Sneaky IoT light bulbs, a TurboTax hack, and 2018 Cybersecurity stats are in for This Week in Cyber Security: where we highlight a select few of each week's top cyber security stories and share them here. Don't forget to follow our daily blog for more in-depth cyber security and technology news.

The Week of March 1st, 2019:

  • A group of hackers were able to access tax return credentials from TurboTax by using a list of stolen passwords on the Dark Web. Although only one TurboTax user in Vermont was victimized, the hack was possible due to a credential stuffing attack, the act of a hacker automating login attempts by using millions of previous login/password combinations. The victim was able to break through via an easily guessed password that was used in multiple accounts. The tale here is to use unique, complex passwords for all your logins and set up two-factor authentication when possible. (Dark Reading)
  • Google is taking their Android platform to another level of cybersecurity by use of biometrics and security keys instead of traditional passwords for account access. The Fast Identity Online Alliance announced this week that Google’s Android 7.0 platform is now FIDO2-certified, meaning they can use fingerprints or other devices (like Google’s own Security Key, the Titan Key) for primary login credentials, potentially adding security against phishing attacks. Android users to do not have do anything for this addition, provided their device is using OS 7.0 (Android Nougat) or above. (CNET Security)
  • HIPAA and Healthcare security statistics for 2018 have been released in Bitglass’s Healthcare Breach Report and here are need-to-know stats as reported: (Bitglass)
    • There were 290 known healthcare breaches, a three-year low.
    • The number of exposed records nearly doubled from 2017.
    • 46% of victims of healthcare breaches in 2018 were from hacking and IT incidents.
    • The number of breaches from lost/stolen devices fell by nearly 70% since 2014.
    • Nearly 40,000 people were affected per breach, more than double the amount in 2017.
    • 36% of healthcare data breaches in 2018 were fault of unauthorized access of PHI (Protected Health Information).
  • More statistics from 2018 emerged about the rise of SSL (Secure Sockets Layer)-based phishing attacks. According to the 2019 Cloud Security Insights Threat Report, there was an increase of over 400% in phishing attempts over 2017 results, a total of 2.7 million attacks. Another report by Trend Micro revealed they had blocked 269 million fake URLs from phishing attacks last year, which was a 269% increase over 2017. (InfoSec Magazine)
  • Adjusting the smart lights in your home could unknowingly send your personal data to China. A recent report by Dark Cubed covered several cybersecurity threats in IoT (Internet of Things) devices manufactured in that region, particularly smart light bulbs that utilize real-time location sharing. While not every device shared data, through their testing they determined that the average consumer can not tell the difference between which devices do and do not. (Dark Cubed)