Data Breach Reports

Total Page:16

File Type:pdf, Size:1020Kb

Data Breach Reports DATA BREACH REPORTS June 30, 2018 CONTENTS Information & Background on ITRC ........... Methodology .............................................. ITRC Breach Stats Report Summary .......... ITRC Breach Stats Report .......................... ITRC Breach Report .................................33 ,QIRUPDWLRQDQG%DFNJURXQGRQ,75& ,QIRUPDWLRQPDQDJHPHQWLVFULWLFDOO\LPSRUWDQWWRDOORIXVDVHPSOR\HHVDQGFRQVXPHUV)RU WKDWUHDVRQWKH,GHQWLW\7KHIW5HVRXUFH&HQWHUKDVEHHQWUDFNLQJVHFXULW\EUHDFKHVVLQFH ORRNLQJIRUSDWWHUQVQHZWUHQGVDQGDQ\LQIRUPDWLRQWKDWPD\EHWWHUKHOSXVWRHGXFDWH FRQVXPHUVDQGEXVLQHVVHVRQWKHQHHGIRUXQGHUVWDQGLQJWKHYDOXHRISURWHFWLQJSHUVRQDO LGHQWLI\LQJLQIRUPDWLRQ :KDWLVDEUHDFK"7KH,75&GHILQHVDGDWDEUHDFKDVDQLQFLGHQWLQZKLFKDQLQGLYLGXDOQDPH SOXVD6RFLDO6HFXULW\QXPEHUGULYHU¶VOLFHQVHQXPEHUPHGLFDOUHFRUGRUILQDQFLDOUHFRUG FUHGLW GHELWFDUGVLQFOXGHG LVSRWHQWLDOO\SXWDWULVNEHFDXVHRIH[SRVXUH7KLVH[SRVXUHFDQRFFXU HLWKHUHOHFWURQLFDOO\RULQSDSHUIRUPDW7KH,75&ZLOODOVRFDSWXUHEUHDFKHVWKDWGRQRWE\WKH QDWXUHRIWKHLQFLGHQWWULJJHUGDWDEUHDFKQRWLILFDWLRQODZV*HQHUDOO\WKHVHEUHDFKHVFRQVLVWRI WKHH[SRVXUHRIXVHUQDPHVHPDLOVDQGSDVVZRUGVZLWKRXWLQYROYLQJVHQVLWLYHSHUVRQDO LGHQWLI\LQJLQIRUPDWLRQ7KHVHEUHDFKLQFLGHQWVZLOOEHLQFOXGHGE\QDPHEXWwithoutWKHWRWDO QXPEHURIUHFRUGVH[SRVHGLQWKHFXPXODWLYHDQQXDOWRWDO 7KHUHDUHFXUUHQWO\WZR,75&EUHDFKUHSRUWVZKLFKDUHXSGDWHGDQGSRVWHGRQOLQHRQDZHHNO\ EDVLV7KH ITRC Breach ReportSUHVHQWVGHWDLOHGLQIRUPDWLRQDERXWGDWDH[SRVXUHHYHQWVDORQJ ZLWKUXQQLQJWRWDOVIRUDVSHFLILF\HDU%UHDFKHVDUHEURNHQGRZQLQWRILYHFDWHJRULHVDVIROORZV EXVLQHVVEDQNLQJFUHGLWILQDQFLDOHGXFDWLRQDO*RYHUQPHQW0LOLWDU\DQGPHGLFDOKHDOWKFDUH7KH ITRC Breach Stats ReportSURYLGHVDVXPPDU\RIWKLVLQIRUPDWLRQE\FDWHJRU\2WKHUPRUH GHWDLOHGUHSRUWVPD\EHJHQHUDWHGRQDTXDUWHUO\EDVLVRUDVGLFWDWHGE\WUHQGV ,WVKRXOGEHQRWHGWKDWGDWDEUHDFKHVDUHQRWDOODOLNH6HFXULW\EUHDFKHVFDQEHEURNHQGRZQ LQWRDQXPEHURIDGGLWLRQDOVXEFDWHJRULHVE\ZKDWKDSSHQHGDQGZKDWLQIRUPDWLRQ GDWD ZDV H[SRVHG:KDWWKH\DOOKDYHLQFRPPRQLVWKH\XVXDOO\FRQWDLQSHUVRQDOLGHQWLI\LQJLQIRUPDWLRQ 3,, LQDIRUPDWHDVLO\UHDGE\WKLHYHVLQRWKHUZRUGVQRWHQFU\SWHG 7KH,75&FXUUHQWO\WUDFNVVHYHQFDWHJRULHVRIGDWDORVVPHWKRGV,QVLGHU7KHIW+DFNLQJ ZKLFK LQFOXGHV6SHDUSKLVKLQJ5DQVRPZDUHDQG6NLPPLQJ 'DWDRQWKH0RYH(PSOR\HHHUURU 1HJOLJHQFH,PSURSHUGLVSRVDO/RVW$FFLGHQWDOZHE,QWHUQHW([SRVXUH3K\VLFDO7KHIWDQG 8QDXWKRUL]HG$FFHVV 3OHDVHQRWHWKDW$FFLGHQWDOHPDLOSUHYLRXVO\LQFOXGHGZLWK$FFLGHQWDO ZHE,QWHUQHW([SRVXUHKDVEHHQUHFDWHJRUL]HGXQGHUWKH(PSOR\HHHUURU1HJOLJHQFH,PSURSHU GLVSRVDO/RVWFDWHJRU\ 6XEFRQWUDFWRU7KLUG3DUW\%$LVLQFOXGHGKHUHEXWLVFRPELQHGZLWKRQH RIWKHDERYH,QWKHVHDVZHOODVVRPHRWKHUEUHDFKHVWKHUHPD\EHPRUHWKDQRQHFDWHJRU\ FKHFNHG 7KH,75&EUHDFKOLVWDOVRWUDFNVW\SHVRILQIRUPDWLRQFRPSURPLVHG x 6RFLDO6HFXULW\QXPEHU x &UHGLW'HELW&DUGQXPEHU x 3URWHFWHG+HDOWK,QIRUPDWLRQ 