The Biggest Cybersecurity Crises of 2019 So Far

Six months of 2019 are on the books already, and certainly there have been six months' worth of data breaches, supply chain manipulations, state-backed hacking campaigns, and harbingers of cyberwar to show for it. But the hallmark of 2019, perhaps, is feeling like the worst is yet to come. Ransomware is an ever-growing threat, corporate and US government security is still a mess, and geopolitical tensions are rising worldwide.

Before we see what the future holds, though, let's recap some of the major cybersecurity incidents that have cropped up so far this year.

US Customs and Border Protection Contractor Perceptics

In May, a surveillance contractor for Customs and Border Protection suffered a breach and hackers stole photos of travelers and license plates related to about 100,000 people. The Tennessee-based contractor, a longtime CBP affiliate known as Perceptics, also lost detailed information about its surveillance hardware and how CBP implements it at multiple US ports of entry. The Perceptics breach was first reported by The Register, and CBP officials later disclosed the incident to the Washington Post. Though CBP was hesitant at first to admit that Perceptics was the contractor that had suffered the breach, the agency sent a Microsoft Word document to the Post titled "CBP Perceptics Public Statement" in its initial response. Days later, hackers posted the stolen Perceptics data to the dark web. On Tuesday, CBP suspended Perceptics from federal contracting, though it did not say why.


Latest Discounts
  • Are you frustrated that your expensive karoke player does not let you play.
  • System unleashes the groundbreaking secrets of the latest demolisher betting system.
  • ApeSurvival is all about survival and self-defense products, tips and news.
  • Make Money Online With This Pre-Loaded Wordpress eBook Store.
  • This Affiliate System Will Have You Raking In Massive Commissions From Affiliate Marketing.
  • Reveals 1 Unusual Tip To Eliminate Excessive Sweating Forever In 48 Hours
  • Discover how to boost your goal achieving skills in 30 days, guaranteed
  • Quickly cure your acid reflux and enjoy permanent freedom from heartburn
  • The stunning secret of turning your wife on with the push of a button.
  • Learn How To Attract the Man of Your Dreams And Receive A Marriage Proposal In Few Months
  • A Truly Unique Extract Of The Greatest Methodologies For Keeping The Body And Mind Young And Agile.
  • Reveals A New Forex Trading Strategy To Make You More Money By Doing Just Part Time
  • Become A Certified Usui Reiki Healing Master With The Latest Reiki Certification Program.
  • Complete step-by-step guide shows how to do taxidermy even if you're an absolute beginner.
  • Dont Let Social Anxiety Control Your Life Any Longer. Start Living.
  • Build a free viral email list on autopilot and make thousands of others do it for you.
  • Discover How To Add 20lbs To Your Bench Press, 15lbs To Deadlift, And 20lbs To Your Squat In 3 Months
  • The Biggest Site On Past Lives, Karma, and Reincarnation You Will Find In This Life
  • Clickbank Ads
     

    CBP has spent the past two decades ramping up its use of border surveillance technologies, and there appears to be no end in sight. For example, the agency wants facial recognition scans to be standard in the top 20 US airports by 2021. But civil rights and privacy advocates say that these aggressive initiatives pose a danger to US citizens and the global community in general. The Perceptics incident is seen as a clear example of those risks. As Jeramie Scott, senior counsel at the Electronic Privacy Information Center, told WIRED in June, "The agency simply should not collect this sensitive personal information if it cannot safeguard it."

    Ransomware

    Ransomware attacks are truly nothing new at this point, but 2019 is looking like a banner year for them. Criminal groups continue to target businesses, healthcare providers, and, most visibly, local governments with these brash hacks, in which malware is specially designed to encrypt a system's data and demand a ransom to decrypt it—swindling billions of dollars per year in the process. "We are seeing an increase in targeted ransomware attacks," the FBI told WIRED in a statement just this week. "Cyber criminals are opportunistic. They will monetize any network to the fullest extent."

