Tuesday, January 29, 2019

Video: Consumers are catching on to the data value exchange game.

Video: Consumers are catching on to the data value exchange game.
Following the Cambridge Analytica scandal, Australia media company, Pureprofile, surveyed consumers to measure perceptions surrounding data use by organizations. Almost half (48%) were concerned about how their data was being used and intended to make changes to their privacy and sharing settings. Surprisingly, 26% of the Australian users surveyed decided to change or close their Facebook account.
When combined with other research on attitudes towards data use, it becomes clear that consumers are growing increasingly aware of the value exchange that occurs with online services, social media, and companies. However, they are not satisfied with how their data is being used and who exactly is using it, signaling a future paradigm shift in the way customers respond to data breaches.
Fostering trust with cyber vigilant customers begins by explaining how you are protecting their data. Consider highlighting your security solutions and outline how customer data is only being used when necessary, and with the intention of improving customer experiences to make their lives easier.

January Newsletter: Clutch Recognizes Bit by Bit as a Leading IT Service Provider

No Images? Click here
Bit by Bit
Clutch Recognizes Bit by Bit as a Leading IT Service Provider in New York
We're pleased to announce that Bit by Bit has been featured as one of the 2018 top B2B IT service providers in New York by Clutch, a leading data-driven, third-party ratings and reviews system.
Does Your Cybersecurity Plan Include Dark Web Monitoring?
The dark web is an emerging threat to the cybersecurity of businesses around the world. It is a vast marketplace of data that hackers use to exploit weaknesses in business' networks. Hackers buy and sell data ...
The Fiscal Argument for IT Outsourcing
The complexity of information technology (IT) systems have reached a point where no company should be handling all of their IT needs themselves. Outsourcing is not only more cost effective, but it lowers a company's ...
Our Quick Start Guide is out Now!
Quick Guide to the Dark Web
Get in touch with us today!   

©2019 Bit by Bit. All Rights Reserved.

Reply with "remove" to be taken out of this list. https://bitbybit.cmail20.com/t/r-o-jttyudkl-ktlkuhhdku/o.gif

UK Quicklook

Thursday, January 24, 2019

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (98%)Top Compromise Type: Domains 
Top Industry: Manufacturing 
Top Employee Count: 11-50
 employees (36%)

Wednesday, January 23, 2019

In Other News:

In Other News:
German Politicians and Celebrities are Under AttackHundreds of German parliament members, most notably Chancellor Angela Merkel, and celebrities are having their personal details leaked in what seems to be a politically motivated cyber-attack. Information including financial details, contact information, private conversations, and more was originally leaked in December on a Twitter account, which was only recently discovered and suspended.
Although six of seven main political parties were among those affected, no members from the far-right Alternative party (AfD) seem to be impacted. Officials are saying that the data could have been obtained by hackers using stolen passwords to log into email accounts, social networks, and cloud-based services.

Be Ready for The Breach

Be Ready for The BreachSince Marriot International was breached, it has been hit with two lawsuits that claim the organization delayed the breach disclosure and weren't transparent. How an organization handles a breach makes a significant impact on public opinion and customers trust. An organization that is seen to be forthcoming, transparent, and honest to their customers is much less likely to see a serious migration of customers.
Here are some common mistakes made when reporting breaches:
  • Not having a plan – Not being prepared for a breach can lead to a panicked, unorganized response that is half-baked. Just like every organization should have a fire response plan, every organization should have response procedures in place for a breach.
  • Downplaying the incident – Your customers deserve to know if they are at risk. Also downplaying the incident is likely illegal.
  • Delaying disclosure – Delaying disclosure can compromise the trust of your customers and may be illegal.
  • Oversharing / Under sharing – Sharing too much information can lead to bad actors taking note of the vulnerability and can put other organizations at risk. Sharing too little information can leave your customers at risk.
  • Not contacting the authorities – Involving law enforcement is free and can help significantly with the investigation.

Tuesday, January 22, 2019

Ireland - Luas

Ireland - Luas  
Exploit: Website compromise via newsletter hack.
Luas: Light rail system in Dublin.
correct severe gauge
Risk to Small Business: 2.111 = SevereSince the investigation is ongoing, the extent of damage is not determined. However, the hacker responsible for the attack threatened to publish all compromised data if the demanded ransom of 1 bitcoin was not met within 5 days. Currently, no financial information has been exposed, but complete access to a company’s website can result in theft of IP, IT system interference, and entry into sensitive data.
correct moderate gauge
Individual Risk: 3 = ModerateGiven that the attack was limited to the 3,226 that signed up for the Luas newsletter and did not include payment details, the threat to individual compromises is relatively low. Nevertheless, it remains to be seen if there will be other repercussions.
Customers Impacted: 3,226 people who signed up for the Luas newsletter.
How it Could Affect Your Customers’ BusinessSituations where ransom is involved can be sticky, since there is no assurance that the hacker will not leak the data even if the ransom is paid. On the other hand, the group or person responsible has threatened to publish all data and send emails to the users, which could cause customers to avoid visiting the website or trusting their payment information with the tram service. Also, the hacker could virtually destroy the website, resulting in the company having to rebuild their entire platform.
ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web, helping reduce the impact of such a breach. See how you can benefit here: https://www.idagent.com/dark-web/.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

