Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • New ransomware grows 118% as cybercriminals adopt fresh tactics and code innovations

    Source: HelpNetSecurity
    By: FNU LNU
    Published: August 29, 2019

    * McAfee Labs saw an average of 504 new threats per minute in Q1 2019, and a resurgence of ransomware along with changes in campaign execution and code.
    * While spear phishing remained popular, ransomware attacks increasingly targeted exposed remote access points, such as Remote Desktop Protocol (RDP); these credentials can be cracked through a brute-force attack or bought on the cybercriminal underground.

  • Everything We Know About the Capital One Hacking Case So Far

    Source: Wired
    By: Lily Hay Newman
    Published: August 29, 2019

    * At the end of July, the FBI and Capital One disclosed that the bank had suffered a massive data breach just a few months before, exposing personal and financial data from more than 100 million customers.
    * The FBI arrested former Amazon employee Paige Thompson, 33, in connection with the crime, and accused her of also breaching 30 other companies and organizations.
    * Thompson, who also goes by the online handle "erratic," allegedly created a program in late March to scan cloud customers for a specific web application firewall misconfiguration.

  • What the education industry must do to protect itself from cyber attacks

    Source: HelpNetSecurity
    By: Charlie Sander
    Published: August 28, 2019

    * Most attention around data breaches is on the commercial side, with Capital One being the recent high-profile breach, compromising the personal information of more than 100 million people. However, the education sector is proving to also be an attractive target.
    * This summer made it evident that K-12 school districts, higher education, and even commercial companies working with educational institutions are at risk. Notably, the state of Louisiana declared a state of emergency following an attack that disabled computers at three school districts.

  • National Guard looks to help states help with ransomware response

    Source: FCW
    By: Lauren C. Williams
    Published: August 28, 2019

    * The National Guard is contemplating expanding its cybersecurity vulnerability assessment pilot following recent ransomware attacks in Texas and Louisiana.
    * The National Guard is running a pilot program with three states -- Hawaii, Washington and Ohio -- with a 10-person cyber mission assurance team checking federal installations for vulnerabilities from reliance on outside utilities, such as electricity and water.

  • US cyberattack took out Iran's ability to target oil tankers: report

    Source: The Hill
    By: Maggie Miller
    Published: August 28, 2019

    * A cyberattack carried out by U.S. Cyber Command against Iran in June severely impacted a database used by Iran to target oil tankers, The New York Times reported Wednesday.
    * U.S. Cyber Command targeted a network run by Iran's Revolutionary Guard Corps, Iran's paramilitary forces, that U.S. intelligence reported was involved in an attack on American oil tankers earlier this year.

  • A ransomware revival leads to 2.2 billion stolen credentials on the dark web in Q1

    Source: TechRepublic
    By: Jonathan Greig
    Published: August 28, 2019

    * In a new report, McAfee Labs said cybercriminals were focusing in on attacking weak IoT devices and extracting huge troves of data from large companies.
    * The 40-page survey of the security landscape found more than 2.2 billion stolen account credentials were made available on the cybercriminal underground this quarter and hackers had even figured out ways to break into Wi-Fi enabled coffee makers.

  • Why testing user behaviour is crucial to your cyber security

    Source: Information Age
    By: FNU LNU
    Published: August 28, 2019

    * Cyberattacks and security breaches have become so widespread that companies are now spending billions of dollars collectively to deal with these threats.
    * No matter how much companies spend on security, their investment can become moot if they fail to address vulnerabilities from within.

  • More than 180K patients affected by data breach at Presbyterian

    Source: Health Data Management
    By: Greg Slabodkin
    Published: August 28, 2019

    * New Mexico's Presbyterian Healthcare Services was the victim of a phishing attack on its email system that affected 183,370 individuals, according to the Department of Health and Human Services breach portal.
    * The breach, which occurred around May 9, did not affect Presbyterian's electronic health records or billing systems.

  • Yes, But Were You Hurt? Another Data Breach Case Dismissed for Lack of Damages

    Source: JDSupra
    By: Bradley Arant Boult
    Published: August 27, 2019

    * While a war rages on the issue of standing in data breach cases, the need to prove damages is presenting an even greater hurdle for plaintiffs
    * Focusing on damages, both at the pleading stage, through discovery and in motion practice, can pay decided dividends, particularly in cases where damages are frequently evanescent for many in the putative class (e.g., consumer data breach and statutory violation claims), and in cases where damages are likely to be highly variable.

  • Middle East cyber-espionage is heating up with a new group joining the fold

    Source: ZDNet
    By: Catalin Cimpanu
    Published: August 27, 2019

    * The Middle East cyber-espionage scene has gotten a little bit more crowded this month with the discovery of a new hacking group that's been targeting the region since mid-2018.
    * In a report published earlier this month, ICS security firm Dragos said that Lyceum (Hexane) had repeatedly targeted oil and gas companies in the Middle East, with "Kuwait as a primary operating region."


San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017