SSL.com

Cybersecurity News Roundup January 2023

PayPal Accounts Breached Due to Password Recycling

On January 19, 2023, Paypal sent out data breach notifications and informed nearly 35,000 of their users that their accounts were compromised in December 2022.

Paypal explained that the accounts were targeted by hackers through credential stuffing – an attack where leaked usernames and passwords from various websites are used to try and access a target account.

Leaked credentials are often due to recycled usernames and passwords. Paypal claimed that the data breach was not caused by a failure in its systems. 

Personal information that the hackers were able to breach included full names of account owners, social security numbers, birth dates, and postal addresses. Paypal says that the attackers were not able to perform unauthorized transactions and resetting of passwords were done to the affected accounts.

SSL.com’s Takeaway: In a survey conducted by Google and Harris Poll, 53% were found to have the same password for multiple accounts while 13% used the same password for the entirety of their accounts. Combined together, these data suggest that 65% of people recycle their passwords even if they have all the options to come up with others. 

For those who want to avoid the burden of having to remember and type lengthy passwords for various accounts, password managers are a great solution because their sync and password-generating abilities allow ease of access to various accounts. 

SSL.com Client Authentication Certificates can also provide an extra layer of security that passwords alone cannot give by restricting access to sensitive sites and applications. They shield your online accounts from malicious actors by ensuring that only you as the verified individual can access them. Click here for more information on SSL.com Client Authentication Certificates.

Iranian and Russian Hackers Discovered to be Targeting Politicians and Journalists

British politicians and journalists are reported to have been targeted with phishing attacks by two hacking groups: Iran-based TA453 and Russia-based Seaborgium. In 2022, Seaborgium was discovered to be attacking three nuclear research labs in the US. TA453 was  previously monitored and found to be  potentially targeting American politicians.

The United Kingdom’s Cyber Security Centre (NCSC) warned potential targets not to fall for malicious links that are used to steal information in their online accounts.

The hackers have been found to create fake social media profiles of the targets’ contacts and then go on to share bogus conference or event invitations, a lot of times in the form of Zoom meeting links that contain malicious code. The fake links allow the hackers to steal the email account credentials of the victims. Upon entry, they have been detected sniffing into mailing-list data and contact lists which they then use for further phishing campaigns.

The hackers have also set up websites disguised as authoritative organizations to further fool their targets. Interestingly, they go for personal email accounts rather than official work accounts. Aside from being likely to have lesser multifactor authentication, personal accounts can also cause the victim to be less cautious when communicating.

SSL.com’s Takeaway: Be wary of suspicious “from” addresses: Official emails about passwords and personal information are sent from official email addresses, not personal accounts. If the sender does not have an email address that is associated with the company, don’t believe it.

Protect your personal and organizational email communications with SSL.com’s S/MIME certificates: SSL.com’s S/MIME certificates give you peace of mind by encrypting emails with a tamper-proof digital signature. If the sender and receiver of an email both have S/MIME certificates, only the two of them can view the contents of the message. By encouraging your email contacts to use an S/MIME certificate, you can be assured that emails really come from them and not from a hacker. Click here for more information on SSL.com S/MIME Certificates.

Healthcare Industry Most Common Victim of Third-party Breaches, Black Kite Finds

The 2023 Third Party Data Breach Report by Black Kite revealed that the healthcare industry received the highest amount of third-party breaches in 2022. The share in percentage amounts to 34%, an increase by 1% compared to 2021. 

Black Kite explains the reason for the healthcare industry’s continually vulnerable position:

“Lack of budget, remotely shared personal data between patients and hospital systems, and outdated software all point to avenues for hackers to infiltrate and gain access to health-related sensitive data. That’s why, again this year, the most affected sector has been healthcare.”

The report comes at the heels of several high-profile cybersecurity attacks against healthcare companies in 2022, including the data leak of 2 million New England patients being serviced by Shields Health Care Group; the ransomware attack against CommonSpirit hospital which compromised the private information of more than 600,000 people; and the attack against multinational healthcare services company Tenet Healthcare which caused several of their hospitals to go offline forcing their staff to use paper and charts. 

Hospitals do not usually prioritize cybersecurity in their IT budgets. In the 2021 HIMSS Healthcare Cybersecurity Survey, hospitals were found to only allocate 6% or less of their IT expenditures for cybersecurity.

SSL.com’s Takeaway: One of the key mistakes that hospitals have made through the years is running high-tech cutting-edge software on obsolete and vulnerable operating systems. In March 2020, Fortune reported that “As many as 83% of Internet-connected medical imaging devices – from mammography machines to MRI machines – are vulnerable.” Why? Because Microsoft has dropped support for the Windows 7 operating system that many of the machines run on. One expert likened the security gap to having a “permanently broken window” on the side of your house and hoping that thieves don’t come in.

Remember: you are only secure as your most-vulnerable software. You can have all the million-dollar equipment in the world, and something as basic as a phishing attack can give the bad guys the keys to your patients’ data, or lead to a ransomware attack that holds everything hostage for a pretty penny. Investing in cybersecurity goes a long way in ensuring that an organization is able to protect its critical assets and serve its clients. 

Additionally, SSL.com Client Authentication Certificates can readily protect an organization’s critical systems by providing an extra layer of security that passwords alone cannot give. They secure sensitive data and digital assets from hackers by ensuring that only the verified individuals or organizations are granted access. Click here for more information on SSL.com Client Authentication Certificates.

US Government No Fly List Leaked on a Hacking Forum

In a wide-scale data breach, a U.S. No Fly List containing the complete names, likely aliases, and birth dates of more than 1.5 million suspected terrorists has been leaked on a hacking forum. 

According to Swiss hacker maia arson crime, the person who leaked the sensitive information,  she discovered the No Fly List unsecured on an AWS server owned by Ohio airline CommuteAir. 

CommuteAir said the breached server was taken offline after it was contacted by the hacker. In November 2022, a different set of personally identifiable information (PII) held by the airline was also hacked. Information that was compromised included names, birth dates, and portions of Social Security numbers.  

The No Fly List is usually not publicly accessible and strictly held by relevant government agencies including the Transportation Security Agency (TSA) and Department of Defense, and is coordinated with private airlines for reference. Given the sensitive nature of such lists, it calls into question how the US government can make sure that the data they share with private organizations can be stored securely.

SSL.com’s Takeaway: This case demonstrates the need for government agencies to work with cybersecurity companies to make sure that sensitive data they share to private organizations are kept secure. Where specialized needs have to be met, solutions should be founded on expertise. Head over to our PKI and Digital Certificates for Government article to learn more about how we help government institutions strengthen their cybersecurity.

In addition, our Client Authentication Certificates can readily protect an organization’s critical systems and servers by providing an extra layer of security that passwords alone cannot give. They shield sensitive data and digital assets from malicious actors by ensuring that only the verified individuals or organizations are granted access to them. Learn more about SSL.com Client Authentication Certificates through this page.

OV & IV Code Signing Key Storage Requirements are Changing

With input from most of its membership, the CA/Browser Forum is changing the OV & IV Code Signing Key Storage Requirements. The change date is June 1, 2023. OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service. 

< p style=”text-align: justify;”>Additional information on this change can be found on the  CA/Browser Forum website. Learn more about the SSL.com eSigner cloud code signing solution: https://www.ssl.com/esigner/.
Exit mobile version