Posts

Midwest Restaurants Credit Card Breach Joker's Stash

Why Dark Web Marketplace “Joker’s Stash” Threatens Businesses Everywhere

Massive Leak in Restaurant Chain

Four popular restaurant diners in the east and Midwest had their customers’ payment card information stolen. Three of those four restaurants are owned by the same parent company, Focus Brands.

The stolen cards were sold on the Joker’s Stash, a Dark Web destination that trades payment-card data. Joker’s stash might sound like something out of a comic book, but it’s very real and very dangerous.

What is Joker’s Stash?

Joker’s Stash is the biggest and most reputable Dark Web marketplace out there and periodically features a fresh list of payment card information available. As a result, it quickly became an expensive site featuring card information from high-value targets like restaurants and even government officials.

The website has stolen card information from places like Sonic Drive-In, the supermarket chain Hy-Vee and others.

Cyber-criminals who buy this information usually use the data to clone the real cards and withdraw the money from ATM’s. What’s more, in 2015, the dark web card shop added a section offering social security numbers as well. This isn’t just a problem for people in the U.S. Cybercriminals target whoever they can, wherever they can, not just restaurants.

 1.3 Million Stolen Cards For Sale

In late October of 2019, 1.3 million Indian payment cards were put on Joker’s stash for sale at $100. This is evidence that there is a demand for websites like Joker’s stash.

Group-IB, a cybersecurity firm in Singapore was the first to find the stolen data. After analyzing the cards on the site said over 98 percent of the cards were issued by Indian banks. Only about 1 percent of the cards were stolen from Colombian banks.

The India card dump is considered the third largest in 2019 by researchers, in regards to size. However, this isn’t typical for this type of dump. Usually, the cards are released in small quantities, over a longer period of time. Experts say that a data dump of this size suggests the criminals wanted to make a profit from as many cards as possible before banks and cardholders realized the fraud had taken place.

Although how the data was stolen remains unknown, it’s likely that it was obtained through a Point-of-Sale Data breach(POS).

Point-of-Sale Data Breaches

Point-of-Sale data breaches (POS) and occur when cybercriminals install malicious software on a business’s card-processing system. The malware is designed to copy data stored on a payment card’s magnetic strip when it’s swiped at an infected payment terminal.

How Does Joker’s Stash Work?

Unfortunately, Joker’s stash operates using Blockchain DNS, a blockchain system that lets website visitors avoid surveillance intervention and censorship from governments and ISP’s. In other words, Joker’s Stash uses a decentralized system that helps the site stay active if someone attempts to take it down.

Midwest Restaurants Credit Card Breach Joker's Stash Screenshot 1

The good news is that Fraud teams can use Joker’s Stash to understand what card data is made available and when. As a result, they’re able to determine the common point of purchase of affected cards. A report by Flashpoint, a business risk intelligence specialist, published an analysis that explains how this is the most reliable method of identifying the source of a breach.

All of this to say that POS data breaches are a problem for businesses if customers are afraid their card information isn’t safe.

Midwest Restaurants Credit Card Breach Joker's Stash Screenshot 2

The fraud intelligence company, Gemini Advisory, said out of the almost 2,000 locations that belonged to the restaurants, close to 50% were breached, according to an article by Insurance Business America.

There is No Safety in Numbers

As we’ve seen, breaches can affect not only retailers and restaurant chains but financial institutions as well. It could have been a bank in the U.S., not India, breached by cybercriminals. Capital One was breached in March, exposing more than 14,000 Social Security numbers and 80,000 bank account numbers.

This information could have been dumped into the Joker’s Stash website and sold for a few hundred dollars just as easily as with the Indian banks. The Department of Justice arrest a Seattle Tech worker, Pagie A. Thompson, for the fraud. She claimed she didn’t do it for the money, but she could have made millions of dollars through sites like Joker’s Stash.

Midwest Restaurants Credit Card Breach Joker's Stash Screenshot 3

Cybercrimes cost banks more than $1 trillion dollars a year. That’s mainly due to financial institutions failing to comply with regulations, like FINRA and SOX, creating compliance risks. However, as regulations change with technology, criminals adapt and develop newer ways to exploit regulations.

