early in the morning around 6 AM on Thursday, March 22nd. A ransomware attack encrypted data and shut down multiple applications on the city’s network, including apps for citizens to pay bills and access court-related information.

The Ransom Note

Not long after the attack Hackers sent a ransom note to the city of Atlanta with a list of demands. The note instructed the city to send .8 Bitcoin for each city computer or 8 Bitcoins for all the city’s computers, this amount of Bitcoin is valued at $51,000.

After sending the Bitcoin, Atlanta officials will have to leave a comment on their own website with the provided hostname, and the hackers will reply to the comment with decryption software that will delete the ransomware.

How Did This Happen?

It is still uncertain how hackers were able to plan and execute such a large-scale ransomware attack on an entire city’s computer network. Some are theorizing that the hackers gained access to the computers through a remote portal.

An Ongoing Situation

The city of Atlanta has not said if it plans on paying the ransom and computers at city hall are still shut down. The mayor of Atlanta says that a team of IT experts are working on fixing the computer network, and the FBI has been brought in to investigate.

Meanwhile, many city departments have been forced to conduct business using paper instead of computers and citizens are having a hard time communicating with local departments.

The Importance of IT Security

This major attack on a US city should remove any doubt that cybercrime impacts everyone, even governments. If an entire city can be attacked by ransomware, anyone or any business can. Cybersecurity is no longer optional in 2018, contact JDL Group to start protecting yourself.

Additional Resources

http://www.cbs46.com/story/37787028/sources-city-of-atlanta-computer-systems-dealing-with-cyberattack
http://www.cbs46.com/story/37816000/cyberattack-continues-to-stall-business-in-city-of-atlanta
https://www.yahoo.com/news/hackers-demanding-bitcoin-ransom-attack-atlanta-city-computers-070319259.html

Atlanta's Computer Systems Infected with Ransomware, Hackers are Demanding Over ,000 in Bitcoin

The city of Atlanta is reeling due to its computer systems being hacked by ransomware last week, and many city departments are still offline. The hackers responsible for the attack are demanding a ransom of $51,000 worth of Bitcoin. This type of brazen cyberattack by hackers shows just how confident cybercriminals are becoming.

An Early Morning Ransomware Attack

Atlanta officials first noticed a problem early in the morning around 6 AM on Thursday, March 22nd. A ransomware attack encrypted data and shut down multiple applications on the city’s network, including apps for citizens to pay bills and access court-related information.

The Ransom Note

Not long after the attack Hackers sent a ransom note to the city of Atlanta with a list of demands. The note instructed the city to send .8 Bitcoin for each city computer or 8 Bitcoins for all the city’s computers, this amount of Bitcoin is valued at $51,000.

After sending the Bitcoin, Atlanta officials will have to leave a comment on their own website with the provided hostname, and the hackers will reply to the comment with decryption software that will delete the ransomware.

How Did This Happen?

It is still uncertain how hackers were able to plan and execute such a large-scale ransomware attack on an entire city’s computer network. Some are theorizing that the hackers gained access to the computers through a remote portal.

An Ongoing Situation

The city of Atlanta has not said if it plans on paying the ransom and computers at city hall are still shut down. The mayor of Atlanta says that a team of IT experts are working on fixing the computer network, and the FBI has been brought in to investigate.

Meanwhile, many city departments have been forced to conduct business using paper instead of computers and citizens are having a hard time communicating with local departments.

The Importance of IT Security

This major attack on a US city should remove any doubt that cybercrime impacts everyone, even governments. If an entire city can be attacked by ransomware, anyone or any business can. Cybersecurity is no longer optional in 2018, contact JDL Group to start protecting yourself.

Additional Resources

http://www.cbs46.com/story/37787028/sources-city-of-atlanta-computer-systems-dealing-with-cyberattack
http://www.cbs46.com/story/37816000/cyberattack-continues-to-stall-business-in-city-of-atlanta
https://www.yahoo.com/news/hackers-demanding-bitcoin-ransom-attack-atlanta-city-computers-070319259.html

Atlanta's Computer Systems Infected with Ransomware, Hackers are Demanding Over ,000 in Bitcoin

Insider Threats – Your Organization’s Top Security Risk

data protection for life sciences

An insider threat is just what it sounds like. Any time an organization’s security is threatened from an employee or third party within, data and profitability are at risk. Vulnerability management helps analyze risk. Threats can be malicious when insiders intentionally cause leaks and data breaches to seek revenge or obtain money. Occasionally, hackers from a competing or opposing organization gain employment or act as a supplier for the purpose of carrying out an insider attack.

