Stir Friday - Security News Update for July 6, 2018

Ticketmaster could be fined up to 4% of annual turnover, or £17 million, whichever is higher, for their data breach. We’ve all been watching and waiting to see which company would slip up first. I’d hate to be in the shoes of Ticketmaster at this stage.
The ticket-selling platform reported discovering malware on a third party vendor’s chatbot which was collecting names, addresses, email addresses, telephone numbers, payment card details, and Ticketmaster login details of what could end up being 40,000 UK residents. Oh look! A vendor breach leading to data loss…weird.
The breach spans two different data protection acts: the Data Protection Act, and the GDPR. It occurred during the Data Protection Act, and was reported during GDPR, which could be different fines imposed. I suspect this will get very, very costly for Ticketmaster. I’m interested to see who they wind up with for legal counsel and how far into the court system this will all go.
Notification time from Ticketmaster to its customers is still unknown, but according to GDPR, businesses must inform the ICO and customers within 72 hours or be fined £10 million or 2% of annual turnover. Tick-tock, tick-tock. Any notification is better than none with a £10 million waiting for you…

2018 is on its way to being known as the year of cryptocurrency mining malware, as criminals are realizing they can just forcibly encrypt many files on a victim’s PC, and demand they pay a ransom in a tough-to-trace cryptocurrency instead of transferring from a bank account like other ransomware attacks. Attackers are cutting out the middleman and direct mining instead of demanding ransom that may or may not be paid.
A Chief Scientist at McAfee states, “Attackers targeting cryptocurrencies may be moving from ransomware to coin minter malware, which hijacks systems to mine for cryptocurrencies and increase their profits.”
Miner attack tactics can include downloaders, infecting legitimate sites like Coinhive with their code, and infecting servers with cryptocurrency-mining malware. These are not new avenues of infection, it’s the same old thing repurposed for cryptojacking.
Security experts say that defending against mining malware requires the same tactics as fending off just about any type of malware: don’t open email attachments from unknown senders, maintain up-to-date backups, keep software up to date, and audit your security system regularly. Cryptojacking also eats up a lot of system resources; some simple CPU monitoring is also a good way to detect it.

One of the UK’s biggest hospitality chains was hit by a data breach after a third-party provider of recruitment software suffered a hack in its systems. Vendor security is not just their problem, it’s also your problem.
Australian SaaS firm PageUp revealed last month that an unauthorized person accessed their system which affected Whitbread, the parent company of Costa Coffee, Premier Inn, Brewers Fayre, Beefeater, and other UK chains. For those of you who are not familiar with the UK, those are some pretty large chains.
Some data that could be compromised includes names, genders, dates of birth, email addresses, physical addresses, telephone numbers, and employment information. All of that is GDPR affected data.
Whitbread told IT Pro that it is a client of PageUp, but declined to state how many of its 50,000 UK employees were affected by the attack. I suspect it’s all 50,000.

Survey company Typeform has admitted suffering a breach caused by attackers downloading a ‘partial backup’ of its customer data. This story is short on details which leads me to believe they have poor legal counsel involved with the media notification. It’s very important to get out ahead of these notifications and disclose detail to show you are reacting properly.
The Spanish company’s breach is complicated as Typeform’s paying customers are businesses that use its software to conduct customer survey’s and quizzes and each collect from possibly tens of thousands of people. Vendor security in the EU seems to be a running theme this week.
Four companies have already reached out to their customers; however that is only four out of thousands of Typeform customers.
Typeform says that subscription payment data, Typeform passwords, any payments collected via Stripe integration, and audience payment data are not affected in this breach. It sounds like they have analyzed the database that was downloaded and know what was in it. I’m not sure why they would be so specific about what was not at risk and so obtuse about what is.

One of the industry’s most popular exchange-traded funds, the ETFMG Prime Cyber Security ETF (HACK), is up 18% in 2018. If you weren’t aware, “not getting hacked” is all the rage these days.
“Chief Information Security Officers are directing more and more of their budget toward the most mission critical [parts] of their network.” More important than just spending money on appliances and software is having a goal and an implementation plan. A poorly configured solution does nothing more than make the value of cyber-related market funds increase.
An increasing number of organizations are also moving their sensitive, proprietary data to cloud-based networks, and that trend has fueled shares across the cybersecurity landscape as companies look to protect their data. Moving it to the cloud does not make it more secure. The same type of testing and hardening you would perform on internal resources needs to take place to make sure cloud resources are not publicly accessible.
The recent flow of IPOs as well as the General Data Protection Regulation (GDPR) are two reasons that investors point to as other reasons that are key to fueling cybersecurity stocks’ gains.