Security Breach Update
28 June 2018

It’s no surprise that this week has been busy for cyber-attacks on the web, targeting big events such as the World Cup but also continuing to pursue small-and medium-sized businesses across the globe.

It seems cyber criminals are taking full advantage of this global event by spinning up malicious email campaigns.

The idea is that people are less vigilant about clicking emails from unknown sources when related to an event that only occurs every couple of years. Sites selling fake tickets, offering fictitious giveaways and luring unsuspecting individuals to click on malicious links related to the World Cup.

There has also been issues with Google Home and Chromecast with Google announcing that their devices are easily scripted to reveal precise location data to the public. They have assured the public that they will be patched in the coming weeks to close this vulnerability.

It is done by a simple script running on a website, collecting location details and creating a list of internet connections available to the device. They explained how easy it was to remote into an exposed individual’s device and network. Good one Google!

Recent Breaches

1. The Indian Government
Exploit: Leaky websites, lack of basic website/ internet security controls.
Risk to Small Business: High: Demonstrates that poor cyber hygiene and complete disregard for basic website/ internet security can be highly damaging.
Risk to Exploited Individuals: High: Sensitive personally identifiable information that can be used for identity theft.
Customers Impacted: Anyone who has purchased medicine from the state-run pharmacies.

2. Med Associates – A New York-based claims processing company
Exploit: Supply Chain/Trusted Vendor Compromise
Compromised Workstation, most likely compromised credentials and a lack of multi-factor authentication.
Risk to Small Business: High: At least 42 physician practices had their customer’s PII compromised.
Risk to Exploited Individuals: High: This breach has disclosed a massive amount of HIGHLY sensitive personal and health information leaving customers impacted significant risk of identity theft and fraud.
Customers Impacted: 270,000

3. Chicago Public Schools
Exploit: Negligence
Risk to Small Business: High: If a breach of this magnitude happened to a small business, it is unlikely it would recover. This kind of negligence causing a breach tarnishes a name to a great degree, but people do not have a choice but to continue using Chicago public schools because it is a government-run program.
Risk to Exploited Individuals: High: Unfortunately, a minor’s personally identifiable information is highly sought after and valuable as its often not monitored.
Customers Impacted: 3,700 students and families.

To protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
28/06/2018

Follow us on LinkedIn:

Related Articles:
Cyber 360 – Our Answer to the Threat Landscape
If the Banks are Vulnerable, how about you?

Written by