Posts

MGM Resorts Phishing Hack Data Breach Thumbnail

MGM Resorts Hack Exposed the Data of 10.6 Million Guests

Hackers leaked the personal information of over 10 million MGM hotel guests this week on an online hacking forum.

The data was obtained last summer after hackers accessed MGM servers.

Victims of the data dump include government officials, CEO’s, celebrities among others. Also, the leaked information included personal information like full names, phone numbers, dates of birth and emails.

Data Breach

The majority of stolen data is considered “phonebook information”, information available to the public even before the breach. Additionally, The information that was obtained by hackers could be used conduct other types of cyber-attacks.

‘Phonebook Information’ is NOT useless

A hacker can turn this trove of seemingly useless information into a valuable asset through spear-phishing. The more detailed the information available the easier it is to compose an email designed to trick someone.

Spear phishing attacks only work if they’re detailed enough to fool the victim into clicking on a link or the attachment. Hackers could use the phonebook data to craft a scam involving the IRS or a digital subscription.

Moreover, the hacker who dumped the information is still unknown but experts believe they’re associated with the group GnosticPlayers. GnosticPlayers is a hacking group that dumped over a billion user records all through 2019.

Gnostic Players

Gnosticplayers gained fame after publishing data from several hacked companies, like Canva and Zygna, among others. The group was comprised of two individuals, Nclay and DDB. Nclay would hack and DDB would sell.

Furthermore, once groups like Gnostic players gets the sought after data, they sell it in a darkweb marketplace like Joker’s Stash or Dream Market. At that point, other people can freely buy that information for their own purposes.

Marriot Hack

Although the hack in MGM is quite large, it isn’t the first hotel chain to get hacked. In November 2018, 500 million people had their personal information stole in a hack that lasted four years.

Marriot’s a good example of how breaches aren’t easy to spot. Sometimes, breaches can happen without any sign that anything is wrong.

Luckily the breach in MGM wasn’t as severe but it could have been. MGM Resorts is publicly traded and has 80,000 employees spread throughout 29 hotel and casinos.

MGM said in a statement to ZDNet that it was “confident” no financial information was taken.

Although the majority of the leaked data was phone-book information, some guests had more sensitive data exposed online.

1,300 guests were informed that information like passport numbers were gained from the breach.

However, most US states don’t require companies to inform their customers if public data has been exposed through a hack.

MGM Resorts Phishing Hack Data Breach Leaderboard

Summit Hosting Outage Ransomware Downtime Thumbnail

What Businesses Can Learn From the Summit Hosting Outage

The Outage in Summit Hosting

On Saturday, January 18 cloud provider Summit Hosting was hit by a ransomware attack.

Details regarding the breach are still unknown. What is known is that support has reached out to its users claiming they are working on resolving the issue.
A Reddit user claiming to be a client posted a letter he said he received from Summit Hosting after attempting to contact them.

The letter states that their cloud environment was hit by a ransomware attack and security systems detected the attack immediately, shutting down all 400 client servers as a result.

Cloud providers often market themselves as a safer, more secure, and more efficient alternative to on premise, or internal IT. The truth is, Cloud providers and Managed Service Providers (MSP’s) are susceptible to all the same risks other businesses face.

The issue arises when businesses looking to adopt a cloud-based infrastructure fail to understand what makes a cloud vendor trust-worthy or what to avoid when looking for a cloud vendor.

Here are four things to keep in mind about choosing a cloud provider.

Low Costs Cost More

Many vendors will offer you cloud hosting services for the deceptively low price of $100 a month or $58 a month to host a specific application. Potential clients then see the low price and immediately assume they’re getting a good deal. However, there are instances where the less expensive option can be the more dangerous one.

For example, would you feel safe going over a bridge that costs $400 or $40,000?

Lower priced cloud services imply the provider doesn’t have the resources to deal with bigger issues when they arise. When the price is cheap it typically means they’re cutting costs elsewhere, usually to the detriment of the user.

This could mean a sacrifice in cyber security tools, capable systems engineers or software.

Make Sure Your Provider Permits Storage Onto Your Servers as Well

Adopting the cloud is not, and should never be, an all or nothing affair. In other words, a cloud vendor should never prevent you from storing certain data on premise. If they do, then they should at least provide the capability to access and save important data onto your internal servers as well.

This safeguards your business against a complete halt of productivity and even temporary shutdown should your cloud provider experience an outage or a cyberattack. What good are cloud-backups if you can’t access them?

When discussing your service contract, or service level agreement (SLA), with a vendor you can choose to keep certain mission critical data on your own servers. Furthermore, no business is the same. Not even businesses within the same industry are the same. Therefore, it makes sense that one business would require different kinds of services on the cloud than another.

