The year in fraud: 2015 in 13 numbers

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.cio.com/article/3015952/fraud/the-year-in-fraud-2015-in-13-numbers.html
It's that time of year: Round ups, hot takes and eulogies for the year
abound. We're no different, but we're going to tell the story of 2015 a
little differently – through numbers. Thirteen of them to be exact. In no
particular order, here's how hackers and scammers and the many security
flaws they found got us on edge for this year … and the next. 70,000,000

*An anonymous hacker has released records of 70 million phone calls by
inmates in United States prisons and jails to the press – and it suggests
that attorney-client privilege has been routinely violated on a huge
scale. *
50-75 percent

*Recent estimates of the percentage of merchants that lack the new EMV, or
“chip and PIN” payment terminals ranged from 50 percent to as high as 75
percent. Card issuers doing better – that 70 percent will have issued
EMV-enabled cards by the end of the year. *
1,400,000

*After security researchers remotely disabled a Jeep by hacking into its
software for a WIRED magazine story, Chrysler recalled 1.4 million
vehicles. Unlike with a traditional recall, though, owners didn't need to
take their cars back to the dealership. They could download the patch onto
a USB drive, then upload it into their cars.  *
8.68

*Cheaters beware: in July, a group calling themselves Impact Team released
8.68 GB of data about who used AshleyMadison.com, which promised to help
married people have affairs, for anyone to see. The data included customer
email addresses, sales and marketing data. The data not only revealed who
was using the site (including some politicians), but also questioned
whether women using the site were real. *
3

*Expanded charges link three men to last year’s JPMorgan hack, as well as
other incidents, which impacted 83 million households. In court documents
shared with CSO Online, the prosecutors say that between 2012 and 2015, the
three pulled off "the largest theft of customer data from a U.S. financial
institution in history" by stealing the personal information of more than
100 million people. *
90,000

*In 2012, an encrypted laptop was stolen and along with it information on
8,883 patients from EMC and Hartford Hospital. Why include it in a 2015
round up? Because it wasn't until this year that the companies (EMC the
contractor and Hartford Hospital, well, the hospital) agreed to pay $90,000
to the state of Connecticut for the breach. The laptop was stolen from the
home of an EMC employer and has never been recovered. In the agreement, EMC
and the hospital did not admit any potential violations HIPPA. *
75 percent

*Exploit kits are the hot thing with criminals right now. Activity on four
such kits that make up 96 percent of activity increased by 75 percent in
the third quarter of this year compared to the same time last year
according to the Infoblox DNS Threat Index. The kits are used to create
malicious DSN infrastructure. *
334,000

*The IRS hasn't had a great year: in May they announced that more than
100,000 taxpayers had their information stolen. Then in August, they added
another 220,000 people to that roll and put their total estimate at 324,000
poor souls. Hackers made their money by filing fraudulent tax returns and
taking refunds before the real taxpayer can file and claim the money
they're owed. *
6

*When United Airlines announced is bug bounty program, they got a response
from Randy Westergren. And then…well, he says that the airline waited six
months to implement the fix, and only did so after he threatened to out the
vulnerability. The hole allowed hackers change anything about another
passenger's reservation, and was (finally) patched on Nov. 14. *
215,000,000

*Phishing via your home email address to get a hold of your personal
information became so passé in 2015. Instead, hackers targeted business
email addresses with the hopes and tapping into corporate coffers. They had
some success: $215 million of it, according to the FBI. *
85-90

*When looking that what could be identifying factors for a fraudster trying
to shop online with someone else's information, Sift Science found the
highest rates of fraud among users ages 85 to 90 years old. This doesn't
mean senior citizens are suddenly becoming super criminals. Most likely,
fraudsters are pretending to be seniors so they appear to be trusting. *
60 percent

*Hackers are good – and fast. According to the Verizon 2015 Data Breach
Investigations Report, hackers were able to compromise an organization
within minutes 60 percent of the times they tried. In more than 75 percent
of cases, the time to discover such breaches took days. This delay shows
why such attacks can go from bad because they happened to worse because
organizations didn't know about it right away. *
15,000,000

*In April, 25 suspected criminals who stole over $15,000,000 ran smack into
the law. Romanian authorities detained the group, who allegedly hacked into
banks and cloned payment cards. In one instance, they took $9 million from
ATMs in Japan. Authorities might not have gotten everyone though. They the
group has more than 52 members.*

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!