Breaches Continue to Surpass 2016’s Record Pace
Somewhat unnoticed in the midst of tax-season fraud and other cybersecurity headlines is the fact that the U.S. business sector has seen a 54% jump in the number of total breaches reported so far.
As of April 11, the total number of breaches captured in the 2017 ITRC Breach Report from the San Diego-based Identity Theft Resource Center now totals 431, an increase of 37.3% over last year’s record pace (314) for the same time period. The total number of reported records exposed totals almost eight million, with the business category representing more than half of the breaches and more than six million records.
With 21 breaches added in just the last week reported, the five industry sectors are broken down by number of breaches as follows: Business = 54.1%, Medical/Healthcare= 24.1%, Educational = 14.4%, Government = 5.6% and Banking/Credit/Financial = 1.9%. The total number of reported records by category were: Banking/Credit/Financial = 20,000, Business = 6,194,367, Educational = 41,448, Government/Military = 170,683 and Medical/Healthcare = 1,499,258.
The business category encompasses retail services, hospitality and tourism, professional, trade, transportation, utilities, payment processors and other entities not included in the other four sectors. It also includes nonprofit organizations, industry associations and non-government social service providers, as well as life insurance companies and insurance brokers (non-medical).
In other cybersecurity news, McAfee reported attackers are exploiting a previously unidentified vulnerability in Microsoft Word, which security researchers said can install malware, even on fully-patched computers. Because the HTML application is executable, the attacker can run code on the affected computer while evading memory-based mitigations designed to prevent these kinds of attacks.
Activation of the vulnerability takes place when a mark opens a fake Word document, which downloads a malicious HTML application from a server, masked as a rich text document file. The HTML application meanwhile downloads and runs a malicious script that can stealthily install malware. The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content and executes it as an .hta file. Because .hta is executable, the attacker gains full code execution on the victim’s machine.
“Thus, this is a logical bug and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” McAfee said in a blog post. “At McAfee, we have put significant efforts in hunting attacks such as advanced persistent threats and zero days. Yesterday, we observed suspicious activities from some samples. After quick but in-depth research, we have confirmed these samples are exploiting a vulnerability in Microsoft Windows and Office that is not yet patched.”
The samples detected are organized as Word files (more specially, RTF files with “.doc” extension name). The exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10. The earliest attack McAfee detected dates back to late January.