Category: Phishing

The rising threat of Ransomware

28. June 2021

Ransomware attacks are on a steep rise as the global pandemic continues. According to the cybersecurity firm SonicWall, there were more than 304 million attempted ransomware attacks tracked by them in 2020, which was a 62 percent increase over 2019. During the first five months of 2021, the firm detected another 116 percent increase in ransomware attempts compared to the same period in 2020. Another cybersecurity firm called Cybereason found in a recent study interviewing nearly 1,300 security professionals from all around the world that more than half of organisations have been the victim of a ransomware attack, and that 80 percent of businesses that decided to pay a ransom fee suffered a second ransomware attack, often times by the same cybercriminals.

Ransomware is a type of malicious software, which encrypts files, databases, or applications on a computer or network and perpetually holds them hostage or even threatens to publish data until the owner pays the attacker the requested fee. Captivated data may include Personal Data, business data and intellectual property. While Phishing attacks are the most common gateway for ransomware, there are also highly targeted attacks on financially strong companies and institutions (“Big game hunting”).

Alluding to the industry term Software-as-a-Service (SaaS), a new unlawful industry sub-branch has emerged in recent years, which according to security experts lowered the entrance barriers to this industry immensely: Ransomware-as-a-Service (RaaS). With RaaS, a typical monthly subscription could cost around 50 US-Dollars and the purchaser receives the ransomware code and decryption key. Sophisticated RaaS offerings even include customer service and dashboards that allow hackers to track the status of infections and the status of ransomware payments. Thus, cybercriminals do not necessarily have to have the technical skills themselves to create corresponding malware.

Experts point to various factors that are contributing to the recent increase in Ransomeware attacks. One factor is a consequence of the pandemic: the worldwide trend to work from home. Many companies and institutions were abruptly forced to introduce remote working and let employees use their own private equipment. Furthermore, many companies were not prepared to face the rising threats with respect to their cybersecurity management. Another reported factor has been the latest increase in value of the cryptocurrency Bitcoin which is the preferred currency by criminals for ransom payments.

Successful Ransomware attacks can lead to personal data breaches pursuant to Art. 4 No. 12 GDPR and can also lead to the subsequent obligation to report the data breach to the supervisory authorities (Art. 33 GDPR) and to the data subjects (Art. 34 GDPR) for the affected company. Businesses are called to implement appropriate technical and organisational measures based on the risk-based approach, Art. 32 GDPR.

Earlier this month, the Danish Data Protection Authority provided companies with practical guidance on how to mitigate the risk of ransomware attacks. Measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems when faced with ransomware may include providing regular trainings for employees, having a high level of technical protection of systems and networks in place, patching programs in a timely manner, and storing backups in an environment other than the normal network.

Giant database leak exposes data on 220 million Brazilians

28. January 2021

On January 19th, 2021, the dfndr lab, PSafe’s cybersecurity laboratory, reported a leak in a Brazilian database that may have exposed the CPF number and other confidential information of millions of people.

According to the cybersecurity experts, who use artificial intelligence techniques to identify malicious links and fake news, the leaked data they have found contains detailed information on 104 million vehicles and about 40 million companies. Overall, the leak poses a risk to close to 220 million Brazilians.

The personal data contained in the affected database includes names, birthdates and individual taxpayer registry identification, with distinct vehicle information, including license plate numbers, municipality, colour, make, model, year of manufacture, engine capacity and even the type of fuel used. The breach both affects almost all Brazilian citizens, as well as authorities.

In a press release, the director of the dfndr lab, Emilio Simoni, explained that the biggest risk following this data leak is that this data will be used in phishing scams, in which a person is induced to provide more personal information on a fake page.

In their statement, PSafe does not disclose either the name of the company involved or how the information was leaked, whether it was due to a security breach, hacker invasion or easy access. However, regardless of the cause of the leak, the new Brazilian Data Protection Security Law provides for fines that can reach R $ 50 million for an infraction of this type.

Customer passwords from Deutsche Telekom are for sale on the dark web

29. June 2016

Although the company stated this week that is has not been the victim of a cyber attack, account passwords from Deutsche Telekom, a German telecommunication company, are for sale on the dark web.

The respective stolen data was estimated to range from 64,000 records to 120,000 records.

Furthermore, the company hinted that the leaked data was obtained from another source, probably stolen via phishing. In its statement the company said that the sample of records were “real and current”.

The mentioned statement goes on by claiming that the company has 156 million global customers and that it has issued a warning due to the stolen data which suggests that all of its customers change their passwords.

Thomas Kremer, Telekom data privacy head, elaborates: “We want to use the event to promote a regular exchange of passwords”

 

Verizon publishes Data Breach Investigations Report 2016: Phishing attacks trend upwards

20. June 2016

Verizon, a company that provides communication and technology services, has recently published the 2016 Data Breach Investigations Report (DBIR). The report reveals the trends regarding the sources and reasons for incidents and data breaches. It also provides recommendations on how to prevent or minimize the risk to be victim of a data breach.

The study has been developed by using data from 100.000 occurred data breaches provided by different industries. The study showed that the most affected industries are such as accommodation, finance, retail or the public sector. According to the report, the most common cause for attacks is directly or indirectly financial. Additionally, when it comes to a data disclosure, the attacker is usually an external person, not directly from inside.

The report describes nine main types of vulnerabilities that involve a risk for companies and persons. Phishing attacks have increased considerable in the last year and constitute together with stolen credentials the main cause of data breaches. Phishing attacks aim at tricking the victim by sending an e-mail so that he/she clicks on a link that contains malware in order to obtain certain personal or confidential information.

The report remarks that 30% of the phishing messages were opened and even 12% of people tested clicked on the phishing attachment. Moreover, only 3% reported management about the phishing e-mail. Phishing messages mostly aim at stealing credentials such as ID and password authentication. 63% of the confirmed data breaches involved stolen passwords.

In order to minimize the risk of being victim of a phishing attack, the report gives the following recommendations:

  • Filter your e-mail and test its implementation
  • Rise employee awareness and offer means to report such events
  • Protect your network by segmenting it and implement strong authentication mechanisms between the user and the networks
  • Monitor external connections

McAffee also provides useful recommendations regarding the identification and prevention of phishing attacks and the use of effective passwords.