Look for a Team with a Fast Response Time (No Longer than 12 Minutes)

When a cloud provider experiences an outage for whatever reason, your provider should always be able to respond quickly and efficiently.

To illustrate my point, It’s important to highlight the differences between a public cloud and a private cloud. If something goes wrong with a private cloud, you’ll typically have someone to call. With a public cloud it’s only always included.

Public cloud vendors like Azure, offer one-on-one support only if you purchase their support plan separately. With Amazon Web Services, you must submit a support request through their website and wait for a response.

The most important thing, however, is that you’re given a point of contact. This can be an engineer or even the CEO of the cloud provider.

But just because you have a private cloud vendor to call, doesn’t mean they’ll be timely in their response. After the outage in Summit occurred, support was unable to efficiently respond to its 400 clients in a timely fashion.

As a result, the 400 clients were left confused, worried, angered and distressed for hours and in some cases days. So, make sure your cloud vendor has a response time of 12 minutes or less in case of an emergency like the one in Summit Hosting occurs.

In cases of such an emergency, Nerds Support has staff ready to respond and provides periodic updates every four hours via email and social media. Consistent communication like this ensures a smooth recovery in emergency situations and helps businesses maintain order.

Always ask your cloud provider for a business continuity plan. They should be able to provide you with a detailed plan outlining how they operate in the case of an outage, breach or natural disaster. If they don’t have one set up, move one to another provider.

Be Aware of Cyber Attacks

It should be the duty of every cloud provider to provide educational training to users about the various kinds of cyberattacks that businesses are susceptible to. However, providers often overlook training and focus on other areas of their services.

Ask your vendor what they’re cloud cyber security policy is. They should have a system in place that verifies and secures all devices before use. The reason for this being, employees bring their own devices to work and it can create a security issue if the machines are not secure.

Review your cloud vendor’s cybersecurity tools and protocols to make sure they provide the security benefits you need.

Although more and more users are becoming aware of some of these attacks, they are quickly adapting and changing to overcome user awareness. When it comes to cyber-attacks, your education is never finished. Human error is still the number one cause of cyber breaches and phishing is still the most effective cyber attack.

Research found Ransomware extortion payments are now $84,000 on average. This isn’t meant to scare you, simply to make you aware of the importance of staying educated. All it takes is one user in a company of thousands of people to compromise a system.

Often times, a company experiencing a ransomware attack fails to recover their files and pays the ransom out of desperation. Unfortunately, this doesn’t always guarantee all encrypted or stolen data will be restored or that the cybercriminal won’t attempt to extort them again.

Any cyber security expert will tell you, the best solutions are preventative. The most effective way to successfully survive a cyber-attack is to avoid it. By staying up-to-date on cybersecurity you’ll decrease your chances of falling victim to an attack by a hacker.

Summit Hosting Outage Ransomware Downtime Leaderboard

What Should Concern Businesses About the New Orleans Cyberattack

The city of New Orleans experienced a cyberattack so severe Mayor Latoya Cantrell declared a state of emergency.

The attack occurred on Friday, Dec. 13 and caused the city to shutdown government computers. Officials announced the shutdown via social media posts.

City Shutdown Government Computers

The attack started at 5 in the morning, according to the city of New Orleans. At around 11 a.m., employees noticed what they considered suspicious activity. As a result, the city’s IT department ordered employees disconnect from Wi-Fi and close down their computers.

Fortunately, an investigations into the attack is currently underway as Federal and State agencies gather more information. As of now, nothing is known about the malware used during the attack and the Mayor said no ransom demands had been made yet.

Louisiana’s Third Cyberattack

This ransomware attack is the third to affect Louisiana in five months. In November, another attack prompted Louisiana’s Office of Technological Services to shut down multiple state agencies. And in July, cyber criminals attacked several Louisiana school districts, shutting down their networks for ransom.

As a result of the schools attacks, Governor John Bel Edwards declare a state of emergency that allowed state agencies to help local governments recover from the attack.

What’s the Damage?

Unfortunately, it’s always difficult to tell the extent of the damage. It could take months and, in some cases, years to truly understand what information was stolen.  Furthermore, hackers could have stolen government employee information, financial information and more from New Orleans.

Moreover, they will have to contact financial institutions and implement new procedures to address cyberattacks like this as well as increase security on their networks.

This begs the question, if State governments have to shut down entire systems and declare a state of emergency to deal with a cyberattack, what will it cost a small business?

Since the attack in November, The National Governors Association (NGA) has urged states to develop a formal continuity plan for responding to cyber threats. Additionally, cyber forensic experts will need to be brought in to investigate the breach.

