Friday Five: 8/16 Edition
Software developers are a target for phishers, a hotel chain breach, and a bank hit by malware - catch up on the week's news with this recap!
1. Customer Information Exposed In Air New Zealand Phishing Attack by Sergiu Gatlan
Members of Air New Zealand’s loyalty program were notified of a successful phishing attack on two staff members that may have led to leaked customer information. After discovering the two accounts had been breached, the airline sent out an email notifying members that their personal information may have been stolen. Thankfully, Air New Zealand’s security team was able to discover that no airport passwords or credit card information was leaked during the attack. The email sent to potentially affected members also warned of potential phishing emails they may be receiving as a result of the breach. Air NZ has provided resources on their website for those concerned about their personal information and have also pledged to dedicate more effort and resources.
2. You Gotta Reach ’Em to Teach ’Em by Kacy Zurkus
As cybercriminals become more sophisticated, companies that reluctant to prioritize their cybersecurity continue to find themselves on the end of expensive data breaches. According to “Shred-it’s Ninth Annual Data Protection Report,” over half (53%) of data breaches within organizations are a result of an external party or human error. Employees can be tricked into million dollar ransomware hacks from simply not recognizing a phishing email in their inbox. Training employees is not about making them aware of the dangers associated with data breaches, it's about providing the information and resources to help change habits and avoid potential attacks. Making cybersecurity part of the corporate culture is key to ensuring that training programs are not just seen as regulatory practice. Companies should provide employees with a cybersecurity training, be it through engaging videos, modules, newsletters, or even company swag that keeps employees aware of cybersecurity pitfalls.
3. ECB shuts down one of its websites after hacker attack by Francesco Canepa
Last Thursday, the European Central Bank (ECB) shut down its Banks’ Integrated Reporting Dictionary (BIRD) site because it was hacked and infected with malicious software. Although neither ECB’s internal systems nor market-sensitive data were affected by the attack, malware that assists in carrying out phishing activities infected the external server that hosted the site. Additionally, BIRD subscribers’ email addresses, names, and titles may have been exposed. Currently, ECB is reaching out to those who may have been impacted.
4. Security warning for software developers: You are now prime targets for phishing attacks by Danny Palmer
Attackers who attempt to steal technology companies’ intellectual property and other data most commonly target software developers, because they often have administrator-level access across company systems. Also, hackers take advantage of the fact that software developers tend to not stay at the same job for a long time. For instance, hackers could research software developers’ LinkedIn profiles and send them phishing emails in which they pretend to be recruiters looking for someone who has programming knowledge. In order to mitigate risk around phishing attacks, software developers should share less information on their public profiles and be cautious of emails from unknown senders.
5. Choice Hotels Breach: Hackers Leave Ransom Note For 700K Records by Phil Muncaster
Cybercriminals discovered an unsecured MongoDB database and stole 700,000 customer records from Choice Hotels. The leaked database contained 5.6 million records, yet fortunately, the majority of the records was test data. The cybercriminals demanded that Choice Hotels pay 0.4 Bitcoin or about $3,800 in ransom. Exposed customer information included names, email addresses, and phone numbers. Also, since the leaked database was owned and managed by a third party, Choice Hotels is currently looking into its third-party relationships and is working on improving its security measures.