In-depth knowledge of cyberattacks is humanly impossible to acquire unless one takes it up as a profession. But the least we can do is stay abreast of the recent hacks, for ‘just-in-case’ situations when the knowledge of the attack might prove to be our rescuer and help prevent phishing attacks!
Security Alert For Under-18 Instagram User In Ireland
If you are an under eighteen Instagram user, then perhaps the app has let you down. The Data Protection Commissioner (DPC) of Ireland is currently investigating the app for its poor handling of children’s data. But like in every other privacy issue that Facebook (Instagram’s owner) undergoes, it has denied the responsibility of breaking privacy laws.
Although Facebook is cooperating with the DPC for protection against phishing, the DPC findings are yet to unfold whether the app will be fined for violating children’s data protection rights.
Morgan Stanley To Pay A Hefty Fine
Remember the inefficient decommissioning of two data centers by Morgan Stanley in 2016? They had failed to dispose of customers’ data and kept people in the dark for three years until a similar decommissioning error happened in 2019. But anti-phishing negligence doesn’t go off so easily after all!
The US Office of the Comptroller of Currency has imposed a fine of $60 million on Morgan Stanley for its faulty decommissioning practices, namely, its “inadequate risk assessment and monitoring of third-party vendors and a failure to keep track of customer information.” The OCC further notes that there has been noncompliance with 12 CFR Part 30, Appendix B, “Interagency Guidelines Establishing Information Security Standards,” because of which the bank must pay the $60 million penalty to the United States Treasury.
The nth Attack On School District This Year
It’s almost every week that we hear of anti-phishing solutions failing to protect school districts and colleges from cyberattacks. The newest addition to this list of data breaches targeting school districts is the Maze attack on Toledo Public Schools (TPS), Ohio.
The adversaries stole and published nearly 9 GB of PII (names, addresses, phone numbers, dates of birth, and Social Security numbers) belonging to the faculty and students. Though Maze claims to have published only a portion of the stolen data, the district hasn’t received any ransom demands. They shall provide free credit monitoring to victims, but what good would it do when attackers are already in possession of people’s data!
Insider Threats Are Real: Scalable Capital Data Breach
When cyber experts insist on the principle of least privileges, they suggest avoiding security incidents like the one that recently happened at the Germany based advisory firm Scalable Capital.
Since the enterprise has hinted towards the unlikelihood of any security flaw in its system causing the breach, it leaves us to interpret that perhaps an insider is responsible for the breach. The incident has compromised the tax identification numbers, banks and ID details, securities accounts, and clients’ contact information.
This blunder at Scalable Capital has affected the lives of over 20,000 people in Germany and the UK. They are adopting email security services now, but sadly, nothing can undo the loss to individuals!
Ransomware Makes IT Group Speechless
Have you ever wondered what would happen if your service provider becomes the victim of a cyber attack? Enterprises like BNP Paribas, La Banque Postale, Société Générale, HSBC, Hyundai Capital, Crédit Agricole, RBS, and Bank of China are undergoing the same dilemma as their IT services provider – Sopra Steria experienced a cyber-attack on 20th October.
Although Sopra Steria is taking cyber security measures, they haven’t disclosed much about the attack. Media reports suggest that the ransomware actors have them tongue-tied.
Data Breaches Are Unbiased: Target Even Regional Retailers
Just when we think that the adversaries do not target lesser-known enterprises, they prove us wrong. The recent data breach at a regional retailer in Oregon called ‘Made in Oregon’ exemplifies this. The retailer’s database was accessible to adversaries for six months from February until August. During this period, customers’ sensitive information, such as their names, email credentials, billing addresses, and payment card details, were accessed by third parties.
If you think SMEs do not take cybersecurity lightly, it would surprise you to know that Made in Oregon is yet to figure out if any more customer details were exposed in the attack! But at least the retailer is working with computer forensics for security and providing free credit monitoring to affected individuals.
Ransomware Group Darkside Into Charity
For all those who believe that sins are forgiven through charity, we have a practitioner. Apparently, not all hackers are after financial gains – some threat actors donate stolen money!
The ransomware group Darkside (which attacks only ‘large enterprises’) donated $10,000 to two NPOs – Children International and The Water Project. It notified viewers via a post, “We think it’s fair that some of the money they’ve paid will go to charity. No matter how bad you think our work is, we are pleased to know that we helped change someone’s life.”
Though commendable, Darkside’s philanthropy is unlikely to benefit either NPOs as it’s illegal to keep funds from such criminal sources. Too bad that Darkside’s money will end up on the dark side!
And that’s the week that was.