Breaches Will Get Worse

Banks are usually secure against external threats, but the biggest threats are internal. That is, careless employees. Financial institutions are finally getting around to training their employees, but that might not be enough. Implementing a strong cybersecurity plan is key in a world lurking with criminals ready to leverage any vulnerability a firm might have.

Dark web card sites like Joker’s Stash make are growing more popular and profitable. If these breaches have shown anything it’s that Joker’s Stash isn’t going away. The best chance businesses have is to adapt. That said, cloud security and multi factored authentication are making easier to do so.

To stay informed on cyber Security, data breaches, compliance and cloud technology check out the Nerd Support blog.

Tax Security Awareness 2019 Thumbnail

Tax Security Week: 5 Common Holiday Tax Scams

With December fast approaching, most people are gearing up for the holidays. Some, however, are preparing to steal personal and financial data ahead of tax filing season in 2020. That’s why the IRS announced its 4th annual National Tax Security Awareness Week.

The IRS received five to seven reports weekly from tax firms that experienced data theft in 2018’s tax season. Identity theft is a major issue for small businesses.

In the spirit of everyone’s favorite season (tax season), the IRS and Security Summit partners will remind businesses, tax payers and professionals alike to update their online security. Because of the upcoming holidays, people are vulnerable to all kinds of social engineering scams.

Modern IT solutions for accounting firms can assess emails and flag suspicious activity. However, responsibility falls on individuals, whether executives or employees, to protect themselves against tax related scams too.

IRS tax scams are common because cyber criminals are most effective when they hide behind authority. They typically feature spam emails redirecting users to malware-infected sites. Sometimes they’ll come with a malicious attachment that carries spyware or malware.

These emails contain an image banner or watermark of the IRS to appear legitimate. Furthermore, the emails often come attached with fake W-8BEN forms to reinforce this legitimacy.

1. W-2 Scams

One of the biggest scams employers face are W-2 Scams, especially during tax season.

W-2 phishing scams involve a cybercriminal impersonating a company executive in an email. The email is sent to someone from HR or accounting, someone with access to employee W-2 forms. And of course, it comes with a subject line claiming it is urgent.

The request will look formal and polite as to not raise suspicion. The employee then collects all employee tax information and sends it back to the fake executive.

It’s as simple as that.

2. “Locked Accounts”

Accounting services like TurboTax have also been impersonated by cybercriminals notifying clients that their accounts have been locked. The email will feature a link taking the target to a fraudulent website where they submit their personal information.

3. “Update Information”

It’s not uncommon for an accounting client to receive an email notifying them that because of the incoming tax season, they need to update their tax filing information.

4. “Refunds”

In some cases, emails entice victims with incentives like tax refunds. It isn’t difficult to see why these would be successful. A business owner finds an email claiming the IRS owes them money and they are less likely to raise questions.

5. Holiday Scams

Since over 75 percent of Americans shop online for the holidays. Many of those Americans have full time jobs working in industries containing sensitive data. The greatest cyber security risk in any industry across the board is an employee. An even greater risk is an employee eager to get their holiday shopping out of the way.

Employees and business owners start shopping online for gifts, and cybercriminals are there ready to shoplift sensitive data. Social engineers, hackers and cybercriminals take advantage of the holiday season to send fake invitations and holiday deals from places frequented by their targets.

Shopping Spear Phishing fraud

Advanced spear phishing techniques can come disguised as a great online offer from your favorite online shopping site. I’m not referring to a popular shopping site, I’m talking about the site you specifically shop in. A cybercriminal will mine your social media and online activity until they have everything they need to create a counterfeit email you’re likely to click on.

That’s why it’s important to only use work email for work related matters. Many breaches happen because employees make the simple mistake of subscribing to online sites and programs with their work email.

Tax Security Awareness Fraud Statistics

Protecting Client information is protecting yourself

The Gramm-Leach-Bliley Act of 1999 requires all financial services organizations to have an information security plan to ensure the safety of sensitive client data. In other words, all finance organizations have to demonstrate what security measures they have in place to protect client information.

