Security Breach – 13 May 2021

Security Breach – 13 May 2021

Huge pools of fresh Dark Web Data add to password reuse risks for everyone Huge pools of fresh Dark Web Data add to password reuse risks for everyone

The constant problem of password reuse is becoming more dangerous and the trail of that increased threat can be traced right back to the dark web.

While the world economy may still be experiencing challenges, the dark web economy is running on all cylinders and the data markets are full of eager buyers.

About 60% of the data that was already on the dark web at the start of 2020 could harm businesses.

This influx of data gave cybercriminals plenty of new fuel to use in password-based cyberattacks – and they didn’t waste any time making the most of those new resources in 2021.

No industry is immune to the powerful lure of password recycling, especially in the era of remote and hybrid work making passwords more insecure than ever.

Even though the danger is well-known to IT professionals, about 60% of respondents in a recent IT professional survey indicated their organisation had experienced a password recycling / reuse / related security breach in the past year alone.

The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company.

The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%).

There are still many companies that aren’t even bothering to enforce any standards at all.

Recent Breaches

 

Australia – NSW Labor Party

Exploit: Ransomware

Risk to Small Business: Severe: The ransomware group Avaddon is threatening to release a trove of sensitive information including images of passports, driver’s licenses and employment contracts from a ransomware hit on the NSW Labor Party. The cybercriminals have demanded a response to its ransom request within 240 hours and threatened to launch a denial of service attack against the party if it did not pay. NSW Police has come on board in the investigation.

Risk to Exploited Individuals: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted:  Unknown

Australia – Schepisi Communications – Cloud Storage

Exploit: Hacking

Risk to Small Business: Severe: Melbourne-based Schepisi Communications has been the victim of a suspected ransomware attack. The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web. The company is a service provider for Telstra that supplies phone numbers and cloud storage services. Among Schepisi’s other customers that appeared to have had their information exposed were global food conglomerate Nestle, a Melbourne radio station, an Australian property management firm, and a financial services company based in Victoria.

Risk to Exploited Individuals: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted:  Unknown

Protect your data and systems by implementing a solid cybersecurity plan today. Talk to a TCT team member today and we can show you how.

Robert Brown
13/05/2021

Follow us on LinkedIn:

Related Articles:
Small Changes Now Pay Big Dividends Later
Can your staff really spot phishing messages?



Log a Job: