Cybercrime is More Lucrative Than Drug Trade

Cybercrime is More Lucrative Than Drug TradeAccording to researchers, cybercrime is the world’s fastest growing criminal industry. This may come as a surprise to some, considering cybercrime in this comparison goes head to head with the infamous and profitable illegal drug trade.

Cyber defense spending will increase as well, with the report predicting over $1 trillion in spending on cybersecurity between 2017 and 2021 and keeping the cybersecurity unemployment rate around 0%.
https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/

In Other News:

In Other News:Alarming News A hacker warned an unsuspecting homeowner of his ability to hack the man’s home security system by speaking to him through it. In a circumstance that could only be described as ‘alarming’, a hacker who claimed to be with anonymous told the Arizona man, through the Nest security system he had installed, that he had been hacked. The hacker then listed passwords the man had on other sites. If you have a Nest security system, you may want to consider contacting the manufacturer about this incident.

https://www.usatoday.com/story/tech/2018/12/10/phoenix-man-hacker-broke-talked-nest-security-cam-home/2262816002/

Brazil - Cadastro de Pessoas Físicas Database - BREACH

Brazil -  Cadastro de Pessoas Físicas Databasehttps://cyware.com/news/misconfigured-cloud-server-exposed-taxpayer-id-numbers-of-120-million-brazilians-91298892

Exploit: Exposed database.
Cadastro de Pessoas Físicas (CFP) Database: CFP is a Brazilian national identifying number attributed by the Brazilian Federal Revenue, that must be issued before opening a bank account, creating a business, paying taxes, or getting a loan.

	Risk to Small Business: 1.777= Severe: The breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
	Individual Risk: 1.857= Severe: There is a significant amount of personal information that was exposed during this breach that would be highly useful to a bad actor wishing to engage in a spear phishing campaign.

Customers Impacted: 120 million Brazilians.How it Could Affect Your Customers’ Business:  The personal data of customers was exposed which would be highly damaging for any organization. In many countries, the organization would also face consequences from the government such as fines.ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go tohttps://www.idagent.com/dark-web/.Risk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

China - Boomoji

China - Boomoji https://techcrunch.com/2018/12/13/popular-boomoji-app-exposed-millions-contact-lists-location-data/
Exploit: Exposed database.
Boomoji: A Chinese company that makes personalized animated avatar to be sent over text and other various apps.

	Risk to Small Business: 2.111 = Severe: Exposed databases can be very embarrassing for a company because there is no excuse for leaving the database where customer information is stored unsecured. Customers are unlikely to return to the service, and if they do could be hesitant to enter in credit card information or reveal more of their data because they figure it could be at risk as well.
	Individual Risk: 2.111 = Severe: Those affected by this breach are at an increased risk of phishing attacks. This is made a severe risk in this case because the exposed information included the contact books of the users who gave the app permission to access it.

Customers Impacted: Over 5 million users.
How it Could Affect Your Customers’ Business: Not only is the exposed database embarrassing for the organization, but the company lied about the extent of the breach by stating the databases were for testing purposes only. Not being upfront about the breach can result in a further loss of trust in the company by the customer.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programsRisk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Receiving endless robocalls on your cell phone? You’re not alone.

Receiving endless robocalls on your cell phone? You’re not alone.
According to Hiya, US consumers received 26.3 billion robocalls in 2018, a 46% year-over-year increase. Estimates show that the average person receives 10 unwanted calls per month, with 25% of them being scams. Most consumer complaints can be categorized into general spam, fraud, and telemarketing.

However, this year holds the promise of significantly reducing robocalls, with the Federal Communications Commission (FCC) calling for the implementation of a call-authentication system by the end of the year. This approach would combat caller ID spoofing by requiring carriers to author a signature on calls from their network that would then be validated by other carriers.

Currently, robocalls are the leading source of consumer complaints according to both the FCC and Federal Trade Commission (FTC). In 2017, the FTC received 71 million unique grievances even though 200 million US consumers were registered to a Do Not Call list.

https://www.zdnet.com/article/plagued-by-robocalls-26-billion-spam-calls-in-2018-quarter-from-scammers/ 

Breaches - France, New Zealand, Australia, Canada US and UK

United States - Houzz

Exploit: User data exposure. Houzz: Home improvement and interior decorating startup Risk to Small Business: 1.555 = SevereCustomers Impacted: To be determined >> Read full details on our blog.

United States - Colorado CCPSA

Exploit: Employee phishing attack. Colorado CCPSA: Private physician practice in Lakewood, CO. Risk to Small Business: 1.333 = Severe Customers Impacted: 23,377 patients. >> Read full details on our blog.

Canada - Quinte Health Care 

Exploit: Privacy breach by rogue employee. Quinte Health Care: Health care services provider for Prince Edward and Hastings Counties as well as the southeast portion of Northumberland County. Risk to Small Business: 1.555 = SevereCustomers Impacted: To be determined.  >> Read full details on our blog.

Canada - Canada Revenue Agency 

Exploit: Privacy breach by rogue tax workers Canada Revenue Agency: Tax law administrator for the government of Canada Risk to Small Business: 1.777 = Severe Customers Impacted: 41,631 Canadians  >> Read full details on our blog.

United Kingdom - Kwik Fit 

Exploit: Malware attack Kwik Fit: Car service specialist Risk to Small Business:  1.777 = Severe Customers Impacted: Unknown  >> Read full details on our blog.

France - Airbus 

Exploit: Breach of business information systems Airbus: Aircraft manufacturer and world's second largest aerospace group Risk to Small Business: 2.111 = SevereCustomers Impacted: To be determined  >> Read full details on our blog.

Australia - 8 Anonymous Web Hosting Providers 

Exploit: "Manic Menagerie" malware attack Web Hosting Providers: Australian companies that provide web hosting services Risk to Small Business: 2.000 = SevereCustomers Impacted: Unknown  >> Read full details on our blog.

New Zealand - Cryptopia

Exploit: Payment fraud Cryptopia: Online cryptocurrency exchange. Risk to Small Business: 1.555 = Severe Customers Impacted: 17,000 cryptocurrency wallets >> Read full details on our blog.

Small business ransom!