If a financial firm fails to take the proper security measures, independent of a breach, they could face penalties. Therefore, seeking guidance from cyber experts, like Nerds Support, for security-related issues is recommended.

But in the meantime, check out our blog for more articles on phishing, cyber security and compliance.

Disney Plus Data Account Breach Thumbnail

Thousands of Disney Plus Accounts Hacked After Launch

Disney’s new streaming service was hacked a week after launching and hackers are offering breached accounts for sale online for $1 a month or $3 a year.

The service garnered over 10 million subscribers on their first day and within hours hackers took control of user accounts.

Disney+ users said on social media hackers were logging in to their accounts, logging them out and changing the email and password of their accounts.  If this is true, then some users could be in huge trouble. 59 percent of people use the same password everywhere, according to a poll conducted by Lastpass. Therefore, there’s a big chance Disney+ subscribers use the same email and password for multiple accounts.

Other streaming services such as Netflix, Hulu and HBO Now have been targeted by hackers too. Users report finding unfamiliar names and profiles in their accounts.  And if you’re a hacker looking to make a quick dollar, it this isn’t too hard to do.

How Did This Happen?

It’s estimated that millions of online accounts are scouted and tested using a method called credential stuffing. Hackers test a database of stolen information such as passwords and usernames against various accounts in order to find a match.

Hackers have programs that run these tests in seconds. And since we know over half of people use the same username and passwords across multiple accounts, there’s a huge probability they’ll find a match.

Another scam cybercriminals use to get your email, in the instance of Disney+, would be to send a fake email to a subscriber warning them their accounts were locked. The fraud email asks the user to provide their account information for “verification”. After a hacker gains this information, they log in to the account, change the password and block the subscriber from accessing his or her account. This is a form of phishing and it happens every day.

Disney Plus Data Account Breach Statistics

It’s a Bad Week for Disney+

The curious thing about Disney+ is that users who had unique passwords also got their accounts hacked according to a ZDNet report. Secondly, the new streaming service was still in the seven-day free trial period, even for people who signed up for it immediately after it went live. In other words, there wouldn’t be any profit for hackers since people were still using it for free. Moreover, if you’re a Verizon customer you get Disney+ free for a year.

The new streaming platform has had a rough first week since it went live on Nov. 12, with slow screen loads to messages on their homepage displaying ‘unable to connect’. The company said it was working hard to fix the problem and they were mainly due to a demand for the service that was higher than expected.

Subscribers of streaming services should ignore and avoid emails relating to their accounts and never provide account information through email. Also avoid using the same password for everything. It’s honestly an invitation to get hacked. If even one of your accounts is compromised that risks all your accounts.

Why Does it Happen?

And this isn’t something common just among streaming service users, it’s common for everyone. Even people who work in industries and companies with extremely valuable data fail to take precaution. It’s been reported repeatedly that human error is the leading cause of cybercrime. To be more specific, human error is the main cause of 95 percent of cyber security breaches according to an IBM study.

Human error encompasses a large variety of actions, not just password related errors. It can be downloading malware after opening a phishing email or working on an insecure network. Victims of ransomware attacks aren’t foolish, just careless.

The Disney breach might not seem related to company breaches until you consider Disney+ users are accountants, lawyers, financial advisers, and business owners. If over half of people use the same password for everything, what’s stopping them from using their Disney+ password to access their account information or login to their database?

For a cybercriminal, this is their best-case scenario. They access a user’s information, discover he works at a medium size accounting firm, and proceed to use the password they got from accessing their streaming service to access their firm. There are even cases where people use their work email as their login email for other accounts.

It Takes More than Good IT

There is only so much IT for accounting firms can do in this case. Companies must do more than rely on their IT infrastructure to keep them safe. Situations like these create huge compliance risks for those who work in the financial services industry. For those who work in or own their own business, it creates liabilities that could potentially ruin the company.

Hackers always look for the path of least resistance. They choose a small or medium sized business because it won’t attract too much attention. They send hyper-targeted phishing emails because people are likely to fall for them. Cybercriminals even buy malware programs on the dark web so they don’t have to develop it themselves. The trick is to do everything possible to make their jobs as difficult as possible by implementing smart, best-practice procedures. At the end of the day it’s about eliminating liabilities.

Disney+ users should be mindful of what email they use to login and what password they choose. It might affect more than their weekend.

Click here to read our blog about how  businesses can protect themselves from cyberattacks.

Accounting Firm Scams Vulnerabilities Thumbnail

Top 5 Vulnerabilities Accounting Firms Face

It seems like every other day institutions big and small are experiencing some form of cyberattack. Local governments, banking institutions, tech and networking companies have undergone some sort of cyber breach. However, accounting firms are likelier than other businesses to fall victim to a cyberattack due to the wealth of sensitive client information they store in order to conduct business.

Since cybercriminals are always exploiting vulnerabilities and finding new malware to access financial information of accounting clients, it’s important to understand cyber threats your firm faces in 2020. So when an accountant thinks about cyber risks they’re susceptible to they think about attacks from outside the firm. Unfortunately, the cyber threats that could negatively impact the firm are ones that firms are responsible for. The good news is they can be prevented.

Here are five  main vulnerabilities CPA’s face today.

Why are CPA Employees at the Root of a Data Breach?

1) Human Error

Human error is the leading cause of accounting mistakes and it’s also the leading cause of cyber security threats. 90 percent of data breaches are caused by human error, according to a study by Kaspersky.

Bring your own device (BYOD) culture puts financial firms at risk when accountants neglect to check their network security. If an accountant has sensitive data on their personal device and decides to go to a coffee shop like Starbucks, it’s possible that a hacker can access that information because the user’s connected to a vulnerable, public wifi network.

Solution

Establish strict guidelines to limit the use of personal devices when handling accounts and client data.

2) Weak Passwords

Among the most common mistakes accounting professionals make is setting up weak passwords for accounts. Accountants should create separate passwords for their email, applications, and systems according to best practices. The reality is accountants, like many other people, tend to use the same password for all three. As a result, they make a hacker’s job much easier.

Passwords are a lot like keys. Imagine if you had one key for your house, your car and your business.  All anyone has to do to ruin your life is get hold of that key. Now, lets push this analogy even further. Imagine that same universal key. Not only does it provide access to all these valuable things but every night before you go to bed you leave it under a flowerpot outside for safe keeping. It might not be as obvious as leaving it out in the open, but it wouldn’t take long to find.

That is exactly what accountants do online. They create passwords that are easy for them to remember. Passwords are often anniversary dates, names of pets or loved ones, or the schools they studied in. Like the key in the flowerpot, a thief might not know exactly where it’s is hidden, but after some snooping around and persistence, they’d find it.

Social Media is a Hackers’ Greatest Tool

In today’s world of social media and online communication, personal information is available to everyone willing to look for it. A cyber criminal just needs to do a minimum amount of work looking through social media accounts to find anniversary dates, names of pets or loved ones, and the schools a target studied in.

That’s not to say accountants should rid themselves of all social media and eliminate their online presence. That’s a very extreme approach and, more importantly, is impossible. We shop online, we bank online, we purchase food online, we buy tickets online. All these things create a profile of who you are and can be leveraged to gain access to your accounts.

Solution

It is essential for accountants to set strong passwords for all their accounts. What are strong passwords? A strong password is a combination of letters (capital and lowercase), special characters like punctuation marks, and numbers or numerals. Stay away from passwords relating to your personal life as often as possible. A hacker will use whatever information they can to infiltrate a firm.

To avoid this firms should consider simple security methods like having users change their passwords monthly or at least quarterly and limit access through mobile devices. Also using multi-factor authentication software when accessing accounts can prevent breaches.

Accounting Firm Scams Vulnerabilities Statistics

3) Phishing

This leads me to the next cybersecurity danger CPA’s face: Phishing. Phishing emails are used to manipulate the reader to click on a link or attachment infected with malware or a virus. They are a form of social engineering. Whether  you’re a large firm or small you’re vulnerable because statistics are on the hacker’s side.  All it takes is one successful attempt to access the firm’s data. In other words, they only need to trick one employee to access the firm’s data.

Phishing attacks a varied and wide-ranging. They can come in the form of a credit card alert, a notice from a non-profit, a package shipment delay and others. However, now that there’s more awareness of phishing scams, scammers adapted to make attacks even more believable by hyper focusing on a specific target.

A target phishing email is known as spear phishing. Cybercriminals use everything they can find on the target to legitimize the email. They’ll make references to people in your life, places you’ve lived in, things that you’ve done to give you a false sense of security. For example, if you get an email from a store you’ve shopped at offering you deals on products you’re likely to buy, you’re likelier to open the email without question.

Avoiding spear phishing attacks means having the proper securities in place and training personnel to create a security first culture. Businesses can use phishing simulations to train accountants to recognize them also.

4) Malware

Malware is installed through a phishing email attachment or link to an infected web page. The scary thing about malware is that it can stay dormant for weeks or even months before it’s used to steal information or take over systems. There are even ways to purchase malware online through the dark web. In other words, cyber criminals no longer need to be tech savvy to deploy malware. They can be anyone.

Solution

Since Malware is installed through social engineering, the solutions are the same.  Accounting firms should have protocols in place to alert IT personnel when a request comes in through email. Managed Service providers, like Nerds Support, have alert system that notifies systems engineers of potentially fraudulent emails.

Our e-book goes into more detail on the benefits of e-mail and spam security services.

5) Cryptojacking

Cryptojacking is relatively new and unlike malware attacks, its goal is to mine cryptocurrencies on behalf of the hacker by using the victim’s devices. They gain access to the devices by using phishing techniques. They imbed crypto mining malware in popular websites in the form of free browser extensions.

Crypto currencies are valuable to hackers because they’re untraceable and can be used for purchase and exchange on the dark web. Furthermore, the attractive thing about cryptojacking is that it runs secretly and can go undetected for a long time. And since nothing gets stolen or encrypted, there’s little incentive to do anything about it.

 Solution

Other than training firms should implement endpoint protection/antivirus software that detect crypto miners. IT support should create a continuity strategy in case of an attack.  Another thing you can do is keep track and maintain browser extensions.

Conclusion

An October 13 story by CNBC reported that Cyberattacks cost small companies $200,000 on average. 60% of the businesses attacked go out of business within six months. Accounting firms are among the most targeted types of businesses today. Moreover, cyber crime has become the fastest growing type of crime costing businesses 5.2 trillion worldwide in the next five years.

Pandora’s box has been opened and now more than ever CPA’s cannot afford to take unnecessary risks. Adopting strategies and continuity plans to limit the impact of cyberattacks and phishing scams is key.

 

P.S. Cloud accounting is a growing field and provides unique solutions to many of these problems. Click here to read our blog on why cloud backups are a good solution for CPA firms.

South Florida Law Firms Ransomware Data Breach

Ransomeware Attack in Coral Gables, Florida Puts Law Firms at Risk

Cyber Attack in Coral Gables, Fl

The Coral Gables-based company TrialWorks, a software company that manages electronic records for thousands of law firms in the US, was subject to a ransomware attack. Digital legal documents were held hostage in a classic ransomware attack.

Last Thursday, one of the law firms who’s information is kept by TrialWorks, was forced to request more timed to meet a filing deadline in an important case in federal court because it could not access its documents.

How did it Happen?

TrialWorks alerted its customers about the breach and stated it was caused by a Microsoft service outage affecting Outlook desktop and mobile apps, according to court records.

Software management services like TrialWorks continue to grow as law firms look to store their abundance of electronic documents in a host facility. This part of a larger trend of digital transformation.  In other words, the cloud. And as industries move their files and digital information to the cloud, security becomes essential against cyber threats. Government facilities throughout Florida have already suffered from cyber-attacks involving ransomware. Banks have experienced breaches as well.

