With more than 1,200 breaches and a massive 3.4 billion records exposed already, 2017 is on pace to be yet another worst year on record for breach activity.
Risk Based Security’s Q1 2017 DataBreach QuickView Report found that in particular, the practice of emulating a trusted party and requesting copies of W-2 forms has clearly become a favorite money-making scheme for the first quarter.
“The trends that drove the extraordinary activity in 2016 are continuing unabated in 2017,” said Inga Goddijn, EVP at Risk Based Security. “We have seen the return of widespread phishing for W-2 details, large datasets continue to be offered for sale, and misconfigured databases remain a thorny problem for IT administrators.”
Targeting information useful for filing false tax returns is not a new practice and neither is phishing unsuspecting employees in order to obtain it; however, the trend came to prominence last year, when more than 60 organizations fell for the specialized phishing scam in Q1 of 2016. Known as business email compromise, or BEC, the practice generally involves sending an email impersonating a trusted colleague, business partner or C-suite executive, requesting either a funds transfer or personal information.
Despite the experience in 2016 and warnings from the IRS in January and February of this year, more than 200 organizations fell for the same scam in first three months of 2017.
Another 2016 trend that continued into Q1 2017 is the sale of large datasets. The report found that one particular seller was especially active this past quarter, offering for sale various username and password combinations gathered from 11 different organizations and impacting a whopping 1.5 billion records in total.
“What is clear is that as long as organizations rely on the traditional username and password combination for authentication, datasets like these will continue to have value to malicious actors,” the report noted.
“In the most striking example of misconfiguration problems, River City Media LLC, an organization with a somewhat checkered reputation, accidentally exposed 1,374,159,612 records containing personal information as well as sensitive internal business documents in a faulty Rsync backup. Not only is this the largest misconfiguration incident on record, it is now the single largest breach disclosed through Q1 2017.”
With breach activity showing no signs of slowing down, it’s become more important than ever to understand the drivers behind data loss.