- One in four breaches in the financial services sector over the last several years were due to lost or stolen devices, one in five were the result of hacking. Fourteen percent of leaks can be attributed to unintended disclosures and 13 percent to malicious insiders.
- Five of the nation’s 20 largest banks have already suffered data breaches in the first half of 2016.
- In 2015, 87 breaches were reported in the financial services sector, up from 45 in 2014. In the first half of 2016, 37 banks have already disclosed breaches.
- Over 60 organizations suffered recurring breaches in the last decade, including most major banks.
- JP Morgan Chase, the nation’s largest bank, has suffered recurring breaches since 2007. The largest breach event, the result of a cyberattack, was widely publicized in 2014 and affected an estimated 76 million U.S. households. Other breaches at JPMorgan were due to lost devices, unintended disclosures, and payment card fraud.
- Of the three major credit bureaus, the 2015 Experian leak was the largest, affecting 15 million individuals. Equifax has also disclosed several recent breaches, including unauthorized accesses earlier this year that affected hundreds of thousands of individuals.
Thursday, August 25, 2016
A word of caution for my gaming students.
Alex Walker reports:
Funcom, makers of The Secret World, The Longest Journey, Age of Conan and Anarchy Online, announced earlier this morning that their forums have been compromised and user data exposed.
In an announcement on their website, Funcom announced that the data breach for the four games above included encrypted passwords, user names and e-mail addresses. “Even though passwords were encrypted, these can be cracked and should be considered compromised,” the company said.
According to the LeakedSource data breach monitoring hub, many of the forum passwords have already been cracked. On the English forums for The Secret World alone, more than 81,000 passwords from nearly 228,000 users had been cracked.
Read more on Kotaku.
The problem is that people re-use passwords.
Hackers Steal 25 Million Accounts From Mail.Ru Domains
… LeakedSource, a service that allows users and businesses to check if their online accounts have been compromised, reported on Wednesday that cybercriminals obtained roughly 25 million username and password combinations from three different domains: cifre.mail.ru, parapa.mail.ru and tanks.mail.ru. The affected domains host forums for games acquired by the Mail.Ru Group over the past years.
The passwords were stored as MD5 hashes with and without salts, which has allowed LeakedSource to easily crack millions of them. The most common passwords appear to be 123456789, 12345678, 123456 and 1234567890.
… the many password reuse attacks detected recently by companies such as Facebook, GitHub, Reddit and Netflix show that even older credentials can be useful for malicious actors.
For my Computer Security students. Be prepared to discuss ways to reduce this risk!
A press release about the financial sector that may be of interest to some readers:
CAMPBELL, CA–(Marketwired – Aug 25, 2016) – Bitglass, the total data protection company, today announced the availability of its Financial Services breach report, an analysis of all breaches in the sector since 2006, with data aggregated from public databases and government mandated disclosures. The report reveals that leaks nearly doubled between 2014 and 2015, a growth trend on track to continue in 2016. The nation’s largest banks have all suffered leaks at some point in the recent past. In the first half of 2016 alone, five of the nation’s top 20 banks disclosed breaches.
The report also explores the most common causes of data leaks in the sector. Led by lost and stolen devices at 25.3 percent of breach events, financial services organizations appear to struggle with data protection on managed and unmanaged devices. While hacking accounted for a disproportionate number of individuals affected by financial services breaches, only one in five leaks were caused by hacking. Other breaches were the result of unintended disclosures, malicious insiders, and lost paper records.Key findings:
Download the full report: bitglass.com/financial-breaches-2016
For my Ethical Hacking students.
3 Ways Your Car Can Be Hacked by Cyber Criminals
You say relaxing
I say reneging
Let’s call the whole thing off (Apologies to the Gershwins)
Relaxing Privacy Vow, WhatsApp to Share Some Data With Facebook
When Facebook bought the start-up WhatsApp in 2014, Jan Koum, WhatsApp’s co-founder, declared that the deal would not affect the digital privacy of his mobile messaging service’s millions of users.
… WhatsApp said on Thursday that it would start disclosing the phone numbers and analytics data of its users with Facebook. It will be the first time the messaging service has connected people’s accounts to the social network to share information, as Facebook tries to coordinate information across its collection of businesses.
This is the world my Computer Security students will live in. Still, I don’t think I’d call it a “Hackerpocalypse.”
Cybercrime damages expected to cost the world $6 trillion by 2021
Cybercrime will continue its stratospheric growth over the next five years, according to a recent report published by Cybersecurity Ventures. (Disclaimer: Steve Morgan is the Founder and CEO at Cybersecurity Ventures.)
While there are numerous contributors to the rise in cybercrime -- which is expected to cost the world more than $6 trillion by 2021, up from $3 trillion in 2015 -- the most obvious predictor is a massive expansion of the global attack surface which hackers target.