Cyber-demic Update
Michael Bruemmer
Global Data Breach Resolution @ Experian | CIPP/US and Fraud Expert
June 2021
A monthly digest on the impact of COVID-19 in the cybersecurity space in particular to the vaccine rollout, remote working and rise of new threat vectors.
---------------------------------------------------------------------------------------------------------------
To Pay or Not To Pay?
If you haven’t heard about the latest ransomware attacks, you are under a rock…But don’t worry, there are many more to come…I’ve been in this business a long time and what we have seen lately is significant…A big wow for me was that JBS, US beef supplier, paid the $11M ransom to REvil…The jaw dropper is that they had been able to take back operations but paid to “mitigate any unforeseen issues,” which sounds like some modern racketeering…Besides keeping CEOs up at night, this is rocking the cyberinsurance industry…Many are pulling out of covering this claim or expectedly will start having to raise rates or create super premiums…An industry assessment report said the future looks “grim”…Will businesses be able to support this higher cost or just ensure a stash is available to pay attackers?
We Will, We Will… Rock You
Reports say that we’ve had the largest password file breach ever of a 100-gigabyte file containing 8.4 billion password entries called RockYou2021 on a hacker site….It’s bigger than the Compilation of Many Breaches (COMB) leak from February containing 3.2 billion email and password combinations...Together that’s almost as much as all that was stolen last year…What should you do?...Easy, change your passwords…As a Texan, companies here better shore up their security or else you will end up on the “wall of shame” as the Texas legislature approved a bill which directs the attorney general to post on this website a public listing of received data breach notifications for any breach involving at least 250 residents.
New Gadgets, New Problems
For you gadget lovers, I know getting the latest technology is fun but what won’t be is when it’s hacked…The latest example is Apple’s AirTag and in just a few weeks many security researchers hacked it…A good overview of what these experts were able to do is here…It’s certainly another breach surface but I don’t think it’s too much of a risk for consumers…For more about new technologies including apps and risks, read my colleague Brian Stack’s post…The greater risks to consumers are organizations getting breached…According to the @Verizon data breach report remote working led in the source for incidents as expected... Denial of service (DDoS) were the most common type of attack, but social engineering and basic web application attacks caused the majority of data breaches…Read the report here.