UpGuard Blog

5 Biggest Takeaways From WannaCry Ransomware

Global in scale, with across the board press coverage, the WannaCry ransomware attack has quickly gained a reputation as one of the worst cyber incidents in recent memory. Despite the scale, this attack relied on the same tried and true methods as other successful malware: find exposed ports on the Internet, and then exploit known software vulnerabilities. When put that way, the attack loses its mystique. But there’s still a lot we can learn from this incident, and we’ve summed up the five most important takeaways to keep in mind going forward.

Filed under: security, cyber attack, ransomware, wannacry

Grinches Out in Full Force Scamming Online Holiday Shoppers

Retailers aren’t the only ones benefiting from increased sales around the holidays — scammers and hackers are seeing their own bump in business.

Filed under: hack, cyber attack, cybersecurity, data breach

2016: The Year of Preventable Hacks

As the holiday season approaches, the world’s fraudsters, scammers, and blackhats can take no small measure of yuletide cheer from their work in 2016 - a banner year for hacking. Call it the dark side of technological innovation, an equal and opposite reaction to the increasing breadth and efficiency of the internet. 2016 was a record-breaking year for data breaches, powerfully affecting the spheres of life like never before - from a presidential election rife with electronic intrigue, to a business landscape increasingly shaped by hacking. But if there is a silver lining to be found, looking at the most damaging data breaches to actually occur in 2016, it is the depressing fact that some of the worst hacks exploited well-known vulnerabilities which could’ve been easily prevented.

Filed under: cyber risk, hack, cyber attack, government, cybersecurity

2016: The Year of the Spearphish

On November 29th, after a high-profile year of published leaks and hacks targeting the Democratic Party, Wikileaks struck once more, albeit against an unexpected target: HBGary Federal, a now-defunct government contracting affiliate of the eponymous cybersecurity firm. It was not a name unfamiliar to online observers; in 2011, HBGary Federal CEO Aaron Barr had boldly claimed to have identified the leading members of internet hacking collective Anonymous, drawing attention from federal investigators eager to identify and arrest the culprits behind DDoS attacks in support of Wikileaks.

Filed under: hack, cyber attack, government

The Mysterious Case Of The Leaked Voter Database

The election year is officially underway, but for non-voters and the apatheticanother reason not to register to vote has surfaced: on December 20th, 2015, a security researcher discovered a publicly exposed database of 191 million voter registrant records—names, addresses, dates of birth, phone numbers, party affiliations, state voter IDs, and more—posted online and freely accessible.

Filed under: cyber security, cyber risk, data breaches, hack, cyber attack

The OPM Data Breach And Threat Of Compromised Nuclear Data

The figures are staggering: 21.5 million records containing social security numbers, names, places of birth, addresses, fingerprints, and other highly sensitive personal data—stolen by cyber attackers.

Filed under: cyber security, cyber risk, data breaches, cyber attack

Sanrio's Data Leak And The New Data Privacy Normal For Minors

It's been barely a month since the VTech data breach resulted in the theft of over 6.4 million children's records, and yet another massive compromise affecting kids' data privacy is upon us—this time involving venerable children's toy and accessory brand Sanrio (of Hello Kitty fame). The data leak resulted in the exposure of details from more than 3 million user accounts: first/last names, birth dates, genders, countries, and email addresses, all openly available to the public. With children becoming prime targets for cyber criminals seeking low hanging fruit, companies that deal with and manage minors' data are increasingly under pressure to bolster their security controls and practices.

Filed under: cyber security, data breaches, hacked, cyber attack

Four Winds Casino Data Breach Is Not The First—Or The Last—Of Its Kind

There's a classic line (one out of many) in the movie Casino by DeNiro's character Ace Rothstein:

"Since the players are looking to beat the casino, the dealers are watching the players. The box men are watching the dealers. The floor men are watching the box men. The pit bosses are watching the floor men. The shift bosses are watching the pit bosses. The casino manager is watching the shift bosses. I'm watching the casino manager. And the eye-in-the-sky is watching us all.”

Filed under: cyber security, cyber risk, data breaches, hack, cyber attack

The Lucrative Rewards of Hacking Higher Education

In a news flash buried beneath a slew of other notable security news items, UCLA Health revealed last week it was the victim of a massive data breach that left 4.5 million patient records compromised. Like previous attacks on Anthem and Premera Blue Cross, the intrusion gave hackers access to highly sensitive information: patient names, addresses, date of births, social security numbers, medical conditions, and more. And while matters around healthcare IT have taken center stage as of late, the ineffective security at leading institutions of higher education and research is equally distressing.

Filed under: cyber security, data breaches, cyber attack

Insights from Verizon's 2015 Data Breach Investigations Report

Every year, Verizon compiles data from a list of prominent contributors for its annual report highlighting trends and statistics around data breaches and intrusions from the past year. The 70-page Data Breach Investigations Report (DBIR) covers a myriad of data points related to victim demographics, breach trends, attack types, and more. Reviewing these shifting security trends can give indications as to how well-postured one’s organization is against future threats. And just in case you’ve got your hands full patching server vulnerabilities, we’ve done the legwork of expanding on a few critical key points from the report.

Filed under: cyber security, cyber risk, data breaches, cyber attack