Security Round Up: Exposed Records, File Deletion Warnings & More
New security threats, breaches and file exposures putting our personal information at risk are consistently released. The general nature of our private information makes it valuable, not only to us, but also to the wrong people. However, there are steps you can take to protect your privacy and data.
One of the most critical actions is using long passwords and using different combinations of user IDs and passwords for each account you create. This sounds challenging, and it can be. If it is something you struggle with, consider using an encrypted password manager utility. Keep in mind there are also situations where nothing you did put your information at risk, rather a company did not protect you the way it should have.
This post covers recent vulnerabilities within native Windows applications, misconfigured cloud data, and breaches of medical payment processing. These are perfect examples of threats where the victims were not at fault. It also covers Microsoft Office 365 phishing scams which are a reminder that we need to be careful clicking links inside emails.
Security Round Up: Exposed Records, File Deletion Warnings & More
Medical Payment Processing Part 1 - Quest Diagnostics
American Medical Collection Agency, a third-party vendor used by Quest Diagnostics to collect payments from patients, suffered a data breach allowing access to the information of 11.9 million patients. Though the breach was only exposed last week, it spanned nearly 9 months. In the wake of the discovery and while the breach is being investigated, Quest has stopped using AMCA's payment site.
It appears the breach was focused on captured credit card numbers, medical info and personal data though Quest shared lab results were not among the stolen data. Unfortunately, with this type of breach there is nothing victims could have done to protect themselves. If you think you might be a victim, be sure to monitor the credit card you used with the AMCA site for fraudulent charges.
For more information about this story, read the full article.
Medical Payment Processing Part 2 - LabCorp
One day after Quest Diagnostics exposed its breach using AMCA, LabCorp, another company using AMCA to collect patient payments, shared 7.7 million of its customers may have also been affected. Both companies' exposure was caused by a breach within AMCA's site. In the case of LapCorp, 200,000 customers had their payment information compromised. The process of notifying these users is underway and victims are being offered 2 years of free credit monitoring.
Additional information exposed in the breach may include the following:
- Names
- DOB
- Addresses
- Phone numbers
- Dates of service
- Providers &
- Unpaid balances
Not all of this data may seem critical but consider the following scenario. If a hacker knows you had a medical service by a certain company, and they have access to how much you owe and where you live, they could send fake collection notices. Sending fake emails to victims in hopes of collecting payments would not take much time and even if only a small percentage paid, they still make money. Hackers could hound you for payments and all along you would expect your balance to drop but in effect your money could be going to the wrong person.
Since AMCA is a third-party vendor used by multiple medical companies, it is possible other companies that we have yet to hear about have suffered from the same breach. There have been nearly 700 complaints lodged with the Consumer Financial Protection Bureau against AMCA so this is likely not the last we will hear of this breach.
For more information about this story, read the full article.
Office 365 Phishing Emails
A recent phishing scam targets Office 365 users by sending emails pretending to be alerts due to large numbers of file deletions. Attacks that use scare tactics are often effective because they get us to act before thinking. The purpose of the phishing scam is to get users to click on an embedded link. The link goes to a fake Microsoft account login page.
Unfortunately, because the fake site is also hosted on Microsoft's Azure, the link misleads users into thinking it is associated with Microsoft. Once credentials are entered you will be redirected to the legitimate Microsoft login page and prompted to log in again. This makes the attack less detectable but the damage is done once you enter your credentials on the first site which is a fake.
This issue is a stark reminder of why it is always safer to go directly to a website rather than trusting a link in an email. Links inside emails present risk because they can point to any destination the sender chooses. This earlier post discusses many examples of how email introduces threats to your devices.
This is an example of a threat that users can avoid by being cautious. Be especially wary of emails or calls employing scare tactics regardless of the company they pretend to represent. Instead, go directly to a company's website. From there you can obtain contact information, chat with support or safely log into your account. It is also helpful to report these issues to the company so they can warn other clients.
BlueKeep Remote Desktop Protocol
A vulnerability in the Windows Remote Desktop Protocol (RDP) utility was reported a few weeks ago by UK's National Cyber Security Centre (NCSC). This flaw affects all Windows and Windows Server versions aside from Windows 8 and 10. Microsoft has already released a patch for the issue, including for some out-of-support versions.
Unfortunately, even though the patch was issued, there are still nearly 1 million confirmed devices at risk as the patch has not been applied to them. Worse yet, this number could be far larger as the scan that found these results was only scanning outward facing devices, or devices seen from the internet. All internal devices, like those behind a business's firewall, would not be seen by this scan so it is unknown how many devices remain affected.
What is important to take away from this is that it is always important to apply updates. They can be tedious, disruptive and even prompt at the worst time, yet applying them reduces exposure as security patches are often included. The importance of updates also applies to older operating systems. They might not seem worth the trouble for someone to target them, but older systems are often more rewarding targets as they are less likely to be on a regular maintenance schedule.
For more information about this story, read the full article.
Misconfigured Permissions
Inadvertent data exposure is often an overlooked security risk. While it happens all too frequently, unsecured data is often found by white-hat hackers who notify the offending company. Once notified, companies can set appropriate permissions on their cloud data before someone else gains unauthorized access and uses the information in the wrong ways.
An article released a few weeks ago by Threatpost shared that over 2.3 billion files stored in cloud databases and online shares were exposed over the last 12 months. Whether the files are added in a hurry or someone simply is not aware of the risk, files stored in the cloud are often improperly secured from unauthorized users. File Transfer Protocol (FTP), is one of the most common misconfigured technologies and is the responsible application 20% of the time. FTP is used to upload files to cloud storage locations and websites which makes it a widely used technology.
If you or your business store files in the cloud, be sure to check the security permissions on a regular basis to verify that unauthorized access cannot be gained.
The cost of data breaches
2018 by the numbers (data provided by HELPNETSECURITY):
- Data breaches cost $654 billion.
- 2.8 Billion records were exposed in the United States alone.
- The most common types of data exposed in every breach were date of birth and/or SSNs, names and physical addresses, and personal health info.
- Ransomware/malware were 17% of the types of attacks, phishing accounted for 13% while unauthorized access was the most likely culprit at 34%.
With so much money to be made, data breaches are not likely to go away any time soon. The best thing every person can do to protect themselves is to stay informed, use unique user ID and password combinations for online accounts, keep software and applications up-to-date, and go directly to websites rather than clicking on links in emails. Lastly, if you are a victim of a data breach, use any provided credit reporting to monitor your accounts.
As always, slowing down and paying attention to the technology will greatly increase your chances of thwarting a security attack!