Security News Survey – May 10, 2019

This week, we look at a Canadian telco data breach, another U.S. city hit by ransomware, rising IoT security woes, and a major Bitcoin heist.

It’s been another busy week in the cybersecurity world, but the highlight for us has certainly been the release of the 2019 Verizon Data Breach Investigations Report (DBIR)! If you haven’t yet, be sure to take a look at our blog that highlights some of the report’s key findings, and don’t forget to download a copy of the DBIR yourself. This year’s report is the most extensive to-date, featuring analysis of 41,686 incidents and 2,013 data breaches provided by 73 data sources—one of which was Interset. We’re proud to be a contributor to the DBIR for the fourth year in a row!

Alas, the DBIR was just one important news item this week. Let’s take a look at some of this week’s other headlines.

An unsecured database creates data breach at major Canadian telco

Freedom Mobile, the fourth largest telecommunications provider in Canada, confirmed a data breach that appears to have impacted 15,000 customers. Early this week, security researchers claimed to be able to access an unsecured Elasticsearch database containing millions of records with sensitive data, including email addresses, dates of birth, home addresses, encrypted payment information, and more. The researchers claimed that 1.5 million customers’ data was included among these records, but the company has since refuted this claim, arguing that only several thousand customers were impacted. Freedom Mobile has shut down the database since being notified and claims there is no evidence of any malicious use of the exposed data.

A top-five crypto company announces “large-scale security breach”

Binance, a major cryptocurrency exchange, disclosed a major security breach that resulted in the loss of 7,000 Bitcoin, or nearly $41 million. According to the Japanese company, hackers gained access to account API keys, 2FA codes, and other information via techniques like phishing, viruses, and more. Binance’s statement also noted the hackers’ “patience” and “well-orchestrated actions” that allowed them to pass security checks and successfully complete the withdrawal. The company is still in the process of investigating the incident and conducting a security review in order to ensure that something of this sort doesn’t happen again. All withdrawals and deposits remain suspended while the investigation is ongoing.

Another U.S. city hit by ransomware attack

Government officials have confirmed that Baltimore city hall has fallen victim to a ransomware attack. The ransomware, a RobinHood variant that is largely unknown, was also the culprit in the attack against Greenville, North Carolina in April. Officials claim that there is “no evidence” of any compromise to personal data, but the city has suspended its servers and is operating essential services only. We don’t yet know the details of how the city’s computers became infected, but we do know that the city is refusing to pay the hackers’ 13 Bitcoin ransom demand. Thankfully, this attack is not nearly as damaging as the attack the city suffered last year, which shut down 911 and 311 services.

IoT devices create an increasingly large security gap for organizations

A new report by the Ponemon Institute released this week reveal that data breaches related to unsecured Internet of Things (IoT) devices are on the rise. According to the report, data breaches involving IoT devices or applications have risen from 15% in 2017 to 26% in 2018, an increase of 11% in just one year. The report warns that the real figure may be larger because organizations struggle to keep track of every single device within their walls, especially those that belong to third-party vendors. The risk is real, it seems. Unfortunately, Ponemon reports that only 9% of organizations are actively trying to mitigate IoT security issues through educational training for employees or third parties. It seems like a no-brainer to initiate these types of efforts, but it appears most organizations fall short when it comes to the appropriate processes to account for and supervise the use of all IoT devices in a centralized manner.