April 27 SIEM/security operations modernization virtual panel
IDC Canada, IBM Security and ISA Cybersecurity are teaming up to present a live panel discussion on how emerging trends in SIEM technology can help you achieve faster incident response, easier compliance, and transform your security operations. The event will be presented live on Tuesday, April 27, 2021 at 11:00 a.m. ET.
“Data scraping” affects three major social network sites
Data scraping, the practice of bulk harvesting large volumes of information from websites, had Facebook, LinkedIn, and Clubhouse in the news this week.
Facebook: In an April 6 blog post, Facebook advised that it would not be notifying the 533 million users who were affected by the disclosure of their personal information in an incident discovered earlier this month.
According to an April 9 report on the National Public Radio (NPR) website, a spokesperson from Facebook told the broadcaster that Facebook also declined to advise affected customers because it “does not have complete confidence in knowing which users would need to be notified,” and that the impact of the disclosure was mitigated by the fact that the information publicly available and did not contain financial information, health information or passwords.
The details of the data disclosure were first published on April 3 by Alon Gal of cybercrime research firm Hudson Rock, on Twitter. Gal reported that Facebook handles, user names, locations, birthdates, biographical information and, in many cases, email addresses had been discovered on an amateur hacking forum, affecting millions of Facebook users across 106 countries.
LinkedIn: Data associated with over 500 million LinkedIn users has also appeared online, with an initial offer of sale for two million of the records. The LinkedIn database includes user names, email addresses, phone numbers, business titles, and other data that are publicly available with a free LinkedIn account. The only sensitive personal data involved in the breach would be details that a user had chosen to share online.
It remains to be seen whether LinkedIn – owned by Microsoft – will take the same position as Facebook in regard to user notification, but there is no indication that they will be making any direct contact with users who appear in the disclosed database.
Clubhouse: On April 9, 1.3 million user records for Clubhouse, the invite-only audio conference social network platform, were posted on the dark web as well. This database is not up for sale: rather, it is freely available to any interested party. The Clubhouse user listing contains user name and ID, Photo URL, Twitter and Instagram handles, follower information, account creation date, and “invited-by” user profile name. (Clubhouse is currently only available to people who are invited by another existing member of the service.)
Are you affected? Individuals concerned that their data may have been involved in these incidents can use the free breach-tracking website service HaveIBeenPwnd to check if their information appears on the site’s listings. For Facebook users, a third-party lookup-by-phone-number service has been established as well. If you appear on any of the listings, be extra vigilant for attempted phishing or social engineering attacks that might leverage your online profile information.
While there is no indication that passwords were compromised in any of the incidents, it is a best practice to use a unique, complex passwords for each online service you use, and to change those passwords periodically. LinkedIn and Facebook also support two-factor authentication. Finally, always be cautious about the volume and nature of the data you share on any social platform, understanding that there is always a risk of privacy breach or content abuse.
Cybercriminals get a taste of their own medicine
The old adage “No honour among thieves” applied well to news emerging this week that an online trafficker of stolen payment cards (or “card shop”) was itself hacked and had data stolen.
On April 9, Singapore-based researchers at Group-IB reported that they had discovered a cache of stolen payment card data that had been leaked online on March 17. The data appeared to have been exfiltrated from “Swarmshop” – a Russian-language card shop site – and posted on a competing criminal website on the dark web. According to the Group-IB report, the stolen database contains “623,036 payment card records issued by the banks from the USA, Canada, the UK, China, Singapore, France, Brazil, Saudi Arabia, Mexico; 498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers”.
The disclosure didn’t stop at the twice-stolen payment cards: the report indicated that information about the operators and customers of the criminal enterprise were posted as well, with “12,344 records of the card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity, and current balance” appearing online.
Swarmshop appears to have started operations in April 2019 and, by March 2021, it had registered over 12,000 users and reputedly had data from over 600,000 payment cards available for sale. The Group-IB report suggested that the number of users of the card shop had increased 2½ times since January 2020.
Group-IB has advised that they have notified governmental cybersecurity organizations in each of the countries involved so further steps can be taken at a federal level in each jurisdiction as appropriate.
World’s largest association for pathologists discloses credit card incident
According to a report in Bleeping Computer, the American Society for Clinical Pathology (ASCP) has disclosed a cybersecurity incident that affected an undisclosed number of customers who entered payment information on the group’s e-commerce website in 2020.
The ASCP, based in Chicago, Illinois, has a member base in excess of 100,000 medical laboratory professionals, clinical and anatomic pathologists, residents, and medical students. The ASCP website collects payment card information – including names, card numbers, expiry dates, and CVV numbers – when processing orders for memberships, certificates, books, online courses, exams, case reports, and more.
As of April 12, the ASCP had not announced the breach on its website or social media channels. However, Bleeping Computer obtained a redacted copy of a breach notice letter allegedly sent to customers who were potentially affected by the cyber incident.
The breach notice letter seeks to reassure customers that there is no evidence that the credit card information was used fraudulently, or that any personal data was stolen. Filings reportedly seen by Bleeping Computer suggest that the ASCP website may have been compromised on or between March 30, 2020, and November 6, 2020 – a period of 221 days. Further, the ASCP only discovered the suspected breach on March 11, 2021 – months after the incident is thought to have concluded.
The Bleeping Computer report mused that the ASCP incident bears many of the hallmarks of a “web skimming” or Magecart attack, in which hackers compromise a website with malicious code that skims a user’s credit card data when entered online. The skimmed data is gathered and transmitted to the hackers, who in turn use it for fraudulent or other criminal purposes.