PII | Bach Seat

Tag Archive for PII

RB | September 7, 2019

Comments Off

$2.9M Per Minute Lost to Cybercriminals

Updated 10/27/2019 – On October 22, 2019, the FBI issued a warning about cybercriminals running e-skimming attacks, also known as Magecart attacks. These attacks have been happening since 2016, but have intensified during 2018 and 2019. These attacks started out by exploiting vulnerabilities in open-source e-shopping platforms. However, over the past two years, attackers evolved their attack methodology, and any online store is now susceptible to attacks, regardless if it runs on top of an open-source platform or a cloud-hosted service.

—

Cybercriminals cost the global economy $2.9 million every minute of 2018. This shocking statistic comes from RiskIQ‘s latest Evil Minute report. RiskIQ specializes in online attack surface management, providing threat discovery, intelligence, and mitigation. The San Francisco, CA-based firm figured that a total of $1.5 trillion was lost to cyber-criminals in 2018. Some of the more ominous info-bits they presented include:

$25 per minute, the cost to top companies due to security breaches.
$17,700: lost from phishing attacks per minute
$22,184: the projected by-the-minute cost of global ransomware events in 2019

Other statistics include:

8,100: identifier records compromised every minute
2.4: phish traversing the internet per minute
0.32: blacklisted apps by-the-minute
0.21: Magecart attacks detected every minute

Lou Manousos, CEO of RiskIQ said in the presser, “As the scale of the internet continues to proliferate, so does the threat landscape.”

Magecart hacks

The report specifically calls out attacks that target e-commerce. They focus on the Magecart hacks. Magecart hacks have increased by 20% in the last year. By some estimates, the Magecart supply chain attacks have resulted in the theft of more credit card information than more infamous breaches at Home Depot and Target. According to reports, Magecart was behind the 2018 cyber-attacks on British Airways and Ticketmaster which together compromised the info of over 425,000 of the firm’s customers.

Magecart attack is a credit card skimmer that intercepts card numbers and information when a payment card is swiped at the point of sale. Unlike gas card or ATM skimmers, there is almost no way for a consumer to determine that Magecart skimming is about to take place. There is no physical manifestation of Magecart and it is not always easy to catch, because it takes advantage of universal code and other applications not typically related to payments.

ecommerace

Magecart is a consortium of at least six different hacking groups that target flaws in online shopping cart systems. The attackers like Magento to steal customer payment card information. Magento, an open-source e-commerce platform written in open-source PHP. At least initially attackers exploited a PHP Object Injection flaw (CVE-2016-4010) in the popular online shopping cart.

In order to run this compromise, the Magecart attacker substitutes a piece of Javascript code, either by altering the Magento source code or by redirecting the shopping cart using an injection to a website that hosts the malware to steal the credit card and user information.

RiskIQ CEO Manousos warns;

Without greater awareness and an increased effort to implement necessary security controls, there will be more attacks using an ever-expanding range of technologies and strategies.

rb-

Firms that fall victim to attacks don’t just lose card info. They also lose time and productivity. Restoring hacked data and systems takes time and resources. The damage to a company’s reputation can cost it new and existing customers. Then there are the legal penalties from PCI, HIPAA, and the courts that come with mishandling customer information.

Like I keep saying – time to go back to the cash economy.

Few Target victims to benefit from settlement (USA Today)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2019, Data breach, Hacking, HIPAA, Open Source, PCI-DSS, Phishing, PII, RiskIQ, Security, Skimmer

RB | August 24, 2019

Comments Off

8,200,000,000 Data Breaches

2019 is on pace to be the worst year ever for data breaches. If things continue at the same pace 8.2 billion records will be exposed by the end of 2019. The threat intelligence firm Risk Based Security reports that during the first half of 2019 over 4.19 billion records were exposed in 3,813 reported breaches between January and July 2019.

Those numbers work out to more than 20 data breaches a day. Eight mega-breaches that exposed more than 100 million records were reported. These web-based breaches were primarily the result of leaving databases accessible to third parties and failing to protect them. Forbes reports that these misconfigured databases and services accounted for 149 of the 3,813 incidents reported this year. According to Forbes, the mega-breaches exposed over 3.2 billion records and accounting for 78.6% of the total records exposed in the first half of 2019.

Largest data breaches

The 10 largest data breaches for the first half of 2019 are:

Verifications.io (982 million),
First American Financial (885 million),
Cultura Colectiva (540 million),
unknown organization in India (275 million),
unknown organization in China (202 million),
Dubsmash (161 million),
Canva (138 million),
Justdial (100 million),
Mobile Drip (80 million), and
Unknown U.S. firm (80 million).

The Verifications.io, First American Financial, and Cultura Colectiva breaches are ranked among the top 10 breaches of all time based on the number of records exposed.

