Welcome to The Dashlane Tech Check for August 4, 2017! I’ll help you catch up on Dashlane news and the biggest headlines in the tech and information security industry. I’ll also include a useful life hack that will keep you or your business safe and secure all year long.
Data Breach Alert
HBO data breach leaked more than Game of Thrones spoilers
Earlier this week, we learned that hackers stole 1.5 terabytes of data from media giant HBO, but new information has emerged that indicates the HBO hack is worse than we initially thought. According to Engadget, security contractors determined that along with portions of the Game of Thrones script, full episodes of current shows Ballers, Insecure, and Room 104, and future episodes of Bill Hader’s Barry set to air in 2018, hackers also managed to steal thousands of internal company documents. The internal documents include information about a senior HBO executive, including access credentials for online services, although the company’s email system has not been compromised.
Anthem suffers another data breach affecting more than 18,000 enrollees
After reaching a record-breaking settlement for a massive data breach in 2015, the health insurer is facing yet another data breach. According to CNBC, the personal health information–including social security numbers and Medicare data–of more than 18,000 Anthem Medicare enrollees may have been compromised, after being notified by a third-party consulting firm that one of its employees “emailed a file with information about Anthem companies’ members to his personal email address” a year ago. Anthem reported the breach to the US Department of Health and Human Services on July 24.
Virgin America data breach affects employees and contractors
Popular airline Virgin America alerted staff and contractors about a data breach attempt on March 13. Infosecurity Magazine reports that workers were told an unauthorized third party gained access to “login information and password [sic] that you use to access Virgin America’s corporate network”. No customer data appears to be affected, but according to various reports, more than 3,100 Virgin America employees may have had their credentials stolen, while approximately 110 may have also had their addresses, social security numbers, and driving license details compromised.
What in the (security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
WannaCry hackers finally cash out their Bitcoin windfall
Three months after the global WannaCry ransomware outbreak, the hackers behind the attack have finally withdrawn all of the funds acquired from their victims. As ZDNet recalls, the high-profile attacks began in May and hit over 300,000 PCs and crippled hospitals, banks, and other organizations across Europe, Russia, China, and the Americas. ZDNet also reports that a bot that tracks ransomware payments confirmed only 338 victims paid the $300 Bitcoin ransom, totally approximate $140,000.
Dark Web vendors caught after re-using their own passwords
In a rare role reversal, the accounts of a number of dark web vendors–who reused login credentials and didn’t enable 2FA on accounts–were taken offline by Dutch police. According to Naked Security, a cryptomarket researcher found that up to 16 accounts on the dark web marketplace Dream Market were taken over by authorities. Naked Security believes that the Dutch Police got access to those credentials after shutting down Hansa and AlphaBay earlier this year.
US Senators introduce a bill to protect IoT connected devices
On Tuesday, Senator Mark Warner, Cory Gardner, Ron Wyden, and Steve Daines introduced the “Internet of Things Cybersecurity Improvement Act” to force tech companies to significantly improve the security of connected devices they intend to sell to the federal government. According to CNet, the bill would require any IoT device sold to the government to not use hard-coded passwords and can easily patch software vulnerabilities. “My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products,” Senator Warner said.
White House officials tricked by self-described “email prankster”
A UK-based, self-described “email prankster” managed to trick White House officials into thinking he was senior White House advisor Jared Kushner. According to an email exchange published by CNN, the prankster wrote to the Homeland Security Adviser Tom Bossert inviting him to “a bit of a soirée towards the end of August” and also managed to receive Bossert’s personal email unsolicited. White House press secretary Sarah Huckabee Sanders said that they would look into cyber related incidents further.
The State of Enterprise Security
Only 18 percent of organizations have an incident response plan for insider cyber threats
A new report from the SANS Institute found that a majority of global organizations are doing little to quantify or respond to insider threats. The study found that 40 percent of respondents believe that malicious insiders are the most dangerous threat they face, while 36 percent are worried about accidents or negligent staff. Moreover, 38 percent of organizations said they do not have any effective methods to detect insider threats, while only 18 percent of respondents say they do have an incident response plan in place.
Small businesses are ignoring the threat of ransomware attacks
In a Webroot poll of more than 600 IT decision makers in the US, UK, and Australia, less than half believe they are at risk of falling victims to a ransomware attack this year, despite research that found more than 60 percent of SMBs having already been affected. According to Infosecurity Magazine, 42 percent of decisions makers said that ransomware is a major security threat, behind DDoS attacks (43 percent), phishing attacks (47 percent), mobile attacks (48 percent) and sophisticated malware (56 percent).
Webroot’s EMEA regional manager, Adam Nash, argued that “The lack of concern about ransomware is leaving a gaping hole in the security of global businesses, as witnesses by the recent outbreaks of WannaCry and non-Petya. This, combined with the UK’s false sense of security when it comes to businesses’ ability to manage external threats, is worrying.”
The Week’s Lifehack to Improve Your Security
With talk about the rising threat of ransomware, it’s time to create a human firewall to protect your business. We asked 5 cyber security experts about what every business owner and IT manager should know when introducing a cybersecurity awareness training program to your employees.