AXEL.org

Cybersecurity

Hackers Enjoy Open Season for Data

Much like open mic night at the local Giggle Barn, the hacks just keep on coming. In the last four weeks alone, there have been many developments. Here are some of the most publicized cases.

Equinix ransomware

Equinix is a large data center based in Redwood City, California. Obviously, data centers are prime targets for threat actors. They’re equivalent to banks for bank robbers. Over the U.S. Labor Day holiday weekend, hackers from the group “NetWalker” gained access to Equinix’s systems and unleashed their ransomware.

NetWalker’s payload operates similarly to other ransomware. Once it has infected a network, sensitive files are encrypted, and the hackers demand a hefty ransom to unlock them. NetWalker is interesting because there seems to be a connection to Russia in at least a semi-official capacity. One of their core tenets is not attacking entities located in Russia or the Commonwealth of Independent States. Whatever their affiliations, it’s undeniable that they have been successful recently. Since March this year, they have collected $25 million[1] in ransom.

They have demanded $4.5 million alone for the Equinix incident. It is unknown if Equinix has paid at the moment, but NetWalker has a history of dumping the affected files on black marketplaces once the deadline expires. So, it should be known soon whether they reached a deal.

$5.4 million crypto heist

On September 8th, thieves stole $5.4 million in various cryptocurrencies from the Slovakian exchange, Eterbase. The cyber bandits got away with undisclosed amounts of Bitcoin, Ethereum, Ripple, Tezos, Algorand, and TRON. They moved the stolen crypto into wallets housed on major exchanges such as Binance and Huobi.

Eterbase claims they have the capital necessary to take the hit and will reimburse any affected investor.  They have already notified the proper authorities and are working with the other exchanges to track the culprits. Heists such as this have caused other small exchanges to close in the past, so it’s good to see Eterbase holding firm.

300K WordPress sites exploited

On September 1st, those in the cybersecurity community found a critical vulnerability in specific versions (6.0-6.8) of the File Manager plugin for WordPress. When exploited, it allows malicious actors to run unauthorized code. While the exploit was closed quickly with the release of version 6.9, analysts conclude that up to 300,000 websites are still susceptible.

Since finding the exploit, hackers have been probing WordPress sites non-stop. In a strange twist, many hackers have found themselves fighting off other hackers after gaining illicit access to a site. Hackers hacking hackers.

If you run a WordPress website with the File Manager plugin, please check to ensure you’re running version 6.9 (or higher if you’re reading this in the future). If not, update immediately.

Argentinian government attacked

NetWalker sure is busy! Less than two weeks before the Equinix attack, the hacker gang disrupted operations of Argentina’s national immigration agency.  On the morning of August 27th, workers for the agency noticed that certain Windows files and shared folders were inaccessible. It resulted in a momentary closure of border stations throughout the country while they contained the breach.

NetWalker demanded $2 million to restore access, then upped it to $4 million when the deadline passed. Argentinian officials aren’t worried, however. They say they will refuse to negotiate with the group and don’t intend to recover the compromised information.

Russian arrested for trying to bribe Tesla employee

This story isn’t about a successful attack, but the attempt is so fascinating it needed a mention. On August 22nd, FBI authorities arrested a Russian man for attempting to bribe a Tesla employee. Egor Igorevich Kriuchkiv offered the worker $1 million to install ransomware on the electric car manufacturer’s internal servers.

Luckily, the Russian-speaking employee did not take up Egor’s offer, instead opting to notify law enforcement. A sting operation led by the FBI eventually resulted in the would-be hacker’s arrest.

It’s nice to see a foiled plot instead of a multimillion-dollar ransom every once in a while.

Iranian hacker group sells admission to compromised networks

This month, intelligence experts revealed that a hacker gang supporting Iran’s Ministry of Intelligence is selling access to international corporate networks on the Dark Web. The group is known as Pioneer Kitten, aka Fox Kitten, aka PARISITE, and is notorious in the global cyber intelligence community. First identified in 2017, Pioneer Kitten typically attacks VPN exploits to gain access to sensitive information deemed as useful intelligence by Tehran.

Starting in late July, the group began selling access to corporate and government networks throughout the world. This included compromised systems in countries such as the United States, Israel, Australia, France, Germany, the United Arab Emirates, and more. The attacks centered around tech, defense, and healthcare organizations, all of which store vast amounts of confidential data.

Analysts believe the sale of this high-value intelligence information would not be permitted by the Iranian government, leading to speculation that the group is not an official state entity, and only contracted by Tehran.

The University of Utah suffers a ransomware attack

On August 19th, The University of Utah admitted hackers carried out a successful ransomware attack in late July. The malicious agents encrypted student information on the College of Social and Behavioral Science’s servers. In the end, the university paid out over $450K to prevent the data from leaking to a Dark Web marketplace.

A representative for the university confirmed that a cybersecurity insurance policy paid the sum and that no taxpayers were on the hook. The rep also claimed the hack did not affect any central servers.

While it did not end up being a multimillion-dollar incident like other high-profile attacks, the use of cybercrime insurance is noteworthy. The trend of commonplace insurance is likely to continue as more attacks occur. Ironically, organizations known to have policies may become higher-priority targets, since hackers assume they will receive a payout.

1TB data stolen from liquor manufacturer

Brown-Forman, a United States spirits and wine conglomerate, announced in mid-August that they experienced a 1TB data breach. The parent company of brands such as Jack Daniels, Korbel wine, and Finlandia vodka fell victim to infamous hacker group REvil. Also known as Sodinokibi, REvil has many well-known incidents under their digital belts, including attacks against pop-star Lady Gaga and U.S. President Donald Trump.

The hackers gained access to many confidential documents, including business contracts, financial statements, and employee information. It could have been worse for the beverage giant; however, as the criminal syndicate was not able to encrypt any data. Nonetheless, REvil threatened to sell the information online if they did not receive a hefty ransom. Brown-Forman does not appear to be cooperating. At AXEL, we believe this hardball approach is the right one. Do not negotiate with terrorists.

Canon’s stolen files leaked

In early August, the camera and photo-equipment manufacturer, Canon, underwent a Maze ransomware attack. It was so bad, their image.canon website was down for six days. Canon refused to pay and was evidently able to unlock a portion of the infected files.

Then, on August 14th, the Maze gang released 5% of their ill-gotten data treasure to the internet. Their website claims it was only 5% of the files they have. It’s been a month since the leak, and there hasn’t been any further news on the subject. This leads some to believe Canon acquiesced and paid not to have more information revealed.

Data security

As you probably noticed, hacking is big business these days. With the recent proliferation of remote desktops, sophisticated phishing attacks, and cybercrime insurance policies, it doesn’t appear that it will end any time soon.

That’s why individuals and businesses alike need robust, secure data storage and sharing solutions. AXEL Go is the best application to fit these needs. AXEL Go allows for private, secure storage and sharing. Based on IPFS and blockchain technology, users receive high performance and protection not seen in other platforms. Optional AES-256 bit password encryption locks things down even further to prevent any unauthorized access. Try out our full-featured Basic service for free.

 

[1] Catalin Cimpanu, “NetWalker ransomware gang has made $25 million since March 2020”, ZDNet, Aug. 3, 2020, https://www.zdnet.com/article/netwalker-ransomware-gang-has-made-25-million-since-march-2020/#:~:text=The%20NetWalker%20gang%20has%20established,dangerous%20ransomware%20groups%20out%20there.&text=The%20operators%20of%20the%20NetWalker,security%20firm%20McAfee%20said%20today.

The Effect of COVID-19 on Data Breaches

The ongoing global pandemic has affected nearly all aspects of life as we know it. One area you may not have considered is corporate security. The landscape of data breaches has transformed since the onset of COVID-19. With little hope for a proven vaccine soon, organizations will probably have to deal with these consequences for a while.

A coalescence of factors

COVID-19 has proven to be a perfect storm regarding cybersecurity issues. Many variables have contributed to this.

First, furloughs, layoffs, and sick leave have reduced the human capital organizations have at their disposal. IT departments have not been spared from the chopping block, either[1]. The decrease in cybersecurity professionals combined with the dip in overall revenues for the majority of companies means resources are limited. Prevention systems are weakened, or at least not fortified, providing ample opportunities for malicious agents to prod and pry.

Another important element is the rise of the remote workforce. COVID-19 has accelerated the transition of employees from the office to the home. According to a recent survey by PWC, the percentage of executives who claim that most of their office staff work remotely at least one day per week rose from 39% before the pandemic to 77% after[2]. New security measures may have to be implemented to deal with a flux of new devices, weak remote access policies, and VPN configurations. This is a massive undertaking and further taxes already-strained IT departments.

Finally, general stress and anxiety levels for employees are high. Not only do they have to worry about protecting themselves from a potentially deadly virus, but there is also great economic uncertainty. People aren’t sure whether they’ll have their jobs a month down the line. This may have the unintended effect of making them less focused on maintaining proper cybersecurity protocols.

Data breach trends during COVID-19

Trends have emerged from this strange, new environment.

Perhaps the most insidious is the prevalence of COVID-19-related phishing attacks. Hackers prey on the fears and concerns of everyday people to gain access to networks. According to research from Verizon, people were 30% more likely to click a suspicious link if it was related to the pandemic[3]. Some organizations fared especially bad, with employee click rates ranging between 30-60%. Knowing this, it’s no wonder coronavirus-based spear-phishing attacks have risen in number[4]. Bad actors are utilizing more effective techniques more often.

Another trend is an overall increase in user error. People are adapting to new working conditions and dealing with digital transformation technology they may not be familiar with, all while in the midst of a global health crisis unparalleled in recent times.

Common examples of user error include the misconfiguration of security software, accidental delivery of sensitive documents to unauthorized recipients, or mistakes with file permissions.

Attacks on unsecured remote desktop protocol machines have also spiked since the start of the pandemic[5]. Hackers have more targets now that so many people are working from home on remote desktop software. They use simple brute-force attacks to take over a system. Then, they can install any variety of ransomware, cryptocurrency mining programs, or secret backdoors.

Similarly, Virtual Private Networks (VPNs) are also being targeted[6]. While sometimes mistaken as remote desktops, they are quite different. A VPN creates an encrypted private network on top of a larger network. Remote desktops just allow users to gain access to their computers from a different location. Remote desktops give the user access to the entire computer while VPNs restrict access to the shared folders on a given network.

This, plus the standard encryption make VPNs more secure, generally. It doesn’t mean that VPNs are cannot be hacked, however. A common trend right now is malicious agents using Distributed Denial-of-Service (DDoS) attacks to overwhelm VPN systems, leaving them vulnerable to breaches.

A DDoS attack is when a hacker gains control of a large number of online computers, then uses them to steer traffic to a specific network. The sudden increase in traffic overloads the networks and causes them to crash.

Cloud-based software is being attacked more often as well. Collaborative tools such as Zoom and Slack have seen significant growth in users and therefore, more attention from cyber-thieves. Up to 1350% more attention, depending on the industry[7].

Popular cloud software is usually developed by large corporations you’d assume would be committed to tight security. The truth is, even if the developer devotes considerable resources to security, vulnerabilities remain. For example, large exploits were found in the Microsoft Azure platform that could have allowed threat actors to gain access to other users’ data[8].

Effects on the healthcare industry

Healthcare providers throughout the world have had a rough year. They are on the frontlines in the fight against COVID-19 and have had their capacities tested. You would hope that they would be able to focus most of their attention on that monumental task, but also, they have had to deal with cybersecurity threats.

For example, in June alone, there were 37 confirmed cases of IT-related data breaches in the healthcare sector[9]. Over a million healthcare records were compromised. These attacks are quite common but pose even larger risks during a pandemic.

Imagine if a busy hospital were to undergo a major hack that left important systems or health records inaccessible. This could have disastrous consequences, especially if the area was in the middle of a spike in virus cases. It could lower the hospital’s capability for patient care, or at least divert important resources.

How can companies be more prepared?

It’s impossible to be completely protected from cyber-attacks, but there are ways to mitigate risk.

The first thing to understand is that you’re only as protected as your weakest link. You may need to do a thorough audit of your network and address the troublesome areas. Perhaps your system is rock solid, but if you have suppliers or outside vendors that have access to the system, you still have potential attack points.

You also need to invest in employee education on best practices. Inform them about the stakes of a breach. Train them on common phishing techniques and proper communication protocol. It needs to be made a priority throughout the entire organization if you want to be as protected as possible.

Ensure your IT department has the resources required to mount a worthy defense. Look into new, exciting security technologies that utilize artificial intelligence and blockchain. AI can act as a constant presence, safeguarding your network and quickly informing administrators about attacks. Blockchain solutions can encrypt sensitive data and protect your file systems from being altered.

Securing data at rest and in motion

It’s disappointing that opportunistic hackers are taking advantage of a fragile moment in time, but not surprising. These malicious agents aren’t interested in doing the right thing. They’re only interested in stealing money and information. Hopefully, through a combination of preventative and mitigating techniques, you can keep your most sensitive data safe.

Axel is dedicated to data security. Our platform, Axel Go, uses blockchain encryption to provide the safest file sharing experience available. If you value privacy and security, download Axel Go today for free and get the peace of mind you need.

 

[1] Galen Gruman, “COVID-related U.S. IT job losses tick up as spike in cases creates uncertainty”, COMPUTERWORLD, Jul. 6 2020, https://www.computerworld.com/article/3542681/covid-related-us-it-job-losses-tick-up-as-spike-in-cases-creates-uncertainty.html

[2] “When everyone can work from home, what’s the office for?”, pwc, Jun. 25 2020, https://www.pwc.com/us/en/library/covid-19/us-remote-work-survey.html

[3] “Analyzing the COVID-19 data breach landscape”, Verizon, Aug. 2020, https://enterprise.verizon.com/resources/articles/analyzing-covid-19-data-breach-landscape/

[4] Fleming Shi, “Threat Spotlight: Coronavirus-Related Phishing”, Barracuda, Mar. 26 2020, https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/

[5] Ondrej Kubovic, “Remote access at risk: Pandemic pulls more cyber-crooks into the brute-forcing game”, We Live Security, Jun. 29 2020, https://www.welivesecurity.com/2020/06/29/remote-access-risk-pandemic-cybercrooks-bruteforcing-game/

[6] Sue Poremba, “Increase in Small DDoS Attacks Could Take Down VPNs”, Security Boulevard, Apr. 7 2020, https://securityboulevard.com/2020/04/increase-in-small-ddos-attacks-could-take-down-vpns/

[7] Lucian Constantin, “Use of cloud collaboration tools surges and so do attacks”, CSO, May 26 2020, https://www.csoonline.com/article/3545775/use-of-cloud-collaboration-tools-surges-and-so-do-the-attacks-report-shows.html

[8] Ronen Shustin, “Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure”, Check Point Research, Jan. 30 2020, https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/

[9] Steve Alder, “June 2020 Healthcare Data Breach Report” HIPAA Journal, Jul. 24 2020, https://www.hipaajournal.com/june-2020-healthcare-data-breach-report/

Recent Hacks Against Twitter, CWT, and Garmin

Anyone paying attention to the news lately likely knows about the large-scale hack of Twitter. It was the largest attack in the platform’s history and compromised over 130 prominent accounts[1].

It wasn’t the only recent high-profile hack, however. Two other large companies suffered major incidents as well. While they may not have been as headline-grabbing, the bandits in these cases made off with millions of dollars.

The day Bill Gates tried to scam you

No, that’s not a reference to Windows Phone. On July 15th, many public figures had their Twitter accounts hacked, including Gates, Joe Biden, Barack Obama, Warren Buffet, Kanye West, and others. These accounts were all made to tweet out a Bitcoin donation scam. By the time the attack was dealt with, the scammers got away with nearly $120,000 in BTC.

Since then, the alleged perpetrators have been identified. According to authorities, the “mastermind” behind the scheme was a 17-year old from Florida, Graham Ivan Clark. Whereas most 17-year old boys are concerned about who they’ll take to prom, Graham allegedly spent his time concocting an increasingly-complex list of digital scams. What started as trolling Minecraft players for small-time sums ended with Clark amassing over $3 million in Bitcoin[2], including the $118,000 Twitter heist.

While it has not been verified, the leading theory as to how the hackers carried out their plan is as follows:

  • They targeted employees with administrative privileges at Twitter with phone-based spear phishing attacks. Spear phishing is a social engineering method where the malicious agent attempts to convince an employee of the company to reveal sensitive information. In this case, Clark allegedly posed as a co-worker in the Twitter IT department.
  • This gave them access to powerful internal tools capable of managing high-profile accounts.
  • The agents then used these tools to change associated emails and reset passwords of the targeted accounts.
  • With full access, they were able to tweet out the Bitcoin scam.

You can imagine why this story has received much traction. It has potentially far-reaching implications beyond a moderate heist. If bad actors were able to gain access to such prominent accounts and use them for even more devious purposes, chaos could ensue. This is one reason why the FBI took a leading role in the investigation of the crime[3].

The CWT hack

The travel management firm CWT has also been in the news lately due to a cybercrime incident. Although the potential consequences of this attack are less sweeping than the Twitter incident, it is still an amazing case.

On July 27th, it was found the company paid $4.5 in Bitcoin to hackers who had infected up to 30,000 of their computers with the ransomware known as Ragnar Locker.

Ransomware is a common type of malware. The variety used in this attack encrypted data on the compromised computers. This encrypted data could not be accessed until ransom demands were met. Upon this, the hackers provided decryption keys.

Ragnar Locker is specific ransomware discovered in December 2019. Attackers employing this program have been known to use especially tricky methods to escape detection. They hide it within a virtual machine image. This image is installed in secret and then maps out all connected drives on the target’s network. Since the malware is running in a VM, it is concealed from security software. This makes it very difficult to prevent or quarantine.

The CWT case is interesting because the chat room logs of conversations between the hackers and CWT management leaked. Typically, companies faced with a hack discuss terms in private and the public is unaware of the specifics of the deal. Here, it is known that the attackers initially asked for over double the amount they ended up receiving in ransom. Still, it is amazing to think that a 49kB malware file hidden in a 282MB virtual image could net these attackers $4.5 million.

Garmin pays out

Garmin, most known for its GPS-related products and smartwatches, fell victim to ransomware on July 23rd. The attack has been tied to a notorious, Russian/Ukrainian-based hacker group known as Evil Corp.

