Security news: More phishing, Canada pays ransom, SMBs are a target | Avast

Data breach in the wild

“Practice what you preach” was clearly not a part of the Swiss-based Veeam’s policy as someone left almost 200GB of data available to anyone online. The unsecured MongoDB server was open from August 31st, 2018 to September 9th, 2018.

The leak was discovered after an investigation by Bob Diachenko and TechCrunch who found 445 million Marketo-based records sitting unguarded. Interested parties could just log on and download names, email addresses, countries, and in some cases even the IP addresses, referral details, and user agents.

While not particularly compromising, the data would have been a spammer’s and phisher’s pot of gold as it could give them a lifetime’s worth of target information for free. Says Diachenko, “It is also a big luck that database was not hit by a new wave of ransomware attacks which have been specifically targeting MongoDBs.”

SMBs in the crosshairs

Even as cyberattacks against large enterprises continue to make the news, those against SMBs are beginning to see a rapid uptick as well. On closer inspection, SMBs do make a tempting target. They generally do not have the same budget as their larger counterparts and are unfamiliar with security best practices. Startups are particularly vulnerable as they usually are still in the process of developing a security policy.

The numbers definitely lay bare this trend: almost 50% of SMBs have faced a cyberattack, 70% of attacks target small businesses exclusively; and 60% of SMBs that have been hacked go out of business within six months.

Says Dean Sapp, CIO at Braintrance, “The most common type of maneuver being used against SMBs is a Business Email Compromise, or BEC. Attacks such as these go after Personally Identifiable Information (PII), W-2 forms (wage and tax statements), money wires, direct deposits, patents, and copyrights. Law firms, real estate and title companies are the most badly affected right now.”

Phishing scams are 1 in a 100

A new study looked at over half a billion emails and found that phishing attacks are far more common than previously thought. And notwithstanding spam, only a third of the emails you receive are actually legit.

The study noted that while a tenth of security-blocked emails consist of malware, the remaining are focussed on impersonating a colleague, boss, or even the company CEO to ask for sensitive information. To ward off suspicion, the attackers usually issue a few harmless emails first before getting to their endgame. As attackers are targeting human error rather than a technical vulnerability, organizations should consider training their staff on how to deal with such maneuvers.

Canadian town yields to ransomware attack

In an anticlimactic turn of events, a town in Ontario, Canada decided to pay hackers to restore their computer network following a ransomware attack. Midland, which is home to 16,000 people, saw its administrative email, payment services, permit issuance, transit card reloading, and marriage application go offline for a 48-hour period.

Following advice from a cybersecurity specialist, the town management decided to forward an undisclosed amount in Bitcoin to hackers to end the attack. A media release from Midland town council stated, “Although not ideal, it is in our best interest to bring the system back online as quickly as possible. The Town had previously secured an insurance policy to cover such circumstances. Decryption efforts are underway.

Midland is not alone in deciding to pay up, though. SamSam ransomware managed to make its creators $6 million richer. Even though paying the ransom can seem like a quick fix, it is well-known that most hackers actually never release the decryption key. A better strategy is to take backups periodically, have a robust anti-malware system in place, and keep a look out for decryption tools being released.

“This is really bad news, the only reason why ransomware attacks are going on is because there are victims paying the ransom. We can only expect to see cities becoming the new favorite targets of ransomware-like attacks” says Luis Corrons, Security Evangelist at Avast.