10 Aug Security Breach – 10 Aug 2018
This week contains the high-profile breach of Reddit, healthcare and education sectors and an exploration of a Dark Web hacking forum.
A reporter from The Guardian recently dove into a popular Russian Dark Web hacking forum known as FreeHacks. On the surface it looks like any other forum, and (in essence) it is, with a twisted turn provided by the malicious nature of the subject matter.
Some of the markets on the site include stolen credit cards, password cracking software, a clothing market to launder money, and a document market where members can buy passports and citizenships.
After passing the registration to get into the site, the reporter found step-by-step directions for finding someone’s physical address, among other ways to penetrate companies’ networks or to extort individuals.
United States – Reddit – Extremely popular forum, one of the 5 most popular sites
Exploit: SMS intercept.
Risk to Small Business: High: Could have damaging effects on the trust of clients, as well as highlighting the vulnerabilities of SMS 2FA.
Risk to Exploited Individuals: Moderate: The nature of the data is not particularly harmful due to the age and the scope but affected users could be at risk for spam.
Customers Impacted: Users with accounts made before 2007, subscribers to email digests between June 3 and June 17, 2018.
New Zealand – Hāwera High School
Risk to Small Business: High: Ransomware attacks can be very disruptive.
Risk to Exploited Individuals: High: Students could lose files stored locally on computers. High risk of identity theft if PII is stored.
Customers Impacted: Students at the school.
United States – Yale University – A prestigious American University.
Risk to Small Business: High: Highly sensitive personal information was leaked which would damage consumer trust.
Risk to Exploited Individuals: High: The data accessed would be highly useful for bad actors looking to steal someone’s identity.
Customers Impacted: 119,000
It is important to note that a more secure alternative to SMS 2FA is app-based authentication through organizations such as Duo, which is not subject to the same vectors of attack may be the way to go.
Stay vigilant out there, because SMS-intercept attacks are going to become more and more prevalent as they have been shown to be successful.
Do you know if your business has had a data leakage? Check with TCT who has a security monitoring service specifically for this purpose.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: