F12.net Security Bulletin – The Marriott & More

5/5 - (4 votes)

Security Summary of November 2018

F12.net produces this bulletin to quickly inform business leaders and their teams about recent security threats and defensive steps they can take.  Lots of buzz today about the Marriott’s huge security breach.  However, this isn’t the only news you need. Feel free to forward this information to your colleagues and contacts.

State of Security

Weekly announcements of security breaches among corporate, government, and not-for-profit organizations continue to mount. We have seen a dramatic uptick in targetted phishing emails over the last six weeks.  The scammers are finding ways around common preventative measures, including Microsoft Office 365’s usually reliable filters. New strains of ransomware are making an aggressive comeback, after a period of relative tranquillity. Incidentally, the FBI just laid charges against two suspects of the successful ransom of the University of Calgary in 2016.

Noteworthy Security Breaches

November was a busy month for security breaches.  Major corporate names shared headlines with not-for-profits and healthcare agencies.

Exploit: Ongoing unauthorized access since 2014
Starwood: Starwood hotel chain merged with Marriott two years ago
Individual Risk: We asses the risk as severe. The hack included names, mailing addresses, phone numbers, passport numbers, dates of birth, arrival and departure information, reservation dates and may have included credit card numbers and expiration dates for some guests.

Exploit: Technical error
Amazon: Online shopping behemoth
Individual Risk: We asses the risk as moderate. The hack did not include passwords, but it did include names and email addresses. Users are at increased risk of phishing attacks.  Worse, Amazon’s notice was inadequate and seemed like a phish, itself. Amazon is offering gift cards to data beach victims.

United StatesMake-a-Wish Foundation
Exploit: Crypto jacking
Make-A-Wish: Non-profit that arranges experiences for children with critical illnesses
Individual Risk: We asses the risk as low. No information related to individuals was compromised.  There is a small risk of reputation damage to Make-a-Wish as the hack resulted in CPU power going to mine for cryptocurrency.

United StatesThe Southwest Washington Regional Surgery Center
Exploit: Phishing Attack
Southwest Washington Regional Surgery Center: Surgery center specializing in orthopedic, spine, podiatry, pain management and plastic surgery
Individual Risk: We asses the risk as severe. Those affected are at increased risk of identity theft, and their medical data may be sold on the dark web.

CanadaOntario Cannabis Store / Canada Post
Exploit: Supply Chain Breach – access to Canada Post’s delivery tracking tool
Ontario Cannabis Store: Recreational cannabis store
Canada Post:  A crown corporation and primary postal operating in Canada
Individual Risk: We asses the risk as moderate. Those affected are at increased risk of identity theft, and they may be at risk for social stigma if they had preferred to keep their cannabis use private.

United States – HSBC Bank USA
Exploit: Multiple compromised online accounts
HSBC Bank: One of the worlds’ largest banks
Individual Risk: We asses the risk as severe. From what we know today, this breach only affects HSBC USA, not their London parent or its global network. Accessed information may include names, account information, statements, transaction details, account balances, and payee account information.

Exploit: Malicious web browser extensions
Facebook: One of the worlds’ largest social media platforms
Individual Risk: We asses the risk as severe. Facebook has suffered many hacks over the last year; this latest is no confidence builder. In this incident, a malicious browser add-on scooped the private messages of 81,000 users.  A hacker is trying to sell the records online.

Other noteworthy breaches include the Girl Scouts of America, the NorthBay Healthcare Corporation in the USA, and a massive financial breach in Pakistan (data for sale on the Dark Web for $100 a record).

Steps You Can Take

Below are some steps your organization can take to protect from data compromised by a security breach or, worse, making the list of breached organizations.

Prevention – Basic steps you should take include up to date antivirus & security patches, unique, fresh, & long corporate passwords, multi-factor authentication, ongoing security awareness training, and regular reviews of your security posture. To limit phishing and malicious emails, ask your IT provider about ATP, DMARC, DKIM and SPF. F12.net, a SOC 2 certified IT provider, offers these services and more.

Monitoring – New services, including F12’s affordable Dark Web Monitoring, scour the dark corners for the internet and alert you when your business accounts or Personally Identifiable Information (PII) is detected.

Detection and ResponseManaged security services, such as F12 Secure, help organizations who cannot compromise on security by arming them with a 24X7 Security Operations Centre, Security Information and Event Management, incident response capabilities, and post-incident forensics.

Assessment –Before investing in any security solutions, it may be wise to find out where your weak links are.  F12.net offers penetration testing, social engineering testing, and security risk assessments. Book a consultation to discuss if these services might be right for you.

Recovery – No matter how robust your IT security, your last defence against ransomware or malicious data destruction is a secure backup solution and a proven disaster recovery plan. No IT regime will ever be 100% foolproof against user error or malicious actors. But, your backup and recovery must be.