Weekly Cyber Risk Roundup: JobLink, $100 Million BEC Scam and Other Breaches

Third-party cybersecurity issues were once again front and center this past week as America’s JobLink, a web-based system that links jobs seekers with employers, was compromised by a malicious actor, leading to a series of data breach announcements from states that use the system. “On February 20, 2017, a hacker created a job seeker account… Read More

Weekly Cyber Risk Roundup: Third-Party Breaches and Apache Struts Issues

Twitter is the week’s top trending cybercrime target after malicious actors leveraged a third-party analytics service known as Twitter Counter to hijack a number of Twitter accounts and post inflammatory messages written in Turkish along with images of Nazi swastikas. Hundreds of accounts were compromised, the Associated Press reported. Forbes magazine, the Atlanta Police Department,… Read More

Weekly Cyber Risk Roundup: Cloudflare Aftermath and Online Stores Breached

The Cloudflare software bug that resulted in the potential leaking of sensitive data remained as the top trending cybercrime event of the past week as researchers continued to investigate and quantify the effects of the incident. In a March 1 blog post, Cloudflare CEO Matthew Prince described the “Cloudbleed” impact as “potentially massive” and said… Read More

Weekly Cyber Risk Roundup: More Extortion and Marijuana Retailers’ Woes

Extortion continues to dominate the cybercrime headlines in 2017 with the week’s top two trending targets being the successful ransom at Los Angeles Valley College and continued extortion attempts around MongoDB databases. It was less than a year ago that Hollywood Presbyterian Medical Center became a national news story by paying a $17,000 ransomware demand… Read More

Organizations Struggle with Third Party and Supply Chain Cybercrime, Says New Report

The past year saw organizations struggle with third-party issues as malicious actors shifted their tactics towards weak points in the supply chain and exploited the interconnected nature of cybercrime, according to a new report from SurfWatch Labs. “One of the most telling statistics in all of SurfWatch Labs’ evaluated cyber threat data is the rise of… Read More

POS Breaches: Bankrupting Small Businesses and Impacting the Supply Chain

There’s a popular cybercrime statistic that has been vexing me for years, and if you read cybersecurity news regularly, I’m sure you’ve seen it cited a few dozen times as well: 60% of small businesses close their doors within six months of a cyber-attack. I’ve always been skeptical of that bold statistic. As Mark Twain wrote in his autobiography,… Read More

After Slow Start in 2016, Point-of-Sale Breaches Surging

Last week Eddie Bauer became the latest in a growing string of companies to announce a major point-of-sale-related breach. All 350 North American stores were affected by malware that may have siphoned off customers’ payment card information between January and July of this year. Not all cardholder transactions were impacted, the company said, and the breach does not include any… Read More

Supply Chains and Third Parties Continue to Cause Data Breaches

When putting together our recent Mid-Year 2016 Cyber Risk Report, the SurfWatch Labs team began by trying to answer one crucial question: with numerous cybercrime events across thousands of organizations this year, is there a central theme that emerges from all of that data? In 2014, the data was dominated by a seemingly endless string of… Read More

Cybercrime is Increasingly Interconnected, Says New SurfWatch Labs Report

The first half of 2016 is over, and SurfWatch Labs analysts have spent the past few weeks sifting through the huge amount of cybercrime data we collected — totaling tens of thousands of CyberFacts across more than 3,400 industry targets — in order to identify threat intelligence trends to include in our mid-year 2016 report. “If anything,” the report notes, “the stories behind these… Read More

WEB HOSTING PROVIDER TO MAJOR SPORTS LEAGUES, MEDIA AND ENTERTAINMENT COMPANIES BREACHED BY ALPHALEON

This real-life case study will contain some info, but not all – to protect individuals’ personally identifiable information – as well as our intelligence collection sources – with our goal of highlighting the importance of having visibility into your supply chain cyber risks. In the beginning of April 2016 SurfWatch Labs threat intelligence analysts uncovered a… Read More