Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberbreach. Show all posts
Privacy
Cyber Hackers Cyberbreach CyberCrime Cybersecurity CyberThreat Data Major Breach Password Breach Privacy

Security Nightmare with Hackers Releasing 1,000 Crore Passwords in Major Breach

 


Cyber-security breaches are becoming more and more prevalent and this is causing a lot of concerns amongst the public. The report by Semafor claims that some 10 billion (1,000 crore) passwords have been leaked from a hacking forum online about a file that contains nearly 10 billion (1,000 crore) passwords. The incident that took place on July 4th is regarded as being among the largest cyber-security breaches that have been recorded in history. As a result of the massive leak, a credential stuffing attack could be performed with the help of this massive leak, highlighted the report. 

As a type of cyberattack, credential stuffing involves hackers stealing usernames and passwords from several related data breaches to gain access to other accounts owned by the same individual. A significant increase in cyberattacks and malicious attempts to steal data in the past five years has led to an increase in the probability of financial harm becoming a worldwide problem, not only for individual citizens but also for governments and financial institutions spread around the globe. 

Cybersecurity reports state that around 10 billion passwords belonging to various people have been made public on global forums, whether they represent social media accounts or email accounts owned by individuals. There is no doubt that this was one of the biggest data breaches ever in the history of mankind. 

The Semafor news website reports that a file containing around 10 billion (1,000 crores) passwords was leaked via online hacking forums, which was compiled by an anonymous hacker. Several old and new password breaches were compiled into the compilation, which was uploaded to the internet on July 4 and is one of the largest leaks that anyone has seen to date. According to the SEMAFO report, this massive leak has increased the risk that credential-stuffing attacks will become possible. 

As a result of the leak's nature, as it yields a single searchable file, hackers will have an easier time discovering user data thanks to the single searchable file. An attack called credential stuffing occurs when hackers use an infected password to access multiple accounts connected to the same user as soon as the password has been compromised. In the example below, it is possible to break into user A's bank account by using the email password that they use for their email. 

The cyber-news is reporting that credential stuffing attacks are compromising users across various platforms such as AT&T, Santander Bank, Ticketmaster, 23andMe, and several other companies. It was also noted in the report that related to a report by the International Monetary Fund (IMF) and a study published by Lancet Journal, the number of malicious cyberattacks has doubled globally since 2020, with the financial industry (20,000 cyberattacks since 2020) and health sectors being hit hardest. 

The size of the leak, however, has provided some relief for worried netizens - some analysts have suggested that, as a result of its sheer size, the file may not be able to be accessed. Even though more accounts have been leaked, the report notes that the likelihood of cyberattacks is not heightened just by more passwords being leaked - but of course, it highlights the "glaring holes" in the security systems in place.
Read more »
School Record Hacking
Cyberattacks Cyberbreach CyberCrime Cybersecurity Privacy School Record Hacking

The Growing Concern About School Record Hacking

 


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts. 

Cybercriminals are not only seeking ransom payouts but are also targeting students’ personal information, including credit details, assessments, grades, health records, and more. The potential socio-emotional impact on students, coupled with financial implications, adds urgency to addressing cybersecurity challenges in schools. 

The sheer volume of devices and users in educational settings creates a complex environment prone to human failure. Challenges include phishing attacks, exploitation of vulnerabilities, and the rising ransomware threat, leading to downtime, recovery efforts, and paid ransoms. 

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep. Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. 

Other exposed data included medical records, discrimination complaints, Social Security numbers and contact information of district employees. In the U.S., 1,981 schools across 45 districts fell victim to cybersecurity attacks in 2022, almost doubling the previous year’s incidents, according to an Emsisoft report based on aggregated publicly available data. 

Schools are “definitely not funded enough to support cyber warfare,” said Josh Heller, supervisor of information security engineering at Digi International. Penn Manor School District has 5,500 students who collectively generate more than two million individual data points in the core student management system alone. 

An attack that targets a business, through an employee or an employee's child, may seem like a step too much work when phishing and business email compromise are so much simpler. But, to state the obvious: Children are easy marks, and nearly all of them play video games. Combined with the proliferation of remote work and bring-your-own-device (BYOD) policies, this vector is long-tailed but fruitful for attackers. 

Cybercriminals seeking ransom payouts or identity thieves going after a student’s spotless credit can gain access to identifying information, assessments, assignments, grades, homework, health records, attendance history, discipline records, special education records, home communications and more.  

The increase in ransomware attacks in schools poses severe emotional and physical risks to students. Besides extorting money from students, cybercriminals also target sensitive personal data, making the potential harm even greater. Educators are suffering from major downtime, and resurgent action must be a result of these attacks. 

To protect students, and to prevent further damage, it is imperative that urgent action be taken, increased funding be provided, and cybersecurity be enhanced. To strengthen educational institutions against cyber threats escalating in number and intensity, it is imperative that awareness is elevated and collaborative efforts are put into place.
Read more »
Subscribe to: Posts (Atom)