Security Breach – 4 Oct 2024

credential stuffing

04 Oct Security Breach – 4 Oct 2024

Posted at 12:10h in Security Breach, TCT News by

With credential stuffing attacks, hackers apply previously stolen login credentials to other platforms in an attempt to gain access to user accounts or company networks. Today, there are billions of records available on the Dark Web, and since the majority of internet users admit to using the same usernames and passwords across multiple digital platforms, such threats can have cascading consequences.

They are also incredibly easy to perpetuate. Hackers rely on easily accessible automation tools and proxy services to orchestrate attacks at scale, positioning credential stuffing as a low effort, high reward endeavor for bad actors. Although credential stuffing attacks are especially prevalent and intrusive, they are also entirely defensible. For starters, strong, unique passwords can isolate cybersecurity instances, ensuring that compromised credentials on one platform can’t be used to access other websites. When coupled with two-factor authentication, consumers can prevent unauthorised access by placing obstacles in the way of an otherwise easy-to-deploy cyber attack.

Recent Breaches

 

Australia – I-MED – Medical Imaging Provider

Exploit: Credential Stuffing

Risk to Business: Moderate: Tens of thousands of patients from Australia’s biggest medical imaging provider I-MED have had swaths of sensitive health and personal information exposed in a data breach using details that have been public for a year. This information includes medical reports, scan images, names, addresses and other details that were stored in I-MED’s internal systems, which were accessed by a third party. On Thursday, the company provided a statement confirming the breach. “After becoming aware of the issue I-MED took immediate action to disable all these external accounts and we contacted impacted users,” it said in an email. I-MED did not answer questions about how many patients had been affected in the breach.

 

United States – MoneyGram – Finance

Exploit: Hacking

Risk to Business: Extreme: MoneyGram, a peer-to-peer payments and money transfer service, has confirmed a cyberattack that took its systems offline starting on September 20, 2024. On September 22, the company informed customers that a network outage was disrupting connectivity to several systems, affecting both in-person and online transactions. In response, MoneyGram launched an investigation into the breach and contacted law enforcement. By the end of the week, the company announced progress in restoring its services, stating that some partners were now able to send and receive money, and pending transactions were being fulfilled.

Talk to a TCT team member today about implementing cyber security plan for your business.

Robert Brown
04/10/2024

Related Articles:
Technology Driving Office Productivity
Software Supply Chain Security