The Cost of Doing Business, Pt.1
MOAB and the Extent of the
Problem
And I'm sure it wouldn't interest anybody
Outside of a small circle of friends.
— Outside of a Small Circle of Friends, Phil Ochs
Ten years ago, a brilliant young software engineer who I know and love, made the incredibly naive statement that the problems associated with malware and hacking were "simply the cost of doing business." This specious on its face statement reflected his understandable lack of knowledge possessed by the young man of how business costs are ultimately born by Consumers, as businesses build those extra costs into their pricing models. It also reflected a surprising lack of understanding of the interconnectedness of the Internet itself.
Of course, in December 2013, there was a dearth of accumulated knowledge about the impacts of worldwide cyber events, especially on how these events impact actual Consumers. Today, however, if one desires to know exactly what are the impacts of cyber events on Consumers, all one needs do is simply look for the sheer number of cyberattacks that cannot, or should not, be ignored. Except, of course, by Consumers themselves, who simply wallow in their ignorance, apathy, and lack of caring about their own security. As this year of 2024 progresses, however, Consumers' default position of "ignorance is bliss" will increasingly become untenable. The hidden of costs of cyberattacks, I predict, will become obvious and, thus, impossible to ignore.
In the week this article is written, the cyber news was ablaze with news from Cybernews, January 23, 2024, which reported on the findings by security researchers at SecurityDiscovery.com. This reporting is about facts concerning what is being called the Mother of All Breaches (MOAB). Summarized simply, the cybersleuths at SecurityDiscovey have complied a list of all the email addresses that have been compromised in many different data breaches. The list is culled from "records from thousands of meticulously compiled and reindexed leaks, breaches, and privately sold databases," as Cybernews reported in the article cited above.
What is eye opening about this reporting is the number of popular websites, and some not well-known to most American Consumers, that have been breached. Among those sites beached are Twitter with 281 million email addresses leaked; Adobe with 153 million email addresses compromised; and LinkedIn had 151 million visitor addresses harvested.
According to the published report, "The MOAB contains 26 billion records over 3,800 folders, with each folder corresponding to a separate data breach." The Cybernews report explicitly explains why the situation should be of concern to anyone affected.
The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts, the researchers said.
Two years ago, January 9, 2022, this blog introduced Readers to the "Have I Been Pwnd?" website. Now Cybernews has its own iteration of the Have I been pwnd? website. I randomly entered several clients' email addresses into the tool shown below, including the 3 email addresses I use. About half of all the addresses I entered had been compromised, including a gmail address that I use. That gmail address of mine has been a spam magnet for some time. A changed that password, as I had advised others to do.
You can also use the tool to check if your telephone number has also been compromised. Fortunately, my phone number did not show it having been compromised. That was a relief. As I certainly couldn't change that telephone number. I did not check anyone else's telephone number. What would I say to them if their phone number had been compromised?
Of those I had contacted, only one person thanked me for my efforts. And isn't that the problem? The vast majority of computer users simply do not seem to care much whether they had been compromised or not. I know this to be true because of too many conversations I have had with people who are frequently inundated with fake AV alerts; and do nothing but click on it to close. And only to have that nasty little critter pop up again and again.
Gerald Reiff
| Back to Top | ← previous post | next post TBA → |
| If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal | ||