Category Archives: dark web

Retro video game website Emuparadise suffered a data breach

Retro video game website Emuparadise revealed to have suffered a data breach that exposed 1.1 Million accounts back in April 2018.

Emuparadise is a website that offers tons of roms, isos and retro video games, users can download and play them with an emulator or play them with the web browser.

The security breach occurred in April 2018 and exposed account information for approximately 1.1 million Emuparadise forum members.

Since August 2018, Emuparadise no longer host game ROMs, anyway it continued to offer any kind of info for retro video games and operated community forums.

Emuparadise hacki

Over the weekend, some Emuparadise forum members reported to have received data breach notification notices from the popular services Have I Been Pwned and HackNotice. The notices notify them of the security breach and inform them that their data were exposed as part of the data breach that occurred in April 2018.

The notice issued by the service Have I Been Pwned states that 1,131,229 accounts from Emuparadise forums were exposed in an incident occurred in April 2018. The forums run on a vBulletin CMS, a very popular platform, but older versions are known to be vulnerable to several issues.

HIBP received the data from dehashed.com on June 9th, 2019, exposed info includes mail addresses, IP address, usernames and passwords stored as salted MD5 hashes.

“In April 2018, the self-proclaimed “biggest retro gaming website on earth”, Emupardise, suffered a date breach.” states Have I Been Pwned. “The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes.

At the time of writing, it is not known how DeHashed obtained the huge trove of data.

Experts pointed out that Emuparadise data are offered for sale in the cybercrime underground and on hacking forums since early 2019.

Pierluigi Paganini

(SecurityAffairs – Emuparadise, hacking)

The post Retro video game website Emuparadise suffered a data breach appeared first on Security Affairs.

Threatlist: Targeted Espionage-as-a-Service Takes Hold on the Dark Web

One in four underground merchants offer advanced hacking services, once reserved for APTs and well-funded organized crime gangs.

Criminals are selling hacking services targeting world’s biggest companies

A new study – undertaken by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and underwritten by Bromium – provides details of first-hand intelligence gathered from covert discussions with dark net vendors, alongside analysis by a panel of global industry experts across law enforcement and government. Network compromise tools and services on the dark net Key findings: 4 in 10 dark net vendors are selling targeted hacking services aimed at FTSE … More

The post Criminals are selling hacking services targeting world’s biggest companies appeared first on Help Net Security.

Tor Project released Tor Browser 8.5.1 for Windows, Mac, Linux, and Android

A new version of the popular Tor Browser was released by the Tor Project, it is Tor Browser 8.5.1 for Windows, Mac, Linux, and Android.

The Tor Project has released Tor Browser 8.5.1 for Windows, Mac, Linux, and Android, the new version of the popular anonymizing browser.

This release includes a temporary fix for a known WebGL fingerprinting technique. Tor 8.5.1 can be downloaded for free from the Tor Browser download page and from the distribution directory.

Tor Browser 8.5.1

The development team disabled WebGL readPixel() function that could be abused to fingerprint a Tor Browser user. 

“Tor Browser 8.5.1 is the first bugfix release in the 8.5 series and aims at mostly fixing regressions and providing small improvements related to our 8.5 release.” reads the announcement from the Tor Project. “Additionally, we disable the WebGL readPixel() fingerprinting vector, realizing, though, that we need a more holistic approach when trying to deal with the fingerprinting potential WebGL comes with.”

The developers defined this fix a temporary solution that needs a more holistic approach.

Bwloe the full changelog since Tor Browser 8.5:

  • All platforms
    • Update Torbutton to 2.1.10
      • Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
      • Bug 30464: Add WebGL to safer descriptions
      • Translations update
    • Update NoScript to 10.6.2
      • Bug 29969: Remove workaround for Mozilla’s bug 1532530
    • Update HTTPS Everywhere to 2019.5.13
    • Bug 30541: Disable WebGL readPixel() for web content
  • Windows + OS X + Linux
    • Bug 30560: Better match actual toolbar in onboarding toolbar graphic
    • Bug 30571: Correct more information URL for security settings
  • Android
    • Bug 30635: Sync mobile default bridges list with desktop one
  • Build System
    • All platforms
      • Bug 30480: Check that signed tag contains expected tag name

Pierluigi Paganini

(SecurityAffairs – Tor Browser 8.5.1, Tor Project)

The post Tor Project released Tor Browser 8.5.1 for Windows, Mac, Linux, and Android appeared first on Security Affairs.

Cryptocurrency Scammers Uses Youtube For Promotion

Are you a cryptocurrency enthusiast and loves watching Youtube videos about Bitcoins and other cryptocurrencies? If yes, then be very alert about Youtube channels you visit. Youtube, being the home of millions of content creators and online video consumers is teeming with scammers and phishers. Google has for quite some time is now actively taking down the videos hosting malicious links in the description portion of the video and even the entire Youtube channel. However, campaigns in Youtube promoting “Bitcoin generator” programs which claim as an easy way of creating bitcoins painlessly continue to rise one after another.

The Bitcoin generator tool is nothing but an espionage program that steals user information from the computer upon its execution. Videos promoting bitcoin generator website named freebitco.in continue to get re-uploaded on another Youtube channel once Google takes it down. Upon close inspection by researchers, the payload uses the infamous Qulab espionage trojan, which installs itself to Windows under the directory: %AppData%\amd64_microsoft-windows-netio-infrastructure under the file named msaudite.module.exe. The payload once installed in the system is able to gather information from .wallet files (cryptocurrency wallets), gather text information and save it to .txt files, browser persistent cookies, login credentials stored in the cache of Steam, FileZilla and Discord. Qulab trojan is also loaded with the capability to steal the information from the Windows clipboard, then immediately switch it with different data, which is useful when it comes to capturing cryptocurrency transfers.

Bitcoin generator, though using the name of Bitcoin supports the theft of other cryptocurrency aside from BTC. The following cryptocurrencies are also targeted by Bitcoin generator to monitor transactions with:

  • WMZ
  • WME
  • Qtum
  • Litecoin
  • Doge
  • Bytecoin
  • ZCash
  • WMX
  • VIA
  • QIWI
  • Graft
  • Dash
  • Bitcoin Gold
  • Yandex Money
  • WMU
  • Stratis
  • Neo
  • Ethereum
  • Lisk
  • Bitcoin Cash
  • Waves
  • WMR
  • Steam Trade Link
  • Monero
  • Electronium
  • Cardano

An extensive blog post on fumik0.com is posted which provides all the details on how Qulab performs its “magic” of stealing information beyond the scope of this article. According to fumik0.com, a more advanced version of Qulab has more capabilities beyond cryptocurrency wallet theft and other common keylogging techniques. Some of which are:

  • Browser stealing
  • Wallet Clipper
  • FTP creds
  • Discord / Telegram logs
  • Steam (Session / Trade links / 2FA Authenticator by abusing a third party software)
  • Telegram Bot through a proxy
  • Grabber

Qulab is a sophisticated trojan, as it was developed under a combination of modules programmed in Delphi, C, .NET and C++, which fumik0.com calls an exotic malware. Following the template set by AutoIT scripts (sold in the Dark Web), which automates trojan development through code-reuse or code-recycling. Fumik0.com opened a GitHub page where a working proof-of-concept explaining the fundamentals of AutoIT is explained. “These libraries have been written to allow easy integration into your own scripts and are a very valuable resource for any programmer,” explained fumik0.com.

The authors of Qulab provided a module within the malware code for itself to perform a “garbage collection” algorithm to bypass detection. With an entourage of features, Qulab uses a lot of memory, hence such portion of memory cannot be used by the operating system and other programs. With memory capacity reaching its full utilization, Windows will be forced to use the hard drive as virtual memory, which will be felt by end-users as the computer’s performance takes a hit.

