Exploitation of vulnerabilities almost tripled as a source of data breaches last year

Verizon’s annual data breach report identified the MOVEit hack as the “poster child” of the phenomenon.

The post Exploitation of vulnerabilities almost tripled as a source of data breaches last year appeared first on CyberScoop.

Continue reading Exploitation of vulnerabilities almost tripled as a source of data breaches last year

Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events

There’s a relatively small swath of cyberattacks mixed among the more common variety that are truly extreme, costing tens of million of dollars and beyond, or exposing millions of records. A report out Tuesday identified a little over 100 that fit that description over the past five years. The researchers learned that these massive events cost a median of $47 million and usually came via straightforward hacks or ransomware. They appear to be growing more frequent, and nation-state hackers are behind them to a surprising degree, the report says. But the report from the Cyentia Insitute, a data science firm, also found that these extreme attacks don’t affect all their targets in the same way. Some cost companies nearly 100 times their revenue, while others were still just a drop in the bucket, costing as little as 0.1 % of their revenue. And the financial, information and manufacturing sectors accounted for more than half of the 103 incidents. “What […]

The post Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events appeared first on CyberScoop.

Continue reading Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events

Barnes & Noble cyber incident could expose customer shipping addresses, order history

Barnes & Noble told customers it was the victim of a cyberattack that led to “unauthorized and unlawful access” of its corporate systems. Barnes & Noble didn’t detail the entire nature of the “cybersecurity attack” in its email Wednesday, but confirmed that customers’ shipping addresses, billing addresses, email addresses and phone numbers could have been exposed. Payment card information wasn’t compromised as a part of this incident, but customers’ order history may also be exposed, according to Barnes & Noble. “We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the bookseller said in its alert to customers. Customers’ access to Nook e-readers has also been interrupted, Barnes & Noble said on Twitter. It was unclear how many customers the incident impacted. Barnes & Noble did not disclose how it discovered the incident, only noting that it was “made aware” of it on Oct. 10. It’s […]

The post Barnes & Noble cyber incident could expose customer shipping addresses, order history appeared first on CyberScoop.

Continue reading Barnes & Noble cyber incident could expose customer shipping addresses, order history

Money is still the main motivating factor for hackers, Verizon report finds

It’s a fact that seems obvious at first, but jarring when put into context: cybercrime is a lucrative business that continues to grow at a remarkable rate, according to the authors of a sweeping overview of major security incidents over the past year. Eighty-six percent of the data breaches in 2019 were motivated by money, according to Verizon’s annual Data Breach Investigation Report, which was released Tuesday. While the techniques have shifted, the figure is a significant uptick from the 71% of breaches that were financially motivated in 2018. “Attackers are going to look anywhere they can to generate revenue,” said Gabriel Bassett, senior information security data scientist at Verizon, adding that scammers are going about this tactic by re-using stolen usernames and passwords, and experimenting with email scams. Verizon’s DBIR has emerged as a reliable benchmark in assessing corporate cybersecurity threats and defenses. This year’s iteration analyzed roughly 157,000 […]

The post Money is still the main motivating factor for hackers, Verizon report finds appeared first on CyberScoop.

Continue reading Money is still the main motivating factor for hackers, Verizon report finds

Verizon Cybersecurity Report: Sweat the Small Stuff

The 2019 Verizon Data Breach Investigations Report published recently finds 69% of the 2,013 data breaches analyzed were perpetrated by outsiders, with organized crime rings accounting for 39% of breaches and state-sponsored entities accounting for 23… Continue reading Verizon Cybersecurity Report: Sweat the Small Stuff

Financial crime outpaces espionage as top motivation for data breaches, Verizon report finds

Once again, it all comes back to the money. Seventy-one percent of the data breaches that occurred in the last year were financially motivated, according to Verizon’s annual Data Breach Investigations Report. While there’s been uptick in espionage targeting the manufacturing sector, the overwhelming majority of cybercrime still is carried out by hackers primarily interested in making a buck. Just ask the financial companies: For the first time last year, they reported more instances of fraud when a physical card was not used than when a card was present. “It’s not necessarily that attackers are changing their techniques, or even evolving,” said Alex Pinto, head of security research at Verizon, of the findings. “It’s that attackers are keen to go after whoever is the easiest target … and there was a very sharp uptick on financially motivated social engineering.” Verizon’s DBIR has become a well-regarded barometer of threats, hacking techniques and […]

The post Financial crime outpaces espionage as top motivation for data breaches, Verizon report finds appeared first on CyberScoop.

Continue reading Financial crime outpaces espionage as top motivation for data breaches, Verizon report finds

Transcription Service Leaked Medical Records

MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians. Continue reading Transcription Service Leaked Medical Records

Senate’s Use of Signal A Good First Step, Experts Say

The Senate’s use of the end-to-end encrypted messaging app Signal is a good first step in protecting U.S. democratic institutions, but much more needs to be protected. Continue reading Senate’s Use of Signal A Good First Step, Experts Say

Verizon’s annual data breach report is depressing reading, again

The takeaway from the 10th annual Verizon Data Breach Investigations Report is depressingly familiar: Of the 1,935 breaches analyzed, 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber-hygiene measures. The DBIR, an analysis of breaches and incidents investigated by Verizon personnel or reported by one of their 65 partner organizations, is one of the most comprehensive reports in an industry that sometimes seems to specialize in thinly sourced surveys — marketing gussied up as research. So its release is closely watched by cybersecurity mavens every April. But in recent years, the DBIR has become a repetitive litany of attacks that exploit well-known and long patched vulnerabilities in familiar ways. The 2017 report released Thursday found, for example, that 81 percent of hacking-related breaches employ either reused/stolen passwords or weak/crackable ones. “There is no such thing as an impenetrable system, but doing the [cybersecurity] […]

The post Verizon’s annual data breach report is depressing reading, again appeared first on Cyberscoop.

Continue reading Verizon’s annual data breach report is depressing reading, again