UK Quicklook

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (98%)Top Compromise Type: Domains 
Top Industry: Manufacturing 
Top Employee Count: 11-50 employees (36%)

In Other News:

In Other News:

German Politicians and Celebrities are Under AttackHundreds of German parliament members, most notably Chancellor Angela Merkel, and celebrities are having their personal details leaked in what seems to be a politically motivated cyber-attack. Information including financial details, contact information, private conversations, and more was originally leaked in December on a Twitter account, which was only recently discovered and suspended.

Although six of seven main political parties were among those affected, no members from the far-right Alternative party (AfD) seem to be impacted. Officials are saying that the data could have been obtained by hackers using stolen passwords to log into email accounts, social networks, and cloud-based services.
https://www.bankinfosecurity.com/hackers-leak-hundreds-german-politicians-personal-data-a-11915

Be Ready for The Breach

Be Ready for The BreachSince Marriot International was breached, it has been hit with two lawsuits that claim the organization delayed the breach disclosure and weren't transparent. How an organization handles a breach makes a significant impact on public opinion and customers trust. An organization that is seen to be forthcoming, transparent, and honest to their customers is much less likely to see a serious migration of customers.

Here are some common mistakes made when reporting breaches:

• Not having a plan – Not being prepared for a breach can lead to a panicked, unorganized response that is half-baked. Just like every organization should have a fire response plan, every organization should have response procedures in place for a breach.
• Downplaying the incident – Your customers deserve to know if they are at risk. Also downplaying the incident is likely illegal.
• Delaying disclosure – Delaying disclosure can compromise the trust of your customers and may be illegal.
• Oversharing / Under sharing – Sharing too much information can lead to bad actors taking note of the vulnerability and can put other organizations at risk. Sharing too little information can leave your customers at risk.
• Not contacting the authorities – Involving law enforcement is free and can help significantly with the investigation.

https://www.darkreading.com/attacks-breaches/7-common-breach-disclosure-mistakes/d/d-id/1333401?image_number=1

https://www.proofpoint.com/us/resources/threat-reports/quarterly-threat-analysis

Ireland - Luas

Ireland - Luas  

https://www.independent.co.uk/travel/news-and-advice/luas-website-down-dublin-tram-hacked-not-working-data-leak-bitcoin-a8709446.html 

Exploit: Website compromise via newsletter hack.
Luas: Light rail system in Dublin.

Risk to Small Business: 2.111 = Severe: Since the investigation is ongoing, the extent of damage is not determined. However, the hacker responsible for the attack threatened to publish all compromised data if the demanded ransom of 1 bitcoin was not met within 5 days. Currently, no financial information has been exposed, but complete access to a company’s website can result in theft of IP, IT system interference, and entry into sensitive data.

Individual Risk: 3 = Moderate: Given that the attack was limited to the 3,226 that signed up for the Luas newsletter and did not include payment details, the threat to individual compromises is relatively low. Nevertheless, it remains to be seen if there will be other repercussions.

Customers Impacted: 3,226 people who signed up for the Luas newsletter.
How it Could Affect Your Customers’ Business: Situations where ransom is involved can be sticky, since there is no assurance that the hacker will not leak the data even if the ransom is paid. On the other hand, the group or person responsible has threatened to publish all data and send emails to the users, which could cause customers to avoid visiting the website or trusting their payment information with the tram service. Also, the hacker could virtually destroy the website, resulting in the company having to rebuild their entire platform.
ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web, helping reduce the impact of such a breach. See how you can benefit here: https://www.idagent.com/dark-web/.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

France and Spain - Orange

France and Spain - Orange 

https://www.zdnet.com/article/over-19000-orange-modems-are-leaking-wifi-credentials/

Exploit: Device vulnerability in modems that reveals Wi-Fi credentials.
Orange: Telecommunications operator that offers a router product.

Risk to Small Business: 2.333= Severe: Although such an attack can be contained by finding all the hardware products with vulnerabilities, the breach can negatively impact customers and result in the erosion of brand loyalty.

Individual Risk: 2.571= Moderate: Such a compromise can be dangerous because it enables hackers to execute on-location proximity attacks, which means they can travel to a company headquarters or home to access a network and then hack into connected devices nearby. Also, Wi-FI passwords might be reused elsewhere, such as the backend administration panel, allowing hackers to control the system infrastructure and create online botnets.

Customers Impacted: 19,500 customers using Orange Livebox modems.How it Could Affect Your Customers’ Business: Security vulnerabilities in hardware can be financially catastrophic, as they usually result in expensive patches, product recalls, reinvention, and customer churn.ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web and can help discover this form of breach before it hits the news cycle. We work with MSP and MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

In Other News:

In Other News:

DNA For Pay The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.

https://www.telegraph.co.uk/news/2018/12/05/nhs-storing-patients-genetic-data-high-security-army-base-due/

What We’re Listening To

Know Tech Talks
The Continuum PodcastSecurity Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!TubbTalk – The Podcast for IT ConsultantsRisky BusinessFrankly MSPCHANNELe2e