What is there to know about this group? For one, they’re likely fans of the television show Mr. Robot. More than that, though, they are an extremely proficient group of cyber thieves. It is estimated their attacks have netted them well over $100 million in ill-gotten gains[4]. This gang is so prolific, it has received official sanctions from the United States government.

The ransomware used in the Garmin attack is called WastedLocker. Like Ragnar Locker, it also has a novel method of concealment.

Anti-ransomware programs monitor a computer’s file systems to see if a large number of files are being opened and modified sequentially. When security software detects this, it kills the process, limiting the damage done to a small number of files. WastedLocker bypasses this by opening a file into the Windows Cache Manager which is stored in the system’s RAM. It then closes the original file and encrypts it in the cache manager. Due to how Windows Cache Manager operates, the newly-encrypted file is then written back over the top of the original file in the file system.

Although it isn’t known exactly how much Garmin paid out to decrypt their files, we do know the company has retrieved their data. With an alleged demand of $10 million, it’s nearly guaranteed that Evil Corp received millions of dollars.

Leveraging the security of blockchain

At first glance, it may seem counterintuitive to use blockchain technology to stop cybercriminals. After all, the thieves typically receive their ransom payments in blockchain-powered cryptocurrency to remain as anonymous as possible. There are useful applications of the technology for cybersecurity, however.

Consider the underlying strengths of blockchain technology:

  • Data stored within the blockchain can’t be altered without being noticed immediately.
  • Data is not stored on a small number of centralized servers. The blockchain is distributed among all nodes within it, which often number in the thousands or more.

These strengths show why the tech is suited so well for data security. If a hacker were to infiltrate a node on the blockchain and alter information, it would conflict with the data on the other nodes in the blockchain, and subsequent blocks are rendered invalid. The infected nodes could be removed from the system and their data restored to a valid state before reintegration.

Databases built from blockchain technology are the future for cybersecurity. Malicious attacks of ransomware can be stopped in their tracks without significant downtime or data loss.

Securing data at rest and in motion

Axel is committed to this vision. That’s why blockchain encryption is the backbone of our Axel Go filesharing platform. Axel Go ensures your files are secure, private, and accessible from anywhere. In the age of multimillion-dollar hacker organizations, you can trust that your sensitive data is safe with us. Download it today and try it out for yourself. We’re securing data at rest and in motion.

 

[1] Michael Liedtke, “Biden, Gates, other Twitter accounts hacked in Bitcoin scam”, AP News, Jul. 15 2020, https://apnews.com/95f55c9846e880f23791845f5d0c3f38

[2] Josh Solomon, “Bail in Twitter hack: $725,000. Tampa tee’s assets: $3 million in Bitcoin”, Tampa Bay Times, Aug. 2 2020, https://www.tampabay.com/news/crime/2020/08/01/twitter-teen-makes-first-court-appearance-in-tampa/

[3] Robert McMillan, Dustin Volz, “FBI investigates Twitter Hack Amid Broader Concerns About Platform’s Security”, The Wall Street Journal, Jul. 17 2020, https://www.wsj.com/articles/fbi-investigates-twitter-hack-amid-broader-concerns-about-platforms-security-11594922537

[4] Andrew Roth, “US Charges Russian ‘Evil Corp’ hackers with $100m banking scheme”, The Guardian, Dec. 5 2019, https://www.theguardian.com/technology/2019/dec/05/evil-corp-hack-us-feds-charge-russian-hackers

The 10 WORST Data Breaches of the Decade

As another decade comes to a close, now is the perfect time to reflect on some of the top 10 worst data breaches and cyber-security blunders from the last ten years. Over the 2010s, we’ve seen the pace of technological growth rapidly advance. From the development of facial recognition software to the growth of artificial intelligence and quantum computing, the digital age has taken a monumental leap forward.

And while this technology has brought innumerable benefits, the vast quantity of personal information now stored digitally has exposed us to catastrophic privacy violations from even the smallest data breach.

While there have been data breaches as long as data has existed, the danger has never been more apparent. Our entire lives are stored digitally, from personal files like family photos to vital business data like employee records and legal documents. The digital world is inescapable, and millions of users across the web are unknowingly putting their privacy at risk.

Data breaches have become so common that society has become desensitized to the effects, which, ironically, makes it all that more dangerous.

So in case you’ve forgotten just how pervasive data breaches have become, we’ve assembled a list of the ten most damaging breaches of the last decade.