3+, x '095HFRUGV x )LQDQFLDO$FFRXQWV x (PDLO3DVVZRUG8VHU1DPH x 2WKHU8QGHILQHG7\SHRI5HFRUGV 0HWKRGRORJ\ 7KH,75&EUHDFKOLVWLVDFRPSLODWLRQRIGDWDEUHDFKHVFRQILUPHGE\YDULRXVPHGLDVRXUFHVRU QRWLILFDWLRQOLVWVIURPVWDWHJRYHUQPHQWDODJHQFLHV7KLVOLVWLVXSGDWHGGDLO\DQGSXEOLVKHGHDFK 7XHVGD\ %UHDFKHVRQWKLVOLVWW\SLFDOO\KDYHH[SRVHGLQIRUPDWLRQZKLFKFRXOGSRWHQWLDOO\OHDGWRLGHQWLW\WKHIW LQFOXGLQJ6RFLDO6HFXULW\QXPEHUVILQDQFLDODFFRXQWLQIRUPDWLRQRUPHGLFDOLQIRUPDWLRQ,75& IROORZV86)HGHUDOJXLGHOLQHVDERXWZKDWFRPELQDWLRQRISHUVRQDOLQIRUPDWLRQFRPSULVHDXQLTXH LQGLYLGXDODQGWKHH[SRVXUHRIZKLFKZLOOFRQVWLWXWHDGDWDEUHDFK 5HFRUGV5HSRUWHG 7KLVILHOGKDVEHHQFKDQJHGWRPRUHDFFXUDWHO\UHIOHFWWKHFLUFXPVWDQFHVVXUURXQGLQJWKHQXPEHU RIUHFRUGVH[SRVHG7KHQXPHUDO³´KDVEHHQUHSODFHGZLWK³8QNQRZQ´UHFRJQL]LQJWKHQXPEHU RIUHFRUGVPD\KDYHEHHQUHSRUWHGWRVRPHRWKHUHQWLW\ LHJRYHUQPHQWRUODZHQIRUFHPHQW EXWLV QRWSURYLGHGLQWKHLQIRUPDWLRQDYDLODEOHWRWKH,75& %UHDFKFDWHJRULHV Business7KLVFDWHJRU\HQFRPSDVVHVUHWDLOVHUYLFHVKRVSLWDOLW\DQGWRXULVPSURIHVVLRQDOWUDGH WUDQVSRUWDWLRQXWLOLWLHVSD\PHQWSURFHVVRUVDQGRWKHUHQWLWLHVQRWLQFOXGHGLQWKHRWKHUIRXUVHFWRUV ,WDOVRLQFOXGHVQRQSURILWRUJDQL]DWLRQVLQGXVWU\DVVRFLDWLRQVQRQJRYHUQPHQWVRFLDOVHUYLFH SURYLGHUVDVZHOODVOLIHLQVXUDQFHFRPSDQLHVDQGLQVXUDQFHEURNHUV QRQPHGLFDO Educational$Q\SXEOLFRUSULYDWHHGXFDWLRQDOIDFLOLW\IURPSUHVFKRROWKURXJKXQLYHUVLW\OHYHO 7KLVFDWHJRU\GRHVQRWLQFOXGHVFKRODUVKLSSURYLGHUVDIWHUVFKRROHQWLWLHVRUWXWRULQJRUJDQL]DWLRQV Medical/Healthcare: $Q\PHGLFDOFRYHUHGHQWLW\ &( RUEXVLQHVVDVVRFLDWH %$ DVGHILQHG E\+,3$$LQWKHKHDOWKFDUHLQGXVWU\$OVRLQFOXGHVKHDOWKFDUHIDFLOLWLHVDQGRUJDQL]DWLRQVZKLFK PD\EHDWWDFKHGWRVFKRROVDQGXQLYHUVLWLHVDQGmayLQFOXGHSKDUPDFHXWLFDOPDQXIDFWXUHUV ,QVXUDQFHFRPSDQLHVPD\YDU\E\LQGXVWU\±PHGLFDODQGORQJWHUPLQVXUDQFHSURYLGHUVZLOOEH FODVVLILHGDVPHGLFDOKHDOWKFDUH ,QFOXGHGRQKKVJRYOLVW Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Government/Military$Q\FLW\FRXQW\VWDWHQDWLRQDORUPLOLWDU\HQWLW\RUDGHSDUWPHQW ZLWKLQRQHRIWKHVHHQWLWLHV,QWKHHYHQWWKDWDPHGLFDOIDFLOLW\LVDOVRDJRYHUQPHQWRUPLOLWDU\ HQWLW\LWZLOOEHOLVWHGXQGHU*RYHUQPHQW0LOLWDU\(QWLWLHVVXFKDV9HWHUDQ$VVRFLDWLRQ0HGLFDO &HQWHUV 9$0& ZLOOEHLQFOXGHGLQWKLVVHFWRU Banking/Credit/Financial: 7KLVVHFWRULQFOXGHVHQWLWLHVVXFKDVEDQNVFUHGLWXQLRQVFUHGLW FDUGFRPSDQLHVPRUWJDJHDQGORDQEURNHUVILQDQFLDOVHUYLFHVLQYHVWPHQWILUPVDQGWUXVW FRPSDQLHVSD\GD\OHQGHUVDQGSHQVLRQIXQGV VDYLQJVSODQV Identity Theft Resource Center 2018 - Data Breach Category Summary How is this report produced? What are the rules? See below for details. Report Date: 7/2/2018 Totals for Category: Banking/Credit/Financial # of Breaches: 84 # of Records: 1,705,354 % of Breaches: 12.6 %of Records: 7.6% Totals for Category: Business # of Breaches: 309 # of Records: 15,213,588 % of Breaches: 46.3 %of Records: 67.9% Totals for Category: Educational # of Breaches: 45 # of Records: 642,270 % of Breaches: 6.7% %of Records: 2.9% Totals for Category: Government/Military # of Breaches: 49 # of Records: 1,598,501 % of Breaches: 7.3% %of Records: 7.1% Totals for Category: Medical/Healthcare # of Breaches: 181 # of Records: 3,248,545 % of Breaches: 27.1 %of Records: 14.5% Totals for All Categories: # of Breaches: 668 # of Records: 22,408,258 % of Breaches: 100.0 %of Records: 100.0% 2018 Breaches Identified by the ITRC as of: 7/2/2018 Total Breaches: 668 Records Exposed: 22,408,258 The Identity Theft Resource Center breach database is updated daily and published to our website weekly. A US-based breach, as identified by our current process, is considered public when one of these occur: 1) Published by a credible source (sources include Offices of the Attorney General, and established media – TV news, radio, newspapers) 2) A letter notifying a potential victim has been received ITRC will provide attribution of the source and include the relevant data to the extent that has been made public in our findings. If the number of records is not made publicly available, ITRC will note that in the report as “unknown” indicating we do not have the specifics of the actual number impacted. Identity Theft Resource Center reserves the right to make an educated estimate to the potential of impact based on our knowledge and understanding of the specifics of the policies of the reporting entity. The ITRC would like to thank CyberScout for its financial support of the ITRC Breach Report, ITRC Breach Stats Report and all supplemental breach reports. Copyright 2018 Identity Theft Resource Center Identity Theft Resource Center 2018 Breach List: Breaches: 668 Exposed: 22,408,258 How is this report produced? What are the rules? See last page of report for details. Report Date: 7/2/2018 Page 1 of 134 ITRC Breach ID Company or Agency State Published Date Breach Type Breach Category Records Exposed? Records Reported ITRC20180702-14 Palo Alto Unified School CA 2/14/2018 Electronic Educational Yes - Published # 353 District Regrettably, we are writing to inform you that during an audit of our information storage practices on January 18, 2018, the District learned that an employee was storing confidential parent information on his laptop. (Type of information exposed per NY AG's office) Attribution 1 Publication: NY AG's office Author: Article Title: Palo Alto Unified School District Article URL: Per FOIL NY AG's office ITRC Breach ID Company or Agency State Published Date Breach Type Breach Category Records Exposed? Records Reported ITRC20180702-13 Jay Zabel & Associates, LTD IL 2/5/2018 Electronic Business Yes - Published # 191 Attribution 1 Publication: NY AG's office Author: Article Title: Jay Zabel & Associates, LTD Article URL: Per FOIL NY AG's office ITRC Breach ID Company or Agency State Published Date Breach Type Breach Category Records Exposed? Records Reported ITRC20180702-12 Metropolitan Life Insurance NY 2/1/2018 Electronic Business Yes - Published # 335 Company After investigation, including communications with the policyholder and the policyholder’s agent, we concluded that an unauthorized individual possessing the agent’s account credentials (obtained from a source other than MetLife) had contacted MetLife in November 2017, posing as the agent and using the agent’s credentials, to obtain a copy of the policyholder’s MetLife policy application. This document included the policyholder’s name, address, date of birth and Social Security number. Attribution 1 Publication: NY AG's office Author: Article Title: Metropolitan Life Insurance Company Article URL: Per FOIL NY AG's office ITRC Breach ID Company or Agency State Published
Recommended publications
  • État Des Malwares 2019
    État des malwares 2019 Préparé par ÉTAT DES MALWARES EN 2019 Table des matières Résumé ��������������������������������������������������������������������������� 3 Arnaques notables ������������������������������������������������������ 29 Méthodologie �����������������������������������������������������������������3 Pratiques commerciales exploitables ����������������� 29 Les 10 enseignements clés ����������������������������������������� 4 Ciblage d’informations d’identification personnelle ��������29 Palmarès des menaces détectées en 2018 ��������������� 6 Sextorsion �������������������������������������������������������������������� 29 Affaiblir l'ennemi ��������������������������������������������������������� 30 Menaces détectées chez les consommateurs ����6 Pour voir plus loin ������������������������������������������������������ 30 Menaces détectées dans les entreprises �������������7 Prévisions 2019 ������������������������������������������������������������ 31 Menaces régionales �����������������������������������������������������8 Menaces par pays ����������������������������������������������������� 10 Conclusion �������������������������������������������������������������������� 33 Menaces par secteur ������������������������������������������������ 11 Contributeurs ��������������������������������������������������������������� 33 Malwares notables ������������������������������������������������������ 13 Programmes de minage de cryptomonnaies���������������� 13 Chevaux de Troie �������������������������������������������������������
    [Show full text]
  • 2018 Midyear Security Roundup: Unseen Threats, Imminent Losses DATA
