At a glance.
- Trends in data breaches.
- TrickBot resurfaces.
- British Mensa suffers data breach.
Breach report study sheds light on cyberattack trends.
SecurityWeek summarizes a study conducted by threat intelligence startup HackNotice analyzing over 60,000 breach reports from 2018 to 2020. They categorized the breaches into five categories based on the source of the report:
- Over 41,000 leaks were disclosed by the hackers themselves.
- About 15,000 leaks were reported by news sources. As 2.7 times more breaches were reported by hackers, the dark web appears to be a better source of information than the media.
- Nearly one thousand leaks were the result of a ransomware attack in which the targeted organization refused to pay the ransom, an extortion tactic that first surfaced just last year.
- Over two thousand breaches were revealed when the hacker defaces the content of the victim’s website. This strategy often has political or ethical motivations and the increase over the past two years reflects the turbulent geopolitical landscape.
- About 9,000 were reported directly to an official source such as the Department of Justice.
Overall, the report indicated that there has been a steady increase in successful cyberattacks, possibly targeted organizations are more focused on purchasing expensive cybersecurity tools than on educating their employees about threats. Secondly, the study showed a decrease in the reporting of attacks through official sources, perhaps because organizations are waiting to disclose a breach until they’ve already begun investigating it, so they can address issues before they become public knowledge.
The resurrection of TrickBot.
Despite Trickbot’s reappearance, CyberScoop hopes that two new interventions aimed at Emotet and NetWalker malware will be more effective. US and European authorities have seized servers used by Emotet, while US and Bulgarian forces confiscated almost half a million dollars’ worth of the NetWalker gang’s cryptocurrency.
Mensa’s geniuses are no match for hackers.
If you’re smart enough to hack into Mensa, do you get an automatic membership? The British branch of Mensa’s website has been taken offline due to a cyberattack, reports Computing. A spokesperson stated that the attack seemed “designed to discredit Mensa's systems” and “involved considerable resources.” Graham Cluley notes that the incident was followed by the exit of two Mensa board members. Mensa’s former director and technology officer Eugene Hopkinson resigned after writing an open letter disparaging the organization’s cybersecurity practices, specifically mentioning that member passwords are stored in plain text and that he has “no faith that the board will take adequate action to investigate this possible data security breach.” Mensa stated that the Information Commissioner’s Office has been notified and that an investigation is, in fact, underway.