New Orleans Government Cyber Attack Statistics

 

Cyber Response Plan

The NGA released a State Cyber Response plan in July, that governments are developing and 15 states have made their plans public.

Without a doubt, the impact of ransomware attack is nothing to scoff at and governments are learning the hard way. Ultimately, having a continuity plans in place ensures recovery from a breach runs as smoothly as possible.

Cybercriminals Declare Hunting Season

The FBI issued a warning in October declaring an increase of cyberattacks on “big game” targets. These are targets with money and sensitive information, willing to pay ransoms to restore their systems.

That doesn’t just mean local and state governments, municipalities and agencies. For instance, hackers often target businesses, hospitals, accounting firms and financial advisers for their data.

Additionally, businesses have to adapt and invest in security if they expect to succeed. The first of several security lessons: no one is too big or to small to get hacked.  Sensitive data is always in high demand. More importantly, dark web marketplaces, like Joker’s Stash, are always willing to sell it.

The Future of Cybercrime

Researchers warn that ransomware attacks will intensity in 2020. What’s worse, attacks are getting more sophisticated.

On the other hand,with the year coming to a close and a new one beginning, now is the perfect time to audit your IT infrastructure and verify it’s competency against these types of threats. Fortunately, 2020 will also see the rise of things like cyber insurance, AI and cloud-based security solutions.

Transitioning to a cloud-based solution, like a hybrid cloud,  might help industries across the board avoid scenarios like the ones in Louisiana.

You can read our article on how businesses can protect themselves from a cyberattack.

If you want to know more on cybersecurity news, the cloud, managed IT services and more contact us or visit our blog.

 

Tax Security Awareness 2019 Thumbnail

Tax Security Week: 5 Common Holiday Tax Scams

With December fast approaching, most people are gearing up for the holidays. Some, however, are preparing to steal personal and financial data ahead of tax filing season in 2020. That’s why the IRS announced its 4th annual National Tax Security Awareness Week.

The IRS received five to seven reports weekly from tax firms that experienced data theft in 2018’s tax season. Identity theft is a major issue for small businesses.

In the spirit of everyone’s favorite season (tax season), the IRS and Security Summit partners will remind businesses, tax payers and professionals alike to update their online security. Because of the upcoming holidays, people are vulnerable to all kinds of social engineering scams.

Modern IT solutions for accounting firms can assess emails and flag suspicious activity. However, responsibility falls on individuals, whether executives or employees, to protect themselves against tax related scams too.

IRS tax scams are common because cyber criminals are most effective when they hide behind authority. They typically feature spam emails redirecting users to malware-infected sites. Sometimes they’ll come with a malicious attachment that carries spyware or malware.

These emails contain an image banner or watermark of the IRS to appear legitimate. Furthermore, the emails often come attached with fake W-8BEN forms to reinforce this legitimacy.

1. W-2 Scams

One of the biggest scams employers face are W-2 Scams, especially during tax season.

W-2 phishing scams involve a cybercriminal impersonating a company executive in an email. The email is sent to someone from HR or accounting, someone with access to employee W-2 forms. And of course, it comes with a subject line claiming it is urgent.

The request will look formal and polite as to not raise suspicion. The employee then collects all employee tax information and sends it back to the fake executive.

It’s as simple as that.

2. “Locked Accounts”

Accounting services like TurboTax have also been impersonated by cybercriminals notifying clients that their accounts have been locked. The email will feature a link taking the target to a fraudulent website where they submit their personal information.

3. “Update Information”

It’s not uncommon for an accounting client to receive an email notifying them that because of the incoming tax season, they need to update their tax filing information.

4. “Refunds”

In some cases, emails entice victims with incentives like tax refunds. It isn’t difficult to see why these would be successful. A business owner finds an email claiming the IRS owes them money and they are less likely to raise questions.

5. Holiday Scams

Since over 75 percent of Americans shop online for the holidays. Many of those Americans have full time jobs working in industries containing sensitive data. The greatest cyber security risk in any industry across the board is an employee. An even greater risk is an employee eager to get their holiday shopping out of the way.

Employees and business owners start shopping online for gifts, and cybercriminals are there ready to shoplift sensitive data. Social engineers, hackers and cybercriminals take advantage of the holiday season to send fake invitations and holiday deals from places frequented by their targets.

Shopping Spear Phishing fraud

Advanced spear phishing techniques can come disguised as a great online offer from your favorite online shopping site. I’m not referring to a popular shopping site, I’m talking about the site you specifically shop in. A cybercriminal will mine your social media and online activity until they have everything they need to create a counterfeit email you’re likely to click on.

That’s why it’s important to only use work email for work related matters. Many breaches happen because employees make the simple mistake of subscribing to online sites and programs with their work email.

