1.

Dunkin Donuts Reports Credential Stuffing Attack

[Records Exposed: N/A | Industry: Restaurant & Hospitality | Type of Attack:
Credential Stuffing]

The Fast Facts: Dunkin’ Donuts first reported a credential stuffing attack at the end
of November 2018, and has notified users of more account breaches following a
2019 attack. This attack, which happened in January, is similar to the first in where
hackers leveraged user credentials leaked at other sites to enter DD Perks rewards
accounts.

The type of information stored in a DD Perks account, which provides repeat

customers a way to earn points and get free merchandise or discounts, includes the
user’s first and last names, emails (usernames) and a 16-digit DD Perks account
number and QR code.

According to ZDNet, the hackers weren’t after users’ personal information stored in
the rewards accounts; instead, they were after the account itself in order to sell on
Dark Web forums.

Some Quick Tips: According to advice from Trend Micro, here are some ways to
strengthen security against these types of attacks:

 Practice good password hygiene. Avoid reusing the same email and
password combination for multiple online accounts, and change your access
credentials frequently.
 Enable two-factor authentication (2FA) whenever possible. Layered protection
is always better than single access authentication.
 Observe your network traffic and system. A significant increase in network
inquiries, access, or slowdowns may indicate an attack. Run security software
to find and remove malware infection.

2Multiple Yahoo Data Breaches Across 4 Years Result

in a $117.5 Million Settlement
[Records Exposed: 3 Billion| Industry: Software & Technology | Type of Attack:
Unauthorized Access]

The Fast Facts: According to the website for the Yahoo data breach settlement, the
company’s cyber security issues contained in this matter extended from 2012 to
2016. But, the information gets more specific and says data breaches involving
stolen information occurred from 2013 and 2016, while so-called data security
intrusions (where an infiltration happened without those responsible taking data)
happened from at least January-April 2012.
Then, cybercriminals did not take the same kind of data in every case or behave the
same way. For example, in 2012, two separate hackers broke into Yahoo's online
infrastructure without taking anything.

The next year, cybercriminals behaved maliciously when they took records from all
of Yahoo's accounts, which totaled about 3 billion. In that instance, the information
seized by the hackers could have allowed them to access things like users' email
accounts and calendars.

In 2014, hackers directly targeted Yahoo's user database, affecting about 500 million
people. The cybercriminals reportedly got account details such as people's names,
email addresses, passwords, phone numbers and birthdays.

Lessons Learned: The Yahoo data breach was, in part, as bad as it was because of
poor security practices. Hackers gained access to Yahoo’s network through the use
of a phishing scheme. All it took was one employee with network access clicking on
a malicious link for a hacker to get through. Once in, the hackers were able to
guarantee their continued access to the network. Also, some confidential data —
including security questions and answers — was stored unencrypted by Yahoo.

CISOs should prepare for attacks that use social engineering just as much as brute-
force attacks. This will require CISOs to provide some level of cyber security
education to non-cyber security and non-tech savvy staff. CISOs should also ensure
that basic security measures — like the encryption of identifying information — are in
place.

3Cyber Attack Takes Weather Channel Offline

[Records Exposed: N/A | Industry: Media | Type of Attack: Ransomware]

The Fast Facts: On Thursday, April 18, 2019, The Weather Channel live broadcast
went offline for about an hour according to The Wall Street Journal, which the
company later confirmed in a Twitter statement was due to a ‘malicious software
attack.’ The FBI subsequently started an investigation into the ransomware attack
that shut down the Weather Channel’s live program, which forced the cable channel
to resort to a taped program.

Lessons Learned: Jason Glassberg, the cofounder of the security firm Casaba
Security, told Business Insider what to do if you accidently fall victim to a
ransomware attack:  

1. Alert law enforcement. While they might not be able to help you much, they
should still be made aware of the crime.
2. Turn off your infected computer and disconnect it from the network it is on. An
infected computer can potentially take down other computers sharing the
same network.
3. Back up the data on a separate hard drive so you can at least recover the
data you lost from the point of the last backup. While the malicious software
itself can be removed, getting your data back is a whole different story.
Finally, you have to decide whether or not you are going to pay the ransom, which is
a highly debated topic. “We have seen many scenarios where even if the user pays,
they don't get the recovery keys. So it's one of the reasons we tell our customers that
paying the ransom is not the best course of action,” says Steve Grobman, the chief
technology officer of Intel's Security Group.

“For starters, paying the ransom may not result in you getting your keys back. And
you are also providing additional incentives for the criminal element to continue to
build ransomware and make it more effective and help it become an even bigger
problem in the future.”

4Investigation Of Walmart Email Breach

[Records Exposed: N/A | Industry: Retail | Type of Attack: Unauthorized
Access]

The Fast Facts: The FBI is investigating allegations that employees from one of
Walmart’s technology suppliers was illegally monitoring the retailer’s e-mail
communication.

The New York Times reports that in late 2015 through early 2016, Compucom
employees assigned to Walmart’s help desk were using their access to monitor
specific e-mail accounts at the retailer and allegedly using that information to get an
edge over competitors.

The scheme was discovered after a Compucom technician took a photo of an email
about an internal Walmart disciplinary matter and sent it to a Walmart employee he
had been chatting with on an instant messaging system, according to the FBI filing.

Lesson Learned: The case exposes a potential vulnerability for companies that rely
on contractors for technical work, giving outsiders broad access to sensitive internal
documents with little oversight in the process. It also raises questions about how
technicians hired to support the computer system of one of the world’s largest and
most insular corporations were able to gather information from employee emails.

“Companies with an extensive communications network like ours require the support
of different partners and a high level of trust,” Walmart spokesman, Randy Hargrove,
told the NYT. “We relied on this vendor but their personnel abused their access and
we want those responsible to be held accountable.

5.Cosmos Bank Cyber Attack in Pune 

A recent cyber attack in India 2018 was deployed on Cosmos Bank in Pune. This
daring attack shook the whole banking sector of India when hackers siphoned off Rs.
94.42 crore from Cosmos Cooperative Bank Ltd. in Pune.
Cyber Attack on Cosmos Bank

 A daring cyber attack was carried in August 2018 on Cosmos Bank’s Pune
branch which saw nearly 94 Crores rupees being siphoned off.

Hackers wiped out money and transferred it to a Hong Kong situated bank by
hacking the server of Cosmos Bank. A case was filed by Cosmos bank with Pune
cyber cell for the cyber attack. Hackers hacked into the ATM server of the bank
and stole details of many visa and rupee debit card owners.

The attack was not on a centralized banking solution of Cosmos bank. The
balances and total accounts statistics remained unchanged and there was no effect
on the bank account of holders. The switching system which acts as an interacting
module between the payment gateways and the bank’s centralized banking solution
was attacked.

The Malware attack on the switching system raised numerous wrong messages
confirming various demands of payment of visa and rupee debit card
internationally. The total transactions were 14,000 in numbers with over 450 cards
across 28 countries.

Also Know: Cyber Security New Year’s Resolutions For 2020

On the national level, it has been done through 400 cards and the transactions
involved were 2,800. This was the first malware attack in India against the
switching system which broke the communication between the payment gateway
and the bank.

Prevention: Hardening of the security systems by limiting its functions and

performance only to authorized people can be the way forward.

Any unauthorized access to the network should immediately set an alarm to block
all the access to the bank’s network. Also, to minimize risk, enabling a two-factor
authentication might help.

Through testing, potential vulnerabilities can be fished out and can make the entire
digital part of the banking system safe.

Hackers hacked into the bank’s ATM server and took details of many visas and
rupee debit cardholders. Money was wiped off while hacker gangs from around 28
countries immediately withdrew the amount as soon as they were informed. 

6 UIDAI Aadhaar Software Hacked

2018 started with a massive data breach of personal records of 1.1 Billion Indian
Aadhaar cardholders. UIDAI revealed that around 210 Indian Government websites
had leaked  Aadhaar details of people online.
Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers,
IFSC codes and mostly every personal information of all individual cardholders. If it
wasn’t enough shocking, anonymous sellers were selling Aadhaar information of any
person for Rs. 500 over Whatsapp. Also, one could get any person’s Aadhaar car
printout by paying an extra amount of Rs.300. 

Cyber Security Measures for Organizations to Prevent Cyber

Attacks
1. Educate employees on the emerging cyber attacks with security awareness training.
 2. Keep all software and systems updated from time to time with the latest security
patches.
3. Implement email authentication protocols such as DMARC, DKIM and SPF to secure
your email domain from email-based cyber attacks.
4. Get regular Vulnerability Assessment and Penetration Testing to patch and remove
the existing vulnerabilities in the network and web application.
5. Limit employee access to sensitive data or confidential information and limit their
authority to install the software.
6. Use highly strong passwords for accounts and make sure to update them at long
intervals.
7. Avoid the practice of openly password sharing at work.

7 . Adobe was going through hell

Adobe announced in October 2013 the massive hacking of its IT infrastructure.

Personal information of 2.9 million accounts was stolen (logins, passwords,
names, credit card numbers and expiration dates). Another file discovered on the
internet later brought the number of accounts affected by the attack to 150
million (only 38 million active accounts). To access this information, the hackers
took advantage of a security breach at the publisher, specifically related to security
practices around passwords. The stolen passwords had been encrypted instead of
being chopped as recommended. Fortunately, if this had led to banking data also
being stolen, it was at least unusable because of a high-quality encryption by Adobe.
The company was attacked not only for its customer information, but also for its
product data. Indeed, the most worrying problem for Adobe was the theft of over
40GB of source code. For instance, the entire source code for the ColdFusion
product was stolen as well as parts of the source codes for Acrobat Reader and
Photoshop. If other attacks were to be feared, they did not ultimately take place

8.  Ransomware WannaCry
Midway through 2017, the United Kingdom fell prey to one of the most
devious cyber attacks it had ever faced – ransomware WannaCry. Delivered
as an email attachment virus, it locked up all files in an MS Windows
powered system, eventually demanding a ransom for unlocking them.
Having started as an attack on their NHS computer system, the
ransomware had slowly brought systems from the UK to the US and from
Russia to China to their knees. As many as 300,000 computers over 150
countries were infected by WannaCry.
9. LinkedIn Hacking
Social networking website LinkedIn fell prey to a hack executed by
Russian cyber criminals who stole the passwords of nearly 6.5 million user
accounts. Soon these stolen passwords were made available in plain text
on a Russian password forum! Adversity struck again when LinkedIn
discovered in May 2016 that an additional 100 million compromised email
addresses and passwords that were claimed to be from the 2012 breach,
were released into the hacker forum. Some tech news reports have
revealed that hackers were trying to sell this information on a darknet
market for around $2200 each!

10. Personal Data Exposed from JustDial Database

An unprotected API end was the issue in this incident. Justdial one of India’s
leading local search platform let a loose end which exposed all of their user data
who accessed their services through the web, mobile, and their phone number.

Leaked data includes name, email, number, address gender, etc. the shocking part
according to reports is that since 2015 the API has been exposed like this.

How to make your API secure?

 Validate all the incoming data

 Use the essential method for authentication verification
 Monitor and manage using automated scripts
 Encrypt data