10) Facebook

Date: 2017-2019
Impact: 50 Million Users

Starting off our list is the social media powerhouse, Facebook. Although a prominent social platform, Facebook is not 100% bulletproof and has become a victim to hackers and data breaches in the past. Two years ago, Facebook announced the discovery of a bug in their site that resulted in the exposure of over 50 million accounts. By abusing the flaw, hackers were able to obtain account access tokens, which are security keys that enable users to stay logged into a Facebook account without the need to re-enter passwords when returning to the site. The real significance of this data breach was that the access tokens didn’t just allow hackers to spy on users’ private information; the tokens gave hackers full control over the victims’ accounts. The breach forced Facebook to reset the access tokens of the over 50 million affected accounts, in addition to 40 million more accounts out of precaution. (Source)

9) Uber

Date: 2016
Impact: 57 Million Users

Uber, a multi-national ride-sharing company, suffered a major data breach in 2016, which involved at least 7 million drivers and 50 million passengers. The breach compromised all sorts of personal information: names, email addresses, and phone numbers, to name but a few examples. In addition, the breach exposed over 600,000 drivers’ license numbers. What makes this data breach so much worse, is that Uber initially attempted to hide the incident to regulators and users. Instead, Uber tried to pay a $100,000.00 ransom to the hackers, in the hope that they would get rid of the data and keep the breach concealed from the public. Their plan failed, but to Uber’s credit, they did take immediate steps to secure the data and shut down further unauthorized access by the hackers. (Source)

8) JP Morgan Chase

Date: 2014
Impact: 76 Million Users and 7 Million Small Businesses

In 2014, JPMorgan Chase was the victim of a cyber-attack that resulted in the theft of nearly 80 million users’ data. From confidential information like home addresses to business information like corporate banking documents, the breach affected millions of files. Reporters and journalists stated that the hackers likely operated out of Russia or Eastern Europe and that they were able to break into the Chase network by hacking a Chase employee’s personal computer. (Source)

7) Target

Date: 2013
Impact: 110 Million Accounts

The retail giant faced a data breach that resulted in the unauthorized access of almost 110 million accounts. The attackers stole information stored on the magnetic stripe of the back of credit and debit cards swiped in several Target stores. It was incidents like this that contributed to the rise of the EMV chip, now embedded into all new credit and debit cards. Several years later, Target paid out an $18.5-million-dollar settlement, which included a $10,000.00 payment to consumers who provided evidence that they suffered losses resulting from the data breach. (Source)

6) eBay

Date: 2014
Impact: 145 Million Users

In 2014, the online commerce company, eBay, announced that its records had been breached and suggested that almost 145 million users needed to change their passwords. This cyber-attack was carried out by a team of hackers who were able to obtain the credentials of three eBay employees. Names, emails, passwords, and even security questions were all compromised in the hack. Even more concerning was that due to eBay and Paypal being so interconnected, hackers were able to gain access to people’s Paypal accounts too. In the end, eBay did not provide any reimbursement towards the consumers that had their credentials misused or their money stolen. (Source)

5) Equifax

Date: 2017
Impact: 148 Million Users

Equifax, one of the largest consumer credit reporting agencies in the United States, suffered a data breach in September 2017. In addition to the theft of 209,000 credit card numbers, approximately 148 million Americans had their name, phone number, home address, date of birth, driver’s license number, and social security number compromised as well. As more details came to light, a lack of regard for consumer data by many of Equifax’s senior staff became apparent. It was a catastrophe; they even hired a Chief Information Security Officer who’s credentials were entirely made up of not one, but two degrees, in music. Yes, music.

Fast forward to July 2019, Equifax announced a $675 million consumer settlement. They offered people who were affected by the breach a choice of  4-years of free credit monitoring services or a $125 cash payment. (Source)

4) Adult Friend Finder

Date: 2016
Impact: 400 Million Users

Almost half a billion users had their data compromised from a litany of websites across the FriendFinder network. Over 20 years of data, including names, email addresses, and passwords were all exposed. Even more worrying, is that this wasn’t FriendFinder’s first rodeo…

In May 2015, it was revealed that around 4 million FriendFinder accounts were stolen. The good news is that FriendFinder was transparent and updated the public as soon as they became aware of the attack. The breadth of this data breach is still under investigation; however, FriendFinder Networks suggests that all users reset their passwords. (Source)

3) Marriot International

Date: 2018
Impact: 500 Million Customers

In November 2018, Marriot International announced that a data breach had occurred within their system. However, the incident initially began in 2014. The breach originated in the Starwood Hotel guest reservation database, where hackers laid dormant in the system for several years before Marriott acquired the company. With that time, the attackers were able to steal passport and credit card information from hundreds of millions of people. (Source)

2) First American

Date: 2019
Impact: 885 Million Customers

Not only is First American second on this list because of volume, but they are here due to their carelessness. Data from at least 885 million people was easily accessible on the First American’s site by inputting a specific set of URLs. These URL’s had a sequential system, meaning you could simply plug and play with different numbers to find confidential information. This sort of reckless behavior regarding data security seems like it would be a story from the 1990’s. What makes it so sad though… is this is the most recent data breach on this list, occurring in 2019. (Source)

1) Yahoo!

