Cybersecurity & Data Leaks
Cybersecurity & Data Leaks Defined, Explained, and Explored
What is cybersecurity and why is it important?
Cybersecurity is the protection of hardware devices, software, networks and data from cyber attackers. Cybersecurity can be defined as electronic information security with a goal of protecting against unauthorized access to personal or company data and can be divided into different categories.
Information security is the protection of data integrity whether in storage or in transit.Network security is the act of securing a network of hardware devices from attackers by preventing and responding to attacks and malware using software or IT services.
Application security is the process of making apps more secure by ensuring the underlying software is free from unauthorized code which could manipulate or steal data. This is mostly done during the development phase but also includes methods to protect already deployed apps.
Operational security includes the process of handling and protecting data assets, which includes user permissions, network access, and how and where data is stored.
Business continuity planning and disaster recovery planning include how an organization responds to a cybersecurity threat and the plan of action after an attack has taken place in order to resume normal business operations.
End-user education includes what actions employees or users must take in order to protect business or personal data.
Cybersecurity could be the difference between the success or downfall of a company. The loss of vital information due to an attack could stop an organization in its tracks and force it to close down if the correct steps are not taken to protect/recover the data. The loss or exposure of personal data can also have a devastating impact on not just an organization but on an individual as well. Cybersecurity helps prevent data breaches, identify threats and ransomware as well as aid in risk management.
Organizations with strong network security and good disaster recovery plans are more able to prevent cyberattacks. These organizations need to stay up to date with the latest threats and security trends to ensure they are better positioned to handle attacks.
Types of cybersecurity threats
Malware: a form of software designed to gain unauthorized access to a computer such as worms, computer viruses, spyware, and trojan horses.
Ransomware: a type of malware that typically encrypts user's data and demands a payment for the retrieval of data.
Phishing: a fraudulent attempt to obtain sensitive user information through the use of falsified emails that resemble emails from reputable companies.
Social engineering: a tactic used which relies on human interaction to trick users into revealing sensitive information.
Biggest hacks and data breaches over the last decade
What is the difference between a data breach and a hack? A breach is the unintentional release of sensitive information into an unsafe environment. The root cause of a data breach is normally human error, negligence or incompetence, with no malicious intent. A hack is the modification of software or hardware and is the result of malicious behavior from cybercriminals who want to steal private information. Let's take a look at some of the biggest hacks and data breaches over the last 10 years.
Marriott International: In November 2018, data from 500 million customers was stolen by cybercriminals. The stolen data included guest numbers, passport numbers, credit card numbers and contact information. It is believed to be attributed to a Chinese intelligence group looking to gather data on citizens of the US.
Yahoo: In 2013 and 2014, data from approximately 3 billion users was breached including email addresses, passwords, dates of birth, telephone numbers and other personal data. Hackers were able to gain access to Yahoo’s network through the use of a phishing scheme as a result of poor security.
eBay: In May 2014, Cybercriminals were able to breach the companies network using the details of corporate employees. Personal information from 145 million users was accessed.
Equifax: In May 2017, the credit bureau experienced a data breach that exposed data from over 147 million users. The breach was a result of an application vulnerability on one of the companies websites. Equifax has agreed to pay $700 million to settle federal and state investigations on how the data breach was handled.
Deep Root Analytics: In June 2017, cyber experts found that voter information from 198 million Americans was on a publicly accessible server. It was found that the Republican National Committee had hired Deep Root Analytics which failed to keep voter information safe.
River City Media: In March 2017, 1.4 billion records were leaked after the marketing company River City Media failed to properly configure a backup that ended up placing an entire database of personal information online.
Sony’s PlayStation Network: In April 2011, hackers gained access to personal information from over 77 million users, including full names, passwords, credit card information, home addresses and purchase history. The PlayStation Network service was also down for a month. This is seen as one of the worst gaming community data breaches ever.
Stuxnet: In 2010, a computer worm named Stuxnet was discovered which had caused substantial damage to Iran's nuclear program destroying 984 uranium enrichment centrifuges.
Facebook: In September 2018, the largest breach in the history of Facebook was discovered. The personal data of nearly 50 million users were exposed after the Facebook network was attacked and hackers gained access to user accounts. The attack followed a scandal the previous year where Cambridge Analytica had gained access to the private information of 87 million users.
Cryptocurrency exchanges and wallets are a huge target for hackers, gaining hundreds of millions of dollars over the past few years. Let's take a look at some of the biggest hacks and data breaches in the crypto space.
