Resources
2023 Saw a Number of High-Profile Breaches
We hope that you had a successful 2023. Looking back, 2023 saw a number of high-profile breaches as criminals and nation-state-supported hackers both created new methods of attacking and took advantage of existing vulnerabilities. Looking to 2024, here are a few things that we think are worth keeping an eye on moving forward. Phishing NOW WITH AI Phishing continues to be a persistent and lucrative attack vector for criminals and state- sanctioned hackers. The rise in generative AI makes it easier and cheaper to iterate messages and tactics in...
read moreOkta Says Hacker Stole Every Customer Support User’s Details
Beware of Phishing and Social Engineering Attacks Targeting Passwords, Vendor Warns Okta, the identity and authentication giant, said the attacker behind its September data breach stole more information than it first discovered. That includes details for all users of its primary customer support system. They first publicly confirmed the breach on Nov. 3, warning that attackers had gained access to its customer support management system and stolen sensitive information uploaded by 134 customers. An updated data breach notification released...
read moreFeds Levy First-Ever HIPAA Fine for Ransomware Data Breach
Massachusetts Management Firm to Pay $100,000, Monitor HIPAA Compliance for 3 Years A Massachusetts-based medical management firm holds the dubious honor of being the first ransomware victim fined for a data breach by the Department of Health and Human Services. Doctor Management Group agreed to a $100,000 financial settlement and three years of HIPAA compliance monitoring and corrective actions following an investigation into a 2019 ransomware breach affecting nearly 206,700 individuals. The Department of Health and Human Services’...
read morePhishing Accounts for More than Half of Cybercrime
Cybercrime is an ever-evolving field. Technology evolves to allow new tactics or new scales for criminals, as well as giving firms new tools to combat fraud and theft. Due to the fact that it’s ever-evolving, sometimes it can be difficult to see vast changes that occur over time. Over the last 5 years, there have been significant changes to the landscape of cybercrime. Not just in the increases in scale but also significant changes in the types of crime committed. This chart from Statista makes clear just how much has changed since 2017....
read moreMOVEit Health Data Breach Tally Keeps Growing
More Hacks Compromising Protected Health Info Being Reported to Regulators Healthcare organizations are adding millions to the tally of individuals affected by the Memorial Day weekend hack of the MOVEit file transfer application by Russian-speaking hackers. In recent days, the U.S. Department of Health and Human Services’ Office for Civil Rights has posted several more reports submitted by entities involving MOVEit breaches. An estimated 748 organizations have been affected by MOVEit hacks instigated by the Clop criminal group, which...
read moreWill FedNow Truly Rewire the US Payments Landscape?
Fraud, Security, Implementation Hurdles With Fast Payment Program The new FedNow service has been hyped as a way to revolutionize the U.S. approach to payments, thanks to the Federal Reserve’s perception as a stable payments network provider and its access to a built-in customer base of thousands of national, regional and community financial institutions. The large volume of banks with access to an instant payments network may lead to a significant acceleration in faster payment adoption. Challenges Ahead? Large-scale adoption of FedNow...
read moreGPT Goes Evil: How Criminals Are Leveraging LLM’s
How GPT’s Evil Twin Could Be Used in BEC Attacks A black hat AI tool called Worm GPT is being used to improve the efficacy of phishing emails. This is particularly troubling because a recent survey shows that 1 in 5 people fall for the fake, AI-generated emails, according to cybersecurity researchers. Researchers at SlashNext recently assessed WormGPT, an evil twin of OpenAI’s GPT AI model designed specifically for malicious activities. Criminals continue to be early adopters of new tech; this black hat alternative to the GPT-J...
read moreIowa Reports 3rd Large Vendor Breach This Year
Latest Breach Affects 234,000 Individuals; Involves Recent MCNA Insurance Co. Hack The state government of Iowa reported to federal regulators a third major health data breach since April involving a third-party vendor. The breach stems from an incident at dental health insurer MCNA Insurance Co. The Iowa Department of Health and Human Services reported hackers had compromised the protected health information of nearly 234,000 Iowa residents in an incident that affects nearly 9 million Americans across the country. Iowa is among more than 100...
read moreCheck Fraud Increases As Criminals Evolve
Check fraud increased 84% between 2021 and 2022, to 680,000 reported cases, according to the U.S. Department of the Treasury. Part of this growth stems from the fact that check fraud has become easier and more accessible. Cybercrime groups are openly hawking fraudulent check schemes on the Telegram messaging app. Check fraud started rising during the COVID-19 pandemic partially due to stimulus programs. Criminals made easy money by stealing checks from the mail, altering them, and selling them or hiring mules and walkers to deposit the fake...
read moreDuo Security/Cisco Security Study Highlights 5 Most-Impactful Security Activities
A third-party security study commissioned by Duo Security/Cisco highlights the five most-impactful security activities for an organization. This study builds on one that was previously commissioned in 2020. Broadly speaking, the study focuses on two key security areas: prevention and response. For prevention, the two most impactful areas were having a current tech stack, and having that tech stack integrated with your security systems. They repeatedly found that aging tech stacks are less resilient and more prone to negative outcomes....
read more