Breaches that took place during the month of May 2016
Welcome, June! Thank goodness May is over based upon the number of breaches that took place during the month. While going through some industry articles over a rainy holiday weekend in the US, I came across a long list of breaches, 42 to be exact, that took place during the month of May 2016 as reported by ITGovenance.
The highlights of the list* include:
- LinkedIn: While the breach occurred in 2012 and it was initially reported that 6.7 million records had been breached, it turns out 117 million users accounts were compromised. This information only came to light when “peace_of_mind,” aka “Peace” recently put the data up for sale on the dark web.
- Tumblr: Another article revealed the email addresses and hashed and salted passwords of 65 million Tumblr users are being sold online by same the individual that offered the LinkedIn users’ data.
- W-2 Scam: An alarming 41 organizations have had their W-2 tax information targeted so far this year through malicious email campaigns. According to the article, “the IRS issued a warning to HR departments about an increase in BEC (business email compromise) scams that aim to steal W-2 data.” The agency reports a 400 percent surge in phishing and malware incidents so far this tax season, as well as additional scams targeting the wider tax community.
- Ransomware continues to compromise existing systems.
- SWIFT banking continues to have challenges of funds being compromised.
Add to this list the ITRC’s May 31st report of 430 breaches so far in 2016 affecting the personal information of 12,595,880 individuals. The report also shows that business and healthcare have suffered exponentially more breaches than other industries. Although the breaches did not all take place in May, they were reported in one facet or another, and most compromises were resident in the network endpoints for months prior to being identified and reported.
The staggering number of breaches should be reason enough for you to consider evaluating and modifying your security strategy. Although a significant amount of breach attempts are stopped with real-time detection, it is not infallible as the data clearly shows. Organizations should look to expand their defense-in-depth strategies to identify threats that slip through first-line defenses with threat hunting tools that specialize in detecting post-compromise activity on network endpoints.
The wall stopping intrusions can be built higher, thicker or longer, but something always gets through. You need to know what is in your system NOW that may compromise the integrity of your data and sensitive information.
Make June the month you investigate how cyber threat hunting can help eradicate hidden malware and advanced persistent threats that may be lurking in your systems to keep your organization off the list.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »