The Ping: 2018 Breakdowns

December 31, 2018 Corie Bogan Leave a comment BUSINESS CONTINUITY, business management, compliance, malware, safety, Security, The Ping, update, virus, vulnerability

As the year draws to a close, we want to remind you of how important it is to stay diligent with your cybersecurity awareness training and security updates. This year, like years past, cybersecurity breaches have topped headline news and may have affected you personally. Let’s review some of the larger breaches and malware risks this year. These are security breaches that allowed someone or some group to access personal information, and they could even access some examples of how that information was used.

US Universities

In March of this year, nine Iranian hackers stole 31 terabytes of data from over 300 universities in the United States. These hackers used spear phishing techniques to retrieve network credentials from professors. Spear phishing means that the hackers sent obtained credentials from users by sending them emails that pretend to be from someone the user trusts. This phishing eventually allowed the hackers to access over 8,000 user accounts on these networks.

Exactis

Reported in June, a marketing firm named Exactis misconfigured a database which led to 340 million records being exposed on the internet. This database could be accessed with little to no authentication. In the end, 2 terabytes of personal data was exposed. The database included sensitive information such as a person’s name, address, and potentially the gender and ages of their children. The information did not include social security or credit card numbers.

VPNFilter

The malware known as VPNFilter was created by Russian hackers to attack routers. In late May, officials warned the public about said malware which has now affected 500,000 routers worldwide. This malware has affected multiple mainstream router models, including Netgear and ASUS. If you have accessed these routers, you may have been exposed to the risk. This risk is particularly scary due to the fact that it can allow remote access to your device, even after a reboot. Also, some reports showed that SCADA systems were especially likely to be targeted. SCADA systems are used in industries like energy, manufacturing, power, water, and transportation.

T-Mobile

In August, an international group of hackers attacked T-Mobile accessed encrypted passwords and account numbers. The assailants accessed T-Mobile’s servers through an API, or application programming interface. This hack also gained access to billing information and email addresses of users.

Facebook

Twenty-nine million people were affected by this hack from July of 2017 through this past September. Facebook found that “hackers were able to exploit vulnerabilities in Facebook’s code to get their hands on ‘access tokens’ — essentially digital keys that give them full access to compromised users’ accounts — and then scraped users’ data.” (Business Insider). Information such as locations, contact details, and devices used to log in were stolen in this breach.

Google+

While this has happened before, in March of this year Google+ had found that it had once again allowed private information to go unprotected. A software glitch allowed personal information such as email addresses, birthdates, and employer information to be revealed, according to a Wall Street Journal report. This affected nearly 500,000 users on the first go-round, and it has now affected over 52 million.

Marriot Starwood Hotels

Five hundred million people had their information stolen before this breach was discovered in September of this year. Hackers were able to gain access to the reservation database for the Marriot’s Starwood hotels and steal phone numbers, passport numbers, and credit card numbers.

UniVista’s top recommendations to decrease your risks of falling victim to a malware infection or exposing the sensitive information you store…

1. Adopt a 100% participation goal for Cybersecurity Training programs.
2. Reboot servers and computers as soon as possible when prompted, in order to install the most recent critical and security patches.
3. Designate a Security Officer to take control of your compliance and cybersecurity needs. Develop an Acceptable Use Policy and maintain compliance.

Your UniVista Team
*Celebrating 20 Years of Customer Satisfaction*