We haven’t yet reached the end of January, and already numerous cyber-attacks and compromised collections of data have hit headlines. The phrase ‘no rest for the wicked’ rings true – as, not one day into 2019, the year’s first data breach was reported by the Victoria Premier’s Department in Australia. A couple of days after that, many high-profile German politicians found that their personal data had been leaked on Twitter.
There has been no let up as the month has gone on – with Amazon India, OXO and MongoDB all announcing that they had been compromised. In addition to all of this, the largest ever collection of breached data was discovered online, and – as predicted – we saw the return of Magecart. As is pretty evident – cyber criminal activity has taken no rest in the new year, nor will it slow down.
Dubbed ‘Collection 1,’ the largest collection of breached data ever discovered was found online earlier in the month – which included over 770M stolen email addresses and passwords. This impressively large data set equates to 1/10th of the planet’s email account details, and is thought to be the combined sum of multiple breaches that have taken place over the past few years.
This data set is likely to be a cyber criminal group’s private collection of stolen credentials that they have acquired through various means over the years. Although we haven’t seen something on this scale before, we have seen large volumes of stolen data become available to all criminals, as this one has. This kind of data is usually made available when a criminal cyber team has determined the value of the data is so low that it’s not worth selling anymore, or when a couple of criminals have a disagreement, and so one of them releases the unprotected product they were selling to eliminate the other criminal’s ability to make any money off of it.
Email account credentials may be some of the most valuable there are. This is because many people reuse their passwords on multiple accounts – and the compromised email inbox likely has emails in it that helpfully identify the consumer’s shopping, banking and investing habits, as well as telephone, energy and other service providers the person uses. The email account is also the standard method used to communicate with the customer – even for resetting passwords. This is why email credentials have tremendous value to criminals, because they provide a large, more complete threat to user account loss than any other.
Magecart is Back – and it’s Bigger and Better Than Ever
As we predicted, the trend of compromising e-commerce sites to run malicious code within the visitor’s browser has also continued – with an attack occurring just two weeks into 2019.
This latest Magecart style campaign was conducted by another group adopting this in-vogue style of attack. This group carried out the attack by targeting French advertising company Adverline, and subsequently infecting all businesses that run its – now compromised – ad tag. Through this method, there is a potential for thousands of more businesses to be hit.
The Magecart attack exploits a significant design weakness in many sites, the reliance and transparent use of third-party code with no review or change control over the website content. This type of attack does not fit into the “traditional” security products sphere of influence, which are more focused on the end-user device or the company’s databases. The result is an exploitable point of vulnerability on the website where criminals can attack both the user and the e-commerce site. We will definitely see this style of attack grow across the year, targeting open source and other widely used third party code repositories.
In This Climate, the Threat of Cyber-Attacks isn’t Going Anywhere
The unfortunate reality is that, as we enter 2019, a major breach against your organization – or any organization – seems more likely than ever before. This is in no small part due to the turbulent geo-political climate.
Earlier this month, the World Economic Forum published its latest Global Risks Report for 2019, which ranks the existential threats facing the world. Once again, large-scale cyber-attacks featured in the top ten lists of both the ‘risks by likelihood’ (ranking number 5), and ‘risks by impact’ (ranking number 7). Just last week, the Bulletin of Atomic Scientists essentially echoed this sentiment by keeping the so-called “Doomsday Clock” on two minutes to midnight, indicating that the world is as close to Armageddon as it was in 1953, immediately following the Cuban Missile Crisis. Their reasoning was that “information warfare” has exacerbated global unrest.
This is not to say we think you should be locking yourself up in your bunker with a lot of tinned food. Just that it pays to be realistic on the threats facing your business. The weather forecast when it comes to cyber-crime is bad, there is no denying it. What we can do is take as proactive an approach as possible to protect your business, identifying the major threats – Magecart, credential stuffing, the weak point of the website, and as importantly, the customer-owned devices that typically have minimal or no security, but are still connecting to your enterprise and represent half of every e-commerce transaction – and securing against them.
For more information on how to protect your business with Trusted Knight, click here.