Cloud computing is the natural progression of software technology. The old client-server model of getting physical disks and installing software on local servers was the only viable solution for the better part of two decades. Now industries are looking to cloud technology for a more practical approach to data storage.

TrialWorks alerted the law firms and attorneys that use its case management services that they could not access their electronically stored documents while they were resolving the breach issue. This created a more issues as TrialWorks informed customers that it had a high ticket volume and response times would be delayed.

The company merged with another company, Needles and expanded greatly. Law firms using Trialworks suffered significantly. Attorneys working cases couldn’t access the necessary files and creates set-backs that impact TrialWorks and all of their clients.

Data Breaches & Cyber Attacks

Data breaches, social engineering and ransomware attacks are devastating and are, unfortunately, underestimated by small and medium sized businesses. One of TrialWorks’ clients was a small firm of nine lawyers working on a civil litigation case. The TrialWorks breached slowed down their work. Their deadline issue was resolved, however, they have until November 14 to respond to a dispute over the testimony of an expert witness. This response requires access to critical documents in the case.

What happened at TrialWorks is not specific to them. In the month of September of 2019 alone there were 75 data breaches and a total of 531,596,111 breached records. This number is significantly less than August, which had 95 incidents total. However, there was an overall increase of 363% in terms of records breached.

A data breach happens when a cybercriminal successfully infiltrates data sources and extracts sensitive information. The more valuable the information, the likelier an organization is to become a target. The healthcare industry, for example, is often targeted. In fact, the medical industry is the top industries for cyberattacks. However, there are a number of other industries also vulnerable to attack.

The most targeted sectors for cyberattacks are the following:
1. Healthcare
2. Retail
3. Financial Services & Insurance
4. Public Administration
5. Information
6. Professional/Scientific
7. Education
8. Manufacturing

Among these, the top three are Healthcare, Retail and Financial Services. These verticals are where average consumers, clients and patients expose their most sensitive information.

South Florida Law Firms Ransomware Data Breach Statistics

Healthcare

In healthcare, hospitals house a lot of private data. A patient’s medical record, social security, insurance provider, and medication are all valuable to a hacker.

Retail

Retailers are lucrative because of the swipe and go payment machines and the high amount of transactions make credit card or debit card information accessible to cybercriminals through various methods like skimming. Skimming is a means to get card data by creating a duplicate payment cards and re-using the copies.

Financial Services

It’s well known that over 25 percent of all malware attacks target the financial sector. Cyber criminals target financial services companies by implementing Trojan viruses to steal banking information and download data. One of the most famous examples of this was the Equifax data breach. The company’s estimated to lose over $600 million because of it. Furthermore, companies in the financial services industry are paying more to secure infrastructures and protect critical data from theft. That is why financial cloud computing is becoming popular in the industry. Cloud accounting technology is also on the rise.  However, criminals are still motivated to commit cyber crime due to the low risk, high reward nature of cyber-attacks.

Not Your Average Theft

Unlike a physical robbery, it isn’t immediately apparent when you’ve experienced a data breach. It can take weeks, months or, in some cases, years before a breach is discovered. Hackers use this to their advantage, targeting the weaknesses within regulatory guidelines. That’s why it’s important not to take any compliance risks.

These cyber breaches are becoming more dangerous and harder to detect. A financial company’s IT infrastructure is not enough anymore. Organizations are adopting a more proactive approach by employing advanced cyber security software, multi-factor authentication and expert security response professionals layered on top of efficient cloud technology. As a result, financial cloud providers not only anticipate attacks as early as possible, but train financial services firms to assist in their own protection.

The breach in TrialWorks is a perfect anecdote to what can happen to any firm in a number or industries.  When you experience a breach, your company loses credibility, clients, resources and has to deal with all the ramifications of the breach itself. There are long, extensive investigations into the nature of the breach, potential lawsuits and compliance related hassles that can stagnate if not completely ruin a financial firm regardless of size.

For more blogs on cyber security news, fintech, the cloud and more visit our website.