hacking

Capital One Data Breach from My Perspective

Capital One was breached and had 106 million applicants’ information stolen. This breach is one of the largest data breaches to occur. In comparison, the Equifax breach affected 150 million people. Capital One’s breach included 100 million US and 6 million Canadian applicants. These numbers are significant because with the US population estimated at being 330 million people, including minors, this means the breach affects an incredible percentage of US adults.

How did this happen? Capital One has embraced a cloud strategy and uses Amazon’s cloud services. Paige A. Thompson, a 33-year-old, hacked through Capital One’s firewall and was able to steal the applicant data. The stolen data includes applicant information from 2005 to early 2019. The data elements included in the breach include: addresses, dates of birth, self-reported income, social security numbers, bank account numbers, email addresses and more. Fortunately, only 140,000 social security numbers and 80,000 bank account numbers were stolen. This is a very small percentage of the overall breach. Additionally, no credit card numbers or user passwords were stolen. The criminal complaint against Ms. Thompson is, she intended to sell the data on-line. Capital One has stated that it is unlikely the stolen information was disseminated or used for fraud.

What you need to know and do: Because no passwords were stolen, there is no immediate threat of fraudulent bank or credit card transactions. If data was successfully sold on the Dark Web, you can expect an increase in social engineering attacks targeted to individuals and businesses. These attacks will be in the form of SPAM emails, telephone calls, etc. Everyone needs to understand how crafty these criminals are in creating messages that look legitimate.

WARNING: Criminals always take advantage of a crisis. If you receive an email from Capital One advising that you were affected by the breach, it could be a SPAM email. Always verify the link in any email before you click (“Think Before you Click-It”). Even better, don’t click on any links in emails. It is a better practice to go directly to the company’s web site by typing in the URL in a new browser.

Remember: It typically takes more than one thing to go wrong for a company to suffer an IT security incident. For more information on protecting or managing your network, contact Quanexus at www.quanexus.com or call 937-885-7272.

Request your free network assessment today. There is no hassle, or obligation.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security

Cyber Attack Update

One of my favorite sites to follow is Hackmageddon.com. They keep trends on the cyber threat landscape. If you have been to one of our security seminars, you would see some screen clippings from their site. Here is a brief update on the cyber threats from April.

Motivation behind attacks:

  • 82% Cyber Crime
  • 14% Cyber Espionage
  • 3% Cyber Warfare
  • 1% Hacktivism

Attack Vectors, The Top 3 (These are tools being used for the attack)

  • 32.3% Malware (drops to 32.3% from 41.1%)
  • 20.6% Account Hijacking (Phishing Attacks push account hijackings to 20.6% from 14.2%)
  • 14% Targeted Attacks

Target Distribution, Top 4

Weighting in at number one is the Individual. The individual is targeted because they have become the lowest hanging fruit not believing that it will happen to them. Individuals are also the number #1 cause of corporate account takeover and business email compromise.

  • Individuals 17%
  • Multiple Industries 16% (small and medium sized businesses)
  • Public Admin 13%
  • Human Health etc. 10% (Hospitals, Medical practices, other health care)

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

FEMA Shared too Much Information

On March 15th, Homeland Security’s Inspector General released their findings titled, “Management Alert FEMA Did Not Safeguard Disaster Survivors’ Sensitive Personally Identifiable Information (REDACTED)”. 2.3 million individuals are affected by this incident.

FEMA released personally identifiable information (PII) from survivors of hurricanes Harvey, Irma and Maria as well as the California wildfires of 2017 disasters. The information was released to contractors who provide services for the Transitional Sheltering Assistance (“TSA”) program.

There are two classifications of PII. The first classification is commonly known information about an individual and it is labeled PII. The second classification is defined as sensitive PII (SPII). SPII is information that is not commonly known and when put together with other data elements, it can identify an individual.

The report states:

“FEMA provided and continues to provide (redacted) with more than 20 unnecessary data fields for survivors participating in the TSA program. Of the 20 unnecessary data fields, FEMA does not safeguard and improperly releases 6 that include SPII:

  • Applicant Street Address
  • Applicant City Name
  • Applicant Zip Code
  • Applicant’s Financial Institution Name
  • Applicant’s Electronic Funds Transfer Number
  • Applicant’s Bank Transit Number

The lesson from this report is based on the security principle of “Least Privilege”. Many small and medium sized businesses overshare company and client information that is likely considered protected or SPII. The “Least Privilege” principle states that users should only have access to the information they need to perform their job function. The oversharing of information needlessly puts the organization at risk.

Click here to view the original report.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

Cyber-Threats Continue to Rise

Criminals are getting more and more sophisticated with their attacks methods.  The number one-way criminals are being successful is still through social engineering.   Social engineering is getting someone to do something they would not normally do.  Two new terms in the cybersecurity world are, corporate account takeover and business email compromise.

Many business owners believe that their staff understands how to recognize spear phishing attacks.  In reality, we are seeing successful spear phishing attacks against key employees.   In the last six months we have seen successful attacks against small financial institutions, food processing and distribution service companies, trade-show associations and more.  It is imperative that security needs to be taken seriously by everyone.

While there is no full proof way to prevent a successful attack there are several key things that must be done to minimize the risk of a successful attack.  Today’s best practice calls for a layered approach, at Quanexus we call this our Q-Stack.  The basics of a security stack include:

  • Policies/procedures
  • Firewall
  • Security awareness training for employees, and management
  • A managed antivirus solution
  • A patch management solution
  • A backup solution

Quanexus has just published a white paper with specific details on how the criminals have been successful and you must do to minimize the chance of your organization becoming a victim.  Include details on how to download the whitepaper.  This should require them to enter their email address.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts