Category Archives: Cyber Attacks

Is Chat-GPT a real cybersecurity threat? Here are 7 potential cybersecurity risks in using AIs

7 Potential cybersecurity risks in using AIs | Findings.co

AI is everywhere, from Chat-GPT to Midjourney – But have you thought about the potential cyber risk in using it?

I recently sat with Jonathan Perry, CTO and Co-Founder of Findings.co to hear a PRO point-of-view. So here are 7 potential cyber risks in using AIs, such as ChatGPT:

WATCH THE VIDEO:

 

ChatGPT and cyber security – Is there a real, actual threat in there or is it just a big fuss that everyone talks about?

I think with regard to Chat GPT, it’s important to remember that the knowledge that ChatGPT gives is based on the sum of all available knowledge and data across the entire web.

And relying blindly on such information can create real security hazards.

So, security experts, and security engineers should not rely on such tools blindly. It’s only an advisory tool. And I think there Is a real threat of ChatGPT and similars.

It’s interesting to mention it because in marketing, we experienced more and more people saying that this is just a tool that is meant to help us create something and not something that’s supposed to be, instead of a marketer of any kind.

 

Would you agree on the same?

Definitely.

I think it’s really easy to fall into the charm of a chatbot just presenting you on a golden plate whatever you need to do and just follow it,

But that encompasses a real threat. 

You don’t know if the output of the data you see is relevant, you don’t know if it’s secure enough.

It’s extremely important not to rely on it blindly.

 

Can anyone even ensure that ChatGPT is secure? Against these threats or secure at all?

I mean, once you enter something into Chat GPT and ask him to create something, can we even know that this data that you entered is secure enough, in your opinion?

Definitely NOT.. And the reason is it’s an extremely complex data set, unrealistic to think that humans can verify and make sure that the output you see is secure enough, it’s even fit for your purpose.

You don’t know if it even answered the question that you asked him at the first place. So I think common sense and just having the right experience are probably the best answer.

 

Any Cybersecurity attacks so for, using ChatGPT?

So we haven’t seen any real attack using Chat GPT so far, and I guess the reason is because it’s quite new, but I personally would believe that we will see complex attacks, uses and utilize AI technologies in general, not only ChatGPT, smart attack against industries and corporations. So, yeah, definitely.

 

How do you see ChatGPT affecting supply chain security?

It’s a good question. So we thought about it a lot here at Findings and I think we will eventually see organizations, companies and others utilizing Chat- GPT and AI in general to address supply chain supply chain questionnaires and to assess their vendors as well.

 

How do you protect against the risk of supply chain attacks using Chat- GPT or any AI available out there?

Not a specific checklist that you need to do in order to protect against such things; I think the general rule of thumb is just to take precautions, don’t rely on everything that you see and do.

It’s a good rule of thumb to life in general, but I think it definitely applies here in this topic as well. 

And last question, out of your extensive experience in cybersecurity,

 

How do you keep informed? How do you know about new trends? What would be your best tip?

So, blog posts, and articles are a good thing, but I think the best tip I can give regarding staying informed is to have good connections and good networks because the best know-how and the best tips I’ve got, I’ve gotten from good friends from the industry.

I think having a good social and professional network is the best way to stay current.

All right, thank you so much for your time. Thank you. Thank you for watching.

Thank you for watching. And I’ll see you soon on our next video.

Why Security Assessments Are Essential

Findings discusses why security assessments are essential to your company

Security Assessments and Why They Are Essential

Security assessments are essential tools for businesses of all sizes.

They provide an important way to identify and address any vulnerabilities in networks, systems, and applications, to protect the business from potential cyber threats. This blog post will discuss the importance of security assessments and how businesses can incorporate them into their security strategy.

Why Are Security Assessments Important?

Security assessments are important for businesses because they objectively evaluate the security of their networks, systems, and applications.

They can identify potential security flaws, weak points, and risk areas and help businesses develop plans to address any vulnerabilities.

Additionally, security assessments help businesses understand the current security landscape and identify gaps in their security measures.

This can be an invaluable process for businesses, as it can help them determine any additional security measures that need to be implemented to ensure that their networks, systems, and applications remain safe and secure.

By reviewing and assessing current security measures, businesses can ensure that their policies and procedures are optimal for their organization and that their systems are as safe and secure as possible. It can also help evaluate the effectiveness of existing security measures

Types of Security Assessments

There are a variety of different types of security assessments.

Common types of assessments include penetration testing, vulnerability scanning, and application security testing.

  1. Penetration testing is a process of attempting to exploit any vulnerabilities in a system to gain access and gain further access to the system.

  2. In contrast, vulnerability scanning is a process that identifies any potential security flaws or weaknesses in a system.

  3. Application security testing is a process of testing the security of an application by analyzing the system for any potential security flaws or weaknesses.

Security assessments can also be tailored to specific needs, such as cloud security assessments focusing on the security of cloud-based systems and applications.

Why do it?

Security assessments are essential for businesses of all sizes, large and small, as they are critical in identifying and remedying potential vulnerabilities in networks, systems, and applications.

By conducting such assessments, businesses can create a comprehensive security strategy to help them keep their systems secure and protected from potential cyber threats.

Furthermore, such assessments can also provide valuable insights into potential areas of improvement, allowing businesses to remain one step ahead of any potential security risks.

You Need Automation

By automating your assessments, you can save time and money that would otherwise be spent on manual data entry and analysis.

Automation also makes it easier to quickly assess large amounts of data, which is especially helpful when dealing with complex problems or large datasets.

With automated assessment, you can also ensure more accurate and reliable results, as the software eliminates the potential for human error. Additionally, automated assessment can provide valuable insights into the data that can be used to inform your decision-making.


With Findings, digitize your assessments with ZERO effort and automate your assessment response in seconds – learn more about how Findings can help here

February Data Breach Round Up

Findings.co february data breach round up. Companies like reddit, lastpass, and godaddy made the list.

Well, it’s that time of the year again! 

No, I won’t be talking about the Superbowl or Valentine’s Day, or even Groundhog Day for that matter – it’s time for our monthly roundup of data breaches. February 2023 brought us a smorgasbord of security mishaps. It seems like even the big players in the industry can’t catch a break these days. But fear not, dear reader, I’m  here to break down what happened so that your company can protect itself along with your supply chain. Grab a cup of coffee and let’s dive in!

  1. Reddit:

Reddit had a bit of a scare recently… On February 5, 2023, Reddit discovered a phishing campaign that targeted its employees. In an update from the company, they write “as we all know, the human is often the weakest part of the security chain.” In an attempt to steal credentials and second-factor tokens, an attacker sent out plausible-sounding prompts pointing Reddit employees to a website that cloned the behavior of Reddit’s intranet gateway. The attacker was then able to obtain an employee’s credentials, and in turn, was able to  access internal documents, code, and some internal dashboards and business systems. Limited contact information for company contacts and employees, as well as limited advertiser information, were exposed. In the meantime, they’re urging users to protect themselves by setting up two-factor authentication and using a password manager. Stay safe out there, Redditors!

  1. LastPass:

You’re probably thinking to yourself, “hold on  didn’t LastPass JUST announce a breach in December?” They did indeed, which I informed you all about. However, the company disclosed that there was a second incident. In a company notice, LastPass writes, “Despite high confidence in the outcomes of our investigation and actions taken in response to the first incident, the threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack. The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources.” In this second incident, the attacker targeted an employee. The attacker obtained access to a DevOps engineer’s LastPass vault by capturing their master password after the employee had authenticated with MFA. The attacker then exported the contents of shared folders, which contained encrypted secure notes with access and decryption keys to access AWS S3 LastPass production backups, other cloud-based storage resources, and some critical database backups.


  1. Weee!:

I  have some not-so-tasty news for you all you foodies out there. Weee!, the U.S. online grocery delivery service specializing in Asian and Hispanic foods, recently informed the public that it experienced a data breach. Unfortunately, the breach resulted in cybercriminals stealing a year’s worth of customer data, including names, addresses, email addresses, phone numbers, order numbers, and order comments (like where to leave groceries). While the company is still investigating who is behind the breach, it’s been reported that 1.1 million customer email addresses were compromised. 

  1. GoDaddy:

Uh oh! GoDaddy, the popular web hosting company, suffered a multi-year cyberattack. The company explained, “an unauthorized third party had gained access to servers in our cPanel shared hosting environment and installed malware causing the intermittent redirection of customer websites.” GoDaddy discovered the breach after customers reported that their sites were being redirected to random domains. The company says that previous breaches in November 2021 and March 2020 are linked to this multi-year campaign. Further information about this attack can be found in a 10-K filed by the company. 