Often threats occur because employees accidentally delete important data, participate in a phishing effort or thoughtlessly share more data than they should with an outside source. Employees might accidentally send data that should be kept secure to the wrong email address or share files they don’t realize contain confidential information.

Dangers of Insider Threats

Insider threats are some of the most expensive and pervasive security risks facing businesses of all sizes. Consider the following statistics:

  • More than half of companies that experienced an insider attack said they spent at least $100,000 to fix the breach.
  • For 12 percent of the organizations attacked, remediation costs were in excess of $1 million.
  • Seventy-four percent of companies surveyed in the 2017 Insider Threat Report said they felt vulnerable to insider threats.

Some industries are attacked more often than others. Medical facilities spend large sums preventing health care data breaches and law firms focus on legal security and compliance because of the high cost associated with remediating compromised data.

Insider threats are devastating because they often go undetected, sometimes for years. When employees must regularly access sensitive information and systems, it’s hard to tell if they’re just doing their job or providing information to unauthorized parties. The longer it takes for an organization to notice a breach, the more data is unsecure.

Malicious behavior is even harder to prove. Well-trained hackers know how to cover their tracks, and innocent employees may not even know what they did wrong. In both cases, it can be impossible to prove guilt or isolate who is responsible.

Most Common Causes and How to Prevent Them

While anyone who has access to data can be an insider threat, organizations should focus most on these groups:

  • data breach prevention NJUsers with high levels of clearance. Administrators, department heads and IT specialists typically have the highest access to sensitive data. Even the most trustworthy and committed staff can make errors that create a breach. Provide a clear understanding of system connection protocols even for leadership. Specify safe activities and what behaviors create risk.
  • Outside parties with access. Employees who work outside of your facility, suppliers and subcontractors often receive permission to access data to do their job, but they can pose a threat to data security. Protect users from accidentally causing a problem with network segregation. Experts can set systems to check for unauthorized activity, partition suspicious files off from the network and prevent third parties from accessing files they shouldn’t.
  • Disgruntled or previous employees. When you ask an employee to leave, make sure they don’t take data with them. USB, smart phones, and email transfers are simple ways to transfer data off premise. Know which data are sensitive and what employees can access before their termination. Make a practice of giving people the least amount of access they need to minimize the risk, and review user activity to check for misuse. Disable access immediately upon resignation or termination.

Contact Us

JDL Group can help you implement the right strategy to protect your organization from insider threats. Contact us today.

Additional Resources:
https://www.scmagazineuk.com/the-insider-threat-the-biggest-threat-in-banking-cyber-security/article/654525/
https://blog.netwrix.com/2017/12/07/7-tips-to-avoid-data-theft-by-ex-employees/
https://www.welivesecurity.com/2017/05/26/3-types-employees-cause-data-breach/
https://www.tripwire.com/state-of-security/security-data-protection/insider-threats-main-security-threat-2017/

 

Insider Threats – Your Organization’s Top Security Risk

data protection for life sciences

An insider threat is just what it sounds like. Any time an organization’s security is threatened from an employee or third party within, data and profitability are at risk. Vulnerability management helps analyze risk. Threats can be malicious when insiders intentionally cause leaks and data breaches to seek revenge or obtain money. Occasionally, hackers from a competing or opposing organization gain employment or act as a supplier for the purpose of carrying out an insider attack.

Often threats occur because employees accidentally delete important data, participate in a phishing effort or thoughtlessly share more data than they should with an outside source. Employees might accidentally send data that should be kept secure to the wrong email address or share files they don’t realize contain confidential information.

