The Week in Breach 07/30/19 – 08/03/18
This week contains the high-profile breach of Reddit, healthcare and education sectors and an exploration of a Dark Web hacking forum.
Highlights from The Week in Breach:
Gamers Play Kaiser Permanente.
Russian Dark Web Hacking Forum!
The Front Page of the Breach.
Ivy League Fail!
In Other News:
Russian Dark Web
A reporter from The Guardian recently dove into a popular Russian Dark Web hacking forum known as FreeHacks, which aims to maximize efficiency in the attacks of its members and to disperse information on ‘quality’ hacking. On the surface it looks like any other forum, and (in essence) it is, with a twisted turn provided by the malicious nature of the subject matter. The categories of the forum are split into a wide variety of specific types of hacking and some ‘lifestyle’ forums as well. Hacker news, humor, botnet, DDoS, programming, web development, malware and exploits, and security are examples of some of the topics discussed on the site. Some of the markets on the site include stolen credit cards, password cracking software, a clothing market to launder money, and a document market where members can buy passports and citizenships. The forum has about 5,000 active members and claims that a hacker is not a ‘computer burglar’ but rather ‘someone who likes to program and enjoy it.” Given the kind of information and marketplaces available on the site, this seems more like mental gymnastics rather than a nuanced examination of one’s own criminality. After passing the registration to get into the site, the reporter found step-by-step directions for finding someone’s physical address, among other nefarious ways to penetrate companies’ networks or to extort individuals.
https://www.theguardian.com/commentisfree/2018/jul/24/darknet-dark-web-hacking-forum-internet-safety
Gamer Recognize Game
The website for Kaiser Permanente was hijacked this week by hackers, defacing the site to include a variety of Game of Thrones quotes, which is a popular book series turned TV show. The American integrated care consortium based in Oakland, California had their pictures of happy healthy families on their front page replaced with a black screen and a declaration that a hacking group known as the faceless men was responsible for the act. The hacking group appears to be somewhat amateur in nature, and Turkish in origin. An investigation into the group’s members reveals that a few of the hackers listed are active Turkish gamers, which raises the question about how an organization that handles sensitive medical information was able to be hacked by a group of Turkish gamers with very little hacking experience. It is unclear whether any personal information has been accessed in the hack … the organization has declined to comment as of the writing of this Week in Breach.
https://www.databreaches.net/hear-me-roar-kaiser-permanente-site-defaced-by-got-fans/
Security > Convenience
More customers value security over convenience than professionals in the UK, according to a new study. 83% of customers prefer security, compared to only 60% of cybersecurity professionals. The study explores the reason for the disparity in the concern, citing organizations desire for frictionless customer experience as a reason for not having tight security. This could contribute to the UK scoring an unimpressive 56 out of 100 points on the Digital Trust Index which is one of the lowest in the world and 5 points lower than the global average. This disconnect is likely to continue in the future considering 88% of UK executives believe they are doing a good job protecting consumer data while over half of their organizations have been breached in the past year.
https://www.infosecurity-magazine.com/news/uk-consumers-prefer-security-to/
Hacking from The Inside
Across 5 different correctional facilities in Idaho, hundreds of inmates were able to add thousands of dollars’ worth of credits to their JPay accounts, which allows inmates to buy music or send emails. Over 300 inmates were able to exploit a vulnerability in the JPay system to add $224,772 across the group. One of those involved managed to gain nearly $10,000 using the exploit. Those who hacked their JPay accounts are being punished, and the vulnerability is being fixed, but this raises questions about the security of programs used by the U.S. prison system.
https://www.nytimes.com/2018/07/27/us/idaho-prison-hack-jpay-nyt.html
Podcasts:
IT Provider Network – The Podcast for Growing IT Service
Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!
United States – Reddit
Exploit: SMS intercept.
Risk to Small Business: High: Could have damaging effects on the trust of clients, as well as highlighting the vulnerabilities of SMS 2FA.
Individual Risk: Moderate: The nature of the data is not particularly harmful due to the age and the scope but affected users could be at risk for spam.
Reddit: Extremely popular forum, one of the 5 most popular sites on the internet.
Date Occurred/Discovered: June 14 – 18, 2018
Date Disclosed: August 1, 2018
Data Compromised:
- Old Reddit user data (before May 2007)
- Usernames
- Salted hashed passwords
- Email addresses
- Public content
- Private messages
- Email digests
Customers Impacted: Users with accounts made before 2007, subscribers to email digests between June 3 and June 17, 2018.
United States – UnityPoint Health
Exploit: Phishing.
Risk to Small Business: High: A huge breach of customer trust, also this organization will be fined heavily because medical data was breached.
Individual Risk: High: The content breached is valuable on the Dark Web and is vital in identity theft.
UnityPoint Health: Multi hospital group operating in Iowa, Illinois and Wisconsin.
Date Occurred/Discovered: March 14 – April 3, 2018
Date Disclosed: July 31, 2018
Data Compromised:
- Protected health information
- Names
- Addresses
- Medical data
- Treatment information
- Lab results
- Insurance information
- Payment cards
- Social Security Number
Customers Impacted: 1.4 Million.
New Zealand – Hāwera High School
Exploit: Phishing.
Risk to Small Business: High: Ransomware attacks can be very disruptive.
Individual Risk: High: Students could lose files stored locally on computers. High risk of identity theft if PII is stored.
Hāwera High School: A New Zealand High School.
Date Occurred/Discovered: August 2018
Date Disclosed: August 2, 2018
Data Compromised:
- Local files stored on school computers
Customers Impacted: Students at the school.
https://www.theregister.co.uk/2018/08/02/new_zealand_school_hit_by_ransomware_scum/
India – CreditMate.in
Exploit: Exposed database.
Risk to Small Business: High: The exposed database was found during a routine google search, this kind of breach would seriously damage an organizations image.
Individual Risk: High: Data key for identity theft were exposed in this breach.
CreditMate: Helps customers obtain loans to purchase motorbikes.
Date Occurred/Discovered: July 27, 2018
Date Disclosed: August 2, 2018
Data Compromised:
- Member reference number
- Enquiry number
- Enquiry purpose
- Amount of loan being sought
- Full name
- Date of birth
- Gender
- Income tax ID number
- Passport
- Driver’s license
- Universal ID number
- Telephone number
- Email address
- Employment information
- Employment income
- CIBIL credit score
- Residential address
- Payment history of other loans/credit cards
Customers Impacted: 19,000.
United States – Yale University
Exploit: Unclear.
Risk to Small Business: High: Highly sensitive personal information was leaked which would damage consumer trust.
Individual Risk: High: The data accessed would be highly useful for bad actors looking to steal someone’s identity.
Yale University: A prestigious American University.
Date Occurred/Discovered: April 2008 – January 2009
Date Disclosed: June 2018
Data Compromised:
- Social security numbers
- Dates of birth
- Email addresses
- Physical addresses
Customers Impacted: 119,000
https://www.zdnet.com/article/yale-discloses-old-school-data-breach/
A note for your customers:
Texts from a Hacker.
With the breach of Reddit being disclosed this week, it’s key to remember the importance of robust cybersecurity, given that the hacker of the site was able to bypass 2FA. The actor was able to do this by using a method called ‘SMS intercept’ which is when the hacker is able to receive the text that contains the code for authentication. One way this is done is by SIM-swap, which is when the attacker convinces the phone provider that he is the target and applies their service to a new SIM card. Another method of attack is when bad actor impersonates the target and tricks the phone provider into transferring the target’s number to a new provider where the attacker is then able to access any 2FA codes coming into the phone.
A more secure alternative to SMS 2FA is app-based authentication through organizations such as Duo, which is not subject to the same vectors of attack. Stay vigilant out there, because SMS-intercept attacks are going to become more and more prevalent as they have been shown to be successful, and publicly too considering Reddit is one of the most popular sites on the internet.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!