Information security in 2018: relevant facts and the increase in cyberattacks

The year 2018 was marked by several events related to information security and technology, such as the implementation of the GDPR (General Data Protection Regulation), which represents the rise of privacy regulation in the European Union, and also by a significant increase in reports of cyberattacks such as scams, data hijacking, malware, data leaks, and cryptocurrency mining.

Here on the blog we've already presented relevant data about the increase in cyberattacks in 2018 and the importance of educating users , but did you know that in addition, during 2018 Kaspersky Lab detected more than 350,000 viruses per day ? So, the numbers are frightening and represent the reality of the global internet.

Kaspersky Lab states that there was a 43% increase in ransomware (from 2.1 million in 2017 to 3.1 million in 2018) and a 44% increase in backdoors used by cybercriminals for remote PC access (from 2.2 million to 3.2 million). These results prove that malware, especially backdoors and ransomware, continues to be a significant danger.

• 30% of users' computers suffered at least one malware attack this year .
• According to Kaspersky Lab data on attacks against IoT devices (Internet of Things: Smart TVs, digital locks, etc.), Brazil (10.57%) is second in the world ranking, losing only to China (27.15%).
• In Latin America, more than 3.7 million malware attacks were identified per day , with Argentina leading (62%).
• In the ranking of countries most attacked by phishing in 2018 , Mexico is in first place with a 120% increase, and Brazil occupies third place , with a 110% increase in attacks.
  Source: Kaspersky Lab | See more data about 2018
  

The dfndr lab PSafe 's cybersecurity laboratory , has prepared the 5th Digital Security Report in Brazil , compiling comparative data from the 2nd and 3rd quarters of 2018, generated through the detection of cyberattacks on Android smartphones belonging to over 21 million users of the dfndr security application.

• The dfndr lab report shows a 31.4% decrease in cyberattacks (from 63.8 to 43.8 million) due to a reduced focus on large events, but it also shows a 7% increase in fake news (from 4.4 to 4.8 million) that mainly address topics related to politics, health, or ways to make easy money.
• Check out the chart showing the detection of malicious links:

  

• “ Despite the significant drop observed between quarters (31.4%), we cannot look at this information in a simplistic and generic way. Cyberattacks are not decreasing . What we saw this quarter was a combination of factors that include a reduced focus on major events involving public-financial issues, such as FGTS and PIS/Pasep, and on commemorative dates of high relevance to retail. ” Emilio Simoni , director of dfndr lab.

The numbers remain worrying , and with each passing year the attacks become increasingly diverse. Cybercriminals "renew strategies" to improve encryption, seeking to avoid detection of attacks. Therefore, without a doubt, we can say that 2018 was marked by a series of attacks, claiming victims worldwide.

Between emails and fake websites, WhatsApp messages, fake news, data kidnapping attacks, and even cryptocurrency mining aimed at exploiting device capabilities and using processing power without user authorization, we've compiled a list of some of the cyberattacks that occurred in 2018. Read on for more information.

Marriott Hotels

September 2018.

Following a major data breach, approximately 500 million customers of the Starwood Hotels and Resorts chain, a subsidiary of Marriott International, had their personal data, including name, phone number, passport number, address, and other information, accessed by criminals. The attack was detected in September 2018, but unauthorized access to the database had been occurring since 2014. The
Public Prosecutor's Office of the Federal District and Territories (MPDFT) has opened a Public Civil Inquiry to investigate the case .

Facebook

1. March 2018.
   Cambridge Analytica: By using a personality test app, users allowed access to their information, but ended up also granting access to the information of their friends. The company illegally used the data for political propaganda.
2. September 2018.
   Hacker attack: Criminals exploited a vulnerability in the "View as" option and gained access to the profile data of 30 million people. After the attack, an average of 90 million people were redirected to log in again and informed of what had happened.
3. December 2018.
   Photos published without authorization: Due to a bug, approximately 6 million users who allowed third-party applications access to their media had "unpublished photos" (such as stories and photos that were uploaded but not published) exposed on the social network. Facebook notified users and suggested they check their application access settings .
   Source: TechTudo

Banco Inter

1. May 2018.
   In May 2018, the TecMundo website team received an 18-page manifesto signed by a hacker named "John." This document detailed technically how the hacker gained access to data, as well as the details of the extortion attempt against Banco Inter. The condition was: if the bank did not pay the amount within the deadline, the data would be sent to the press and sold on the internet.
   The bank acted correctly , following the guidelines on how to proceed in cases of data breaches or theft , and did not give in to the extortion.
   As the hacker was not paid, the personal data of thousands of clients, employees, and executives of Banco Inter, one of the largest fully digital banks in Brazil, were placed in a 40 GB encrypted file. The data consists of photos of checks, documents, transactions, emails, personal information, security keys, and passwords of approximately 100,000 people
   .
   • The hacker stated that he worked for approximately 7 months on the Banco Inter intrusion and explained that, through an employee error, it was possible to access the bank's systems and copy the data.
   • Banco Inter denied that an intrusion occurred.
2. July 2018.
   The Personal Data Protection Commission, in collaboration with TecMundo , initiated a public civil inquiry to investigate the case. During the investigation, the MPDFT (Public Prosecutor's Office of the Federal District and Territories) found, with confirmation from the Center for Production, Analysis, Dissemination and Information Security (CI), that the following data had been compromised:
   •
   Registration data of 19,961 Banco Inter account holders.
   • Of these, 13,207 contain banking data, such as account number, password, address, CPF (Brazilian tax identification number), and telephone number.
   • Data from another 4,840 clients of other banks who transacted with Inter users were also compromised.
   • The exposure of digital certificates, already revoked, and the bank's private key was also confirmed.
   The
   Public Prosecutor's Office of the Federal District and Territories (MPDFT) requested that the bank be ordered to pay R$ 10 million in compensation for failing to take the necessary precautions to guarantee the security of the personal data of its clients and non-clients. In the event of a conviction, the money will be allocated to the Fund for the Defense of Diffuse Rights (FDD).
3. December 2018.
   An agreement was ratified between Banco Inter and the Public Prosecutor's Office of the Federal District and Territories ( MPDFT ), whereby Banco Inter must pay R$ 1.5 million to repair the collective moral damages of a national character resulting from the data breach.
   Source: TecMundo