Date: 2013-2014
Impact: Over 3 Billion Users

Yahoo takes the number one spot for the largest data breach of the decade due to the pure volume of records stolen. The internet giant that was once the face of the internet had names, email addresses, passwords, and security questions compromised due to outdated and easy-to-crack encryption. Also, Yahoo failed to correctly pinpoint the number of users affected and released several revisions on the estimate. In 2016, Yahoo announced that 500 million users had their data compromised in a 2014 data breach. That announcement was later amended with information that there was another 2013 data breach that affected approximately 1 billion users. After drastically increasing the estimate with each subsequent announcement, the final estimate was that over 3 billion people were affected. In the spirit of schadenfreude, though, you can find some solace in knowing that Yahoo did pay. When the breach was announced, Yahoo was in the process of selling the company to Verizon. The data breaches ended up chopping off approximately $350 million off Yahoo’s sale price and the two companies agreed to share regulatory and legal liabilities from the incident. (Source)

On the plus side, a class-action lawsuit was filed against Yahoo and people who’ve had a Yahoo account since 2012 are entitled to up to $358.80 of compensation. You can learn more on YahooDataBreachSettlement.com. Don’t let these Yahoo’s get off cheap for exposing your data.

Based on big tech’s terrible track record with data protection, it is safe to say that our data is not safe. Cybersecurity, which should be at the forefront of any company’s mind -especially when you hold the private information of millions of people- is looked at as an expense to be mitigated.

And what may be the most disheartening part is that it’s not a super team of elite hackers cracking into databases. It’s pure and simple negligence in many cases, from not updating security software, to leaving private information exposed on a public database with no password.

But finally, the decade is coming to an end, and hopefully, data breaches are ending with it. But with how little is being done to prevent them… it might be best to start keeping your data to yourself.

Why Data Breaches are so Damaging and how the Law has Failed Consumers

Very few times in history have a group of people sat down with the purpose of writing a set of new laws to improve society. Instead, what usually happens is that laws are written to solve specific problems. This leads to a litany of laws piling up over the decades. While it could always be debated how effective a particular law might be at accomplishing its goal, the rapid pace of technological advancement over the past 20 years – especially as compared to the pace of the lawmaking process – has introduced new challenges as laws become quickly outdated, sometimes even by the time they take effect.

The results of this are acutely apparent in the cross-section between the fields of cybersecurity and consumer protection, namely data breaches.

The magnanimity of consumer protection laws in the United States were written for a society concerned with immediate product safety and compensation for resulting injuries, not for the nebulous and incalculable injuries that may be sustained by potential millions when private records are exposed.

Why are data breaches so damaging?

The unique problem of data breaches stems from the fact that the breach of privacy carries in of itself no specific harm. Instead, it is the later misuse of information that has been breached that may lead to ensuing harm. However, with data breaches occurring on a near-daily basis, the causality of specific financial or reputational damage is nigh impossible to link to a single breach causally; with our laws written around the concept of calculable damages being the source of justified remuneration, we are left constantly and increasingly victimized but unable to seek just compensation.

Some would argue that even more problematic is the irreparable nature of many of the most severe data breaches. Once a name and social security number are leaked, that identity is permanently and irreversibly at risk for being used fraudulently. While one could always apply for a new social security number, the Social Security Administration is extremely reluctant to issue new identities, and while that is a debate for another time, it goes to show just how difficult it can be to recover from a breach. Victims are permanently marred and at increased risk for future injuries resulting from a single breach, no matter how much time has passed.

Because of the damage resulting from a data breach being so far removed temporally and causally from the actual breach itself, adequate compensation is rarely won, if it is even sought. Was it the Equifax breach, the MoviePass breach, or one of the innumerable other breaches this year that resulted in your identity being stolen and used to take out fraudulent loans a decade from now?

Moreover, even if you should find that it was MoviePass’ negligence that leads to your identity being stolen, what compensation can you seek from a company that has been defunct for years? Our laws were not written to address these issues adequately. Our legal system often does not ponder questions of uncertainty and possibility, and that’s the perfect summary of what victims face in the aftermath of a breach; uncertainty and possibilities.

For all the uncertainty victims face, the solutions going forward as a country are equally opaque.

It would be easy to write some draconian law to punish companies for exposing private data, but as is often the case, that could have unintended consequences, such as pushing data overseas where even looser security and weaker privacy laws may exacerbate the problem. Instead, it’s going to take a significant shift in our collective-consciousness over how data is handled.

Laws written for managing telecommunications and transmissions in that era are being used to handle complex cybersecurity and data privacy cases.

