Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • Rioters Open Capitol's Doors to Potential Cyberthreats

    • The massive pro-Trump demonstrations that saw large crowds riot and then occupy the U.S. Capitol building in Washington Wednesday present a significant potential cybersecurity threat, as protesters appear to have gained access to at least one lawmaker's office, along with computer systems and other devices, experts say.
    • The unfettered access gained by the protesters opens up a range of security issues, according to cybersecurity executives and analysts. These range from the protestors themselves acting as a cover to launch a cyberattack to threat actors gaining access to critical federal computer systems located in the Capitol building.
    • Security experts worried that the riots and their aftermath might help spread disinformation, as well as open up victims to potential phishing and other attacks as threat actors look to take advantage of the confusion caused by the day's events.
    • We called out #disinfo repeatedly before & after the election. Yet the President & his campaign/lawyers/supporters fanned the flames for their own selfish reasons culminating with today's objections followed by his video message. WHAT DID THEY THINK WOULD HAPPEN? They own this. - Tweet from Chris Krebs, Former Director, CISA
    - Scott Ferguson and Doug Olenick | January 6, 2021
  • Behind Every Successful Cyber Attack There Is A Human

    • "Every case involving cybercrime that I've been involved in; I've never found a master criminal sitting somewhere in Russia or Hong Kong or Beijing. It always ends up that somebody at the company did something they weren't supposed to do. They read an email; went to a website they weren't supposed to". - Frank Abagnale, Catch Me If You Can subject
    • Enterprises need to look at their constituents from where this risk emanates:
      • Those who use technology
      • Those who implement technology
      • And finally, those who help secure the technology
    • For organizations that have been unfortunate to see their defenses breached need to assess what element of human proclivity was exploited, with an intent not to punish but to educate and improve.
    • Cybersecurity is everyone's problem; depending only on technology or security teams is foolhardy and a sure shot recipe for disaster.
    BW CI WORLD - Pankit Desai | January 5, 2021
  • Feds: SolarWinds Breach Is Likely Russian Intel Gathering Effort

    • A Russian Advanced Persistent Threat group is likely behind the recent cyberattacks on government and non-government networks for intelligence gathering purposes, according to federal officials.
    • The Cyber Unified Coordination Group (UCG) announced Tuesday that nearly ten U.S. government agencies experienced follow-on activity on their systems after being compromised through a malicious update to their SolarWinds Orion network monitoring platform. The UCG said it’s also working to identify and notify the nongovernment entities that experienced follow-on activity on their systems.
    • “This is a serious compromise that will require a sustained and dedicated effort to remediate,” the UCG said in a joint statement. “We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”
    • Moreover, the UCG’s assertion that the recent cyber compromises were part of an intelligence gathering effort is consistent with previous campaigns carried out by APT29.
    • Prior to the SolarWinds hack, APT29 was most famous for hacking the State Department and White House hacks during the Obama years. APT29 also compromised the Democratic National Committee servers in 2015 but didn’t end up leaking the hacked DNC material. Instead, the Russian military spy agency GRU separately hacked the DNC and leaked its emails to WikiLeaks in 2016.
    - Michael Novinson | January 5, 2021
  • Hacker posts data of 10,000 American Express accounts for free

    • This week a threat actor leaked data of 10,000 Mexico-based American Express credit cardholders on a forum.
    • As analyzed by BleepingComputer, the leaked sample data set of 10,000 records exposes full American Express account (credit card) numbers and customers' personally identifiable information (PII) including name, full address, phone numbers, date of birth, gender, etc.
    • However, BleepingComputer did not see credit card expiration dates, passwords, or overly sensitive financial data in the posted spreadsheet that could enable misuse of the credit cards in fraudulent transactions.
    • American Express neither denied nor admitted that they had suffered a data breach, but shared that all Amex cardholders are not liable for fraudulent charges.
    - Ax Sharma | January 5, 2021
  • The anatomy of a modern day ransomware conglomerate

    • If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need.
    • This ransomware gang, dubbed Egregor, in recent months appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies and financial institutions, according to the U.K.-based security firm Sophos. Egregor works much like other strains of ransomware — holding data hostage until a victim pays a fee — though in some ways the group behind it also exemplifies the current state of the hacking economy.
    • The increased specialization in cybercrime also seems to be a contributing factor in the growing size of ransomware demands. The average extortion payment was $178,254 in the second quarter of 2020, up 60% from the first quarter, according to the most recent numbers from Beazley, an insurance firm.
    • Typically, this kind of nefarious supply chain starts with development of malicious software code, usually done either by an individual or a small group that specializes in programming hacking tools. The success of that code rests on combining it with a so-called crypter service, which hides the code so attackers can avoid detection.
    Jeff Stone | January 4, 2021
  • Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business