France and Spain - Orange

France and Spain - Orange 
Exploit: Device vulnerability in modems that reveals Wi-Fi credentials.
Orange: Telecommunications operator that offers a router product.
correct severe gaugeRisk to Small Business: 2.333= SevereAlthough such an attack can be contained by finding all the hardware products with vulnerabilities, the breach can negatively impact customers and result in the erosion of brand loyalty.
correct moderate gaugeIndividual Risk: 2.571= Moderate: Such a compromise can be dangerous because it enables hackers to execute on-location proximity attacks, which means they can travel to a company headquarters or home to access a network and then hack into connected devices nearby. Also, Wi-FI passwords might be reused elsewhere, such as the backend administration panel, allowing hackers to control the system infrastructure and create online botnets.
Customers Impacted: 19,500 customers using Orange Livebox modems.How it Could Affect Your Customers’ BusinessSecurity vulnerabilities in hardware can be financially catastrophic, as they usually result in expensive patches, product recalls, reinvention, and customer churn.ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web and can help discover this form of breach before it hits the news cycle. We work with MSP and MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

In Other News:

In Other News:
DNA For Pay The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.
What We’re Listening To

Monday, January 21, 2019

United States - BlackMediaGames (Town of Salem)

United States - BlackMediaGames (Town of Salem) 
Exploit: LFI/RFI attack that injected malicious code into database.
BlankMediaGames: Game maker of ‘Town of Salem’.
correct severe gauge
Risk to Small Business: 2 = SevereWith a number as high as 7.6M users exposed, this cyberattack has the potential to be game-changing. News broke that DeHashed, a commercial breach indexing service, discovered the successful attack before Christmas and tried alerting the company, but no actions were made to secure the hacked servers and notify users until later on. Cybersecurity experts are claiming that the company’s hashing technique (PHPBB) for securing passwords was relatively weak, meaning that it is only a matter of time until hackers were able to crack them.
correct moderate gauge
Individual Risk: 2.428 = SevereStolen user data included usernames, email addresses, hashed passwords, IP addresses, and game/forum activities. Payment information or credit card details were not exposed, but compromised information can still be leveraged to gain access to payment details on other similar accounts.
Customers Impacted: 7.6M users of ‘Town of Salem’.How it Could Affect Your Customers’ BusinessAlthough BlankMediaGames clarified that it does not handle payment information, users may not fully grasp what this means. When they hear breach, they feel exposed. To further compound the issue, the company admitted that its hashing platform for passwords was not as secure as it could be. Overall, video game services are becoming “low hanging fruits” for cybercriminals due to the emphasis of user experience over security and increasingly growing value of digital “in-game” goods or purchases.
ID Agent to the Rescue: SpotLight ID™ is backed by our $1M identity theft restoration policy, and can help MSPs’ clients proactively protect customers while enhancing overall cyber security awareness. Learn more at:https://www.idagent.com/identity-monitoring-programs.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

United States - Quora

United States - Quora 
Exploit: Unclear at this time.
Quora: A popular question and answer site that boasts 300 million monthly active users.
correct severe gauge
Risk to Small Business: 2.333 = SeverePeople are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.
correct moderate gauge
Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks 
Customers Impacted: Unclear at this time.
How it Could Affect Your Customers’ BusinessQuora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 - Extreme Risk
2 - Severe Risk
3 - Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
Exploit: Credential Stuffing.
Humble Bundle: Humble Bundle, Inc. is a digital storefront for video games, which grew out of its original offering of Humble Bundles, collections of games sold at a price determined by the purchaser and with a portion of the price going towards charity and the rest split between the game developers.
correct severe gaugeRisk to Small Business: 2.333 = SevereThe breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
correct moderate gaugeIndividual Risk: 3 = Moderate: No information directly related to the individual has been compromised other than the subscription status of users.
Customers ImpactedA “very limited” number of people.
How it Could Affect Your Customers’ BusinessThis breach is a good lesson in how it is important to report any breach, as this seemingly minor breach is most likely the first step in a spear phishing campaign.ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go tohttps://www.idagent.com/dark-web/
Risk Levels:
1 - Extreme Risk2 - Severe Risk3 - Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Friday, January 18, 2019

Small Business, Big Risks

Mobile Fraud

Twitter Memes

Twitter MemesResearchers have discovered a malware that is being distributed by hackers, which receives instructions from… memes.
That’s right, this form of malware that targets Windows systems can “capture local screenshots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker.” It also can receive instructions from Twitter memes. This type of communication is known as stenography and hypothetically could be used to instruct many people at once with memes, while surpassing most detection systems.

So, stay frosty this holiday while perusing the interwebs for memes! Make sure all your systems are up to date and your credentials aren’t compromised… better to enjoy this season!

What We’re Listening To

What We’re Listening To
Know Tech TalksThe Continuum PodcastSecurity Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT ConsultantsRisky BusinessFrankly MSPCHANNELe2e