Dangers of Insider Threats

Insider threats are some of the most expensive and pervasive security risks facing businesses of all sizes. Consider the following statistics:

  • More than half of companies that experienced an insider attack said they spent at least $100,000 to fix the breach.
  • For 12 percent of the organizations attacked, remediation costs were in excess of $1 million.
  • Seventy-four percent of companies surveyed in the 2017 Insider Threat Report said they felt vulnerable to insider threats.

Some industries are attacked more often than others. Medical facilities spend large sums preventing health care data breaches and law firms focus on legal security and compliance because of the high cost associated with remediating compromised data.

Insider threats are devastating because they often go undetected, sometimes for years. When employees must regularly access sensitive information and systems, it’s hard to tell if they’re just doing their job or providing information to unauthorized parties. The longer it takes for an organization to notice a breach, the more data is unsecure.

Malicious behavior is even harder to prove. Well-trained hackers know how to cover their tracks, and innocent employees may not even know what they did wrong. In both cases, it can be impossible to prove guilt or isolate who is responsible.

Most Common Causes and How to Prevent Them

While anyone who has access to data can be an insider threat, organizations should focus most on these groups:

  • data breach prevention NJUsers with high levels of clearance. Administrators, department heads and IT specialists typically have the highest access to sensitive data. Even the most trustworthy and committed staff can make errors that create a breach. Provide a clear understanding of system connection protocols even for leadership. Specify safe activities and what behaviors create risk.
  • Outside parties with access. Employees who work outside of your facility, suppliers and subcontractors often receive permission to access data to do their job, but they can pose a threat to data security. Protect users from accidentally causing a problem with network segregation. Experts can set systems to check for unauthorized activity, partition suspicious files off from the network and prevent third parties from accessing files they shouldn’t.
  • Disgruntled or previous employees. When you ask an employee to leave, make sure they don’t take data with them. USB, smart phones, and email transfers are simple ways to transfer data off premise. Know which data are sensitive and what employees can access before their termination. Make a practice of giving people the least amount of access they need to minimize the risk, and review user activity to check for misuse. Disable access immediately upon resignation or termination.

Contact Us

JDL Group can help you implement the right strategy to protect your organization from insider threats. Contact us today.

Additional Resources:
https://www.scmagazineuk.com/the-insider-threat-the-biggest-threat-in-banking-cyber-security/article/654525/
https://blog.netwrix.com/2017/12/07/7-tips-to-avoid-data-theft-by-ex-employees/
https://www.welivesecurity.com/2017/05/26/3-types-employees-cause-data-breach/
https://www.tripwire.com/state-of-security/security-data-protection/insider-threats-main-security-threat-2017/

 

Insider Threats – Your Organization’s Top Security Risk

Alert: 33.7 Millions Records Released to Public Due to Leak of Massive Marketing Database

In recent news, millions of records containing personal information were made available to the public in a sizable data leak, providing potential scammers with plenty of information to utilize in their schemes. These records were all part of a 53 GB database that was available for purchase from Dun & Bradstreet, a business service firm.

The database contained information that could be of great use to hackers and marketers alike, as it outlined corporate data for businesses within the United States, providing professional details and contact information for members at every level of the businesses included.

Dun & Bradstreet released a statement via email in an attempt to remove the firm from any responsibility. According to the firm, there was no evidence of a breach on their systems. The email also pointed out that the leaked data was sold to “thousands” of other companies, and that the leaked data seemed to be six months old. In essence, Dun & Bradstreet’s position was “not our fault.,” and that there was little cause for worry, as the list only contained “generally publicly available business contact data.”

However, not everyone feels that the responsibility for this event can be passed off so easily, especially considering the nature of the data found on the database.

Troy Hunt manages Have I Been Pwned, a data leak alert site that allows a user to reference one of their accounts to determine if their credentials have been compromised. He offered up his own take after reviewing the database for himself. Hunt’s analysis revealed that the organizations with the most records in the database were:

The United States Department Of Defense: 101,013
The United States Postal Service: 88,153
AT&T Inc.: 67,382
Wal-Mart Stores, Inc.: 55,421
CVS Health Corporation: 40,739
The Ohio State University: 38,705
Citigroup Inc.: 35,292
Wells Fargo Bank, National Association: 34,928
Kaiser Foundation Hospitals: 34,805
International Business Machines Corporation: 33,412

If this list alarms you, you have the right idea. In his comments, Hunt brought up a few concerns that he had with the contents of the database out in public.

First of all, this list is essentially a guidebook for someone running a phishing campaign. A resourceful scammer could easily use the information contained in this list (including names, titles, and contact information) to create a very convincing and effective campaign. Furthermore, the most common records in the leaked database were those of government officials and employees. Hunt went so far as to mention which personnel records could be found in the database for the Department of Defense: while “Soldier” was the most common, the list also included “Chemical Engineer” and “Intelligence Analyst” entries.

In his response, Hunt asked a very important question: “How would the U.S. military feel about this data – complete with PII [personally identifiable information] and job title – being circulated?” With the very real threat of state-sponsored hacking and other international cyber threats in mind, Hunt brought up the value this list would have to a foreign power that isn’t fond of the U.S.

Finally, Hunt cited the chances of this data being recovered to be at a firm “zero” percent.

In short, despite the reassurances from Dun & Bradstreet, this database going public could present some very real dangers to any businesses included in it.

Contact Us

If you’re worried that your business may be vulnerable, there are two things you should do. First, you should see if your data has been exposed by checking Hunt’s site, Have I Been Pwned. Second, you should reach out to us at JDL Group, so we can help keep you secured against threats like this and others. Give us a call at 973.241.4817.

In recent news, millions of records containing personal information were made available to the public in a sizable data leak, providing potential scammers with plenty of information to utilize in their schemes. These records were all part of a 53 GB database that was available for purchase from Dun & Bradstreet, a business service firm.

The database contained information that could be of great use to hackers and marketers alike, as it outlined corporate data for businesses within the United States, providing professional details and contact information for members at every level of the businesses included.

Dun & Bradstreet released a statement via email in an attempt to remove the firm from any responsibility. According to the firm, there was no evidence of a breach on their systems. The email also pointed out that the leaked data was sold to “thousands” of other companies, and that the leaked data seemed to be six months old. In essence, Dun & Bradstreet’s position was “not our fault.,” and that there was little cause for worry, as the list only contained “generally publicly available business contact data.”

However, not everyone feels that the responsibility for this event can be passed off so easily, especially considering the nature of the data found on the database.

Troy Hunt manages Have I Been Pwned, a data leak alert site that allows a user to reference one of their accounts to determine if their credentials have been compromised. He offered up his own take after reviewing the database for himself. Hunt’s analysis revealed that the organizations with the most records in the database were:

The United States Department Of Defense: 101,013
The United States Postal Service: 88,153
AT&T Inc.: 67,382
Wal-Mart Stores, Inc.: 55,421
CVS Health Corporation: 40,739
The Ohio State University: 38,705
Citigroup Inc.: 35,292
Wells Fargo Bank, National Association: 34,928
Kaiser Foundation Hospitals: 34,805
International Business Machines Corporation: 33,412

If this list alarms you, you have the right idea. In his comments, Hunt brought up a few concerns that he had with the contents of the database out in public.

First of all, this list is essentially a guidebook for someone running a phishing campaign. A resourceful scammer could easily use the information contained in this list (including names, titles, and contact information) to create a very convincing and effective campaign. Furthermore, the most common records in the leaked database were those of government officials and employees. Hunt went so far as to mention which personnel records could be found in the database for the Department of Defense: while “Soldier” was the most common, the list also included “Chemical Engineer” and “Intelligence Analyst” entries.

In his response, Hunt asked a very important question: “How would the U.S. military feel about this data – complete with PII [personally identifiable information] and job title – being circulated?” With the very real threat of state-sponsored hacking and other international cyber threats in mind, Hunt brought up the value this list would have to a foreign power that isn’t fond of the U.S.

Finally, Hunt cited the chances of this data being recovered to be at a firm “zero” percent.

In short, despite the reassurances from Dun & Bradstreet, this database going public could present some very real dangers to any businesses included in it.

Contact Us

If you’re worried that your business may be vulnerable, there are two things you should do. First, you should see if your data has been exposed by checking Hunt’s site, Have I Been Pwned. Second, you should reach out to us at JDL Group, so we can help keep you secured against threats like this and others. Give us a call at 973.241.4817.