  1. A10 Networks:

A10 Networks is a California-based company that specializes in producing hardware and software for application delivery, identity management, bandwidth management, and cybersecurity services. The company’s customers include a number of well-known tech companies and organizations, such as Twitter, LinkedIn, Samsung, and Uber, among others. In an 8-K filing, A10 Networks disclosed that on January 23, 2023, they identified a cyber-security incident in its corporate IT infrastructure. A sneaky gang known as Play Ransomware is claiming responsibility for this attack. After investigation, it was determined that the threat actors managed to gain access to shared drives, deployed malware, and ‘compromised’ data related to human resources, finance, and legal functions.

Companies must continue to prioritize cybersecurity and take proactive measures to protect themselves. While data breaches can be scary, being aware of what happened and taking the necessary precautions can help prevent further damage.

A New Method of Attacking: Malicious Packages

Findings.co makes note of a new attack called malicious packages

It’s not always easy to spot malicious impostors posing as legit downloads. Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away anytime soon. In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.

Spotting Malicious Impostors in Open-Source Repositories

Open-source repositories are a great source of code and libraries, but malicious actors can also target them. In a recent incident, researchers uncovered a supply chain attack targeting an open-source code repository – the Python Package Index (PyPI) – that deployed information stealers on developer systems.

This attack highlighted the need for vigilance and safety measures when it comes to downloading code from open-source repositories, as malicious actors can use these code repositories to spread their malicious payloads. Developers should take extra precautions when downloading code from open-source repositories, such as scanning code for malicious content and ensuring that the code is from a trusted source. These steps can help ensure that developers are not unknowingly exposed to malicious attacks.

Attack on PyPI Repository

The attack involved six malicious packages that were inserted into the PyPI repository. The packages were designed to steal vital information from developers’ systems, such as usernames, passwords, and other sensitive data. The attack was successful since the malicious code was not detected until after unsuspecting developers had installed it.

Unfortunately, the attack was successful, as the malicious code was not detected until after developers had already installed the packages, making them vulnerable to the malicious attack. This underscores the need for heightened vigilance and vigilance against cyberattacks that target repositories and the unsuspecting public.

How to Protect Your System

Fortunately, there are ways to protect your system from malicious packages. One of the most effective methods is to use antivirus software to detect and remove malicious packages before they can cause any damage. Additionally, keep your system up to date with the latest security patches, and always download packages only from trusted sources.

Additionally, it is important to keep your system up to date with the latest security patches and only to download packages from trusted sources. This will help protect your system from malicious actors further, as they will not be able to take advantage of any security vulnerabilities present in older software versions. By following these simple steps, you can ensure that your system is well-protected from malicious packages.

Minimize Risk

Malicious packages are becoming increasingly prevalent in open-source repositories, so taking the necessary precautions to protect your system is essential. You can minimize the risk of falling victim to malicious impostors by using antivirus software, keeping your system up to date, and only downloading packages from trusted sources. Additionally, it is important to know the risks associated with using open-source repositories. Be sure to read the documentation and reviews of any package before downloading it, and be sure to keep a backup of your system in case something goes wrong. You can ensure your system remains secure and protected from malicious packages by being diligent and taking the necessary precautions.

US Schools Becoming Targets for Cyber Crimes

Findings explores why US schools are becoming targets for Cyber Crimes

Cyber crimes are becoming an increasing issue for many schools within the United States, with various attacks ranging from data breaches to ransomware. Many believe that attacks began increasing during COVID-19 since schools began implementing remote learning models. 

This caused schools to be more reliant on technology and IT systems, which in turn brought more opportunities for cyber criminals.  

With this alarming rise in recent years, educational institutions need to be aware of the potential risks that they may face and take all necessary steps to safeguard their networks and everyone within their school districts

Types of Cyber Attacks

Cybercriminals can use various tools to target schools, including data breaches, phishing scams, malware, and ransomware.

Ransomware Attacks:

School districts have seen a rise of Ransomware attacks where criminal groups seek to extort money from victims in exchange for the restoration of their IT systems and any sensitive data they may have been able to exfiltrate. 

Data breaches:

Breaches are the most common form of attack, where hackers gain access to sensitive information such as student records and financial data. Phishing scams involve sending emails with malicious links that can install malware on the school’s network.

Malware:

Malware can be used to slow down or completely shut down the school’s network, while ransomware is used to hold the school’s data hostage until a payment is made.

Both of these tactics can be incredibly damaging, causing disruption to school operations and putting the security of student and faculty data at risk.

If detected early, however, these attacks can be mitigated, and steps can be taken to prevent future attacks.

Both malicious tactics, such as cyber-attacks and data breaches, can cause disastrous consequences for school operations, jeopardizing the security of student and faculty data.

If the attack is detected early on, it is possible to take necessary measures to contain the damage and mitigate the risk of a similar attack occurring in the future.

This could include implementing stronger security protocols, increasing monitoring of activities on the school network, and providing regular training to staff and students on cyber security best practices. Additionally, schools should also consider investing in technology solutions such as intrusion detection systems, firewalls, and other security tools that can help protect against malicious cyber incidents.

Taking these proactive steps can significantly reduce the chances of a future attack, and the associated disruption to school operations.

Preventative Measures

Schools need to take proactive steps to protect their networks from cyber criminals.

This includes investing in up-to-date antivirus software and firewalls, conducting regular security audits, and training staff on cybersecurity best practices.

Additionally, schools should have a response plan in place in case of a cyber attack to ensure that any threats can be assessed and dealt with promptly and effectively.

Such plans should detail the steps to be taken to contain the damage and be regularly reviewed and updated to reflect the latest technology and trends in the cybersecurity world.

It is important to note that these plans must be tailored to the specific needs of the organization, taking into account the size, complexity, and industry, as well as any other relevant factors. Additionally, it is essential that all staff involved in the implementation of these plans are well-trained in the latest cybersecurity best practices, in order to ensure that the organization is well-prepared in the event of a breach.

Conclusion

Cyber crimes are becoming a major issue for US schools, and it is important for them to be aware of the potential risks and take steps to protect their networks.

By investing in the right security measures and having a response plan in place, schools can help protect their networks from cyber criminals.

A well-thought out security strategy is a critical component of any school’s security plan, and by taking the necessary steps to ensure their networks are adequately protected, schools can help reduce their chances of falling victim to these malicious activities.

Additionally, by staying up to date on the latest cyber threats and taking the time to educate staff and students on the importance of cyber security, schools can be better prepared to address any potential security incidents that may occur.

January Security Breach Round Up

Findings.co reveals the top breaches in January 2023

While a new year is supposed to bring in new and exciting opportunities, quite the opposite happened to these companies after they had their resolutions spoiled by hackers. Let’s review some of the most interesting data breaches that happened in January..


PayPal:


Yes, even massive financial companies like PayPal fall victim to breaches. On January 18, 2023, PayPal informed customers that unauthorized parties were able to access PayPal customer accounts using their login credentials. In the company notice, PayPal writes, “the personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth.” After an incident like this, it is extremely important that users change their passwords for other online accounts as well as activate two-factor authentication, which can prevent hackers from accessing their other accounts. 


T-Mobile:

Another breach? This time, 37 million people were apparently affected. On January 19th, 2023, T-Mobile released a statement writing, “We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.” Obtained information includes name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features. T-Mobile further writes, “While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.” While we hope that T-Mobile does indeed strengthen their cybersecurity program, we’d like to note that the telecommunications giant has suffered several security incidents in the past few years. 


Google Fi:

Think of a domino effect here. When one goes down, so can the next. It is alleged that Google Fi’s security incident is connected to the T-Mobile incident right above this one. Google Fi is a mobile virtual network operator that uses T-Mobile’s network for the majority of its connections. It is believed that hackers may have accessed customer information such as phone numbers, SIM card serial numbers, account status, and mobile service plan data. To explain the aftermath of this, BleepingComputer explained that, “the exposed technical SIM data allowed threat actors to conduct SIM swap attacks on some Google Fi customers, with one customer reporting that the hackers gaining access to their Authy MFA account. SIM swapping attacks are when threat actors convince mobile carriers to port a customer’s phone number to a mobile SIM card under the attacker’s control.” After the SIM swapping attacks, hackers can access a person’s email, accounts registered with the phone number, and authentication apps. 


Mailchimp:


Don’t be that person – always think twice before opening links from people you don’t know. On January 11, 2023, Mailchimp discovered that an unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors. By doing so, the hacker was able to obtain access to select Mailchimp accounts using employee credentials compromised in that attack. The hacker accessed a tool used by Mailchimp customer-facing teams for customer support and account administration. In a company notice explaining the situation, Mailchimp confirms, “this targeted incident has been limited to 133 Mailchimp accounts.”


JDSports: 


JDSports, a British sports-fashion retail company based in England also unfortunately fell victim to an attack in January. JDSports notified customers via email explaining the situation, pictured below.  


Photo Source:




The sports company warns that the attack resulted in unauthorized access to a system containing customer information for orders placed between November 2018 and October 2020. Information such as full names, billing details, delivery addresses, email addresses, phone numbers, order details, and final four digits of payment cards were accessed.



