We recently uncovered messages that target Ashley Madison account holders directly. The sender is attempting to extort/blackmail the individual named in the message to the tune of about $450(USD). The messages state that the sender will mail a letter outlining their activity on the Ashley Madison website to the individual’s home address unless they make a one-time payment to the attacker in the amount of 2 Bitcoins. The threats are backed up with what appears to be data stolen in the breach which include home address, last 4 digits of credit card data and transaction logs. The messages are signed “Impact Team” the same group responsible for the breach itself, though it would be impossible to substantiate that claim.
am_extort2All indications are that the data used in the messages is in fact the real data stolen back in July of this year. We have been anticipating seeing these highly targeted attacks leveraged against the Ashley Madison users who had their data stolen in this breach. These messages might prove highly effective should they make it to the user’s inbox. I would be very surprised if the attacker would actually follow through on their threat, given that, mailing a letter would only leave a paper trail and would not benefit the attacker financially. We have seen malware posing as the Ashley Madison users list on the web already and expect this trend to continue. In addition, we expect to see other email variations aimed at the users list and messages targeting curious onlookers as well.

Only a few days after the Ashley Madison data was released and cybercriminals/ spammers are attempting to capitalize on everyone’s interest. One of the spam campaigns that we have been monitoring attempts to lure in victims by promising to provide a searchable “cheaters list”. The messages pose as CBS News alerts informing the recipient that the searchable list is now available online with a link to the site. Here’s a look at the message:
am_list

The link in the message leads to a shady “background check” website where users overpay for access to information that was already publicly available. It is unclear whether the owners of the background check site were directly responsible for sending the spam or if it was the product of someone taking part if some form of pay-per-click affiliate program.

Many people have taken an interest in the Ashley Madison data, from curious onlookers to suspicious spouses or those with a guilty conscience. In addition to the copies of the user’s lists that are popping up around the internet, there are also lots of new sites that allow you to (or at least make the claim) check an email address to see if it is in the stolen data. In just a few minutes we were able to locate multiple websites where you could check an email address against the Ashley Madison hack.

checker2

However, before doing so everyone should be aware that there is nothing stopping the operators of these sites from logging your information and leveraging that against you in future attacks.

Recent findings from Osterman Research has shown that while currently 62.6 percent of businesses use Exchange on-premises, only 39.4 percent plan to be using Exchange on-premise in two years. Conversely, only 19.6 percent of respondents said that they currently use Exchange Online in Office 365, while 47.2 percent intend to be using it within the next two years. In other words, businesses are ready for the cloud. 

So why are more businesses deciding to migrate to the cloud? 

O00MGHPXG6

Cheaper and easier to maintain: With no expensive on-premise hardware to maintain, automatic updates, and streamlined IT maintenance. 

Improved collaboration: Anyone who has been the unfortunate soul in charge of implementing an entire team’s Excel edits after everyone has made their own changes, some on paper, and then emailed them back when creating a report can vouch for SharePoint’s value. With SharePoint, everyone can make their edits live, which saves time, prevents obfuscation, and prevents your employees from causing bodily harm to each other. Well, maybe at least the first two. 

Data loss reduction: While many fear that the cloud is going to bring about Fahrenheit 451, the reality is that it’s going to prevent it. With the cloud, you don’t have to worry about your employees losing files after their kid drops their laptop, because their files are saved on the cloud.

 Streamlined natural disaster planning: After a natural disaster, getting to the office can be challenging, especially if there’s major damage to roads or employees’ homes. While before your employees would need to lug their physical computer home to work, now they can login to Office 365 and work from home with ease. Additionally, you don’t have to worry about your on-premise servers being damaged with the cloud, so you don’t have to worry about interrupted communication. 

Nearly unlimited storage: If you asked a 14-year old girl why she needs the cloud for her smart phone, she’d tell you, duh, she’d run out of room for her pictures within 48 hours. When you’re a business, running out of storage on your computers and servers can be costly when there’s a need to purchase new hardware to keep up with your files. With the cloud, there’s no need to purchase an external hard drive, because you can buy more cloud storage (if you ever run out) instantly. This goes back to data loss prevention; if it’s in paper or on hardware, it’s subject to be damaged or even lost by the five elements Earth, wind, fire, water, or employees. 

If you’re ready for your business to move to the cloud, or you want to find out more about it, visit http://www.appriver.com/services/office365/default.aspx or contact sales@appriver.com for more information.

 

SCC00WCQ3IReports of stolen Ashley Madison data being posted publicly have now surfaced. The data was stolen last month and shortly thereafter the hacker group responsible threatened to release the data publicly– if the Ashley Madison website (and affiliated site Established Men) were not taken offline entirely. On Tuesday night the alleged data was released via the Dark Web and BitTorrent. Numerous sources have indicated that the data dump is indeed the real thing.

Many users who relied on the site’s promise of privacy may soon find themselves in hot water. That said, Ashley Madison at times never bothered to confirm email addresses being used to register accounts. So, in other words, virtually anyone could register an account using someone else’s email address. Whatever you feel about the breach data being posted publicly, the fact remains that personal and financial data was stolen. With this breach, the hackers only exposed the last four digits of credit card numbers in the data dumps. However, if you suspect that your credit card data has been compromised in a breach you should follow these tips:

  • Notifying card issuer of potential breach,
  • Monitoring cards accounts closely (this can be done by checking statements online regularly and implementing purchase notifications via text or email for all purchases),
  • Credit report monitoring, and
  • Requesting a new card number (an EMV card if it is offered).

Data breaches are showing no immediate signs of slowing. However, the adoption of chip and pin technology here in the U.S. should eventually have some positive impact in reducing these events because it’ll significantly limit how stolen card data can be monetized by the criminals. Currently, card thieves can recreate the basic ‘magnetic strip cards’ (that the majority of us still use) very easily and at a low cost. These cards can then be used to make fraudulent transactions. On the other hand, a chip and pin (EMV) card can’t be easily or cheaply reproduced. This hampers the thieve’s ability to monetize the stolen date by limiting them to non-card-present transactions only (once the technology has been widely adopted by retailers). However, this breach does not appear to be financially motivated but done with hacktivist intent–at least in the minds of the perpetrators.

Today Inc. Magazine announced its list of top 5000 growing private companies. With over $53 million in revenue and a compound growth rate of 74.7 percent, we at AppRiver are celebrating our ninth consecutive appearance on this list! The list of companies who have made the list nine times or more is miniscule, with only 19 IT service companies sharing the honor with us.

support-blueoverlay (1)

In a statement, Inc.’s President and Editor-in-Chief Eric Schurenberg attributed the success of the companies on the list to great leadership, saying, “The story of this year’s Inc. 5000 is the story of great leadership. In an incredibly competitive business landscape, it takes something extraordinary to take your company to the top. You have to remember that the average company on the Inc. 5000 grew nearly six-fold since 2012. Business owners don’t achieve that kind of success by accident.”

Great leadership is certainly a driving force here at AppRiver. Earlier this year, our President and CEO Michael Murdoch won three awards for outstanding leadership, with his business ethics and community devotion being lauded. Those awards include:

  • 2015 Gulf Breeze Rotary Citizen of the Year
  • Inweekly’s Power 100 (no. 25)
  • The University of West Florida and the Combined Rotary Clubs of Pensacola’s 13th Annual Ethics in Business Award (large business sector)

For more information, read our full press release on the announcement.