Breach Guide
Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.
Federal Trade Commission (FTC) Data Breach Resources
Find out the steps to take as a business or consumer if you experience a data breach.
FBI Cyber Daily Digest Library
Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.
Ransomware Attacks Don’t Only Happen To Other Organizations…
- Forty-one percent of insurance claims in the first quarter of 2021 were related to ransomware, as highly skilled criminals now target all industries, from banks to hospitals and national health services, industrial systems, oil pipelines or even meat processing plants, often creating widespread chaos in the process.
- Washington is considering measures ranging from making the reporting of such incidents mandatory for companies, which have traditionally tried to deal with this type of situation discreetly, to fine those who pay ransoms, along with diplomatic actions towards the countries harboring these cybercriminals or even the possibility of a military response.
- The reality is that cyberattacks are extremely versatile, since they can be prepared far in advance and activated at a crucial moment.
- Cyber-attacks are relatively easy to carry out, and protecting society is complex, requiring anything from adopting zero-trust architectures to a complete rethink of systems and, above all, of the training of employees, who are often the weakest link in security.
- Prepare your organization: train staff, develop a culture that values security, create efficient backup procedures, keep all systems properly updated, hire cybersecurity experts or consultants… don’t ever think that it can’t happen to you.
McDonald's becomes latest company to be hit by data breach
- McDonald's has become the latest company to be hit by a data breach after unauthorized activity on its network exposed the personal data of some customers in South Korea and Taiwan.
- The fast-food giant said Friday that it quickly identified and contained the incident and that a thorough investigation was done.
- "While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data," the burger chain said.
JBS Foods pays $14.2 million ransom to end cyber attack on its global operations
- Global meat processing company JBS Foods has confirmed that it paid the equivalent of $US11 million ($14.2 million) to a criminal gang to end a five-day cyber attack that halted its operations around the world last week.
- "This was a very difficult decision to make for our company and for me personally," said Andre Nogueira, the chief executive of JBS USA.
- US statistics showed 10 companies paid between $US300,000 to $US10 million to get back online in 2020, according to analyst Simon Quilty.
- "There is more made out of cyber attacks than the global car industry," he said.
- In Argentina, a major competitor for Australia in global beef markets, exports have been suspended.
- The huge demand for beef was pushing prices too high for the country's own domestic consumption.
EA got hit by a data breach, and hackers are selling source code
- EA has fallen victim to hackers, who made away with the source code to FIFA 21, the Frostbite engine (which is behind not only EA’s soccer/football series, but Battlefield as well), and other game development tools. The hackers are reportedly advertising that the data is for sale on hacking forums, but that they’ll only consider offers from big-name members of the hacking community.
- While it’s unlikely that other reputable developers would use EA’s code on purpose, hackers being able to see the inner workings of a game or engine could help them craft cheats or cracks — it could also reveal secret projects and game ideas, or developer comments that companies would rather not see the light of day.
- In addition to EA’s own proprietary code and tools, the hackers claim they have Microsoft Xbox and Sony’s SDKs and API keys available for sale as well.
Cyber Gangs: Who Are They in 2021 and What Do They Want?
- Gangs, such as Cosmic Lynx, Exaggerated Lion, Fin7 and Florentine Banker, have become major threats. Cyber crime gangs are getting smarter, increasingly basing their operations in countries beyond the legal reach of their targets.
- All cyber attacks seek some element of surprise, but contemporary threat actors are getting better at faking authenticity.
- A new whaling technique involves the research-intensive process of learning all about a target through their social media posts. (Whaling is a phishing attack on a big target, like a CEO.) The gang might study those posts for months. Then, the threat actor impersonates someone known to the target and invites their victim to share a document in an online office suite app.
- An ongoing trend that favors the accelerating evolution of cyber gangs is the commoditization of malware, including those that abuse SSH machine identities in their attack approach. A single SSH key can give attackers full access to an organization’s applications and data. This technique was developed, and previously used exclusively by, state-sponsored attackers, but is now for sale on the dark web.
- Cyber criminal organizations are developing tools and techniques so sophisticated they’re increasingly being adopted by state-sponsored attackers.
- You should prevent tools, including cloud-based office suites, from being accessed with a simple username and password. Set up additional authentication to prevent gangs from gaining access by stealing names and passwords.
How the FBI and AFP accessed encrypted messages in TrojanShield investigation
- The Federal Bureau of Investigation (FBI) in 2018 commenced the investigation after it recruited a confidential human source to provide access to Anom, an encrypted communications product used by transnational criminal organisations (TCOs).
- The FBI said it recruited the source shortly after arresting Vincent Ramos, the CEO of Phantom Secure, who had sold the company's encrypted devices exclusively to members of criminal organisations.
- Operation Trojan Shield was centred on exploiting Anom by inserting it into criminal networks and working with international partners, including the Australian Federal Police (AFP), to monitor the communications. In order for an Anom device to be useful for monitoring, the FBI, AFP, and the confidential human source built a master key into the existing encryption system, which surreptitiously attached to each message and enabled law enforcement to decrypt and store messages as they were transmitted.
- Each Anom user was assigned to a particular Jabber Identification (JID) by the source or an Anom administrator.
- After the testing in Australia, the FBI engaged a third country -- which has been left unidentified -- that agreed to join the TrojanShield investigation and set up its own iBot servers.
- The law enforcement agencies translated and catalogued more than 20 million messages from a total of 11,800 devices located in over 90 countries as part of Operation TrojanShield. The top five countries where Anom devices were used, before the encrypted product's services were shut down on Tuesday, included Australia, Germany, the Netherlands, Spain, and Serbia.
- The law enforcement agencies decided to bring the online sting operation to light as the third country's warrant expired on June 7 along with the operation itself.
- The TrojanShield operation led to 525 search warrants, 224 individuals being charged, 525 charges in total, six clandestine labs being taken down, and 21 threats to kill being averted. 3.7 tonnes of drugs, 104 firearms and weapons, and over AU$45 million in assets were also seized as part of the operation.
Majority of Colonial Pipeline Ransom Recovered, Justice Dept. Says
- The Justice Department said on Monday that it had seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective, turning the tables on the hackers by reaching into a digital wallet to snatch back millions of dollars in cryptocurrency.
- Federal investigators tracked the ransom as it moved through a maze of at least 23 different electronic accounts belonging to DarkSide, the hacking group, before landing in one that a federal judge allowed them to break into, according to law enforcement officials and court documents.
- The Justice Department said it seized 63.7 Bitcoins, valued at about $2.3 million.
- Justice Department officials said that Colonial’s willingness to quickly loop in the F.B.I. helped recoup the ransom portion, and they credited the company for its role in a first-of-its-kind effort by a new ransomware task force in the department to hijack a cybercrime group’s profits.
- Officials said they had identified a virtual currency account, often referred to as a wallet, that DarkSide used to collect payment from a ransomware victim — identified in court papers only as Victim X, but whose hacking details match Colonial’s.
FBI encrypted phone app leads to hundreds of global underworld arrests
- Hundreds of criminal gang members around the world were tricked into using a phone encryption app operated by the FBI to plan their heinous crimes, leading to their arrests.
- Authorities in Europe were scheduled to make their own announcement early Tuesday, with the FBI’s San Diego field office doing the same at noon.
- Australian Federal Police (AFP) Commissioner Reece Kershaw told reporters that the app helped thwart 21 murder plots, including one that would have targeted a family of five.
- The app, called AN0M, was hatched by American and Australian law enforcement officers “over a couple of beers” in 2018. Undercover Australian agents would give phones with the AN0M app pre-installed to certain high-level criminals who recommended the app to their associates.
- The phones could not make calls or send emails, and they could only be obtained through the black market. They also gave authorities access to up to 25 million encrypted messages in real time.
F.B.I. Director Compares Danger of Ransomware to 9/11 Terror Threat
- Christopher A. Wray, the F.B.I. director, told The Wall Street Journal in an interview published Friday that the ransomware threat was comparable to the challenge of global terrorism in the days after the Sept. 11, 2001 attack.
- “There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Mr. Wray said. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
- The F.B.I. is investigating 100 different software variants that have been used in various ransomware attacks, demonstrating the scale of the problem.
- While most ransomware attacks are carried out by criminal networks, some Russian and Chinese groups operate with the implicit blessing of their governments. In return, some criminal groups do work for those country’s spy agencies and take steps to make sure local companies are not affected.
- “If the Russian government wants to show that it’s serious about this issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing right now,” Mr. Wray said.
White House Warns Business Leaders To Increase Cybersecurity Against Ransomware Attacks
- The warning comes after President Joe Biden signed a recent executive order to protect the federal government against cyberattacks and an announcement by the Department of Homeland Security concerning new cybersecurity requirements for pipeline companies. There are also provisions for beefing up the country’s cybersecurity in Biden’s American Jobs Plan.
- 5 Recommended Best Practices
- Backup your data, system images, and configurations, regularly test them, and keep the backups offline.
- Update and patch systems promptly
- Test your incident response plan
- Check your security team's work
- Segment your networks
San Diego Cyber Incident Response Guide
Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.
