The Worst Data Breaches of 2016

The Worst Data Breaches of 2016

2016 has been quite an interesting year for cybersecurity. Not only was it among the most hotly debated issues in the Presidential election, but the industry itself has seen much activity, both good and bad. Efforts were made to shrink the cybersecurity skills gap,  there was a significant increase in common knowledge of various types of cyber-threats, and combating cyberbullying is set to be one of the main areas of focus for First Lady-elect, Melania Trump.

Despite this prosperity, however, there have been more ransomware attacks and data breaches affecting companies across all industries in 2016 than ever before. Among the most affected are technology, government, and healthcare, and this means that almost all of us could possibly have been touched by one data breach or another. Among the largest data breaches disclosed this year are the multiple Yahoo breaches, the numerous breaches within the healthcare industry, and there was even a breach on the country’s maritime defenders, the US Navy; Each of these has its own precious data that should have been protected. Here, we take a closer look at a few of 2016’s worst data breaches as well as what companies can do in the event they are attacked in the future.

Yahoo!

Breaking earlier this week was the news of yet another Yahoo data breach; only this time, it’s record-breaking. Over one billion (yes, billion with a ‘B’) accounts were compromised in this hack back in August of 2013. This news, coming on the heels of a different breach that affected over 500 million Yahoo users in 2014 (disclosed in September of this year), has turned many against the company, causing the public to discredit the company almost entirely, seeing as their lack of cyber defenses put over a billion of us at risk.

Not only did Yahoo put over 1.5 billion people’s data in the hands of cyber-criminals, but the type of data that was leaked is extremely private information. When asked about the 2013 data breach, Yahoo said, “The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (an original string of data that is converted into a seemingly random string of characters) and, in some cases, encrypted or unencrypted security questions and answers.”

As though this isn’t bad enough, of those email accounts that were affected, over 150,000 came from FBI, CIA, White House, and other government and military employees. This means that this data breach has put not only the public’s personal information at risk, but also information related to our national security. “It’s a leak that could allow foreign intelligence services to identify employees and hack their personal and work accounts, posing a threat to national security,” a Bloomberg article noted on the Yahoo breach.

Yahoo plans to contact to those users who might have been affected in either of these breaches via email. The company also provides a help link to aid users in recognizing whether or not their accounts have been hacked. Yahoo says that if any of the following are true of your account, you should update your password and recovery information with them.

  • You’re not receiving any emails.
  • Your Yahoo Mail is sending spam to your contacts.
  • Your account info or settings were changed without your knowledge.
  • You see logins from unexpected locations on your recent activity page.

The Healthcare Industry

Healthcare was affected by cybersecurity threats heavily in 2016. Hospitals and other providers were the primary targets of ransomware threats and there were a significant amount of data breaches as well. Though no single breach came anywhere close to the number of infected users as the Yahoo breach, there were many breaches that resulted in the number of users infected adding up quickly.

The largest of these breaches was against Banner Health in Phoenix, Arizona, which impacted 3.62 million individuals. The breach happened over the months of June and July earlier this year. Banner Health discovered unusual activity on its computer servers in late June and found evidence of two attacks. In these attacks, hackers accessed both patient records and credit- and debit-card transaction records from customers who had purchased food and beverages at the hospital. They sent physical letters in the mail to their affected customers to notify them of the breach, but the center’s image took a serious hit after exposing so much of the Phoenix area’s data.

The most recent healthcare related data breach, that hit Quest Diagnostics earlier this month, only exposed 34,000 users. Even though this is a small number compared to some of the other breaches, there are tens of thousands of people whose information is now at risk. Because of this breach, as well as the build up of others in the medical field this year, cybersecurity professionals are devoting much of their work toward protecting the healthcare industry in the future.

U.S. Navy

As though it is not bad enough that the medical field has been so highly targeted by this type of attack, the U.S. Navy was hit by a data breach this year as well. Personal data for more than 134,000 sailors, past and present, was exposed in this breach, including names and social security numbers. The breach occurred because of an unsecured Hewlett Packard Enterprise (HPE) laptop. HPE told the US Navy that one of its laptops operated by a contractor had been “compromised,” however it didn’t provide any further information about how the breach.

Though The Naval Criminal Investigative Service claims that none of the exposed data has been used for any malicious purposes, it has been access by “unknown individuals,” so the Navy is taking this breach very seriously. Navy personnel boss Vice Adm. Robert Burke said in a statement”…this is a matter of trust for our sailors… We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.” Similarly to Yahoo, the Navy plans to email those who might have been affected by this breach in order to prevent any further damage from happening.

How to Avoid Data Breaches in 2017

IT professionals generally emphasize prevention when it comes to securing your company against threats in the cyber-realm, but there is a consensus among these professionals that it is not a matter of if your company will face a data breach, rather when.

Though this may sound ominously pessimistic, it doesn’t mean that you can’t prepare in some way to secure your company and its customers so that they survive the breach unscathed. There is not one single way that this can be accomplished, but by implementing the tips below, your company can fight back and protect its important data when hit with this inevitable hack.

  1. Breach acceptance–When it comes to data breaches, preventative measures have seldom worked in the passed, this is why it is important for companies to accept that a data breach is unavoidable. By accepting the breach, your organization can create a plan to handle this inevitable attack.
  2. Locate your critical data and encrypt it– Encryption of data makes it harder for cyber criminals to steal it. Figure out where your important data, such as names, social security numbers, bank account information, passwords, and other personally identifiable information (PII), is stored and make it as secure as you possibly can.
  3. Store and manage encryption keys– Keep keys secure, in a vault, away from any encrypted data. With these vital keys to your customers’ encrypted data, you need to protect them, so as people come and go from your organization, be cautious as to who you share this key with. Implement a process to limit, change, and revoke any keys from those who have access to them in order to better protect this data. Do not allow anyone to make copies of this sensitive information.
  4. Control user access– Determine who should and should not have access to your data. Implement strong authentication processes for those who you have approved access, so as to make it harder for cyber-crooks to gain access to your data.

Data breaches are going to happen, but by being prepared for when they do hit, your company can be protected. Not only will its client data be secure, but it can also save your company time, money, and prevent a blemish to its public image.

To stay up-to-date on recent data breaches across all industries, click here. To learn more about how Axiom Cyber Solutions can aid in your company’s preparations against data breaches, email us at info@axiomcyber.com.

Hailey R. Carlson | Axiom Cyber Solutions | 12/16/2016]]

“Name Brand” Malware: Malware Variants You Should Know

“Name Brand” Malware: Malware Variants You Should Know

Malware, short for ‘malicious software,’ is a type of software meant to harm computers and computer networks. We hear about different types of malware, such as botnet malware and ransomware, and different variants of those types of malware as well; but do we know enough about those malware currently threatening us? Here, we take an in-depth look at three of the most talked about malware of 2016.

Mirai Botnet Malware

Mirai is the Japanese word for the future, fitting, in that this is one of the most advanced types of malware yet. This malware, created in August 2016, turns any Internet of Things (IoT) device running Linux into a remotely controlled bot, or application that performs automated tasks, such as setting an alarm, that can be combined with other bots and used as part of a botnet in large-scale network attacks. Though these bots are meant to make our lives easier, they are often not properly secured and can consequently be used in malicious attacks. The most notable use of Mirai botnet malware in an attack happened in October of this year in a Distributed Denial of Service (DDoS) attack against domain name service (DNS) provider, Dyn.

Dyn, the DNS provider for major websites including Twitter, Netflix, Reddit, and Spotify, was attacked by one of the largest DDoS attacks to date, an attack that was fueled by Mirai-infected IoT devices including Internet-enabled DVRs, surveillance cameras, and other Internet-enabled devices. Because of all of the popular websites it affected, this Mirari botnet attack is considered the attack that ‘shook the Internet.’

Mirai easily infects its victims because IoT devices are some of the least protected things out there. The only way as of right now to combat this malware is to secure your IoT devices in various ways.

Locky Ransomware

Scanning the news online with just the search term ‘ransomware,’ delivers a whole host of recent ransomware variants that are threatening our files. One of the variants that is most common among these search results is ‘Locky’ ransomware. This strain of ransomware is titled as such because it renames all of your important files so that they have the extension .locky.

The most common way that Locky infects your computer is via email. What happens is that the victim receives an email containing an attached document (Troj/DocDl-BCF) that is an illegible mess of odd symbols. The document then advises you to enable macros if the ‘encoding is incorrect.’ Seeing that the message on the document file is indiscernible to the reader, he or she will likely enable these macros, resulting in infection. If the macros are enabled, the text encoding is not actually corrected, instead, code inside of the document is run which then saves a file to disk and runs it. The saved file (Troj/Ransom-CGX) serves as a downloader, which fetches the final malware payload from the crooks, which could be anything, but in this case is usually the Locky Ransomware (Troj/Ransom-CGW); Locky then scrambles all files that match a long list of extensions, including videos, images, source code, and Office files.

Once a computer has been infected with Locky Ransomware, the victim’s desktop screensaver is changed to display the ransom payment instructions. These instructions lead the victim to the dark web, where they can pay the ransom. Unfortunately there is not much that can be done other than paying this ransom, which is why it is important to take preventative measures, such as those listed at the end of this article.

Popcorn Time Ransomware

Of all of the current, popular malware out there, ransomware variant, ‘Popcorn Time,’ is among the newest and most evil of them all. This form of ransomware is named after, but not related to, the torrenting site of the same name and it is believed that this malware was created by a team of Computer Science students from Syria.

This variant takes its cue from movies like The Box and the Saw movie series in that it forces its victims to make a detrimental choice: infection of their own files, or their friends’. Once hit with the cyber-attack, the victim has seven days to determine whether her or she will pay the 1 bitcoin ransom, equivalent to about $780 currently, or pass it along to two ‘friends’ instead. If the victim decides to give up his or her comrades’ information, the malware is allegedly deleted from the initial computer entirely and it moves on to ask for payment from its new victims. Once the ransom has been paid by either the initial or secondary victim(s), they will get a decryption code; the victim has four tries to type in the code before his or her computer files are all deleted.

This ‘pass the buck’ payment method is what makes this malware variant so unique. It prompts victims with a moral question that might turn up surprising results when their backs are against the wall.

How to Avoid These Major Malware Threats

  • Avoid suspicious downloadsMalware infects computers primarily through the user clicking on a malicious link in an email or via a suspicious download. If you do not know the validity of a link, you should not click on it. This is a simple step that can go a long way when it comes to protecting your files.
  • Back up your filesIf you are unfortunate enough to be the victim of a malicious ransomware attack, you can avoid paying the criminals if all of your data is backed up to an external hard drive or some other source. The FBI advises victims of this crime to not pay the ransom, so as to discourage the hackers from doing the same thing again; they instead recommend that victims of the cyber-crime report the incident to the government agency so that they can hopefully track down these people.
  • Secure your IoT devicesWhen it comes to Mirai botnet malware in particular, it is important to secure your Internet-connected devices. Many of these devices come with a default password which you should change in order to make it harder for cyber-criminals to get to your data. Also, when at all possible, turn off remote access to your IoT devices. By leaving a device active while not in use leaves it extremely vulnerable to use in an attack similar to that against Dyn DNS.
  • Don’t enable macros in documents received via emailMicrosoft itself turned off auto-execution of macros by default many years ago as a security measure. Many malware infections rely on persuading you to turn macros back on, so don’t avoid them by not enabling macros.
  • Keep your anti-virus & anti-malware updatedWhile backing up your data and avoiding sneaky sites or links is effective, preventing these malware from getting onto your computer in the first place is a key preventative measure in fighting malware. Keeping your computer’s anti-virus and anti-malware up-to-date is something simple you can do to protect against malware, and most even allow you to set automatic updates, so you rarely need to think about it at all.

Hailey R. Carlson | Axiom Cyber Solutions | 12/14/2016