 

Before wrapping up for the month, did you hear about SwiftSlicer, a new data wiping malware that aims to overwrite crucial files used by the Windows operating system? BleepingComputer explains that it allows “domain admins to execute scripts and commands throughout all of the devices in the Windows network.  SwiftSlicer was deployed to delete shadow copies and to overwrite critical files in the Windows system directory, specifically drivers and the Active Directory database.” Researchers at a cybersecurity company, ESET, say that SwiftSlicer has the ability to overwrite data using 4096 bytes blocks and then the malware can reboot the system. Since this is a new discovery, it’s important that companies continue using the most up-to-date antivirus softwares. 





Learn About Our Continuous Monitoring Solution

Why The Energy Sector Is Especially Vulnerable to Cyber Threats

Findings.co explains why the energy sector is vulnerable to cyber threats

The energy sector is attractive to hackers for a number of reasons. While there are few documented attacks on energy infrastructure, the inherent nature of the sector makes it vulnerable to hackers. Cybersecurity compliance in this sector is critical simply because of the wide-ranging impact that a successful attack can have. The hackers that targeted the Colonial Pipeline network in early 2021 not only managed to extract a $4.4 million ransom but also pushed per gallon price by six cents in affected areas and gasoline futures to their highest level in three years. 


What makes energy companies easy prey for cybercriminals? 


1. Highly interconnected


The energy ecosystem is complex, consisting of physical and cyber infrastructure assets distributed across regions or countries. This creates a large surface area for attack. Moreover, the operational technology of grid distribution systems is increasingly allowing remote access to business networks, allowing hackers further opportunity to create inroads to company data.


The energy sector has historically been late to adopt technology and innovate. A lack of cybersecurity expertise means energy companies have to be more proactive in managing risks.


2. More to exploit


Cybercriminals have the chance to exploit vulnerabilities in energy companies’ IT system and operational technologies. IT systems include software, hardware and technologies to run business. Operational technologies include software, hardware and technologies to control motors, pumps and valves, among other devices and equipment. 


Energy companies rely on different types of hardware, software and services from third-party vendors worldwide. Attackers can access a company’s network through a third-party vendor or supplier.


3. Always on infrastructure


The energy and utilities sector is increasingly using cloud services, driven by the need for improved flexibility and operational efficiency, and reduced capital expenditure costs. This digital infrastructure supporting the energy sector works 24/7.


4. Wide-ranging disruption


The prospect of severe damage is also an attraction for cybercriminals. A single attack on a network or system in the energy infrastructure can impact a number of entities. For example, a blackout of 6-7 hours from a cyberattack on the energy grid can cause financial loss, affect social-economic life and retard daily life activities.


5. Various motivations


Reliable electricity is a convenience of modern life, and also crucial to the nation’s security and economy. The electricity grid is a prime target for cyberattacks perpetrated by hostile countries. Financial motivation (ransom) and hactivism (to promote an agenda against the oil and gas industry, for example) are prime reasons for cyberattacks in this sector. 


Actions to take


Businesses in the energy sector need a multi-pronged risk management strategy to stay compliant with industry standards and government regulations on cybersecurity. Active management of supply chain risk is crucial. Hybrid identity and access management solutions combining cloud and on-premise components can help bridge the gap between IT and OT architectures.


A strong incident response plan will minimize the impact of ransomware attacks while employee training on identifying phishing and other social engineering attacks will be essential to maintaining a robust compliance posture. Last but not the least, ensuring that the company’s cloud-based infrastructure is being monitored, or effective cloud monitoring, can help eliminate potential data breaches.

December Security Breach Round Up

December security breaches

2023 is here and while I would love nothing more than to say that everything is awesome in the security world, I would be lying to all of you if I said there were no data breaches in the month of December. 

While most people usually wind down and enjoy the holiday season with family in December, the top dogs at the companies below probably had nothing but stress on their minds. 

Let’s dig in and see what mistakes were uncovered this month.


  1. LastPass:

Well this is a little awkward, isn’t it? Given that LastPass is a password manager, one would think that they would have strong measures in place to protect their consumer’s privacy; however, that does not seem to be the case. In a company notice, LastPass writes: “we recently notified you that an unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of our production data.” The threat actor copied information from a backup source that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The company continues to explain that “the threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.” It is important to note that many organizations and their employees use LastPass to store passwords. If you were not aware of this incident, it is time you look into protecting your accounts and changing your passwords.


  1. Uber:

When I found out about yet ANOTHER Uber breach, my reaction was a deep sigh of frustration. This time the breach resulted from a compromised third-party vendor. BleepingComputer reported about the incident and shared that “a threat actor named ‘UberLeaks’ began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches. One of the documents seen by BleepingComputer includes email addresses and Windows Active Directory information for over 77,000 Uber employees. While BleepingComputer initially thought this data was stolen during the September attack, Uber told BleepingComputer it believes it is related to a security breach on a third-party vendor.” After further investigations, Uber later shared with BleepingComputer that the threat actor stole its data in a recent breach on Teqtivity, which Uber uses for asset management and tracking services. Teqtivity informed that the threat actor was able to access device information such as serial number, make, models, and technical specs. Additionally, user information such as first name, last name, work email address, and work location details were accessed. 


  1. Five Guys:

I’ll be the first to admit that Five Guys is irresistible – especially on a cheat day. So of course I hate to be the bearer of bad news here, but alas, it has to be said. On December 29, 2022, Five Guys released a statement confirming a breach that occurred in September 2022 that exposed sensitive customer data by an unauthorized party who accessed a file server. The company writes: “The investigation identified unauthorized access to files on our file server that occurred on September 17, 2022. We conducted a careful review of those files and, on December 8, 2022, determined that the files contained information submitted to us in connection with the employment process.” Stolen data would include employee personally identifiable information (PII) such as names, social security numbers and driver’s license numbers. We see this time and time again where threat actors access sensitive information and companies do not inform victims until months later. In those months, the attackers can commit identity and credit fraud and sell user data on the dark web. That is one of the reasons why Findings is so useful – we continuously monitor your systems and the dark web to make sure that if an incident like this does ever occur, it will not take you months to find out.

 

  1. Sequoia:

For those who are unaware, Sequoia is a popular benefits and payroll management company. In a company notice, they stated: “Sequoia Benefits and Insurance Services LLC (“Company”) recently became aware that an unauthorized party may have accessed a cloud storage system that contained personal information provided in connection with the Company’s services to its clients, including your employer or, if you are a dependent, your family member’s employer.” Information accessed by the unauthorized party consists of personal information including demographic information such as name, address, date of birth, gender, marital status, employment status, social security number, work email address, member ID, wage data for benefits, attachments that may have been provided for advocate services, ID cards, and any COVID test results or vaccine card that may have been uploaded.

  1. Social Blade:

Social Blade is an analytics platform that provides statistical data for numerous social sites such as YouTube, Twitter, Twitch and Instagram. They confirmed that they suffered a data breach after their database was breached and put up for sale on a hacking forum. Social Blade monitors tens of millions of social media accounts and the hacker claims to have obtained 5.6 million records. The sample data that was posted by the hacker also suggests that many of the records contain user information. Users online were quick to share an email that was apparently sent privately to affected users. In the email, Social Blade confirms the breach and reports that the affected data includes email addresses, IP addresses, password hashes, client IDs and tokens for business API users, and authentication tokens for connected accounts. Other non-personal and internal data was also compromised. Roughly 0.1% of users also had their addresses leaked, but credit card information was not exposed. A similarity we see here in comparison to other breaches is that this was not Social Blade’s first breach. In 2016, the company also confirmed that it suffered a breach. Let’s see if the most recent breach will be the push they need to better protect their company and prevent future attacks. 

Image

source: twitter


Now that we are in 2023, we hope that companies will take the necessary steps to protect their systems. Findings has a few New Year’s resolutions we recommend companies take on to ensure that they are protecting their employees and consumers.

Attackers prey on those who don’t regularly change their passwords. In fact, it makes their jobs easier. Make sure your systems are secure with New Year’s Resolution # 1: Require your employees to change their passwords every 90 days.

With an increase in cyber attacks being committed against supply chains, it’s vital that every business implements mandatory cybersecurity training programs. Having employees that are aware of all things cyber security is beneficial in minimizing the risks associated with cyber attacks.


Staying vigilant and continuously assessing potential risks in your supply chain is an essential New Year’s Resolution that companies need to follow in 2023.



Updates are usually required for a reason, and many times it’s for security reasons. When systems are up to date, it makes it harder for hackers to attack and find loopholes in the system. 


If you haven’t heard of our continuous monitoring solution, you may want to consider looking into it.



Andddd that’s a wrap for this month!


Findings wishes you all a happy and healthy New Year.

 

We’re here for you. Learn more today.

Supply Chain Attacks Surged By 42% in 2022. Here’s Why.

Increase in supply chain attacks

There’s been a massive and recent increase in the awareness of supply chain attacks. Significant investment going to tools and strategies to protect supply chains against attack have been poured into business plans, but this isn’t helping. You would think that all of this time and effort would in turn bring a decline to these threats, but you’d be wrong.

 

Quite the contrary actually. According to research from PurpleSec, supply chain attacks rose by 42% in 2022, and 64% of businesses have now been affected by supply chain software attacks.

 

Recent Supply Chain Attacks

In the case of the SolarWinds attack, malicious code inside a popular IT monitoring platform gave hackers a back door into thousands of IT networks. Similar breaches occurred in the Colonial Pipeline attack, where a leaked password caused massive panic, and in the Kaseya and Log4j breaches, which were also examples of supply chain attacks in which breaches in third-party software tools exposed a large number of businesses to attack.
 

The Appeal Of Supply Chain Attacks

Exacerbating matters further is the fact that a single supply chain breach allows attackers to target hundreds or thousands of victims by seizing upon just one vulnerability and one attack technique. From the hacker’s perspective, the ROI on supply chain attacks is exponentially higher than a traditional attack, wherein a single business is placed at risk.

 

As TechTarget explains, “supply chain attacks are difficult to detect, as they rely on software that has already been trusted and can be widely distributed.

 

Why Supply Chain Attacks Continue To Rise

 

Both of these factors – the difficulty of preventing supply chain attacks and the advantages of supply chain attacks from an attackers perspective – help to explain why supply chain attacks remain so pervasive – to the point that supply chain attacks will increase by 400 percent, according to the European Union Agency for Cybersecurity (ENISA), which adds that “strong security protection is no longer enough for organizations when attackers have already shifted their attention to suppliers.”

In other words, traditional approaches to defending against cybersecurity risks – such as hardening servers against attack, enforcing strong access controls and deploying malware scanners – aren’t very effective in cases where the bad guys break in by breaching your supply chain. If your IT systems are configured to trust software delivered to them by third-party suppliers, no amount of access controls or virus scanners are going to protect against flaws within those third-party systems. Conventional security controls only protect against threats that originate internally, which means they don’t address supply chain attacks.

 

What You Can Do: How To Stop Supply Chain Attacks

 

Fortunately, there are practices that can help to prevent supply chain attacks, even for organizations with complex supply chains:

 

  1. Implement Zero Trust

Zero trust means configuring IT resources so that they do not trust any other resources –internal or external – by default. They only share data and interact with resources that are explicitly validated to be secure. Zero trust policies can help to mitigate supply chain attacks by ensuring that servers, applications and other resources only trust third-party software if that software has been scanned and vetted to be secure.

 

  1. Gain Asset Visibility

Visibility – specifically, visibility into which supply chain assets exist and which risks impact them – goes a long way toward preventing supply chain attacks. Businesses should be able to identify risky assets, determine the root cause of the risks and remediate risks in a proactive manner.

 


 

 

  1. Work With Suppliers

Effective supply chain security management means not just cutting off suppliers who might place the supply chain at risk, but working with them to identify potential breach points and ensure transparency in the face of risks. Vulnerability Disclosure Programs can help here by providing a systematic means of identifying and responding to supply chain attack risks.

 

 

 Findings can help with all of these initiatives by providing automated visibility into your entire supply chain so that you know when and where risks arise. In addition, Findings helps you assess vendor compliance and manage vulnerability disclosure policies, ensuring that you’re prepared to react quickly when your supply chain becomes vulnerable to attack.

 

 

Learn more about how to prevent supply chain attacks with Findings.

November Security Breach Round Up

November Security Breaches

From grocery stores, to banks, and everything in between – November saw it all when it came to breaches. As I mentioned in September, hackers are not picky. Let’s just say, when an opportunity arises, they will swoop right in and overtake your systems and access any data they can get their e-hands on.

 

Be careful, and keep staying informed – our goal is to make sure no company ends up on this list next month. 

 

Let’s dive in. 

 

  1. WhatsApp


Whatsapp with this?! The app that we all know, love, and use, WhatsApp, has supposedly fallen victim to a massive data leak. And by massive, I mean nearly 500 million user records have been leaked online. So… what happened? On November 16, 2022, an ad on a well-known hacking community forum was posted by someone claiming to be selling a 2022 database of WhatsApp user mobile numbers. It is also claimed that 32 million users from the United States have been included. Although only phone numbers were leaked, it is important to note that leaked phone numbers are typically used for marketing purposes, phishing, impersonation, and fraud. 

