Security Breach Update
10 August 2018

This week contains the high-profile breach of Reddit, healthcare and education sectors and an exploration of a Dark Web hacking forum.

A reporter from The Guardian recently dove into a popular Russian Dark Web hacking forum known as FreeHacks. On the surface it looks like any other forum, and (in essence) it is, with a twisted turn provided by the malicious nature of the subject matter.

Some of the markets on the site include stolen credit cards, password cracking software, a clothing market to launder money, and a document market where members can buy passports and citizenships.

After passing the registration to get into the site, the reporter found step-by-step directions for finding someone’s physical address, among other ways to penetrate companies’ networks or to extort individuals.

Recent Breaches

United States – Reddit – Extremely popular forum, one of the 5 most popular sites
Exploit: SMS intercept.
Risk to Small Business: High: Could have damaging effects on the trust of clients, as well as highlighting the vulnerabilities of SMS 2FA.
Risk to Exploited Individuals: Moderate: The nature of the data is not particularly harmful due to the age and the scope but affected users could be at risk for spam.
Customers Impacted:  Users with accounts made before 2007, subscribers to email digests between June 3 and June 17, 2018.

New Zealand – Hāwera High School
Exploit: Phishing.
Risk to Small Business: High: Ransomware attacks can be very disruptive.
Risk to Exploited Individuals: High: Students could lose files stored locally on computers. High risk of identity theft if PII is stored.
Customers Impacted:  Students at the school.

United States – Yale University – A prestigious American University.
Exploit: Unclear.
Risk to Small Business: High: Highly sensitive personal information was leaked which would damage consumer trust.
Risk to Exploited Individuals: High: The data accessed would be highly useful for bad actors looking to steal someone’s identity.
Customers Impacted:  119,000

It is important to note that a more secure alternative to SMS 2FA is app-based authentication through organizations such as Duo, which is not subject to the same vectors of attack may be the way to go.

Stay vigilant out there, because SMS-intercept attacks are going to become more and more prevalent as they have been shown to be successful.

Do you know if your business has had a data leakage?  Check with TCT who has a security monitoring service specifically for this purpose.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
10/08/2018

Follow us on LinkedIn:

Related Articles:
The Cost of a Breach – are you Protected?
Ransomware Evolution

Written by