Related Resources:

Malicious YouTube ads used to mine cryptocurrency

Scranos Rootkit Auto-Subscribes Users To Selected Youtube Channels

Youtube Video Content Creators and Channel Subscribers Cautioned Of Malicious Posers

The post Cryptocurrency Scammers Uses Youtube For Promotion appeared first on .

Past, present, and future of the Dark Web

Which is the difference between the Deep Web and Dark Web? Considerations about past, present, and future of the Dark Web.

These are intense days for the Dark Web. Operations conducted by law enforcement agencies lad to the arrests of many individuals and the closure of the most popular Black Marketplaces, many of which remained alive over the years.

Operators behind the principal black markets made a lot of money, let’s think of managers of the Wall Street Market and Valhalla recently seized by feds. These are historic points of aggregations where it was possible to buy drugs, weapons, and any kind of hacking tools.

The icing on the cake was a US research that decreed how the size of the Dark Web was significantly lower than previously thought. This isn’t a novelty for the experts that are studying dark web and its evolution.

Unfortunately there is too much confusion between the term deep web and dark web, many videos on YouTube channels provide wrong information. Misinterpretation, superficiality, some times simple profits, these are the root cause of the confusion. This misinformation is extremely dangerous for kids, first consumers of videos published on the principal social media platform. Some videos show that is very simple to buy drugs securely or explain how to hack a website. Describing these phenomena, some journalists have been labeled “as experts on the dark web”.

The Dark Web is just a portion of the Deep Web, its access is quite simple and doesn’t require any specific technological skill. It is very easy to access to the Tor network or browse content on other anonymizing networks like I2P.

I started this research on September 2016, when I started writing my my book, “The Prison of the Humanity – from the deep web to 4.0 the new digital prisons”.

THE ICEBERG

Dark Web 1

An Iceberg has always been used as a visual representation of the Internet world. The visible peak, which represents the smallest part of the iceberg, that many have mistakenly associated with the clear web: is the part reachable by search engines.

Even a child could easily wonder: how can billions of sites visible to internet users represent 5% of the internet itself?

Exactly, how?

The Deep Web is composed of the content of the www that is not indexed by search engines. Try to imagine the site of a Provider that offers voice or connectivity services to millions of people, families and companies. Its files are not indexable by search engines. Try to think of a banking site with millions of account holders who keep the history of transactions, deposits, investments for years and years, without obviously being accessible to the entire web population.

Let’s also include all information by the IOT devices that are connected online by that that cannot be accessed for obvious reasons.

Well, not you can have an idea about the dimension of the deep web.

THE DARK WEB

What is the Dark Web? It is a non-indexed subset of the Deep Web. Accessible through TOR and other software, it has a size that is incalculable if we use imagination. In fact, there could be many .onion sites, an extension of the domains inside the TOR network, which are not indicated by the Hidden Wiki, a sort of Wikipedia of onion Links. Furthermore, each website can have sublevels that could reach infinity.

But here we talk about legends. We go into the merits of my research which is based on the facts and experience of three years of journalistic navigation in the Dark Web where not only do you have browsed dozens of Directories, but you have visited at least 100,000 sites.

My search is based on 100,000 sites that I have personally visited and that can be easily classified into very few categories that I will explain to you with brief descriptions:

Information:

The spirit of the Dark Web includes precisely the freedom of expression with portals that give “uncomfortable” or “alternative” news in countries where there is censorship. There are many sites in multiple languages ​​that refer to ideological and collective movements, due to the greater number of Anarchist derivations, but there are also movements that promote the defense of online privacy. So there is so much counter-information and the most obvious example that I always carry forward is the version of the Bible translated into the languages ​​of the countries where it is strictly prohibited.

Black Markets:

They are the heart of the Dark Web in economic terms, needless to say that it is impossible to count them verify their reliability, but they are certainly the points of aggregation for several million users and unscrupulous sellers that offer drugs, weapons, medicines requiring medical prescription, bank credential and personal data of unsuspecting users, steroids and hacking guides.

Empty or non-functional web pages:

Empty pages, typical errors displaying code 404 that feed the list of the .onion domains in the directories.

Scam

There are many sites that promise the same services as Black Markets, including hitman services, hacking services, money laundering services… but they are only services operated by scammers.

Directories – Search Engines

There are many directories that offer the same links, Hidden Wiki services that offer a guide to the principal links in the Dark Web, but it is clear that the hidden Wiki is one and the original not only reports the links to the sites but also provides an “obscure and forbidden” encyclopedia service similar to the best known Wikipedia. The presence of search engines that are similar to Google are also frequent, but they do not always find the result that they hope for.

Child pornography-pornography-violence on animals-GORE

There are many pornographic sites on the clear web, but pornography in the dark web takes on gruesome tones. Violence, child abuse, snuff movies and extreme sex are very common. The sites that belong to these categories are divided into different types: chat rooms, traditional websites or service containers. The chats are usually open and there is a remarkable exchange of multimedia files for free. Then there are the forums that need registration, they offer audio/video content or images, and also provide suggestions on how to kill people or how to eat them in ritual cannibalism. Furthermore, there are many child pornography sites on the dark web that point to the largest online sharing platforms, such as Satoshi box or Megaupload, where it is possible to pay to download packages of illegal content.

Websites – Forums

They are normal websites that deal with different topics, including forums that represent meeting points for users that discuss legal and non-legal issues. There are many blogs that for the greater part deal with issues of cybersecurity and the rights of the digital population in terms of consumer protection and privacy.

Honeypots

Consider sites belonging to the above categories, in many cases they are traps set up by the law enforcement agencies to attempt to identify criminals. The dark web is full of honeypots.

CONCLUSIONS

Let’s conclude with some statistic on the composition of the Dark Web:

  • Not Working: 45%
  • Scam: 44%
  • Websites – Forums: 6%
  • Child pornography – Gore: 4%
  • Directories – search engines: 0.5%
  • Information: 0.3%
  • Black Markets: 0.2%

At this time, it is not possible to determine the exact number of Black Markets, anyway, it is really limited. Terrorism is an irrelevant phenomenon in terms of propaganda. It is also impossible to determine the diffusion of honeypots.

The real question is not how big is the Dark Web, but what will happen after the operations conducted law enforcement?

Who will be its users? Will Black Markets still exist?

Or is the Dark Web itself a honeypot for criminals, anarchists, terrorists and. pedophiles?

These doubts are legitimate, given that the military origins of the most popular anonymizing network.

About the Author: Livio Varriale

Pierluigi Paganini

(SecurityAffairs – Dark Web, crime)



The post Past, present, and future of the Dark Web appeared first on Security Affairs.

Feds Bust Up Dark Web Hub Wall Street Market

Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) — in exchange for not publishing details of the transactions.

The now-defunct Wall Street Market (WSM). Image: Dark Web Reviews.

A complaint filed Wednesday in Los Angeles alleges that the three defendants, who currently are in custody in Germany, were the administrators of WSM, a sophisticated online marketplace available in six languages that allowed approximately 5,400 vendors to sell illegal goods to about 1.15 million customers around the world.

“Like other dark web marketplaces previously shut down by authorities – Silk Road and AlphaBay, for example – WSM functioned like a conventional e-commerce website, but it was a hidden service located beyond the reach of traditional internet browsers, accessible only through the use of networks designed to conceal user identities, such as the Tor network,” reads a Justice Department release issued Friday morning.

The complaint alleges that for nearly three years, WSM was operated on the dark web by three men who engineered an “exit scam” last month, absconding with all of the virtual currency held in marketplace escrow and user accounts. Prosecutors say they believe approximately $11 million worth of virtual currencies was then diverted into the three men’s own accounts.

The defendants charged in the United States and arrested Germany on April 23 and 24 include 23-year-old resident of Kleve, Germany; a 31-year-old resident of Wurzburg, Germany; and a 29-year-old resident of Stuttgart, Germany. The complaint charges the men with two felony counts – conspiracy to launder monetary instruments, and distribution and conspiracy to distribute controlled substances. These three defendants also face charges in Germany.

Signs of the dark market seizure first appeared Thursday when WSM’s site was replaced by a banner saying it had been seized by the German Federal Criminal Police Office (BKA).

The seizure message that replaced the homepage of the Wall Street Market on on May 2.

Writing for ZDNet’s Zero Day blog, Catalin Cimpanu noted that “in this midst of all of this, one of the site’s moderators –named Med3l1n— began blackmailing WSM vendors and buyers, asking for 0.05 Bitcoin (~$280), and threatening to disclose to law enforcement the details of WSM vendors and buyers who made the mistake of sharing various details in support requests in an unencrypted form.

In a direct message sent to my Twitter account this morning, a Twitter user named @FerucciFrances who claimed to be part of the exit scam demanded 0.05 bitcoin (~$286) to keep quiet about a transaction or transactions allegedly made in my name on the dark web market.

“Make it public and things gonna be worse,” the message warned. “Investigations goes further once the whole site was crawled and saved and if you pay, include the order id on the dispute message so you can be removed. You know what I am talking about krebs.”

A direct message from someone trying to extort money from me.

I did have at least one user account on WSM, although I don’t recall ever communicating on the forum with any other users, and I certainly never purchased or sold anything there. Like most other accounts on dark web shops and forums, it was created merely for lurking. I asked @FerucciFrances to supply more evidence of my alleged wrongdoing, but he has not yet responded.

The Justice Department said the MED3LIN moniker belongs to a fourth defendant linked to Wall Street Market — Marcos Paulo De Oliveira-Annibale, 29, of Sao Paulo, Brazil — who was charged Thursday in a criminal complaint filed in the U.S. District Court in Sacramento, California.

Oliviera-Annibale also faces federal drug distribution and money laundering charges for allegedly acting as a moderator on WSM, who, according to the charges, mediated disputes between vendors and their customers, and acted as a public relations representative for WSM by promoting it on various sites.

Prosecutors say they connected MED3LIN to his offline identity thanks to photos and other clues he left behind online years ago, suggesting once again that many alleged cybercriminals are not terribly good at airgapping their online and offline selves.

“We are on the hunt for even the tiniest of breadcrumbs to identify criminals on the dark web,” said McGregor W. Scott, United States Attorney for the Eastern District of California. “The prosecution of these defendants shows that even the smallest mistake will allow us to figure out a cybercriminal’s true identity. As with defendant Marcos Annibale, forum posts and pictures of him online from years ago allowed us to connect the dots between him and his online persona ‘Med3l1n.’ No matter where they live, we will investigative and prosecute criminals who create, maintain, and promote dark web marketplaces to sell illegal drugs and other contraband.”

A copy of the Justice Department’s criminal complaint in the case is here (PDF).

Cyber Security Roundup for April 2019

The UK government controversially gave a green light to Huawei get involved with the building of the UK's 5G networks, although the Chinese tech giant role will be limited to non-sensitive areas of the network, such as providing antennas. This decision made by Theresa May came days after US intelligence announced Huawei was Chinese state funded, and amidst reports historical backdoors in Huawei products, stoking up the Huawei political and security row even further this month, and has resulted in the UK Defence Secretary, Gavin Williamson, being sacked. 
The National Cyber Security Centre (NCSC) launched a free online tool called "Exercise in a Box", designed by the UK cyber intelligence boffins to help organisations prepare in managing major cyber attacks.  The premise, is the tool will help UK organisations avoid scenarios such as the 2017’s Wannacry attacks, which devastated NHS IT systems and placed patient lives at risk.
 
German drug manufacturing giant, Beyer, found a malware infection, said to originate from a Chinese group called "Wicked Panda".  The malware in question was WINNIT, which is known in the security industry and allows remote access into networks, allowing hackers to deliver further malware and to conduct exploits. In my view, the presence of WINNIT is a sure sign a covert and sustained campaign by a sophisticated threat actor, likely focused on espionage given the company's sector.  Beyer stressed there was no evidence of data theft, but were are still investigating. 
 
Another manufacturing giant severely hit by a cyber attack this month was Aebi Schmidt. A ransomware outbreak impacted its business' operations globally, with most of the damage occurring at their European base. The ransomware wasn't named, but it left multiple Windows systems, on their presumably flat network infrastructure, paralyzed.
 
Facebook may have announced the dawn of their "privacy evolution" at the end of April, but their privacy woes still continue, after Upguard researchers found and reported 540 Million Facebook member records on an unsecured AWS S3 bucket. The "Cultura Colectiva" dataset contained 146GB of data with 540 million records showing comments, likes, reactions, account names, Facebook IDs and more. Looks like Facebook really have their work cut in restoring their consumer's faith in protecting their privacy.
 
UK businesses saw a significant increase in cyber attacks in 2019 according to a report by insurer Hiscox, with 55% of respondents reporting they had faced a cyber attack in 2019, up from 40% from last year.
 
A survey by the NCSC concluded most UK users are still using weak passwords. Released just before CyberUK 2019 conference in Glasgow, which I was unable attend due work commitments, said the most common password on breached accounts was"123456", used by 23.2 million accounts worldwide. Next on the list was "123456789" and "qwerty", "password" and "1111111".  Liverpool was the most common Premier League Football team used as a password, with Blink 182 the most common music act. The NCSC also published a separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches. So password still remains the biggest Achilles' heel with our security.

The UK hacktivist threat came back to the fore this month, after the Anonymous Group took revenge on the UK government for arresting WikiLeaks founder Julian Assange, by attacking Yorkshire Councils. I am not sure what Yorkshire link with Assange actually is, but the website for Barnsley Council was taken down by a DDoS attack, a tweet from the group CyberGhost404 linked to the crashed Barnsley Council website and said "Free Assange or chaos is coming for you!". A tweet from an account called 'Anonymous Espana' with an image, suggested they had access to Bedale Council's confidential files, and were threatening to leak them. 
 
Microsoft Outlook.com, Hotmail and MSN users are reported as having their accounts compromised. TechCrunch revealed the breach was caused due to the hackers getting hold of a customer support tech's login credentials. Over two million WiFi passwords were found exposed on an open database by the developer of WiFi Finder. The WiFi Finder App helps to find and log into hotspots.  Two in every three hotel websites leak guest booking details and personal data according to a report. Over 1,500 hotels in 54 countries failed to protect user information.
 
Finally, but not lest, a great report by Recorded Future on the raise of the dark web business of credential stuffing, titled "The Economy of Credential Stuffing Attacks". The report explains how low-level criminals use automated 'checkers' tools to validate compromised credentials, before selling them on.

I am aware of school children getting sucked into this illicit world, typically starts with them seeking to take over better online game accounts after their own account is compromised, they quickly end up with more money than they can spend. Aside from keeping an eye on what your children are up to online as a parent, it goes to underline the importance of using unique complex passwords with every web account (use a password manager or vault to help you - see password security section on the Security Expert website). And always use Multi-Factor Authentication where available, and if you suspect or have are informed your account 'may' have compromised, change your password straight away.

BLOG
 NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS

How to Safeguard Your Family Against A Medical Data Breach

Medical Data BreachThe risk to your family’s healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed.

That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From there, depending on the security measures your physician, healthcare facility, or healthcare provider has put in place, your data is either safely stored or up for grabs.

It’s a double-edged sword: We all need healthcare but to access it we have to hand over our most sensitive data armed only with the hope that the people on the other side of the glass window will do their part to protect it.

Breaches on the Rise

Feeling a tad vulnerable? You aren’t alone. The stats on medical breaches don’t do much to assuage consumer fears.

A recent study in the Journal of the American Medical Association reveals that the number of annual health data breaches increased 70% over the past seven years, with 75% of the breached, lost, or stolen records being breached by a hacking or IT incident at a cost close to consumers at nearly $6 billion.

The IoT Factor

Medical Data Breach

Not only are medical facilities vulnerable to hackers, but with the growth of the Internet of Things (IoT) consumer products — which, in short, means everything is digitally connected to everything else — also provide entry points for hackers. Wireless devices at risk include insulin pumps and monitors, Fitbits, scales, thermometers, heart and blood pressure monitors.

To protect yourself when using these devices, experts recommend staying on top of device updates and inputting as little personal information as possible when launching and maintaining the app or device.

The Dark Web

The engine driving healthcare attacks of all kinds is the Dark Web where criminals can buy, sell, and trade stolen consumer data without detection. Healthcare data is precious because it often includes a much more complete picture of a person including social security number, credit card/banking information, birthdate, address, health care card information, and patient history.

With this kind of data, many corrupt acts are possible including identity theft, fraudulent medical claims, tax fraud, credit card fraud, and the list goes on. Complete medical profiles garner higher prices on the Dark Web.

Some of the most valuable data to criminals are children’s health information (stolen from pediatrician offices) since a child’s credit records are clean and more useful tools in credit card fraud.

According to Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research, predictions for 2019 include criminals working even more diligently in the Dark Web marketplace to devise and launch more significant threats.

“The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before,” Says Samani.

Medical Data Breach

Healthcare professionals, hospitals, and health insurance companies, while giving criminals an entry point, though responsible, aren’t the bad guys. They are being fined by the government for breaches and lack of proper security, and targeted and extorted by cyber crooks, while simultaneously focusing on patient care and outcomes. Another factor working against them is the lack of qualified cybersecurity professionals equipped to protect healthcare practices and facilities.

Protecting ourselves and our families in the face of this kind of threat can feel overwhelming and even futile. It’s not. Every layer of protection you build between you and a hacker, matters. There are some things you can do to strengthen your family’s healthcare data practices.

Ways to Safeguard Medical Data

Don’t be quick to share your SSN. Your family’s patient information needs to be treated like financial data because it has that same power. For that reason, don’t give away your Social Security Number — even if a medical provider asks for it. The American Medical Association (AMA) discourages medical professionals from collecting patient SSNs nowadays in light of all the security breaches.

Keep your healthcare card close. Treat your healthcare card like a banking card. Know where it is, only offer it to physicians when checking in for an appointment, and report it immediately if it’s missing.

Monitor statements. The Federal Trade Commission recommends consumers keep a close eye on medical bills. If someone has compromised your data, you will notice bogus charges right away. Pay close attention to your “explanation of benefits,” and immediately contact your healthcare provider if anything appears suspicious.

Ask about security. While it’s not likely you can change your healthcare provider’s security practices on the spot, the more consumers inquire about security standards, the more accountable healthcare providers are to following strong data protection practices.

Pay attention to apps, wearables. Understand how app owners are using your data. Where is the data stored? Who is it shared with? If the app seems sketchy on privacy, find a better one.

How to Protect IoT Devices

Medical Data Breach

According to the Federal Bureau of Investigation (FBI), IoT devices, while improving medical care and outcomes, have their own set of safety precautions consumers need to follow.

  • Change default usernames and passwords
  • Isolate IoT devices on their protected networks
  • Configure network firewalls to inhibit traffic from unauthorized IP addresses
  • Implement security recommendations from the device manufacturer and, if appropriate, turn off devices when not in use
  • Visit reputable websites that specialize in cybersecurity analysis when purchasing an IoT device
  • Ensure devices and their associated security patches are up-to-date
  • Apply cybersecurity best practices when connecting devices to a wireless network
  • Invest in a secure router with appropriate security and authentication practices

The post How to Safeguard Your Family Against A Medical Data Breach appeared first on McAfee Blogs.