 

  1. Bed Bath & Beyond

Ah, phishing at its finest. While almost anyone who enters Bed Bath & Beyond can get lost for hours browsing, no one likes hearing about breached data. The United States retail giant confirmed that unauthorized access to company data was accessed after an employee was phished. In an 8-K filing to the U.S Securities and Exchange Commission, Bed Bath & Beyond explained that data of the employee’s hard drive and other shared drives that the employee had access to were accessed. The company is still investigating whether the drives have any sensitive or personally identifiable information.

 

  1. DropBox


File hosting service, DropBox, also fell victim to a phishing incident. In a statement from the company, they explained the situation saying “We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected.” The company goes on to explain that on October 14, GitHub alerted them that suspicious behavior was going on. DropBox found that a threat actor was pretending to be CircleCI and was able to access one of DropBox’s GitHub accounts. To date, their investigation has found that the code accessed by the threat actor contained some credentials, primarily, API keys used by Dropbox developers.

 

  1. TransUnion


Isn’t it ironic how an agency who determines your credit score, is the one that could be ruining your credit? There are three main credit bureaus in America – Experian, Equifax and TransUnion. Unfortunately, the consumer credit reporting agency, TransUnion, experienced a breach and began notifying individuals about the incident on November 7,2022. The company collects and assembles information on over 1 billion consumers worldwide, 200 million of those being Americans. The type of information that was exposed includes names, social security numbers, driver’s license numbers, and account numbers. 

 

  1. AirAsia


AirAsia, the largest airline in Malaysia with approximately 22,000 employees and worldwide operations, has unfortunately fallen victim to a supposed ransomware attack. The group behind this attack is known as the Daixin Ransomware Gang and they have supposedly stolen data of 5 million AirAsia passengers and employees. The Daixin team is known for disrupting operations with ransomware and stealing personally identifiable information. With this data, the cyber threat group threatens to release the stolen information unless a ransom is paid. In a tweet shared by Soufiane Tahiri, screenshots from the group can be seen that were posted on the dark web. The information applies to both employees and passengers. In these documents, information such as date of birth, country of birth, where the person is from, start of employment for employees and their secret question and answer used to secure their accounts could be found. 

 

  1. Sonder


In a company security update, Sonder, a hospitality company, notified the public that they became aware of unauthorized access to one of its systems that included guest records. Information that was accessed includes: 

  • Sonder.com username and encrypted password

  • Full name, phone number, date of birth, address, and email address

  • Certain guest transaction receipts, including the last 4 digits of credit card numbers and transaction amounts

  • Dates booked for stays at a Sonder property

  • Government issued identification such as driver’s licenses or passports

 

  1. Sobeys

This incident shows that ANY business can get breached. Even a supermarket. Incase you aren’t familiar, Sobeys is one of the two national grocery retailers in Canada. On November 7, 2022, Sobeys’ parent company wrote in a notice that the grocery stores were impacted by an IT systems issue. While the company hasn’t publicly confirmed a cyber attack on its systems, a local media outlet reported that “two provincial privacy watchdogs said they had received data breach reports from Sobeys. Both Quebec’s access to information commission and Alberta’s privacy commission have both been notified by the grocer about a “confidentiality incident.” 

 

  1. Whoosh

Russian scooter sharing company known as Whoosh has confirmed that it too was breached. Hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. Alleged stolen data on the hacking forum allegedly contains promotion codes that would allow someone to access the service for free, as well as partial user identification and payment card data. Included were email addresses, phone numbers, and first names. A russian news outlet, RIA Novosti was told by Whoosh that, “The leak of some of the personal data of customers of the Russian scooter rental service Whoosh at the beginning of November did indeed occur, but did not affect sensitive user data, such as access to accounts, transaction information or travel details” 

 

  1. Coinsquare:


Cryptocurrency is a sexy industry to talk about, but this incident is a little less appealing. To round up the month, a Canadian cryptocurrency exchange, Coinsquare has become the latest victim of a security breach. Data such as customer names, email addresses, residential addresses, phone numbers, dates of birth, device IDs, public wallet addresses, transaction history, and account balances were compromised. According to customer reports, Coinsquare allegedly contacted them via email and let them know that it had identified an intrusion and a database containing personal information accessed by an unintended third party. In a Tweet responding to an account sharing about the hack, Coinsquare wrote, “We have no evidence any of this information was viewed by the bad actor, but in an abundance of caution, we wanted to make our users aware. We notified all clients, but only identified 3 clients whose accounts were accessed.” 



Companies can get careless when it comes to securing their systems, their employees, and their customers. And while we are here to help you, the first step begins with you staying informed. Which we see you are since you made it this far! 


We’re here to help you. Contact us today

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!