Data at Risk

A report published by the Identity Theft Resource Center and CyberScout found there were 1,579 data breaches tracked in 2017. That figure represents a 45% rise over 2016, and an all-time high number of such events. More than half of the breaches (870) listed by the report were associated with the business sector. Other categories reported by ITRC and CyberScout include 374 breaches in the healthcare sector and 134 breaches in the banking/credit/financial sector. “Each year we see an upward trend in number of data breaches cited in these reports. These troubling statistics are a good reminder for property managers to take proactive steps to avoid the potential catastrophe of a data breach,” said Jay Shobe, Yardi vice president of cloud services. According to the report, the most common breaches occurring in 2017 involved hacking of user accounts to gain access to protected data. Hacking typically involves phishing scams, where scammers fool users into entering a username and password into a forged online form, and ransomware which can infect a computer when a user clicks on a nefarious email attachment. In the case of ransomware, access to data can be locked until a payment is made. On a positive note, the study found that the rise in breaches isn’t purely due to increased illicit activities. An increased willingness of organizations to make breaches public knowledge, as opposed to keeping them quiet and privately handled, also boosted the number of 2017. “Companies can avoid a lot of negative attention by responding to data breaches with transparency, as opposed to covering up attempts to steal their clients’ data. When individuals know their data is compromised they can take proactive steps to mitigate immediate and long-term impacts of a breach,” said Shobe. The Security of the Yardi...

Ransomware Rundown

Though some experts predicted the final payoff would hit one billion dollars, Friday’s ransomware attack – believed to be one of the largest ever perpetrated – ended with a fizzle over the weekend with the hackers barely pulling in $26,000 before being  temporarily stopped in their tracks by an anonymous cyber security expert. Summarizing the situation Monday morning, Jan Op Gen Oorth, senior spokesman for Europol, told the AFP, “The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success.” “It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates.” A Simple Fix According to Gizmodo the damage was mitigated, in part, due to the quick action of an “anonymous 26-year-old security researcher” named MalwareTech, who managed to temporarily slow the spread of the ransomware attack late Friday. After discovering the domain name associated with the ransomware, iuqerfsodp9ifjaposdfjhgosurijfaewrwergwe- a.com was available for purchase for just $10.69, MalwareTech bought the domain and halted the attack. “Initially someone had reported the wrong way round that we had caused the infection by registering the domain, so I had a mini freak out until I realized it was actually the other way around and we had stopped it,” MalwareTech told The Guardian. According to Matthieu Suiche, founder of cybersecurity firm Comae Technologies, MaltechWare’s registration of the domain stopped the malware from spreading throughout the US. “The kill switch is why the U.S. hasn’t been touched so far,” he told the New York Times on Saturday. “But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.” A Global Attack The flurry of ransomware attacks shut down several...

Security Reminder

The latest Yahoo breach holds the record for the largest single breach of user account. The hack, which occurred in 2014, enabled hackers to collect personal information associated with at least half billion Yahoo accounts—names, email addresses, phone numbers, birth dates, and even security questions and answers, according to Yahoo’s press release. What’s even scarier is that encrypted passwords, which are jumbled so only a person with the right passcode can read them, were also stolen. As consequence, Yahoo users are encouraged to review their accounts for suspicious activity, change their passwords and security questions, avoid clicking on suspicious links and consider using a new authentication tool called Yahoo Account Key. Of course, there is always the option to switch to Gmail or iCloud. According to research from Alertsec, about 97 percent of Americans lose trust in companies like Yahoo after massive data breaches, so it will take Yahoo quite some time before it starts rebuilding their users’ trust. However, when a company has allowed their customers’ data to fall into the hands of criminals, regaining trust is difficult, and in some cases, impossible. This breach serves as a reminder of how widespread hacking is and raises again the question of whether the current system of passwords and security questions provides the best kind of protection, and the answer seems pretty obvious, something needs to change. Cybersecurity specialists recommend using a different password for each account, while other experts are working on alternatives to passwords such as one-time passwords, biometrics and the two-factor authentication process. “Cybercriminals know that consumers use the same passwords across websites and applications, which is why these millions of leaked password credentials are so useful for perpetuating fraud,” said Brett McDowell, executive director of the FIDO Alliance, an organization that...