Database security Consumer Affairs says the Verifications.io, an email marketing company whose misconfigured database exposed 982,864,972 names, addresses, and Facebook, LinkedIn, and Instagram accounts. The information associated with the breach includes email addresses, dates of birth, phone numbers, fax numbers, genders, IP addresses, and personal mortgage amounts. As a result of the incident, Verifications.io has ceased operations.

If you’ve bought a house, particularly in California, another breach may impact you. First American Financial Corporation exposed 885,000,000 records. Consumer Affairs writes that exposed data included real estate closing transaction records that contained names, Social Security numbers, phone numbers, email and physical addresses, driver’s license images, banking details, and mortgage lender names and loan numbers.

Other interesting data breach infobits

The number of breaches also reached a new high during the first half of 2019.
The average number of records lost per leak was just 230.
The majority of breaches had a moderate to low severity score and exposed 10,000 records or less.

Thankfully RBS says more critical data was less commonly stolen during attacks.

Social Security numbers were stolen in 11% of attacks,
Addresses were stolen in 11% of attacks,
Account numbers were stolen in 10% of attacks,
Birth dates were stolen in 6% of attacks,

The sectors impacted

Healthcare 224 breaches,
Retail 199 breaches,
Finance and insurance 183 breaches,
Government and information 160 breaches each, and
Education 99 breaches..

Inga Goddijn, executive vice-president at Risk Based Security told ComputerWeekly.com,

It is hard to be optimistic about the outlook for the year … The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate.

Phishing

Phishing is a tried and tested first step for gaining access to systems and services, the report said. The phished data can be used to perpetuate attach. The most frequently stolen data are email addresses and passwords. These credentials are valuable to attackers because they can be used across multiple domains (because we know users don’t use unique IDs for each account) for credential stuffing. These credentials can also be changed by the attacker (or the Owner). The report points out that 70% of the known breaches included email addresses and 65% included passwords.

Phishing can also lead to other critical but less monetized data. The report said phishing can lead to the exposure of unusual or unexpected types of data, including electronic signatures, calendars, marriage certificates, and company-issued employee ID numbers, all valuable for social engineering or spear-phishing attacks.

rb-

Businesses need to get their security act together – they were responsible for over 2/3’s of the breaches by RBS. The garden variety cyber-criminal is a script-kiddie who will run automated scripts looking for unsecured databases in order to scrape up any data they can. The big breaches make the headlines, but the everyday incidents make the money for most attackers.

Data breaches affected more than a billion people in 2018 (Computer Weekly)

Category: Uncategorized | Tags: 2019, Data breach, Database, Phishing, PII, Security

RB | January 5, 2019

Comments Off

Marriott Data Breach One Of Biggest Ever

Updated July 17, 2019 – The Brits slapped Marriott with a £99m ($124m) fine for “infringements of the GDPR.” The Information Commissioner’s Office said that Marriott failed to undertake sufficient due diligence when it bought Starwood, and should also have done more to secure its systems prior to the data breach.

___

The internet is a dangerous place for data. Hotel chain Marriott (M AR) proved that once again. Marriott revealed that hackers stole personal information from 500 million Starwood Preferred Guest program participants. The data stolen in the data breach included sensitive personally identifiable information (PII).

Marriott said it got an alert on September 8, 2018, about an attempt to access the Starwood database and enlisted security experts to assess the situation. During the investigation, Marriott claims to have discovered that the unauthorized access to the Starwood network started in 2014.

Investigators found that an unauthorized party had copied and encrypted information from the database and had taken steps toward removing it. The company was able to decrypt the information on November 19, 2018, and found that the contents were from the Starwood guest reservation database. The hotel chain then waited until November 30, 2018, to tell its customers of the data theft.

What was lost on the data breach

For about 327 million Marriott customers, the compromised information includes some combination of name, address, phone number, email address, passport number, Starwood Preferred Guest (‘SPG’) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Marriott added that the data breach included payment card information. About 170 million impacted Marriott customers only had their names and basic information like address or email address stolen.

Marriott says that about 20.3 million encrypted passport numbers and approximately 8.6 million encrypted payment cards were compromised in the breach.

Several sources report that state-sponsored Chinese hackers working for the intelligence services and the military were behind the attack. The stolen data would be an espionage bonanza for government hackers. Sources point out that the Starwood attacks began in 2014, shortly after the attack on the U.S. government’s Office of Personnel Management (OPM) compromised sensitive data on tens of millions of employees, including application forms for security clearances.

Sadly, the 500 million records Marriott hack only ranks as the third-largest known data breach to date. This list of fails illustrates, no matter what you’re doing online every time you put your information on the internet, you risk it being stolen.

Rank	Company	Accounts Hacked	Date of Hack
1	Yahoo	3 Billion	August 2013
2	River City Media	1.3 Billion	May 2017
3	Aadhaar	1.1 Billion	January 2018
4	Marriott	500 Million	2014 - 2018
5	Yahoo	500 Million	Late 2014
6	Adult Friend Finder	412 Milton	October 2016
7	MySpace	360 Million	May 2016
8	Exactis	340 Million	June 2018
9	Twitter	330 Million	May 2018
10	Experian	200 Million	March 2012
11	Deep Root Analytics	198 Million	June 2017
12	Adobe	152 Million	October 2013
13	Under Armor	150 Million	February 2018
14	Equifax	145.5 Million	July 2017
15	Ebay	145 Million	May 2014
16	Heartland Payment Systems	134 Million	May 2008`
17	Alteryx	123 Million	December 2017
18	Nametests	120 Million	June 2018
19	LinkedIn	117 Million	June 2012
20	Target	110 Million	November 2013
21	Quora	100 million	November 2018
22	VK	100 Million	December 2018
23	Firebase	100 Million	June 2018

rb-

There is something else fishy here. Reports claim that the data was encrypted using AES-128 but not all the stolen data. Attackers were able to steal nearly 20 million passport numbers, and 8.6 million encrypted payment cards.

Marriott says that the attackers were able to gain access to 5.25 million unencrypted passport numbers and 2,000 unencrypted payment card numbers.

I’m sure that regulators (GDPR) and lawyers will ask why unencrypted sensitive info like passports and credit card numbers lying around waiting to be stolen?

World’s Biggest Data Breaches & Hacks (Information is Beautiful)

Category: Uncategorized | Tags: 2019, Advanced Encryption Standard, AES, China, Cyberwarfare, Data breach, Encryption, Equifax, GDPR, GPDR, Heartland, Marroitt, MySpace, OPM, PII, Security, Target, Verizon, Yahoo

RB | October 16, 2018

Comments Off

Protect Yourself from Facebook

Just in case you have been sleeping under a rock the past couple of weeks, social media giant Facebook (FB) was hacked again. In a presser on 10/12/2018, the social networker admitted that nearly 30 million Facebook users were hacked. This is on top of the 50 million user accounts that Mark Zuckerberg’s company allowed Cambridge Analytics to steal.

During the presser, Facebook did not apologize for exposing its users’ information but noted that it was cooperating with the FBI, the US Federal Trade Commission, the Irish Data Protection Commission, and other authorities on the data breach.

The attack involved the capture of Facebook “access tokens,” or digital keys that allow websites to recognize who someone is and keep them logged in. Using accounts they already controlled, the attackers used an “automated technique” to exploit Facebook’s “View As” functionality and steal access tokens for some 400,000 people. Hackers then used friend lists from those 400,000 accounts to obtain access tokens for another 30 million people (Here’s how to find out if you were hacked). Facebook tracked this hack to a change it made to its video uploading feature over a year ago in July 2017, and how that change affected View As.

Facebook confirmed on Friday that the hack compromised the personal and contact information of 30 million users. The compromised personal data includes:

Name
Phone number
Email address
Username,
Gender,
Locale/language,
Relationship status,
Religion,
Hometown,
Self-reported current city,
Birthdate,
Device types used to access Facebook,
Education,
Work,
The last 10 places they checked into or were tagged in,
Website,
People or Pages they follow and,
The 15 most recent searches.

rb-

I have been warning about the dangers of Facebook since 2011. I use the Facebook Container extension for Firefox to helps prevent Facebook from tracking me around the web. The Facebook Container is an extension to the Desktop Firefox 57 and higher (it does not work on Firefox for mobile).

The Facebook Container is a tool to limit what data others can obtain from you. It works by isolating your Facebook identity into a separate container that makes it harder for Facebook to track your visits to other websites with third-party cookies.

When you install the extension it deletes the Facebook cookies on the computer and logs you out of Facebook. The next time you navigate to Facebook it will load in a new blue-colored browser tab (the “Container”).

You can log in and use Facebook normally when in the Facebook Container. If you click on a non-Facebook link or navigate to a non-Facebook website in the URL bar, these pages will load outside of the container.

Clicking Facebook Share buttons on other browser tabs will load them within the Facebook Container. You should know that using these buttons passes information to Facebook about the website that you shared from.

Because you will be logged into Facebook only in the Container, embedded Facebook comments and Like buttons in tabs outside the Facebook Container will not work. This prevents Facebook from associating information about your activity on websites outside of Facebook to your Facebook identity.

In addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected.

It is important to know that this extension doesn’t prevent Facebook from mishandling the data that it already has, or permitted others to obtain, about you. Facebook still will have access to everything that you do while you are on facebook.com, including your Facebook comments, photo uploads, likes, any data you share with Facebook connected apps, etc.

It is important to remember that other ad networks will try to correlate your Facebook activities with your regular browsing.

In addition to using the Facebook Container extension, you can further protect yourself from Facebook by changing your Facebook settings, using Private Browsing, enabling Tracking Protection, and blocking third-party cookies.

Related article

Facebook’s head of public policy is supporting the Kavanaugh nomination, and some employees are livid (The Verge)

Category: Uncategorized | Tags: 2018, Data breach, Facebook, FB, FBI, Firefox, GDPR, Mozilla, PII, Security

RB | May 10, 2018

Comments Off

Riskiest ZIP Codes

Credit rating firm Experian recently published a list of the top 100 riskiest shipping ZIP codes for 2017. In the list, U.S. ZIP codes were rated on the number of attempted fraudulent e-commerce transactions against the population of overall e-commerce orders for the ZIP codes.

Experian’s analysis of fraudulent transactions says international IP addresses affect the overall riskiness of a transaction. e-Commerce transactions from international IP addresses are much riskier than average—6.7x riskier from a shipping perspective. Additionally, Experian’s analysis shows that traffic coming from a proxy server—which could originate from domestic and international IP addresses — is 74 times riskier
then the average transaction.

The riskiest ZIP code for e-commerce fraud in 2017 was 97079 in Beaverton, Oregon according to Experian. In fact, Oregon had nearly half of the top 25 riskiest ZIP codes in 2017. The areas in and around Portland OR occupied 10 of the top 25 spots for riskiest e-commerce transactions. Beaverton’s highest risk international IP county is China.

The Miami Florida area put the sunshine state at #2 in the top 25 with nearly a quarter of the riskiest ZIP codes. Miami had 6 of the top 25 slots for the next most risky ZIP Codes for e-commerce firms. The riskiest Miami ZIP code is 33122. Miami’s highest risk international IP county is Venezuela.

South El Monte, California ZIP code 91733 is the third riskiest ZIP code on the Experian list for e-commerce firms to ship to. Experian says that 91733’s highest risk international IP countries are Taiwan and Hong Kong.

The riskiest Michigan ZIP code is 48204 in Detroit, which ranked 32^nd on the list and is only 15% of the risk of Beaverton OR.

Other Michigan ZIP Codes on the top 100 list are:

Rank	City	State	Zip Code	Fraud Attack Rate
64	Detroit	MI	48227	276.6
68	Detroit	MI	48206	270.3
74	Detroit	MI	48228	262.4

The top 25 riskiest ZIP Codes according to Experian. Fraud attack rates show the attempted fraudulent e-commerce transactions against the population of overall e-commerce orders.

Rank	City	State	Zip Code	Fraud attack rates
1	Beaverton	OR	97079	2741.9
2	Miami	FL	33122	1935.1
3	South El Monte	CA	91733	1473.5
4	Portland	OR	97251	1257.6
5	Portland	OR	97250	1178.6
6	Miami	FL	33166	1155.1
7	Portland	OR	97252	1059.4
8	Miami	FL	33198	1010.6
9	Miami	FL	33195	921.7
10	Miami	FL	33192	769.1
11	Portland	OR	97253	726.2
12	Portland	OR	97230	676
13	Portland	OR	97217	635.8
14	Minden	NV	89423	629.2
15	Houston	TX	77072	625.4
16	Portland	OR	97233	623.4
17	Wilmington	DE	19801	584.6
18	Portland	OR	97218	562.1
19	Des Moines	IA	50314	544.1
20	Chicago	IL	60621	539.8
21	Portland	OR	97203	535.6
22	Miami	FL	33191	518.7
23	Hillsboro	OR	97124	505.3
24	Portland	OR	97254	502.5
25	Manchester	NH	3101	490.4

rb-

The increase in e-commerce fraud attacks should not surprise anyone. The growth of online information and the continuing tsunami of data breaches has put over 9.7 billion data records on the dark web. The plethora of stolen PII enables criminals to open fraudulent accounts, take over legitimate accounts and submit fraudulent transactions.

Another reason for the increase in online fraud activity is automation. In the past, criminals needed to do something, but they can now attack by simply downloading a file and automating the submission of thousands of applications or transactions
simultaneously.

Related article

Don Boyer: How Experian worries me more than Facebook (Times Call)

Category: Uncategorized | Tags: California, Detroit, E-commerce, Florida, Fraud, IP address, Miami, Michigan, Oregon, PII, Proxy server, Risk, Security, Zip Code

« Older Entries Recent Entries »

Bach Seat

Tag Archive for PII

$2.9M Per Minute Lost to Cybercriminals

Magecart hacks

Related articles

8,200,000,000 Data Breaches

Largest data breaches

Other interesting data breach infobits

Phishing

Related Posts

Riskiest ZIP Codes

Meta