This can’t come just from one party though; companies need to seriously consider what data they need to collect, and what information needs to be retained on a long-term basis. Consumers have to take ownership of their data and demand a higher quality of service from corporations and governments over how their data is collected and used.

As a whole, we must recognize the value of data, and the dangers we expose ourselves to by collecting it (and why it might even be best to not collect data at all in many circumstances).

Just like holding valuables such as gold and art entails a security risk, so too does data. If people started treating data like the digital gold it really is, maybe then we could all come together to work out a solution.

But until then, I’ll be keeping my data to myself.

How Artificial Intelligence is Shaping the Future of Cybersecurity

This article is a guest post by Maddie Davis, co-founder of Enlightened Digital.

The threat of a cyberattack in today’s world reaches far beyond just enterprise level companies. Government systems, small and large businesses, educational institutions and non-profit organizations are all targets for the vicious hackers of the dark web. Moving forward, the advancement of technology will contribute to changes in both attack methods and defense mechanisms of cybersecurity. Artificial intelligence (AI), in particular, is currently viewed as a leading technology in this transformation. AI’s capabilities carry significant advantages. As AI-enthusiast, Mark Hurd has stated, “the advantage of AI not only is that it constantly learns, but it also never forgets.” We’re taking a look at how AI will use this advantage, among others, to shape the future of cybersecurity.

AI-powered security

An AI-powered defense system is no longer just a possible option for businesses today, but a necessity, considering the threat of AI-fueld cyber attacks. As attackers become more vigilant about their techniques and more vicious in their invasions, organizations must step up their defence in retaliation. Moving forward, AI will play a large role in how cybercrimes are both prevented and dealt with. As Executive Director of NCSA (National Cybersecurity Alliance, Kevin Coleman puts it, “this new era in tech and cybersecurity is driven by prediction, detection and rapid response.”

Attack detection

Using machine learning algorithms, AI will be able to improve a victim’s ability to detect potential threats. Every user within a given system can be tracked and monitored based on their individual roles, allowances and common behaviors, so any deviation from the standard can be flagged to prompt a second form of authentication. Password protection can also be improved. AI can monitor how individuals enter their passwords, which characters are used and the length of passwords to better identify and rectify poor practices. Moving forward, the hope is that AI will ultimately transform the current password model with something more advanced and secure.

Natural language processing (NLP)

AI’s natural language capabilities are expected to significantly improve cybersecurity efforts through better attack identification and reaction. Armorblox’s natural language understanding platform for example, uses NLP to more accurately inspect text content of everything within an organization’s system. This technology enables companies to detect threats regardless of whether or not they contain links or file attachments and provides heightened visibility of all communication and data transferring across an organization. As Armorblo explains it there are three main offerings of the platform that can improve cybersecurity

  1. A natural language engine that derives new insights from enterprise communications and data.
  2. Automated policy recommendations through learning what is important for the organization.
  3. An alert remediation framework that distributes context-sensitive alerts to the relevant users, saving time for the security team.

AI-powered attacks

The level of sophistication in modern cybercrime is continuously increasing. Both cyber criminals and their attacks are equipped with more advanced technology than we, as a society, have ever combated before. Artificial intelligence, specifically, is contributing to frightening new malware that goes beyond the level of attacks we’ve traditionally seen from computer algorithms without the help of AI. 

There are numerous new threats to consider for businesses and individuals alike now that hackers are armed with machine learning technology. According to an article by Towards Data Science, there are essentially five ways machine learning can be used for potential attacks.

  1. Information gathering: AI can analyze vast amounts of data quickly.
  2. Impersonation: Self-learning AI can accurately imitate human communications.
  3. Unauthorized access: AI is adaptable to new environments, enabling easier access to secured systems.
  4. Attack: Malware and DDoS attacks can be made more scalable and harder to detect.
  5. Automation: AI botnets are capable of automating various aspects of an attack. 

The main function of machine learning is its ability to continuously learn and adapt. In terms of cyber crime, this ability presents an advantage to attackers. Self-learning AI could potentially lead to scalable attacks that can adapt to victims’ changing environments and modify itself to compromise each unique system it encounters. This agility may also make it more difficult for IT teams to detect intruders.

Artificial intelligence in the world of cybersecurity is seemingly both friend and foe. In the right hands, technology is the key to better detection and faster incident response. In the wrong hands, it can be the conductor of devastating attacks. Moving forward, we can certainly expect to see continuous AI advancement and implementation in the future of cybersecurity.

Maddie Davis is the co-founder of Enlightened Digital and self-described tech-obsessed female from the Big Apple who lives by building and redesigning websites, running marathons, and reading anything and everything on the NYT Best Sellers list.

You can read more great content from Maddie and her team right now on Enlightened Digital’s website.