Security Breach Update
18 January 2019

Working from HomeAs the historical debate surrounding work-from-home (WFH) policies continues to reach news headlines, an additional consideration has surfaced: IT security. Home networks in WFH environments can expose your company to security risks, as devices are connected to the internet and can serve as an entry point for hacks.

With the advent of remote working arrangements and rising adoption of smart devices, employees are accessing enterprise software such as cloud-based apps, video conferencing software, and file sharing regularly, resulting in vulnerabilities that can be tapped into with little to no difficulty.

Of course, this doesn’t necessarily mean you should discontinue your WFH policy. Instead, consider how you can arm your employees with best practices for securing their devices and networks to avoid breach possibilities.

Recent Breaches

Australia – Victorian Government
Exploit: Phishing attack on government employee directory.
Risk to Small Business: Severe: Even though the stolen directory included work details for 30,000 government employees, the list only contained work emails, job titles, work phone numbers, and in some cases, mobile phone numbers. However, there is the possibility that public servants who were compromised may feel exposed and choose to leave, causing employee turnover.
Risk to Exploited Individuals: Moderate: Payment and banking information was not compromised, but the compromised information can still be manipulated by hackers to orchestrate future phishing, spam, and social engineering attacks. Those who were affected should remain vigilant in order to protect themselves.
Customers Impacted: 30,000 government employees.

United States – BlackMediaGames (Town of Salem) – Game maker of ‘Town of Salem’.
Exploit: LFI/RFI attack that injected malicious code into database.
Risk to Small Business: Severe: With a number as high as 7.6M users exposed, this cyberattack has the potential to be game-changing. News broke that DeHashed, a commercial breach indexing service, discovered the successful attack before Christmas and tried alerting the company, but no actions were made to secure the hacked servers and notify users until later on. Cybersecurity experts are claiming that the company’s hashing technique (PHPBB) for securing passwords was relatively weak, meaning that it is only a matter of time until hackers were able to crack them.
Risk to Exploited Individuals: Severe: Stolen user data included usernames, email addresses, hashed passwords, IP addresses, and game/forum activities. Payment information or credit card details were not exposed, but compromised information can still be leveraged to gain access to payment details on other similar accounts.
Customers Impacted:  7.6M users of ‘Town of Salem’.

France and Spain – Orange – Telecommunications operator that offers a router product.
Exploit: Device vulnerability in modems that reveals Wi-Fi credentials.
Risk to Small Business: Severe: Although such an attack can be contained by finding all the hardware products with vulnerabilities, the breach can negatively impact customers and result in the erosion of brand loyalty.
Risk to Exploited Individuals: Moderate: Such a compromise can be dangerous because it enables hackers to execute on-location proximity attacks, which means they can travel to a company headquarters or home to access a network and then hack into connected devices nearby. Also, Wi-FI passwords might be reused elsewhere, such as the backend administration panel, allowing hackers to control the system infrastructure and create online botnets.
Customers Impacted:  19,500 customers using Orange Livebox modems.

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
18/01/2019

Follow us on LinkedIn:

Related Articles:
The Cost of an Old Device
Scammers Collect 2.3 Million

 

Written by