Phishing

Cases of fraud using phishing are nothing new and continue to occur via email, WhatsApp, and other social media. The circulation of fake promotions is frequent, especially around holidays, and these are the examples we have provided.

Regarding phishing in 2018, Kaspersky Lab identified a 110% increase in incidents, placing Brazil 3rd in the world ranking, according to data presented at the beginning of this article .

1. Throughout 2018, especially around the time Netflix's catalog was updated.
   Fake Netflix emailThe email asks the user to update their payment information because the supposed account is suspended. With a convincing email design, promoting trending or new Netflix movies and series, criminals convince many people, especially because the email content is current. In this way, many people end up falling for this scam and providing sensitive data to criminals. It's important to note that the same suspicious link appears on all the buttons in the email.
   Netflix has an official channel available for reporting phishing, so if you receive any emails of this type, please forward them to phishing@netflix.com

   

2. November 2018.
   Christmas gift from O BoticárioReal promotions with gifts from O Boticário were seen as an opportunity by cybercriminals. One of the most recent occurrences in 2018 was a fake promotion via WhatsApp that offered various gifts from the brand, and to "win," the user had to provide their CPF number (Brazilian tax identification number) and invite friends, generating a large flow of people providing their data to criminals O Boticário made an official statement on its Facebook page, alerting the public about the fake promotion.

   

3. December 2018.
   Coca-Cola Christmas giftA fake promotion offering Christmas gifts circulated via WhatsApp. To "win the gift," the user had to click on a link and register, but the link redirected the user to a phishing website designed to collect data, mainly CPF numbers (Brazilian taxpayer ID numbers) Coca-Cola has made an official statement informing that the promotion it was false and reiterating that the site official The company's role is: natal.cocacola.com.br

   

Fake news

The occurrence of fake news was so high during 2018 that dfndr lab identified that 11% of malicious links were fake news. This represents a 7% increase in fake news (from 4.4 to 4.8 million) that mainly address topics related to politics, health, or ways to make easy money, between the 2nd and 3rd quarters of 2018.

1. July 2018.
   Fact or Fake : The G1 team sought to help internet users have a channel that analyzes cases of fake news. The section identifies messages that cause distrust and clarifies what is real and what is false. The investigation is carried out jointly by journalists from G1, O Globo, Extra, Época, Valor, CBN, GloboNews and TV Globo. Speeches by politicians are also checked. See the category here
2. Top 5 fake news stories about politics (dfndr lab)
   Node 5th Digital Security Report in Brazil dfdr lab presented a ranking of fake news detections about politics. In first place is a fake news story about Jean Wyllys, which was detected 625,000 times by the security company.

   

Considering the significant news regarding internet security in 2018, it is important to emphasize that preventative methods against cyberattacks should always be a top priority for every connected user.

Managers and IT professionals should prioritize information security , but the main question is: how to do it? Where to start?

The most important actions to improve information security in a company are based on prevention. We have listed 5 of the most relevant actions that should be implemented and periodically reviewed so that the company has an excellent basic level of attention to information security.

• Data backup : There are certain types of security incidents where the only option to recover company information is to restore backups. Maintaining a backup strategy with updated and verified routines is essential. Among other aspects, one should analyze which data will be protected, the frequency of updates, the retention time of the copies, and the storage location of the copies (remembering that it is important to keep copies in a location external to the environment where the company's data is stored).
• Antivirus : It is important to use good antivirus software. Other network protection mechanisms are complementary and do not replace antivirus software. There are free packages that offer a basic level of protection; however, for effective protection, it is recommended that companies invest in acquiring a good antivirus and anti-malware solution.
• Firewall and internet access control : protecting the network with a firewall and blocking harmful links and websites is a very important measure for information security. It's crucial that the solution has a functional and user-friendly management interface, as the ease of viewing reports and the correct configuration of the tool directly impact the efficiency of the protection. An internet access management like Lumiun is an excellent resource for increasing information security in the company , as well as promoting awareness of internet use and assisting in employee productivity .
• Software updates : all programs used on computers and equipment should be updated to the latest versions. The practice of routinely applying updates, whenever they are available, is important for protection against attacks that exploit newly discovered, published, and exploited vulnerabilities. The operating system and internet browsers should receive extra attention, and keeping them updated greatly enhances security.
• Educating employees on best practices for information security : Currently, most attacks involve some improper action taken by a company employee. Mistakes such as clicking on a link in an email containing an incredibly good promotion, without due care and attention to verifying the link that will be opened, are examples of how carelessness can be a vulnerability and an entry point for security problems. Try to educate employees about the importance of information security within the company .

Want more tips on internet security for small and medium-sized businesses? Check out these 11 internet security tips for small and medium-sized businesses.