    Unseen Threats, Imminent Losses 2018 Midyear Security Roundup TREND MICRO LEGAL DISCLAIMER Contents The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The 04 information contained herein may not be applicable to all situations and may not reflect the most current situation. Serious vulnerabilities discovered in Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the hardware make patching even more particular facts and circumstances presented and nothing challenging herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. 09 Translations of any material into other languages are intended solely as a convenience. Translation accuracy Cryptocurrency mining detections more is not guaranteed nor implied. If any questions arise than doubles while ransomware remains related to the accuracy of a translation, please refer to the original language official version of the document. Any an enterprise threat discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. 14 Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro Mega breaches rise even as GDPR makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree penalties loom that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied.
    [Show full text]
  • Informe De Tendències - 2N Trimestre 2018
    Informe de Tendències - 2n Trimestre 2018 1 Informe de Tendències - 2n Trimestre 2018 El contingut d’aquesta guia és titularitat de la Fundació Centre de Seguretat de la Informació de Catalunya i resta subjecta a la llicència de Creative Commons BY-NC-ND. L’autoria de l’obra es reconeixerà a través de la inclusió de la menció següent: Obra titularitat de la Fundació Centre de Seguretat de la Informació de Catalunya. Llicenciada sota la llicència CC BY-NC-ND. Aquesta guia es publica sense cap garantia específica sobre el contingut. Aquesta llicència té les particularitats següents: Vostè és lliure de: Copiar, distribuir i comunicar públicament l’obra. Sota les condicions següents: Reconeixement: S’ha de reconèixer l’autoria de l’obra de la manera especificada per l’autor o el llicenciador (en tot cas, no de manera que suggereixi que gaudeix del suport o que dóna suport a la seva obra). No comercial: No es pot emprar aquesta obra per a finalitats comercials o promocionals. Sense obres derivades: No es pot alterar, transformar o generar una obra derivada a partir d’aquesta obra. Avís: En reutilitzar o distribuir l’obra, cal que s’esmentin clarament els termes de la llicència d’aquesta obra. El text complet de la llicència es pot consultar a https://creativecommons.org/licenses/by-nc-nd/4.0/deed.ca 2 Informe de Tendències - 2n Trimestre 2018 Índex Introducció ..................................................................................................................... 5 Visió general .................................................................................................................