Tax Security Awareness Fraud Statistics

Protecting Client information is protecting yourself

The Gramm-Leach-Bliley Act of 1999 requires all financial services organizations to have an information security plan to ensure the safety of sensitive client data. In other words, all finance organizations have to demonstrate what security measures they have in place to protect client information.

If a financial firm fails to take the proper security measures, independent of a breach, they could face penalties. Therefore, seeking guidance from cyber experts, like Nerds Support, for security-related issues is recommended.

But in the meantime, check out our blog for more articles on phishing, cyber security and compliance.

Disney Plus Data Account Breach Thumbnail

Thousands of Disney Plus Accounts Hacked After Launch

Disney’s new streaming service was hacked a week after launching and hackers are offering breached accounts for sale online for $1 a month or $3 a year.

The service garnered over 10 million subscribers on their first day and within hours hackers took control of user accounts.

Disney+ users said on social media hackers were logging in to their accounts, logging them out and changing the email and password of their accounts.  If this is true, then some users could be in huge trouble. 59 percent of people use the same password everywhere, according to a poll conducted by Lastpass. Therefore, there’s a big chance Disney+ subscribers use the same email and password for multiple accounts.

Other streaming services such as Netflix, Hulu and HBO Now have been targeted by hackers too. Users report finding unfamiliar names and profiles in their accounts.  And if you’re a hacker looking to make a quick dollar, it this isn’t too hard to do.

How Did This Happen?

It’s estimated that millions of online accounts are scouted and tested using a method called credential stuffing. Hackers test a database of stolen information such as passwords and usernames against various accounts in order to find a match.

Hackers have programs that run these tests in seconds. And since we know over half of people use the same username and passwords across multiple accounts, there’s a huge probability they’ll find a match.

Another scam cybercriminals use to get your email, in the instance of Disney+, would be to send a fake email to a subscriber warning them their accounts were locked. The fraud email asks the user to provide their account information for “verification”. After a hacker gains this information, they log in to the account, change the password and block the subscriber from accessing his or her account. This is a form of phishing and it happens every day.

Disney Plus Data Account Breach Statistics

It’s a Bad Week for Disney+

The curious thing about Disney+ is that users who had unique passwords also got their accounts hacked according to a ZDNet report. Secondly, the new streaming service was still in the seven-day free trial period, even for people who signed up for it immediately after it went live. In other words, there wouldn’t be any profit for hackers since people were still using it for free. Moreover, if you’re a Verizon customer you get Disney+ free for a year.

The new streaming platform has had a rough first week since it went live on Nov. 12, with slow screen loads to messages on their homepage displaying ‘unable to connect’. The company said it was working hard to fix the problem and they were mainly due to a demand for the service that was higher than expected.

Subscribers of streaming services should ignore and avoid emails relating to their accounts and never provide account information through email. Also avoid using the same password for everything. It’s honestly an invitation to get hacked. If even one of your accounts is compromised that risks all your accounts.

Why Does it Happen?

And this isn’t something common just among streaming service users, it’s common for everyone. Even people who work in industries and companies with extremely valuable data fail to take precaution. It’s been reported repeatedly that human error is the leading cause of cybercrime. To be more specific, human error is the main cause of 95 percent of cyber security breaches according to an IBM study.

Human error encompasses a large variety of actions, not just password related errors. It can be downloading malware after opening a phishing email or working on an insecure network. Victims of ransomware attacks aren’t foolish, just careless.

The Disney breach might not seem related to company breaches until you consider Disney+ users are accountants, lawyers, financial advisers, and business owners. If over half of people use the same password for everything, what’s stopping them from using their Disney+ password to access their account information or login to their database?

For a cybercriminal, this is their best-case scenario. They access a user’s information, discover he works at a medium size accounting firm, and proceed to use the password they got from accessing their streaming service to access their firm. There are even cases where people use their work email as their login email for other accounts.

It Takes More than Good IT

There is only so much IT for accounting firms can do in this case. Companies must do more than rely on their IT infrastructure to keep them safe. Situations like these create huge compliance risks for those who work in the financial services industry. For those who work in or own their own business, it creates liabilities that could potentially ruin the company.

Hackers always look for the path of least resistance. They choose a small or medium sized business because it won’t attract too much attention. They send hyper-targeted phishing emails because people are likely to fall for them. Cybercriminals even buy malware programs on the dark web so they don’t have to develop it themselves. The trick is to do everything possible to make their jobs as difficult as possible by implementing smart, best-practice procedures. At the end of the day it’s about eliminating liabilities.

Disney+ users should be mindful of what email they use to login and what password they choose. It might affect more than their weekend.

Click here to read our blog about how  businesses can protect themselves from cyberattacks.