October’s Cyber Aftermath, CyberSecurity Awareness Month

October is known as being the Cyber Security Awareness Month. Many campaigns especially during October are trying to teach and raise the awareness about Cyber Security. Public and private initiatives especially during this month, are trying to raise the awareness further on online security and safety. 

Unfortunately there are still many steps that need to be made towards awareness and Cyber Security. Businesses and individuals are still affected by cyber-attacks and security breaches. The discovery and investigation of a breach can be a very time-consuming process and this is the main reason it takes so long to be reported.

Even though patches and updates are available for most security vulnerabilities as soon as they are discovered, new threats and zero days (0day) are constantly surface and exploited. 

During this month a number of security breaches, cyber-attacks and vulnerabilities were announced. Let's see this month's aftermath...

There were two issues related to vulnerabilities that affected millions of people this month. 

• Firstly, Adobe has discovered yet another security hole and released multiple security updates many of which were categorised as “critical”. 
• Secondly, the law enforcement agencies warned about a malware campaign known as Dridex (also referred as Dyre, Bugat or Cridex) which was used to target customers mainly in Europe and spread through infected Word and Excel documents. 

Cyber-attacks targeted payment information as well. There were payment information breaches this month which included some high-profile targets. 

• The Trump Hotel Collection confirmed a card breach that affects customers who used their credit or debit cards at the hotels between 19 May 2014 and 2 June 2015.
• The financial information firm Dow Jones revealed it was subject to a cyber-attack over a three-year time span, that resulted in “unauthorized access” of payment card and contact information for up to 3,500 individuals. However, the company claims that no direct evidence exists to suggest the data was stolen. 
• Another victim of a payment information breach was the Thrift store chain. The company announced that the breach may have affected sales transactions between 1 September 2015 and 27 September 2015.
• Peppermill Resort Spa Casino in Reno notified an undisclosed number of individuals that an attack may have compromised payment card information used between October 2014 and February 2015 used at the front desk. 
• EyeBuyDerect announced the unauthorised access to payment card information and personal information after the discovery of an intrusion between 9 February 2015 and 30 May 2015. 
• An approximate number of twenty thousand payment card information used at the Noble House Hotels and Resorts between 28 January 2015 and 3 August 2015 may have been compromised. 

There were data breaches that did not include any payment information. However, these data breaches most of the time include personal information and customer data such as social security numbers, date of birth, medical records, passwords, etc. 

• One of the most discussed cyber-attacks this month was the data breach of TalkTalk which affected four million customers. Moreover, this is the second major data breach for this company within a few of months apart. 
• A Lithuanian company that offers free web hosting was compromised and thirteen million usernames and passwords were disclosed to the public. 
• Another data breach regarding 6,400 emails and passwords from the American Bankers Association was revealed. The incident revealed on 30 September 2015 and it affected its shopping cart users by exposing their personal information. 
• The Schwab Retirement Plan Services notified more than nine thousand participants that a file containing their personal information was accidentally emailed to an unauthorised individual. The file contained names, addresses, dates of birth, social security numbers, account balances and all sorts of personal information. 
• A software services company hired by the Salt Lake County misconfigured one of more security settings which resulted in exposing on the Internet workers' compensation and other damage claims submitted to the County. Utah mayor's office sent out approximately 14,000 notification letters to those whose data was exposed.

October was yet another busy month full of security incidents that may have affected the lives of millions of people. Cyber Security is an ongoing process, and organisations need to act pro-actively by having a Cyber Security Strategy and by taking under serious consideration a few essential CyberSecurity precautions.