Cyber Attacked and Attacker

October Is National Cybersecurity Awareness Month

Cyber Attacked and Attacker Edition: Cyberattack Roundup highlights headlines covering cyber hits on big companies like DoorDash and Dunkin’, hospitals, iPhone users, and more. This post is the second installment of a feature we like to call Cyberattack Roundup.

Cyber Attacked: Companies

1. “Dunkin’ sat idly by, putting customers at risk.” New York’s Attorney General is suing Dunkin’ (née Dunkin’ Donuts) for failing to protect or notify nearly 20,000 customers after a data breach in 2015, even after their app developer informed them of the issue.
2. Last Thursday, DoorDash announced that hackers stole the data of 4.9 million customers  five months ago. Questions remain: Why did it take so long to discover the breach? What “third-party service provider” was responsible? Is this related to previous reports from nearly a year ago by some of their customers that their accounts had been hacked?
3. Several months after the incident, CafePress revealed to consumers last week that they’d just discovered that hackers stole sensitive information in February. Comparatively, other services like haveibeenpwned and We Leak Info had apparently discovered the breach as early as July of this year.
4. Cyber Porn Prank? A sportswear company claims hackers are responsible for the pornography publicly showcased on their storefront screens for almost nine hours.
5. Medical information makes a highly valuable target for cybercriminals which may be why the personal and medical data of patients was recently exposed at an OB-GYN in Florida.

Cyber Attacker: Malicious Products

1. Criminal “malvertising” group eGobbler has been exploiting browser bugs for six months to plague users with ads that redirect to malicious websites, starting with mobile browsers before expanding to desktop browsers. Estimates say their malware ads have gotten 1.16 billion impressions.
2. This iPhone charging cable may look legit, but it’s actually a product from a third-party meant to maliciously hack and remotely control others’ devices. The creator now plans to mass-produce the hacking cable and distribute it through a third party, making it easier for shady characters to acquire.

Other Cyberattack Targets

1. Microsoft says political groups, campaigns, and parties worldwide have faced more than 800 cyberattacks and Rolling Stone foresees big trouble for 2020 U.S. political campaigns at the hands of foreign hackers.
2. A series of ransomware attacks have hit multiple municipalities in Ontario, Canada, crippling hospital systems and other institutions just months after one municipality was forced to pay more than $75,000 to cyber thieves.
3. Nearly the entire population of Ecuador — about 20 million people — was victimized in September in a data breach of an unsecured server holding “a shocking amount of personal data at the national level.” A treasure trove of sensitive information including full names, DoBs, ID numbers, bank account information, and more was exposed. Now the country is rushing to pass new data protection bill to prevent future attacks.

Cybercriminals continue to invade any unsecured or under-protected sources of data they can find. Hackers with bad intent can exploit highly sensitive consumer information. Maybe they’ll harass online passersby with graphic adult content, or perhaps extort entities for tens of thousands of dollars. It’s in every business’ best interest to secure its data with services like CyberReef Solution’s Private Networking Plus.