We're only a week in to December and there's already been significant cyber security activity. There have been a number of well publicized high profile breaches, malware attacks and phishing attacks as we head in to the final stretch of the year. To help you better understand the breaches, their risks and how they impact you, I've rounded up a few of the bigger incidents that are currently in the news.
Sony Pictures Entertainment Breach. Earlier this week it came to light that hackers infiltrated Sony Pictures Entertainment's internal systems and took a yet-to-be-determined amount of sensitive information. The hacker group, who call themselves the Guardians of Peace, stole and published information ranging from employee logins, passwords and social security numbers to executive salaries and even unreleased movie and TV scripts. More importantly, the group also gained access to the master list of Sony Pictures databases and servers along with the requisite RSA SecurID tokens needed to access them. Needless to say Sony Pictures had to shut down its entire infrastructure after discovering the hack and the company is still working on rebuilding its systems and restoring functionality. It seems likely that we will be hearing more on this major breach as we head in to the New Year and more details about the cyber attack come to light.
How this impacts you: Unless you are an employee of Sony Pictures Entertainment or a Sony executive, this breach won't impact you. If you are a Sony Pictures Entertainment employee, change your logins and passwords and keep a close eye on your financial identity.
Seasonal Malware Scams. With the holiday shopping season in full swing, enterprising cyber criminals are using fake "order confirmation" emails to trick consumers in to downloading harmful malware. The emails are set up to look like a holiday package has been delivered to a local store and requires you to click on a link or download a file in order to learn about your order. The links end up installing malware. Many of these emails have been tied back to a piece of malware called Asprox. Asprox is able to scrape logins and passwords from your computer and then use your email to send out additional infected emails to your contact list. It's a tricky phishing attack that even the most savvy computer users can fall prey to.
How this impacts you: Millions of these types of phishing emails are sent out daily so don't be too surprised if one lands in your inbox. Luckily they are only harmful if you click on the link or download the attached file. If you get an email from a store that looks even slightly fishy, never click on the link. Go directly to the store's website and monitor your purchase or delivery from there.
The Year of the Breach. In a piece that ran earlier this month, 60 Minutes officially dubbed 2014 as the year of the breach. If you follow security news, you know why. Consumers started off 2014 by dealing with the aftermath of the massive Target breach that resulted in the loss of more than 40 million consumer debit and credit cards. The Target breach was followed by the Michaels breach where two million more cards were lost. Following Michaels was P.F. Chang's (33 restaurants affected), Home Depot (56 million debit and credit cards lost) and then Staples (the breach is still under investigation). Consumers have been inundated with breach news this year and many are rightfully wary about swiping their cards at retailer stores when making holiday purchases. The reasons behind the growing number of retailer beaches are numerous. At CSID we've noticed that poor security habits like reusing passwords or not implementing security best practices, such as encryption and detection software, often allow cyber criminals to access a retailer or vendor system. Others, such as Mallory Duncan with the National Retailer Federation, feel the main issue is the mag stripe technology currently used for most U.S. credit and debit cards. According to Duncan, "The underlying problem is that we have cards that were designed for the 1960s, '70s and '80s but we now have hackers using 21st century tools to break in." Whatever the case, these types of retail breaches show no sign of stopping and it is only a matter of time until news about the next big breach shows up in our news feeds.
How this impacts you: Unless you make all of your retail purchases using cash, you are at risk for becoming of victim of this type of breach. If you must use a card when making purchases, use a credit card as it is easier to recoup losses related to unauthorized purchases made with your credit card versus your debit card. Another good practice is to keep a close eye on your bank statements. Cyber criminals will often test a stolen card with a small purchase to make sure it is active. These smaller purchases are likely to go unnoticed on a bank statement.
At CSID we anticipate the frequency and severity of data breaches will continue to increase going in to 2015. We also expect to see more breaches occurring on a global scale. In the meantime, be vigilant about security best practices - use secure passwords and don't reuse them across sites, keep an eye on your credit and financial statements and never click on a suspicious link. It is also a good practice to use a monitoring service that can alert you if your personally identifiable information like your Social Security number, phone number or home address are being used for malicious purposes.