    [Show full text]
  • 2019 State of Malware
    2019 State of Malware Provided by 2019 STATE OF MALWARE Table of contents Executive summary........................................................3 Noteworthy attack vectors.........................................23 Methodology ..................................................................3 Malspam.................................................................23 Top 10 takeaways...........................................................4 Website attacks..........................................................24 Top detections of 2018..................................................6 Malicious browser extensions................................25 Exploits......................................................................26 Consumer detections..................................................6 Mass compromises via routers..............................27 Business detections.....................................................7 CMS hacks....................................................................28 Regional threats............................................................8 Noteworthy scams.......................................................29 Threats by country.....................................................10 Threats by vertical.....................................................11 Exploitable business practices..............................29 Noteworthy malware...................................................13 Targeting PII.................................................................29 Sextortion.....................................................................29
    [Show full text]
  • Information Assurance MELANI
    Federal IT Steering Unit FITSU Federal Intelligence Service FIS Reporting and Analysis Centre for Information Assurance MELANI https://www.melani.admin.ch/ INFORMATION ASSURANCE SITUATION IN SWITZERLAND AND INTERNATIONALLY Semi-annual report 2018/I (January – June) 8 NOVEMBER 2018 REPORTING AND ANALYSIS CENTRE FOR INFORMATION ASSURANCE MELANI https://www.melani.admin.ch/ 1 Overview / Content 1 Overview / Content .............................................................................................. 2 2 Editorial................................................................................................................. 5 3 Key topic: vulnerabilities in the hardware ....................................................... 6 3.1 Spectre and Meltdown ..................................................................................... 6 3.2 Why this design error? .................................................................................... 6 3.3 Possible solutions ........................................................................................... 7 3.4 Possible developments.................................................................................... 8 4 Situation in Switzerland...................................................................................... 9 4.1 Espionage ........................................................................................................ 9 Spiez Laboratory name misused as sender of "Olympic Destroyer" ........................... 9 4.2 Industrial control systems ............................................................................
    [Show full text]
  • Cyber Investigation Report Written by Vinny Troia, PHD
    Cyber Investigation Report Written by Vinny Troia, PHD. JUNE 2018 CYBER INVESTIGATION REPORT The Dark Overlord Investigation Report 1 V 1.01 TABLE OF CONTENTS 1.0 3.0 INTRODUCTION 3 BREACH STATISTICS 27 1.1 Executive Summary 4 3.1 Results Summary 28 1.2 TDO Victimology 5 3.2 Data Analysis 29 1.3 Other Breach Victims 6 1.4 Forums and Markets Index 7 1.5 Stylometry Analysis 8 4.0 ACTOR PROFILES 27 1.6 Data Viper 9 4.1 Threat Actor Matrix 28 4.2 Cr00k 29 2.0 4.3 Peace of Mind 42 HISTORY & OPERATING 4.4 Arnie 59 PROCEDURES 10 2.1 Group Structure 11 2.2 Modus Operandi 12 5.0 2.3 Communication and Personality 12 AFFILIATIONS 67 2.4 Group Structure 15 4.1 NSFW 68 2.5 Use of Media 16 4.2 Gnostic Players 69 2.6 Group Formation 17 4.3 Shiny Hunters 71 2.7 TDO’s First Appearances 19 4.4 Connecting The Pieces 72 2.8 Initial Members 20 2.9 De-Evolution of the Group 22 2.10 Communicating with TDO 23 A APPENDIX 74 2.11 TDO appears on KickAss 24 5.1 Timeline Summary 77 2.12 The End of The Dark Overlord 25 5.2 A Late Night Convo with TDO 78 2.12 Post-Mortem 26 5.3 Hunting Cyber Criminals 80 5.4 Breach Lists 81 The Dark Overlord Investigation Report 2 Section 1 The Dark Overlord Introduction 1.1 EXECUTIVE SUMMARY In 2016, a hacking group known as ‘The Dark Overlord’ (TDO) began terrorizing and extorting organizations.
    [Show full text]
  • Security Now! #817 - 05-04-21 the Ransomware Task Force
    Security Now! #817 - 05-04-21 The Ransomware Task Force This week on Security Now! This week we touch on several topics surrounding ransomware. We look at the REvil attack that affected Apple, and at this past weekend's attack that brought down Southern California’s world renown Scripps Health system. We catch up on the multinational takedown of the Emotet botnet and the FBI's contribution of more than 4 million compromised eMail addresses to Troy Hunt's Have I Been Pwned. We also look at the two notification services that Troy now offers. I take the opportunity to pound another well-deserved nail into QNAP, and take note of an update I just made to my favorite NNTP newsreader, Gravity. I also ran across a Dan Kaminsky anecdote that I had to share, then we have two pieces of closing the loop listener feedback before we conclude by taking a look at the just-announced task force to combat ransomware. Is there any hope that this scourge can be thwarted? Get it?? Ransomware REvil hacks Apple supplier Quanta Computer Two weeks ago, shortly before Apple's big Spring Loaded product announcement event, the “Sodin” group which is behind the REvil ransomware began publicly leaking Apple's proprietary designs for its forthcoming Mac Laptops. The group's “Happy Blog” as it calls itself, stated: “In order not to wait for the upcoming Apple presentations, today we, the REvil group, will provide data on the upcoming releases of the company so beloved by many. Tim Cook can say thank you Quanta.
    [Show full text]
  • Fraud&Security
    computer FRAUD & SECURITY ISSN 1361-3723 July 2018 www.computerfraudandsecurity.com Featured in this issue: Contents Assessing website password practices – over a NEWS decade of progress? Financial organisations must show they’re ready for disasterVisit us @ 1 very now and again we get a guidance and policy enforcement on Big names in major breaches 3 www.biometrics-today.com Eflurry of headlines proclaiming a series of leading websites and com- FEATURES the passing of passwords, yet they pares them with three earlier studies. A Assessing website password practices – are still with us and still being bro- consistent finding in all prior cases was over a decade of progress? 6 World Password Day 2018 saw Microsoft suggesting ken and breached. that sites were doing less than might that it would deliver a “world without passwords”. Steven Furnell of the University But we’ve beenVisit here before. usIndeed, the fact that we be expected. So, 11 years on from the even have a World Password Day rather@ implies that of Plymouth, UK and Edith Cowan original study, what’s changed and passwordswww.membrane-technology.com are not as dead as past announcements and headlines would have us believe. Steven Furnell of the University, Australia presents the have things got better? University of Plymouth, UK and Edith Cowan University, results of an assessment of password Full story on page 6… Australia presents the results of an assessment of password guidance and policy enforcement on a series of leading websites and compares them with similar studies from 2007, 2011 and 2014. The findings have The role of crypto-currency in cybercrime been revealing in terms of the approaches taken by the sites and particularlyVisit the extent us to which @ they support he market for crypto-currencies rency.
    [Show full text]
  • MANAGING CYBER RISK with HUMAN INTELLIGENCE a Practical Approach
    MANAGING CYBER RISK WITH HUMAN INTELLIGENCE A Practical Approach Citi GPS: Global Perspectives & Solutions May 2019 Citi is one of the world’s largest financial institutions, operating in all major established and emerging markets. Across these world markets, our employees conduct an ongoing multi-disciplinary conversation – accessing information, analyzing data, developing insights, and formulating advice. As our premier thought leadership product, Citi GPS is designed to help our readers navigate the global economy’s most demanding challenges and to anticipate future themes and trends in a fast-changing and interconnected world. Citi GPS accesses the best elements of our global conversation and harvests the thought leadership of a wide range of senior professionals across our firm. This is not a research report and does not constitute advice on investments or a solicitations to buy or sell any financial instruments. For more information on Citi GPS, please visit our website at www.citi.com/citigps. Citi GPS: Global Perspectives & Solutions May 2019 Elizabeth Petrie Walter H Pritchard, CFA Elizabeth Curmi Managing Director, Citi U.S. Software Analyst, Global Thematic Analyst, Technology & Cyber Risk Citi Research Citi Research +1 (202) 776-1518 +1 (415) 951-1770 [email protected] [email protected] +44-20-7986-6818 [email protected] Jeremy E Benatar, CFA Catherine T O'Neill Dr. Andrew Coburn U.S. Software Team, European Media Analyst, Chief Scientist Citi Research Citi Research Cambridge Centre for Risk Studies,
    [Show full text]
  • LIS 510 Information Security and Privacy
    LIS 510 Information Security and Privacy Information School University of Wisconsin-Madison Summer 2020 Instructor: Dorothea Salo (please call me “Dorothea”) [email protected] Office hours: by appointment Canvas: https://canvas.wisc.edu/courses/142682 Special course attributes: Intermediate, Graduate, Digital Studies P Instructional mode: Online Course description Students completing this course will earn three credit hours. This class carries the expectation that students will work on course learning activities (reading, writing, problem sets, studying, etc) for about 9 hours out of the classroom for each module. This course requires sophomore standing, but has no specific prerequisites or co-requisites. No prior technology or computer- science experience is assumed. Introduction to personal, social, organizational, and basic technical concepts and skills related to the digital privacy, safety, and security of individuals and organizations. Preparation to help individuals and organizations enhance their online privacy, safety, and security. This course is designed to assess the following iSchool program-level learning outcomes: 1, 4, 5, 7. Phenomena to be examined include: ! individual and societal need for digital privacy, safety, and security ! user behavior with regard to digital privacy, safety and security; usability of security measures, and impact of (lack of) usability on security; incentives (and lack thereof) for good security practices ! Internet of Things security; workplace bring-your-own-device security ! social engineering attacks; insider attacks; contractor attacks; supply-chain attacks ! person-on-person attacks: doxxing, cyberbullying, etc. ! risk assessment and mitigation; threat assessment; attack surfaces ! authentication, authorization, access control, identity, and attacks against them ! security technologies and practices: log analysis, network and storage monitoring, digital forensics ! vulnerabilities, vulnerability disclosure; ethical hacking Assignments in this course offer repeated practice in communicating about privacy and security.
