20 Aug Security Breach – 20 Aug 2020
Like their counterparts who run legitimate businesses, cyber criminals need hosting and cybersecurity protection as well.
As anyone who’s been paying attention knows, in recent years the market for compromised assets — stolen credit card data and other personal information — has ballooned.
To supply this market, cyber criminals use various underground hosting and associated services — including bulletproof hosting, virtual private networks (VPNs), anonymizers, and distributed denial-of-service (DDoS) protection — to run their operations and keep them safe.
The fact is, cybercrime is a highly developed sophisticated industry that makes big sales and uses the same marketing techniques and platforms as legal businesses do.
It has become a blurry distinction between Cybercrime and legitimate businesses.
Some hosting providers serve legitimate clientele and sell their services openly on the internet, but there’s no doubt that some of their customers are resellers that deal only with criminals.
Cybercrime spreads like wildfire, making a ton of money for its perpetrators, and is far less likely to land them in jail than, say, bank robbery. In the United States, according to the WEF report, the chances of catching and prosecuting cybercriminals actors are as low as 0.05%.
Japan – Konica-Minolta – Optical Products Company
Risk to Small Business: Severe: The Japanese technology giant fell victim to a ransomware attack in late July that impacted business services and operations. Cybercriminals were able to deploy RansomEXX malware, a new variety of human-operated ransomware that encrypts systems but does not exfiltrate data. No other information has been made available about the attack.
Risk to Exploited Individuals: No data was reported stolen in this incident.
Customers Impacted: Unknown
Australia – ACT Education Directorate – Government Agency
Exploit: Credential Stuffing
Risk to Small Business: Severe: ACT Education was forced to block all public school students from accessing their Google email accounts after a spamming and credential stuffing incident led to students being exposed to lewd material – and the exposure of some students’ personal data. The educational authority is investigating the incident, and conflicting reports attribute the incident to either credential stuffing or internal hacking, possibly by a student.
Risk to Exploited Individuals: In a further update on August 18, ACT Education advised that its investigation had “confirmed no external body has hacked or exported information from our systems”.
Customers Impacted: Unknown
Ensure you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan.
Talk to a TCT sales team member today and we can show you how.
Follow us on LinkedIn: