Overexposed? Data of 123 Million Households Leaked
The insidiousness of cybercrime encompasses the incessant probing for vulnerable data and systems such as the exposure of 123 million households’ data and a recently discovered printer spoofing operation.
Symantec and others alerted users that an Amazon Web Services cloud storage bucket containing data from some 123 million U.S. households had information exposed in a leak of data belonging to marketing and analytics company Alteryx, potentially raising the risk of identity theft.
According to Symantec, cybersecurity company Upguard said it discovered the exposed data on Oct. 6, 2017, in a cloud-based repository, and made its discovery public on Dec. 19, 2017. The data warehouse contained a variety of data from the Irvine, Calif.-based Alteryx, including datasets belonged to its partners, credit reporting agency Experian and the U.S. Census Bureau.
For each household, the data included 248 fields of information ranging from addresses and income to ethnicity and personal interests. Details included contact info, mortgage ownership, financial histories and even whether a home contained a dog or cat. An Alteryx spokesperson told Forbes "The information in the file does not pose a risk of identity theft to any consumers."
Although the data leaked did not contain individual names, data thieves could cross-reference pilfered information with other available public or previously stolen financial information, like payment card data or account credentials, which could allow criminals to compromise identities.
For many large organizations, emails from corporate printers and scanners are common. Cybercriminals find this route a worthwhile cyberattack launching method. Recently, researchers at Campbell, Calif.-based cyberfraud defense firm Barracuda Networks released data identifying an uptick in attacks through Canon, HP and Epson printer and scanner email attachments.
Their research found since late November, cybercriminals made millions of attempts to infect unsuspecting users by sending impersonated or spoofed emails from common printer and scanner brands, including Cannon, HP, and Epson, with attachments containing malware.
Fleming Shi, SVP of Technology at Barracuda, noted few devices receive the magnitude of use on a daily basis as corporate printers. They’re commonly used for scanning and copying and even sending email PDF versions of documents.
However, criminals are using common spoofing techniques to launch attacks containing malicious attachments appearing to emanate from an organizations’ network printer. The attackers choose PDF generating devices because PDF files can be weaponized to deliver active contents harmful to users. “Receiving a PDF attachment in an email sent by a printer is so commonplace that many users assume the document is completely safe. From a social engineering perspective, this is exactly the response that the cybercriminals want,” Shi explained in a blog.
Shi maintained over the past month, Barracuda tracked activity from cybercriminals who are spoofing printer/scanner attachments in emails to spread malware. “We witnessed the initial attack in late November, which was soon followed by millions of attempts to infect unsuspecting users via email.”
Typically, the subject line of the malicious emails reads something like “Scanned from HP,” “Scanned from Epson”, or “Scanned from Canon.” They also contain a malicious file attachment with anti-detection techniques:
1) Misusing file name extensions. These threats are using modified file names and extensions, inside the traditional file archive, which allows attackers to hide the malicious code inside the archive, imitating a ‘.jpg’, ‘.txt’ or any other format.
2) Remote file download. This malware attachment provides the attackers with the ability to initiate covert surveillance or gain unauthorized access to a victim PC. When the user clicks on the threat attachment, it triggers the malware, which has configured communication protocols set up upon initial infection. This backdoor into the victim PC can allow unfettered access, including the ability to monitor user behavior, change computer settings, browse and copy files, utilize the bandwidth (Internet connection) for possible criminal activity, access connected systems, and more.