    [Show full text]
  • ENISA Threat Landscape Report 2018 15 Top Cyberthreats and Trends
    ENISA Threat Landscape Report 2018 15 Top Cyberthreats and Trends FINAL VERSION 1.0 ETL 2018 JANUARY 2019 www.enisa.europa.eu European Union Agency For Network and Information Security ENISA Threat Landscape Report 2018 ETL 2018 | 1.0 | External | January 2019 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact For queries on this paper, please use [email protected] For media enquiries about this paper, please use [email protected]. Acknowledgements ENISA would like to thank the members of the ENISA ETL Stakeholder group: Pierluigi Paganini, Chief Security Information Officer, IT, Paul Samwel, Banking, NL, Jason Finlayson, Consulting, IR, Stavros Lingris, CERT-EU, Jart Armin, Worldwide coalitions/Initiatives, International, Thomas Häberlen, Member State, DE, Neil Thacker, Consulting, UK, Shin Adachi, Security Analyst, US, R. Jane Ginn, Consulting, US, Andreas Sfakianakis, Industry, NL. The group has provided valuable input, has supported the ENISA threat analysis and has reviewed ENISA material.
    [Show full text]
  • Pandalabs Annual Report 2018 Panda Security | Pandalabs Annual Report 2018
    November, 2018 PandaLabs Annual Report 2018 Panda Security | PandaLabs Annual Report 2018 1. Introduction 3. Cyber-news 2018 2. PandaLabs: Threat Data in 2018 4. Data breaches - Pre-execution detections 5. Cybersecurity predictions 2019 - Examples of cases investigated by the laboratory - Malware incidents escalated to PandaLabs - The “Threat Mitigation Funnel” Panda Security | PandaLabs Annual Report 2018 Introduction: The State of Cybersecurity Panda Security | PandaLabs Annual Report 2018 4 Introduction: the State of Cybersecurity 2017 was the year when the word ransomware Most successful types of stopped being a term exclusive to cybersecurity attacks against companies experts and IT departments. The enormous media attention that attacks such as WannaCry and in 2018 Petya/GoldenEye received turned this type of threat into one of the key trends for businesses last year. However, as professionals in the sector know, highly publicized events must never serve as a risk indicator, nor influence on any security related decision. In this annual report, we at PandaLabs, Panda Security’s anti-malware laboratory, have reviewed the threat data gathered in the laboratory from our sensor sources. We include here data from endpoint security solutions deployed on our clients’ Prevalence of devices; the trends observed by our analysts whilst malware attacks they were providing file classification and threat hunting services; as well as the most relevant cybersecurity incidents reported around the world. And the information compiled in 2018 continues to reflect the prevalence of malware attacks, with 9 million malicious URLs and 2.4 million attacks blocked per million endpoints per month. 20.7% of machines studied experienced at least one malware attack during the period analyzed.
    [Show full text]