    In 2019, though, ransomware isn't just targeting hospitals and small businesses. A destructive strain called LockerGoga has specifically been victimizing industrial and manufacturing firms—at times forcing production plants to switch to manual control or exacting long-term damage on systems that control physical equipment. For now, incident responders say that LockerGoga is only being used by financially motivated criminals. It's easy to imagine, though, how this type of attack could be used by state-sponsored critical infrastructure hackers, especially given how both North Korea's WannaCry and Russia's NotPetya were ransomware-like worms crafted with each country's geopolitical agenda in mind.

    Supply Chain Attacks

    A legitimate software vendor pushes out what looks like a trustworthy software update to users, but it's really a destructive instrument of cyberwar. That is the evil genius of the supply chain attack. The most famous example is likely 2017's NotPetya attack, when Russian hackers spread destructive malware in part by compromising the update mechanism for a Ukrainian accounting software. And this type of malicious hacking has been a particular signature of 2019 so far.

    In March, following a research report from the threat intelligence firm Kaspersky, computer maker Asus disclosed a supply chain attack sometime in the second half of 2018 that had compromised the company's Live Update tool to push malware to almost 1 million customers. Victim devices accepted the tainted software because the attackers signed it with a real Asus certificate (used to verify the legitimacy of new code). Though the hackers infected a huge number of machines through the attack, they seem to have been specifically targeting 600 computers, which they then hit with a second-stage attack.

    Researchers call the group behind the Asus supply chain compromise Barium or ShadowPad. Little is known about the affiliation of the group, but it is thought to be Chinese-speaking. Barium was also connected to another famous supply chain hack in 2017 of the popular computer cleanup tool CCleaner. And at the end of April, the Kaspersky researchers also discovered indications that Barium has used a supply chain attack shortly after the Asus assault to compromise Microsoft's development tool Visual Studio. This, in turn, seeded backdoors into the products of three different video game companies that use Visual Studio in their coding pipeline—allowing hackers to plant malware in certain games, and potentially infect hundreds of thousands of targets.

    American Medical Collection Agency breach

    One of the most concerning corporate data breaches so far this year is that of the American Medical Collection Agency, a massive healthcare-related debt collector. The company discovered that it had been breached in March, and filings with the US Securities and Exchange Commission indicate that the intrusion on AMCA's systems lasted from August 2018 through March 2019. The incident was first publicly reported at the beginning of June after the medical testing firm LabCorp said that 7.7 million of its customers had data exposed because of AMCA, and Quest Diagnostics said it had had records from 12 million patients exposed. AMCA said that the compromised information included first and last names, dates of birth, phone numbers, addresses, dates of medical services, healthcare providers, and data on balances due. The stolen information did not include insurance ID numbers or Social Security numbers.


     

    Because AMCA contracted with so many companies, it's possible that additional organizations—and therefore other patients—were affected as well. But almost 20 million patients between LabCorp and Quest alone is bad enough. In mid-June, Retrieval-Masters Creditors Bureau Inc., which operates as AMCA, filed for Chapter 11 bankruptcy protection as a result of costs associated with the breach.

    First American

    Not all data security incidents are breaches. Sometimes data is improperly stored and publicly accessible—it may not have been stolen, but it was still exposed. And First American, the massive real estate and title insurance firm, offers a crucial cautionary tale of how dangerous data exposures can be. Discovered in May by security journalist Brian Krebs, the incident exposed 885 million sensitive customer financial records going back to 2003. They were accessible to anyone on First American's website. It isn't known whether anyone actually found and stole the information before the company locked it down, but it was extremely easy to grab. Social Security numbers, driver's license images, bank account numbers and statements, mortgage and tax documents, and wire transaction receipts from millions of Americans were all included in the trove. As a title insurance provider, First American is often party to both the buyer and lender sides of real estate deals, so if anyone did steal this information they would have access to a real goldmine for identity theft, financial scams, and even espionage.

    One to Watch: Iran

    Ever since President Donald Trump withdrew the United States from the 2015 Iranian nuclear agreement last year, international relations and cybersecurity experts have been warning that the move could escalate tensions between the two countries, particularly in cyberspace. This appeared to hold true in the second half of 2018, and the first six months of 2019 have borne even more marked escalations. Iranian hackers have ramped up campaigns around the world, and particularly against US targets, as the two countries clash more openly in the physical world.

    June, in particular, saw tensions continue to rise with a series of incidents in the Middle East. On June 13, two fuel tankers were attacked in the Gulf of Oman. The US blamed Iran, and also accused Iranians of attempting to shoot down a US drone. One week later, Iran succeeded in shooting down an unmanned surveillance drone, which it claimed had entered Iranian airspace. Trump considered then ultimately aborted a kinetic strike in response to the provocation, but US Cyber Command was approved to launch a damaging cyberattack against Iran's rocket and missile launch control systems, however. The hack reportedly took weeks or months for Cyber Command to design and orchestrate. Meanwhile, Iran has been digitally clapping back at the US. The question now is whether cyberstrikes can really be used as an alternative to kinetic conflict—as some war scholars have proposed—or whether they only serve to escalate real-world combat.


    Original Article : HERE ; The Ultimate Survival Food: The Lost Ways


    Latest Discounts
  • Are you frustrated that your expensive karoke player does not let you play.
  • ApeSurvival is all about survival and self-defense products, tips and news.
  • Become A Certified Usui Reiki Healing Master With The Latest Reiki Certification Program.
  • Helps You To Lose Weight In Just Four Weeks Without Strict Dieting And Exercise.
  • The scientifically proven way of adding inches of real height at any age.
  • The Biggest Site On Past Lives, Karma, and Reincarnation You Will Find In This Life
  • Download the latest official drivers for your PC fix driver problems and keep them updated.
  • A Truly Unique Extract Of The Greatest Methodologies For Keeping The Body And Mind Young And Agile.
  • Protect Your Family with Parental Controls Download Internet Filter Now
  • Discover How To Add 20lbs To Your Bench Press, 15lbs To Deadlift, And 20lbs To Your Squat In 3 Months
  • Dont Let Social Anxiety Control Your Life Any Longer. Start Living.
  • Packed full of the info you need for profitable horse racing
  • Learn how you can easily create mobile apps to generate passive income.
  • Learn the secrets and become a professional guitar player
  • Discover How Your Beliefs and Emotions Affect Your Ability To Achieve All Your Goals And Dreams.
  • Reveals A New Forex Trading Strategy To Make You More Money By Doing Just Part Time
  • The Best RSS Autoblog Tool For Blogger Blogspot Blog.
  • Discover A Unique Stock Trading Method That's Immune To Crashes And Financial Crises.
  • The No 1, 3 Step Idiot-proof Formula To Profiting From Bitcoin And Crypto Currency As Soon As Tonight.
  • Clickbank Ads
     
     


    RELATED PRODUCTS
  • Are you frustrated that your expensive karoke player does not let you play.
  • The Best RSS Autoblog Tool For Blogger Blogspot Blog.
  • Hint: It's Not A New Diet, A New Exercise, Or Any New Knowledge...
  • Learn about the solar systems largest planet jupiter predict great red spot transit times
  • Download the latest official drivers for your PC fix driver problems and keep them updated.
  • The Biggest Site On Past Lives, Karma, and Reincarnation You Will Find In This Life
  • Discover How Your Beliefs and Emotions Affect Your Ability To Achieve All Your Goals And Dreams.
  • A Truly Unique Extract Of The Greatest Methodologies For Keeping The Body And Mind Young And Agile.
  • Scans your computer for missing, corrupt, or outdated Windows Drivers.
  • Dont Let Social Anxiety Control Your Life Any Longer. Start Living.
  • Reveals A New Forex Trading Strategy To Make You More Money By Doing Just Part Time
  • Discover how to boost your goal achieving skills in 30 days, guaranteed
  • Become A Certified Usui Reiki Healing Master With The Latest Reiki Certification Program.
  • Change Your Mind, Change Your Life Influence Your Mind and Others.
  • Clickbank Ads