    • Ticketmaster must pay a hefty $10 million fine after several employees utilized unlawfully obtained passwords to hack a rival company’s computer systems – in attempts to “choke off” its business.
    • The American ticket sales and distribution giant, which is owned by Live Nation, in 2013 hired an employee who formerly worked for Ticketmaster’s rival company (reported by some outlets to be Songkick, a now-defunct company that offered concert pre-sale tickets), according to the Department of Justice (DoJ) last week.
    • This co-conspirator illegally retained credentials from the rival firm, which he and other Ticketmaster executives then used to hack into the victim company’s systems. From there, they were able to monitor the company’s draft ticketing web pages, allowing them to find out which artists planned to use the rival company to sell tickets.
    - Lindsey O'Donnell | January 4, 2021
  • 5 Cybersecurity Protocols (i.e. Regulations) That Matter

    • As 2021 arrives, technology will stay a major player across the world. The coronavirus pandemic has enforced the need for technology of all kinds, but with that reliance comes a need to focus on cybersecurity protocols to protect privacy and data.
    • These five regulations are essential for professionals of any background to take into consideration.
    - Devin Partida | January 4, 2021
  • As Understanding of Russian Hacking Grows, So Does Alarm

    • On Election Day, General Paul M. Nakasone, the nation’s top cyberwarrior, reported that the battle against Russian interference in the presidential campaign had posted major successes and exposed the other side’s online weapons, tools and tradecraft.
    • Eight weeks later, General Nakasone and other American officials responsible for cybersecurity are now consumed by what they missed for at least nine months: a hacking, now believed to have affected upward of 250 federal agencies and businesses, that Russia aimed not at the election system but at the rest of the United States government and many large American corporations.
    • Interviews with current and former employees of SolarWinds suggest it was slow to make security a priority, even as its software was adopted by America’s premier cybersecurity company and federal agencies.
    • Billions of dollars in cybersecurity budgets have flowed in recent years to offensive espionage and pre-emptive action programs, what General Nakasone calls the need to “defend forward” by hacking into adversaries’ networks to get an early look at their operations and to counteract them inside their own networks, before they can attack, if required.
    • But that approach, while hailed as a long-overdue strategy to pre-empt attacks, missed the Russian breach.
    • Some intelligence officials are questioning whether the government was so focused on election interference that it created openings elsewhere.
    • The United States appears to have succeeded in persuading Russia that an attack aimed at changing votes would prompt a costly retaliation. But as the scale of the intrusion comes into focus, it is clear the American government failed to convince Russia there would be a comparable consequence to executing a broad hacking on federal government and corporate networks.
    - David E. Sanger, Nicole Perlroth and Julian E. Barnes | January 2, 2021
  • Kawasaki: Cyber Incident May Have Resulted in Data Loss

    • Kawasaki Heavy Industries reported Monday that an unknown threat actor gained access to its internal network through servers located in an overseas office.
    • The breach was discovered on June 11, after an internal audit found an unauthorized connection between a company server in Japan and another corporate server located in Thailand, the company says. Communication with the Thai server was immediately severed, but the follow-up investigation found additional unauthorized connections.
    • Kawasaki says the six-month delay in reporting the incident was due to the scope of the attack and the large number of overseas offices that were involved.
    - Doug Olenick | December 29, 2020
  • Think twice before tweeting about a data breach

    • This year, NetGalley, the website that provides advanced e-copies of books to reviewers, sent its season’s greetings in a different tone. In an email to its users before Christmas eve, the company declared: “It is with great regret that we inform you that on Monday, December 21, 2020 NetGalley was the victim of a data security incident.”
    • Unfortunately, many users took to social media and started discussing the incident without thinking about what they are putting up for everyone to see. And in their haste to be the first to tweet about the breach, many users made awful mistakes, which could further compromise their security.
    • The above is perhaps the worst way to tweet about the incident. The user admits using his NetGalley password for several other accounts.
    - Ben Dixon | December 29, 2020

San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017