Security Breach Update
23 November 2018

ShoppingMagecart is a credit card skimming malware, used by different unrelated groups that attack in a similar fashion. Magecart is defined by targeting online retailers and has been in the spotlight recently due to several high-profile breaches such as Ticketmaster and British Airways.

With Black Friday and Cyber Monday coming up, there will be a huge bump in online purchases.

This time will be open hunting season for hackers trying to get a shot at the billions spent on those days.

Recent Breaches

United States of America – The Southwest Washington Regional Surgery Center
Exploit: Phishing attack.
Risk to Small Business: Extreme: An organization that fails to secure the sensitive payment and medical data of its customers will lose both its standing with customers and a significant amount of money when handling the result of a damaging breach.
Risk to Exploited Individuals: Severe: Those affected by this breach have an increased risk of identity theft and having their medical data sold on the Dark Web.
Customers Impacted: 2,393 Patients.

United States of America – KARS4KIDS – A New Jersey-based charity where people donate their cars to support youth and educational programs.
Exploit: Exposed MongoDB database.
Risk to Small Business: Severe: Non-profit organizations often make sacrifices in cyber security due to budget constraints, however as demonstrated by the KARS4KIDS breach, non-profits are far from invulnerable to hacking.
Risk to Exploited Individuals: Severe: Those affected by the breach are at a higher risk of identity theft and phishing attacks due to the exposure of emails between the organization and the donors.
Customers Impacted:  21,612 customers.

You need to stay extra vigilant and alert this Christmas and holiday season with many hackers taking advantage of online shopping.

Here are a few important points to stay safe when shopping online this season:

Careful with the Clicks:  Be aware that hackers’ changes to websites are subtle.
Extra added letters in a domain, like samsclubb.com
‘rn’ disguised as ‘m’ such as in potterybam.com
1’s disguised as l’s, as in Koh1s.com
Added affixes such as target.com-dresses.us

Only Shop if there’s a Lock
Websites that have security enabled using SSL (Secure Socket Layer) encrypt data during transmission, making it safe to use a credit card on that site. Look for that little lock in the address bar and a URL with “https” instead of “http” at the beginning.

Don’t Shop on Hotspots
Just avoid shopping on public Wi-Fi networks, like in airports or coffee shops.

Wherever you do find yourself, it’s important to use a VPN (virtual private network) Service (like F-Secure Freedome) which creates a private tunnel from your device to your service. VPN Servers will encrypt your traffic passing through the public Wi-Fi hotspots.

Use Strong and Unique Passwords
Consider making your passwords sentences, like “CountryMusicIsTheBest!” and make them unique to every site. Don’t ever use your work email or any variation of your work password on any third-party websites and monitor for exposure!

Consider finishing out the year strong by using a password manager (like F-Secure Password Protection) to assist in dealing with the ever-increasing volume of complex and unique passwords and as always, enable multi-factor authentication (MFA) if it’s available.

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
23/11/2018

Follow us on LinkedIn:

Related Articles:
Scammers Collect 2.3 Million
Phishing Emails – A Constant Threat

Written by