The biggest data breaches and digital security threats of 2019
Nobody wants to be the victim of a cyber attack, but honestly, being paranoid all the time isn’t any fun either. So where’s the happy medium? Should you invest in antivirus software, and if so, which one?
In a world full of data breaches and digital security myths, we believe you should get the truth, so we’re going to dive into some statistics surrounding the state of your cyber security and break down the barriers to help you understand what’s actually going on.
At a glance, what we saw in the year 2018 may surprise you when it comes to data breaches and the biggest threats to your digital security.
- 92 percent of malware was delivered by email, not through a browser.
- Phishing attacks were the primary security threat for 56 percent of people.
- 191 days was the average amount of time it took to identify security breaches.
- Ransomware attacks cost companies an average of $5 million to address.
- 61 percent of organizations had to deal with some type of an IoT security incident.
- 54 percent of organizations experienced an industrial control system security incident.
From Ransomware to Crypto Mining
Leading up to the year 2018, attackers figured out that instead of using ransomware to demand payments in Bitcoin or other cryptocurrencies, they could just infect the victim’s computer with crypto mining programs. They executed code to steal crypto currency, compromising system performance everywhere.
By early 2018, ransomware was down and crypto mining was up. Where crypto mining used to comprise about 10 percent of cyber attacks, it was now comprising 90% of them. All of a sudden, antivirus software was protecting against ransomware when it needed to evolve to protect against crypto mining attacks.
Email and Fileless Attacks
In 2018, 92 percentof malware was still delivered by email. Malware infects computers through phishing attacks disguised as files you should click on to download. Interestingly enough, though, fileless attacks were also on the rise in 2018. The email didn’t even have to contain a malicious file to infect your computer with malware.
Reactive or Proactive Security?
We ended 2018 by learning from our experiences and being more proactive than reactive, which is a step in the right direction. The most common factors that drove security spending by the end of last year include best practices, compliance mandates, and responding appropriately to security incidents.
Having a system in place to prevent attacks by using best practices as outlined by a board of directors or a management team is the first step, followed by educating users on how to respond if there is a security breach. With a comprehensive system in place, we were all ready to move forward into 2019.
Fueling Today’s Cybersecurity Reality
We can see from recent reports in the last few months that people are generally the safest from cyber threats on the weekend. We guess hackers only work 9-5, too. All jokes aside, while you are the safest on the weekend, you should always be vigilant.
Also surprising is that attacks in December seem to trend downward when compared to all other months. Hackers have families, too, you know. The holidays are about giving, not taking. Although their giving is probably fueled by all of the taking they’ve been doing.
Anyway, while weekends show little to no hacking activity, the rest of the month holds steady with a small peak around the 15th. You can surmise that you’re the safest on a weekend around Christmas, while you’re the most vulnerable in the middle of the month.
In order from greatest to smallest, the attack techniques include:
- PoS malware
- Account hijacking
- Targeted attacks
- Identified vulnerabilities
- Script Iijections
- Credential stuffing
- Fake Facebook accounts
- Browser extensions
- Credit card spoofing
Less than 1 percent of all attack techniques include malware as we traditionally think of it on our personal computers. That means that you need to be careful which antivirus software you use to ensure it can detect not only known but unknown malware.
The Biggest Data Breaches of 2019
With all that we’ve dealt with and learned from in recent years, some of the largest instances of data breaches so far this year just might surprise you. Keep reading to find out who took a hit in the digital security department in 2019.
Blur Data Breach
Blur, a password management company, reported a breach on January 2 after they left a server unsecured. Only two days into the year and already we have to mess with this? That was fast. The hackers gained access to 2.4 million email addresses, usernames, password hints, encrypted passwords, and IP addresses.
Town of Salem Video Game Data Breach
It’s happening again. On January 3, more than 7 million gamers had information stolen as a server containing email addresses, usernames, IP addresses, purchased premium features, and game activity was compromised.
DiscountMugs.com Data Breach
January 4 saw this online retailer hacked for an entire four-month period. Whoops! They discovered malicious card skimming on the website where hackers stole card numbers, security codes, and expiration dates. They also gained access to personal information like names, phone numbers, addresses, and emails. We like our morning coffee, but not that much.
BenefitMall Data Breach
On January 7, this U.S. payroll, employer service, and HR provider fell victim to a phishing attack that compromised many employee login credentials as well as names, addresses, dates of birth, Social Security numbers, bank accounts, and insurance premium payment information.
OXO Data Breach
Nobody likes a trip to Bed, Bath, and Beyond more than us. Plush linens and the best kitchen utensils in all the land? Sign us up! However, on January 10, one of the largest providers of these products found two separate hacking incidents in which customer information entered on their website was exposed.
Managed Health Services of Indiana Data Breach
Over 31,000 patients in Managed Health Services of Indiana’s system were exposed to a phishing attack on January 11. Hackers gained access to Names, addresses, dates of birth, insurance ID numbers, and medical conditions.
Fortnite Data Breach
Flaws in the online game, Fortnite, exposed players to hacking on January 16th. The hackers could take over the account of any of Fortnite’s 200 million users worldwide, gaining access to personal account information, the ability to eavesdrop on chats, or purchase V-bucks.
Oklahoma Department of Securities Data Breach
On January 17, millions of files from government agencies, including FBI investigation records, were found unprotected on an open server in the Oklahoma Department of Securities system. Records dating back to 1986 were accessed containing personal data and internal communications.
Collection 1 Data Breach
A large database containing 773 million emails and 22 million passwords was discovered on the cloud storage site, MEGA, on January 17. The information was subsequently shared on a hacking forum where people could share them freely.
BlackRock Inc. Data Breach
BlackRock Inc. is one of the largest asset managers in the world. On January 22, information on 20,000 financial advisors was leaked. Confidential sales documents were posted with names, email addresses, and financial data.
Graeter’s Ice Cream Data Breach
The Graeter’s Ice Cream online store contained malicious code on the checkout page, exposing 12,000 customers who had purchased items on or before January 22. Among the information obtained were names, phone numbers, address, fax numbers, and payment information.
Online Betting Sites Data Breach
Information betting sites azur-casino.com, kahunacasino.com, viproomcasino.net, and easybet.com copied 108 million customer records to a cloud storage service on January 23 without securing it. Information exposed included names, phone numbers, addresses, emails, usernames, birth dates, account balances, browser and OS details, IP addresses, and win and loss information.
Ascension Data Breach
For the two weeks prior to January 23, 24 million banking and mortgage documents were left unprotected in an online database. The data analytics company, Ascension, was responsible for the leak that included names, dates of birth, addresses, Social Security numbers, and other financial information.
Alaska Department of Health and Social Services Data Breach
Hackers targeted the Alaska Department of Health and Social Services, exposing data on 100,000 people on January 23. They gained access to names, dates of birth, addresses, Social Security numbers, health information, and income information.
Rubrik Data Breach
Rubrik is an IT security and cloud data management provider. On January 29, they had a massive database leak involving customer information. The leak was on an Amazon Elasticsearch server that required no password.
Critical Care, Pulmonary & Sleep Associates Data Breach
This Colorado-based healthcare facility exposed personal health information after the employees fell victim of a phishing attack. Around 23,000 people were exposed, including names, dates of birth, addresses, Social Security numbers, medical information, and driver’s licenses.
For Tomorrow’s Digital Protection
And that was just data breaches for the month of January 2019. The list goes on to include Houzz, Catawba Valley Medical Center, Huddle House, EyeSouth Partners, Dunkin’ Donuts, Coffee Meets Bagel, 500px, North Country Business Products, Advent Health, Coinmama, UW Medicine, UConn Health, Dow Jones, Rush University Medical Center, and Health Alliance Plan in the months of February and March.
So with all of that information at hand, what does the future look like? As evidenced by our 2018 statistics, we already know that 2019 and beyond won’t show a slowdown of more sophisticated cyber attacks via new methods.
Here are some of the areas where you can expect security problems in the future…
Number one on everyone’s radar should be the stealing of biometric data. The more we use our fingerprints, iris scanners, or facial recognition for added security, the more we put ourselves at risk of those features being stolen. What was once a solution for cybersecurity concerns has now become a target for hackers everywhere.
Because hackers can manipulate sensors, biometric data can be altered, allowing them to take advantage of any flaws present in biometric authentication devices and hardware. Going forward, healthcare, financial, and government entities are the most at risk. Organizations need to do everything they can to ensure that biometric data is encrypted at all levels, in all layers.
Right now, there isn’t a lot of regulation surrounding the storage of biometric data, but that needs to change immediately. Scanners, sensors and other biometric hardware should be better equipped to detect and handle anomalies as part of any multi-factor authentication system.
Skimming isn’t new technology. Hackers have been skimming ATMs for card numbers all over the world for a while. But now they’ve taken it digital. Skimming malware allows criminals to download credit card information directly from e-commerce sites everywhere. Shopping online has increased in popularity, making it a lucrative target.
The malware used to skim these numbers from e-commerce sites has been virtually undetectable up to this point. Moving forward, these sites need to closely monitor their networks for unusual behavior and anomalies, especially if customer information is involved.
Cell phones are integral to our everyday lives, and because all someone needs to track a cell phone is that phone’s number, wireless carriers should be on the lookout for data breaches and better ways they can improve security.
With a very simple set of information, hackers can access phone calls and text messages, finding out personal information and distributing it all across the Internet. Penetrating the SS7 security layering allows hackers access to location information, as well. It’s up to manufacturers and cell phone carriers to improve SS7 security by working together for the benefit of everyone.
Back in 2011, we saw a Sony Playstation breach, giving us a glimpse into vulnerabilities in the gaming world. Many gamers only employ the use of one password and they go by a simple online handle, making them easy targets for hackers. By gaining access to a gamer’s account, they can pose as a familiar avatar and gain privileged information.
Not only are gamer’s credit cards at risk, but weapons, tokens, and other gaming items are incredibly valuable in the gaming world. Cybersecurity in the gaming world starts with user education. Many younger gamers don’t understand the importance of staying safe online, and gaming manufacturers should require stronger authentications, hardware, and networks.
What Can You Do to Stay Safe Online?
The primary takeaway here is that you need more than just a watchful eye. You need to be proactive about protecting yourself or your business from the latest cybersecurity threats. Comprehensive antivirus, a VPN, or identity theft provider can arm you with the tools you need to monitor and prepare for an attack. It can also help you recover if the worst should happen.
Not only should you take the necessary precautions to guard yourself, but you need to involve a reputable company with a good track record for providing excellent service. Not all companies offer the same services, nor do they provide the same comprehensive protection plans.
Your ability to think critically and respond accordingly will ensure that your personal information and financial assets stay safe. It will protect you from identity theft, ongoing attacks, and much worse. Put what you’ve learned in this article into action so you can keep yourself safe from the most likely cybersecurity threats of 2019.
(This post first appeared on the site betterdefend.com, which can be viewed here).