MT. Gox: The exchange fell victim to multiple attacks between 2011 and 2014 resulting in roughly 750,000 customers Bitcoin and roughly 100,000 of its own worth $473 million at the time, being stolen by hackers. This led to the exchange declaring bankruptcy and closing down.
Upbit: In November 2019, the exchange lost 342,000 Ethereum worth $49 million at the time, do to an “abnormal transaction”.
Bitfinex: In August 2016 the exchange was hacked and lost 119,756 Bitcoin making it the second biggest Bitcoin hack in history. The attackers took advantage of a vulnerability in the multi-sig system used for signing withdrawals.
Bithumb: Less than a year after losing $31 million to a hack, Bithumb was hacked again in March 2019 losing another $13 million worth of EOS and $6.2 million in XRP. Bithumb has suspected this to be an inside job.
Bitcoinica: In 2012 the Bitcoin trading platform suffered multiple attacks and resulted in 65,250 Bitcoin being stolen by hackers. This happened as a result of the trading platform storing large amounts of cryptocurrencies in a hot wallet, which is online rather than a cold wallet stored offline.
Binance: In August 2019, Binance fell victim to a hack which resulted in 7,000 Bitcoin, worth over $40 million at the time, being stolen as well as 2FA codes and API tokens. The exchange fell victim to another hack in 2018 leading to millions of users KYC being leaked publicly.
Parity Multi-Sig Wallet: After multiple smart-contract vulnerabilities were found and exploited, $30 million in Ethereum was stolen with another $154 million remaining stuck in the affected wallets.
Other hacks including many other top crypto exchanges led to a total of $292 million and 510,000 user logins were stolen in 2019 alone. The lesson we can learn here: Not your keys, not your coins. Never store your assets on exchanges.
How RiveX can protect you from personal data exposure and loss of funds due to platform hacking
With cryptocurrencies being a prime target for hackers, its important for businesses and end-users to protect their data and funds. How can RiveX help?
RX Enterprise Chain
With RiveX developing enterprise blockchain solutions, permissioned private chains can be used to protect sensitive data. RX Enterprise Chain solutions offer privacy protection as one of the core features using one-time accounts and ring signature systems developed by leading cryptography experts.
Decentralized Digital Signatures
RiveX is currently developing blockchain-based digital signatures for any type of document. This will enhance the security of sensitive files using next-gen digital signatures.
WRDEX and RX Wallet
A decentralized exchange being developed by RiveX and Wanchain backed by Wanchain’s storeman nodes. Why is a decentralized exchange safer than the centralized counterpart? It comes down to your keys your coins. When using a centralized exchange, you are trusting a third-party with your assets. With a decentralized exchange, you control your own assets and the private keys to your wallets. This removes the risk of relying on a centralized party to keep your assets safe. You will be able to access the WRDEX using the RX Wallet which supports secure two-factor authentication and fingerprint recognition for the mobile wallet for added security.
How can you protect yourself?
In this day and age, since cryptocurrencies have become so popular, it is important to take various security measures to protect yourself since you are at risk of hacks and data breaches more than ever.
Make sure your PC is secure: Keep your operating system and antivirus software up to date. Consider switching to Linux, Qubes or Unix as they are all far more secure than Windows and macOS.
Use extra strong passwords: Ensure your password includes upper and lower case letters, numbers and special symbols. Never reuse the same password with another exchange or wallet. Don’t use passwords that would be easy to guess, such as your date of birth, etc.
Do not use mobile authentication: Never use a mobile SMS-based authenticator as it is becoming increasingly easy for attackers to port your number over and steal your one-time pin. Instead, rather use an authenticator app such as Google Authenticator which uses far more secure time based one-time pins.
Never hold cryptocurrencies on exchanges: Instead, store your coins in a wallet you control, such as a desktop wallet. The safest way of storing your crypto assets is to use a paper wallet or hardware wallets such as Ledger or Trezor wallet. Both have their pros and cons.
Stay safe online: Stay aware of your browser, stay off of non-secure websites, install an ad blocker so your online activities aren't tracked by ads, don’t click on unknown links, don’t download unknown files and use messengers with end-to-end encryption such as Telegram.
A tip for staying safe on Telegram — Remember that admins will never DM you first or ask for any funds or private keys. Anyone who sends you a message first claiming to be an admin is likely a scammer. Never fill in any forms provided by “admins” asking for personal information.