Hackers Encrypt Websites, Holding Businesses Hostage for Thousands

Screen Shot 2015-02-10 at 9.54.40 PM

Hackers have now shifted to a new tactic, taking over website servers and encrypting all the data, demanding payment to regain access and decrypt the files.

The Swiss security firm, High-Tech Bridge, calls these attacks RansomWeb and identified such a case in December 2014, the victim being a undisclosed large European financial services company. Traditionally, this ‘ransomware’ attack via malware usually requires individuals to pay $100-1000 to recover their accounts, but now that focus has turned to organizations, the ransom amount will undoubtedly increase to much larger sums.

In this particular case, the attacks started six months prior to the website’s shut down in December. Hackers encrypted data on the server using “on-the-fly” tweaks to PHP code functions. Additionally, the decryption keys were stored on the hacker’s servers using secure data transmission (e.g. TLS). Once the connection between servers were disconnected, the encryption keys that were silently encrypting/decrypting all the website’s data became inaccessible, and the website went down. Ransom emails to employees of the financial services firm were sent, demanding $50,000 to restore the website with the price increasing by 10 percent every passing week.

Fortunately this story has a happy ending as the hackers had faults in their own security protocols and High-Tech Bridge was able to recover the encryption keys. However, another attack to another High-Tech Bridge customer occurred, leading to the prediction a rapid increase of these types of attacks in 2015.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Jimmy Kimmel asks people on the street for their password

In light of the recent Sony hack and Obama’s new proposals to crack down on hackers, Jimmy Kimmel decided to hit the streets and expose the ‘vulnerability’ of passwords used by the masses.

In this comedic bit, people were asked how they went about choosing a password, which typically consisted of elements such as family/pet names, significant dates, and other relevant personal information. They were then asked round-about questions regarding these elements, exposing the actual password in the same series of questions.

Although a funny clip about people’s poor password choices, we could all do a better job of following good password selection practices when securing our personal and private information.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Anthem latest victim by hackers due to lack of encryption, 80 million customers affected

20150204_091428_AnthemCOlogo

Anthem, a giant insurance corporation, was recently attacked by hackers who stole 80 million customers’ personal data. The kicker to this attack was the data stolen wasn’t encrypted despite numerous health information standards and laws to protect said patient information.

Customer data stolen included social security numbers, email addresses and other personal information.

One of the most common healthcare laws, the Health Insurance Portability and Accountability Act (HIPAA), doesn’t require health care companies to encrypt patient’s personal information. Based on reports by the Wall Street Journal, Anthem only “encrypts personal data when it moves in or out of its database but not when it is stored, which is common in the industry.”

Anthem released a statement saying it was “the victim of a sophisticated cyber attack.”

“These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data,” Anthem CEO Joe Swedish said via a statement on the company web site. “Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.”

Additionally, Anthem said impacted members will receive “free credit repair and ID protection services.”

Anthem operates Blue Cross and Blue Shield plans in 14 states, making it the nation’s second-largest health insurer.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

The CommonKey Affiliate Program has Launched!

Screen Shot 2014-12-21 at 8.51.05 PM

After many requests, the CommonKey team is excited to announce our new Affiliate program. We are excited to partner with amazing companies and consultants to help spread CommonKey to businesses across the globe. Beyond our Affiliate program, we’ve also added a Reseller tier to those who are focused on mid-market and enterprise clients.

Interested in becoming a CommonKey affiliate? Check out our program and sign-up to get started today!

 


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Sony used a folder titled “Password” to save your passwords

sony_hacker_110603_620x350

Sony Pictures Entertainment is the most recent victim by hackers who leaked documents onto the internet, to include a folder titled “Password,” which was used to save thousands of company passwords. Sony is one of many recent hacks on corporate companies, which has publicly shamed them for poor security practices and solutions.

Not only were passwords stored in a very obvious folder, but additional files included social security numbers of 47,000 employees and actors, to include Sylvester Stallone, Judd Apatow, and Rebel Wilson. The “Password” folder included 139 Word documents, Excel spreadsheets, zip files, and PDFs containing thousands upon thousands of passwords to Sony Pictures’ internal computers, social media accounts, and web services accounts.

To make matters worse, the files located in the folder were primarily in plain text with not additional security or password protection. BuzzFeed dug into one file and found clearly-labelled usernames and passwords for major motion picture social accounts, spanning from Facebook to YouTube.

Sony corporate has remained quite regarding the security breach, although it’s employees spoke up about it’s “long-running lax attitude towards security.”

The source of the hack is still yet to be identified, but the primary suspect based on available evidence is that the attack originated in North Korea; however, the North Korean government denies any involvement and has publicly declared it will follow international norms banning hacking and piracy. This is amidst an uproar by North Korea over The Interview, starring James Franco and Seth Rogan, which served as a potential motive for North Korea to take action again Sony.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Password Negligence Could Cost SMBs $210,000 Annually

140618_money_gen_9

A Widemeyer survey in North America and the UK revealed startling data on password negligence among small businesses. Among the critical mistakes include continuously using the same password across multiple accounts, keeping a hand-written book of passwords, or not using passwords altogether to access work data. Identity management company Centrify claims that a company of 500 employees would lose $210,000 annually as a result of these mistakes.

The CommonKey team is a big supporter of small businesses – we urge all SMB owners to follow simple password management best practices to keep your company secure and to improve productivity. Made for teams, the CommonKey password manager is a tried-and-true way to keep help you protect access to your company.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

JPMorgan Hack – 76 Million Accounts Compromised

1409176916000-AFP-525801995

JP Morgan Chase Co, America’s largest bank, was hacked by cybercriminals; among the information leaked included personal contact information of individuals and small businesses. Luckily, the bank reports that bank account information was not leaked, but the very fact that one of America’s most powerful institutions was hacked has caused much uneasiness within the organization and among its customers. The source of the attack is unclear, although hackers in Russia and Eastern Europe have been among the FBI’s recent suspects. In response, JP Morgan announced in a letter that it would budget $250 million annually for security.

So what about the hacked customers? JP Morgan spokeswoman Trish Wexler advises that customers regularly check their bank accounts for suspicious activity. Customers should also be wary of spear phishing tactics, in which hackers trick customers into providing critical account information. Another helpful security precaution is to consider a security freeze, which prevents another user from trying to open a new account in a consumer’s name.

In many ways, the hacking acted as a reality check to both the bank and its customers, reminding us that anyone can be hacked. Going forth, we can expect greater security precautions from the bank, and bank users should develop regular habits to help keep financial security in check.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

The Key to My Company: ‘Password1’

email-hack

Password hacking, breaking into a company, viewing top-secret material – seems like the things only seen in the movies. Turns out you don’t need “1337hax” skills to do so when the top 10 corporate environment passwords are things like “password1” and “hello123.” The results of a recent study by the NetworkWorld via a series of Trustwave penetration tests of corporate environments environment in 2013 and 2014 resulted in an astonishing result of insecure and reused passwords for company accounts.

The article also reveals interesting insight into a hacker’s behavior and mannerisms. An astonishing 86% of hackers aren’t worried about getting caught, and even more interestingly, 51% do it just for fun or thrill. With so many passwords than can be hacked in just a few minutes, it’s not surprising that password hacking can become a fun little side hobby for any Average Joe.

What can you do to help prevent your personal accounts and company from getting hacked? The first step is creating strong and unique passwords for your accounts. You can check out our free strong password generator made by CommonKey to help you get started. Want to learn more about how to protect your company? Shoot us an email and info@commonkey.com!


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.

Russian Hackers Release 5 Million Gmail Usernames and Passwords Online

email-hack-2

A combination of recent phishing scams and weak passwords resulted in a massive e-mail hack. Usernames and passwords from Gmail and two Russian-language services, Yandex and Mail.ru, were made public. Sources say that if your e-mail has been compromised, it is likely that the leaked passwords are too old to grant hackers access. However, it is still recommended to be on the safe side and check out websites such as ‘Is my e-mail leaked’ to see the security status of your e-mail. And, of course, change your password to something more complicated and more secure to prevent future hacks. To help you get started, here is our recommended password generator, provided by CommonKey.


Have your own opinion on the topic or want to chat about password and internet security? Contact us at blog@commonkey.com!

Interested in staying in the know? Add us to your RSS feed using this link.