This week’s Breach Report

This week in Breach

This week’s Breach Report

Highlights from The Week in Breach:

– You’d better reboot your router… NOW!

– Nation states injecting malicious apps into play stores to steal your stuff.

– Malware infects healthcare system impacting 500,000 Marylanders.

– Time from detection to acknowledgment and response getting slower and slower and slower. 

It’s back to business as usual in the world of breach, and we are seeing no signs of it slowing down this summer. This week’s headlines have been dominated by targeted attacks of SOHO Routers.  “SOHO” was coined to describe “small office – home office” routers used to set up local area networks by small businesses. According to DHS, “The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilte malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices.” The initial exploit vector for this malware is currently unknown. Here is the link to US-CERT’s alert TA18-145A detailing the threat and what you should do the protect yourself from exploit!   


What we’re STILL listening to this week!

Security Now – Hosted by Steve Gibson, Leo Laporte

Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)

Small Business, Big Marketing – Australia’s #1 Marketing Show!


TeenSafe (Update)

Small Business Risk: High: App server hosted on AWS accessible by anyone without a password.
Exploit: AWS/Suspected Misconfiguration
Risk to Exploited Individuals: High: Even though less than 10,000 individuals were impacted, this is a highly vulnerable segment of the population. 

TeenSafe: The TeenSafe app allows parents access to their children’s web browser history, text messages (including deleted SMS and iMessages and messages on WhatsApp and Kik), call logs, and device location, plus lets them observe which third-party apps have been installed.

Date Occurred
Discovered
 Unknown, but accounts from past three months were compromised.
Date DisclosedMay 21, 2018
Data CompromisedHighly personal data including Apple IDs. The compromised data did not include photos, messages, or location data. The server stores parents’ email address used for their TeenSafe account and their child’s email address, the child’s device name, and the device’s identifier.
How it was CompromisedAt least one of the app’s servers, which are hosted by Amazon’s cloud service, was accessible by anyone without a password. The data, including passwords and user IDs, were reportedly stored in plaintext, even though TeenSafe claims on its website that it uses encryption to protect user data. TeenSafe requires two-factor authentication to be switched off for the app to work, so anyone with just a password can easily gain access to compromised accounts. The app is available for both iOS and Android and doesn’t require parents to seek their child’s consent for access to their phone.
Customers Impacted
Around 10,200 accounts from the past three months were compromised, though that number also includes duplicates.
Attribution/VulnerabilityUndisclosed at this time.

https://www.theverge.com/2018/5/21/17375428/teensafe-app-breach-security-data-apple-id

https://www.zdnet.com/article/teen-phone-monitoring-app-leaks-thousands-of-users-data/

Google Play

Small Business Risk: Low: Targeted nation state exploit.
Exploit: Mobile Device Malware Exploit
Risk to Exploited Individuals: High: Nation-state exploit targeting defectors.

North Korean Defectors / Google Play malware

Date Occurred
Discovered
The apps had been live in the Google Play store for three months — from January to March.
Date DisclosedMay 2018
Data Compromised
Google Play store has allegedly hosted at least three apps designed to collect data from specific individuals. Two of these apps were posing as security apps, while the third claimed to provide food ingredient information. But what they really did was steal information from devices and receive a certain code that allowed them to further access data like photos, contact lists, and even text messages.
How it was Compromised
A North Korean hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee. The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store.
Customers Impacted
By the time McAfee privately notified Google as to the existence of these apps, 100 folks had already downloaded them.
Attribution/VulnerabilityBack in January, McAfee noted that it had found malicious apps intended to infect North Korean journalists and defectors’ devices. The group behind these apps was subsequently named Sun Team and is apparently the same group behind these latest apps. The apps were all linked to the same developer email address. McAfee found that the words used in the control servers were common in North Korea. There was also a North Korean IP address discovered in a test log file of some Android devices connected to account used to send out the malware.

https://www.digitaltrends.com/mobile/mcafee-malware-google-play/

http://www.techtimes.com/articles/228100/20180520/north-korea-hackers-use-android-apps-with-malware-to-harass-defectors.htm

LifeBridge Health
Small Business Risk: 
Extreme: Malware designed to inject healthcare systems and extract PHI/PII.
Exploit: Server/Security Exploit with Malware Injection
Risk to Exploited Individuals: Extreme: Although data has not been validated for sale on the Dark Web, the extracted data included “lifelong” PII & PHI that can be used to profile and/or exploit an individual for decades.

Lifebridge Health 

Date Occurred
Discovered
The breach occurred more than a year ago; discovered May 18.
Date DisclosedMay 2018
Data Compromised
The breach could have affected patients’ registration information, billing information, electronic medical records, social security numbers and other data.
How it was CompromisedAn unauthorized person accessed the server through LifeBridge Potomac Professionals on Sept. 27, 2016. Malware infected the servers that host LifeBridge Potomac Professionals’ electronic medical records, and LifeBridge Health’s patient registration and billing systems.
 

Attribution/Vulnerability

Outside actors
Customers ImpactedMore than 500,000 Maryland patients.

https://healthitsecurity.com/news/data-on-500k-patients-exposed-in-lifebridge-healthcare-data-breach

T-Mobile
Small Business Risk: High: Website configuration error revealing customer data for anyone to exploit.
Exploit: Website, Database & Security Misconfiguration
Risk to Exploited Individuals: Moderate: A threat actor would really have to develop a targeted threat plan to fully exploit the exposed population.

T-Mobile

Date Occurred
Discovered
Research done by ZDNet indicates that this T-Mobile.com web data breach was likely active as far back as October of last year.
Date DisclosedApril, 2018
Data Compromised
Allowed people to access the following info easily by attaching a cell phone number to the end of the web address:

  • Customers’ full names
  • Their mailing addresses
  • Account PINs used as a security question for customer service phone support
  • Billing account numbers
  • Past due bill notices
  • Service suspension notices
  • Tax identification numbers (in some instances)

 

How it was Compromised
A website bug on T-Mobile.com allowed anyone with access to a web browser to run a phone number and determine the home address and account PIN of the customer to whom it belonged.
Attribution/VulnerabilityOutside actors / undisclosed at this time.

https://www.statesman.com/business/personal-finance/mobile-website-data-breach-exposed-customer-addresses-pins/Ht3PZSdXMJkEKlDnggh3EL/


Call History

What Your Call History Can Tell You About Your Business

 

In business, your call history can really tell you a great deal. Having insight into your entire company’s communications can be beneficial to improving various areas of your operations.

As managers, reviewing call activity gives visibility into employee performance, customer needs and issues, as well as your sales and marketing efforts.

But, who has time to review call activity the old-fashioned way?

Thankfully, with modern UC technology and state-of-the-art online portals, the ability to view and analyze critical call data is simple.

Viewing call history as a whole doesn’t provide much insight. However, when inbound and outbound call data can be broken down and evaluated by departments, individual employees, phone numbers and even extensions, a great can deal can be learned.

Using a built in Call History component is a good example of how built-in business intelligence tools can make the reporting of this critical data work for your business’ needs.

For instance, running reports for the longest and most frequent calls your customer service department makes and receives can provide perspective as to which customers require the most assistance and whether or not you may need to monitor or intervene in order to keep an important account. It also gives you a better idea of your personnel needs throughout the day and individual employee workloads, which can help to improve staffing efficiency.

For sales departments, outbound calling is critical to sales results. So, having the ability to view all the outbound calls by day, week, month, employee or region provides you with a valuable performance evaluation tool and a concrete way to improve productivity.

Inbound call reporting for specific phone numbers is a great way to track marketing campaign activity. When designating a specific phone number for a new campaign, you can instantly see the results based on the amount of call activity.

Customizable call reporting is also a crucial component; every organization has different needs, so having the ability to create customized reports will enable you to get to a more granular level in your analysis.

As you can see, diving deeper into your call analytics can really help to improve employee performance, sales, marketing and customer service throughout your organization. So, be sure to take advantage of the important call data that is already available to you. And, if you are not using a system that provides you with the advanced technology and reporting you need, check into our award-winning unified communications solutions.


Cloud for Human Resources

Cloud and Human Resources

Chain-of-people-holding-hands-paper-cut-outs

Cloud computing is penetrating every corner of business, and this includes human resources. Human resources professionals can benefit greatly from effective communication, instant access to information and applications, and cloud-based systems. HR is often thought of as a pretty administrative job. With the implementation of cloud tools and resources, HR professionals can remove this administrative stress and instead turn their attention to the employees and the business. Here are some benefits of cloud computing for human resources:

Cloud Software for HR

There is a lot of HR cloud software available, and the best ones combine the many functions of HR into one central place. This software can help get a lot of tasks done, including tracking applications, searching resumes, generating reports, calculating payroll, tracking performance appraisals and maintaining data on current employees. This streamlines many HR processes, helping to boost productivity and communication. And the end environment remains familiar. Users might not even realize they’re working in the cloud.

Businesses and customers also get quick access to the software they need, as it can be installed company-wide in hours, rather than days. They will also receive access to the latest software updates automatically, which is a perk of a cloud software subscription.

Efficient Recruiting

Recruiting is a huge part of human resources, and today the pool of talent is increasingly competitive and complex. HR cloud solutions make it easier to create job postings and expand their reach to multiple platforms, while collecting candidate information. HR and talent acquisition professionals have to be able to grow their reach without needing to greatly expand resources. Luckily, cloud software can track, measure and report from various online databases that hold candidate information, helping HR professionals access more talent. And once they’ve accessed talent, big data can compare various candidates and provide both relevant and targeted results to HR professionals. This means that positions can be filled faster, reducing time between hires and costs of hiring.

A Mobile Workforce

You’ve probably heard it before, but we’ll say it again: cloud computing offers professionals the ability to access their data and applications on-demand via the Internet. This means they can work from any device, in any location, at any time. Yeah, that’s pretty hard to beat. This allows businesses to grow a mobile workforce. HR professionals can access their programs and data on the go. So if they’re off on a recruiting trip, these employees can still take advantage of cloud software and maintain communication with the folks back at the office.

An Affordable Solution

Cost concerns are always prevalent when considering new technology. Fortunately, cloud computing makes HR solutions affordable for any size business. The costs that often come with server space, extra in-house IT personnel, expensive software and licenses, and maintenance are eliminated. A provider like RapidScale comes in and manages the solutions, simply offering the business access to these resources.

Sophisticated Security

Like cost, security will always be top of mind when looking at new technology. Cloud security has greatly matured in recent years and HR professionals, who often work with sensitive information, get access to sophisticated security systems through their provider. Cloud provider’s depend on their reliability and reputation, so they go great lengths to ensure client information remains secure. This includes measures like in-flight and at-rest encryption, geographically diverse data centers, strong firewalls, 24×7 monitoring and support, strict SLAs, intense physical security and more.


Click hear fool

Request your Free Network Evaluation