Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • 6 WAYS SMBS CAN USE TO PROTECT THEMSELVES FROM CYBERATTACKS

    • Cybersecurity is an essential concern for SMBs, but numerous small and medium-sized businesses fail to secure their organizations because of certain limitations.
    • Drafting and implementing an excellent cybersecurity plan is essential for your organization to protect data, credit card numbers, passwords, and other information in the era of the web.
    | July 9, 2020
  • Equifax Loses Bid to Drop Data Breach Claims Under New York Law

    • U.S. District Judge Brian Cogan on Wednesday rejected the company’s dismissal bid in the Eastern District of New York, saying plaintiff Matthew Weiss’ claim is plausible under the state’s deceptive acts and practices law.
    • Courts toss claims following class action settlements under similar facts, unless a plaintiff to the action opts out of the deal. Companies hit by a breach, however, can beat data security claims in later trial stages using standing or jurisdictional challenges.
    - Daniel L. Stoller | July 9, 2020
  • Cybersecurity Experts Weigh In On Best Practices for Remote Work

    • As millions of federal workers conduct their business remotely due to the ongoing coronavirus pandemic, the Chief Information Officers (CIO) Council has released their views on best practices for working remotely.
    • Included in the CIO Council posting are links to resources such as the NSIT telework tip guide, the NIST Security for Enterprise Telework, Remote Access, and Bring Your Own Device Solutions publication, and the NIST Preventing Eavesdropping and Protecting Privacy on Virtual Meetings blog post.
    | July 9, 2020
  • US Secret Service warns about increased cyberattacks against MSPs

    • Many organizations increasingly rely on managed service providers (MSPs) to remotely manage IT infrastructure and other resources. By outsourcing the care and feeding of their network, applications, or security, an organization can save time and money, especially if it lacks the necessary internal staffing and capabilities.
    • Since each MSP typically has access to vital resources for multiple clients, a single data breach can unlock the door to a treasure trove of sensitive data.
    - Lance Whitney | July 8, 2020
  • The $6 trillion heist avoiding global attention

    • Criminal hackers demanding ransom from a leading Indian financial company once more highlighted vulnerability of an Internet-dependent economy against cybercriminals – and insufficient law-enforcement infrastructure and seriousness to tackle them
    • More than vulnerable computer systems, cybercriminals exploit an individual human weakness: greed. An e-mail offer sounding too good to be true may not be true. Greed remains a lethal inner enemy and the cyber crook’s favorite weapon.
    - Raja Murthy | July 8, 2020
  • Cosmic Lynx cyber crime group takes BEC to new heights

    • A newly identified Russian cyber criminal group, called Cosmic Lynx by the threat researchers who have been tracking it, is developing increasingly complex and creative business email compromise (BEC) attacks that target Fortune 500 enterprises.
    • At some point, Russian cyber criminals were going to ask themselves why they were spending so much time and money on infrastructure and malware development when they can just send someone an email, ask for money, and get it. This now appears to be happening.
    - Alex Scoxton | July 8, 2020
  • IBM survey finds majority of organizations don’t have plans in place for common attacks

    • There is an increase in cybersecurity awareness judging by the number of security tools coming up in the market. However, this development confuses some organizations and has a negative impact across multiple categories of the threat lifecycle among those surveyed.
    • Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years compared to 62% of those who didn’t have a formal plan in place.
    | July 8, 2020
  • DDoS Myths in 2020

    • The nature of DDoS attacks is shifting, and while some organizations might believe that DDoS is a thing of the past, this is not the case.
    • Attackers are moving away from simple volumetric floods, and focusing on more sophisticated, harder to mitigate application-layer (L7) DDos attacks.
    • The past few months have seen two significant DDoS ransom campaigns: first against banks in South Africa in October 2019, and more recently a targeted campaign against Australian banks and financial institutions.
    - Nikhil Taneja | July 7, 2020
  • Intellectual Property Breaches Illustrate New Generation Of Security Threats

    • For many companies, a data breach has become almost a way of life and business as usual. Damages — from customer loyalty and reputation to financial penalties and damage to infrastructure — while sizable, seemingly have not significantly impaired the largest enterprises.
    • While many of the steps and tactics used by insiders are similar or identical to those used by outsiders, insiders may have additional knowledge that outsiders do not.
    • They may have less reliance on reconnaissance and even lateral movement — and command and control interactions would be from within the organization, as would exfiltration.
    - Albert Zhichun Li | July 7, 2020
  • Data of 1.29 million LimeRoad users breached, company denies claim: Report

    • Customer data of nearly 1.29 million users of online marketplace LimeRoad was allegedly breached and put up for sale on the dark web. The leaked data included personal information like the name, phone numbers, and email ID of these users.
    • The Ministry of Electronics and Information Technology recently released an advisory via the Computer Emergency Response Team (CERT) warning the public of a large-scale phishing attack against businesses.
    • The advisory states that hackers could try and steal personal and financial information under the pretext of local government authorities.
    | July 1, 2020

San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017