The Week in Breach: 02/12/20 – 02/18/20
This week, companies are slow to stop phishing attacks, ransomware disrupts productivity, and IBM’s latest threat analysis outlines trends for 2020.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: High-Tech & IT
Top Employee Count: 501+ Employees
United States – Altice USA
Exploit: Phishing Attack
Altice USA: Cable and internet provider
|Risk to Small Business: 2 = Severe: A phishing scam tricked an employee into providing hackers with email credentials that were used to access and download inbox content remotely. Although the breach was announced on February 5th, the phishing scam was executed in November 2019. It wasn’t discovered until December 2019, which raises questions about the company’s data security capabilities and notification strategy. As a result, Altice USA will have a difficult time restoring customer confidence, which will be critical to recovering from this preventable data breach.|
Individual Risk: 2.285 = Severe: Customers’ personal information was compromised in the breach. This includes Social Security numbers, birth dates, and other personal details. The company claims that financial information was untouched by the breach and is offering free identity and credit monitoring services for affected victims to protect compromised data.
Customers Impacted: 12,000
How it Could Affect Your Customers’ Business: Phishing attacks are easy to deploy, and they are devastating to companies compromised by malicious messages. Although security processes are unlikely to keep all phishing emails out of their employees’ inboxes, they can render the attacks useless by providing comprehensive awareness training that teaches and trains employees to identify phishing scams.
ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – St. Louis Community College
Exploit: Phishing Attack
St. Louis Community College: Public academic institution
|Risk to Small Business: 2.111 = Severe: Several employees fell for a phishing scam that compromised students’ personal information. The phishing scam, which took place on January 13th, happened just weeks before the school implemented two-factor authentication on January 31st. If this effective defensive measure was in place sooner, hackers would not have been able to access employee accounts, even after they provided their credentials on a phishing form. In response, the college is retraining employees who clicked on a phishing email, and they are updating their procedures to prevent a similar event in the future.|
Individual Risk: 2.428 = Severe: Students’ personal data was compromised in the breach, including names, ID numbers, dates of birth, addresses, phone numbers, and email addresses. In addition, 71 students had their Social Security numbers stolen. This information can be used to execute identity fraud or to target victims with spear phishing campaigns that could provide hackers with even more damaging personal data. Those impacted by the breach should enroll in credit and identity monitoring services to oversee the responsibility of identifying misuse, and they should carefully evaluate online communications for signs of a phishing scam.
Customers Impacted: 5,000
How it Could Affect Your Customers’ Business: This incident is a tragic reminder that, when it comes to data security, timing is everything. Phishing scam awareness training and two-factor authentication can go a long way toward protecting company and customer data, but they need to be in place before an attack occurs. Therefore, installing proactive measures should be a top priority in the days and weeks ahead.
ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.
Canada – eHealth
eHealth: Private online health insurance marketplace
|Risk to Small Business: 2 = Severe: An IT forensic investigation of a ransomware attack targeting eHealth found that patients’ personal health data could have been compromised in the event. The ransomware attack, which we reported in early January, was originally thought to be limited to traditional data encryption. However, investigators discovered that some files were sent to an IP address unaffiliated with the company. Initially, the company announced that patient data was secure, making their latest announcement a troubling addendum to an already disastrous situation.|
Individual Risk: 2 = Severe: eHealth declined to specify the types of personal data that could have been compromised in the breach, but PHI typically contains the most sensitive information. Therefore, those impacted by the breach should update their account credentials, monitor their accounts for unusual activity, and evaluate digital communications for signs of a phishing attack, which often follow a data breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Increasingly, cybercriminals are elevating the already-steep consequences of a ransomware attack by stealing company data before encrypting it. Not only does this provide bad actors with an insurance policy in case companies don’t pay the ransom, but it leaves businesses with even less options in the wake of an attack. When it comes to ransomware, the only real solution is to prevent these attacks before they occur.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
Netherlands – University of Maastricht
University of Maastricht: Public academic institution
|Risk to Small Business: 2.333 = Severe: The University of Maastricht paid a $220,000 ransom to unlock their email and network servers that had been encrypted since December 24th. Ultimately, university officials decided that paying the ransom would be more affordable than other alternatives, which included replacing the school’s entire IT system from scratch. Noting the deep damages to the school’s academic records, scientific work, and other data, authorities concluded that paying the significant sum was the only viable recovery option.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are searching for soft targets, organizations with weak or outdated cybersecurity standards, to target with ransomware. As this incident reveals, when successful, ransomware attacks have costly implications. Simply put, every company has hundreds of thousands of reasons to prepare their defensive posture and address this increasingly potent threat.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
Ireland – Translink
Translink: Transportation network
|Risk to Small Business: 2 = Severe: A ransomware attack has disabled the company’s internal computer systems, causing communication and productivity loss throughout the organization. The network has been offline for more than a week as cybersecurity experts look for solutions that could enable the company to sidestep paying the ransom. However, even if the company can avoid paying cybercriminals to decrypt their network, productivity loss, reputational damage, and other IT expenses will ensure that this is a costly incident for the company.
Individual Risk: No personal information was compromised in the breach,
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are a common occurrence in today’s digital environment. Cybercriminals can easily purchase malware strains on the Dark Web and deploy their attacks with little impunity at a low cost. However, companies are not powerless in this regard. Closing off accessing points like outdated software and securing company accounts with two-factor authentication are both meaningful steps that any organization can take to avoid a costly ransomware attack.
ID Agent to the Rescue: With PasslyTM, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/passly.
United Kingdom – London & Surrey Cycling Partnership
Exploit: Accidental data exposure
London & Surrey Cycling Partnership: Joint venture partnership
|Risk to Small Business: 2 = Severe: Some participants in the Ride London cycling event had their personal data compromised when their ballot results were sent to other participants. The popular event is typically oversubscribed, and the organization uses the ballots to select the participants. Unfortunately, this data breach brought considerable confusion to the event, leaving riders unsure if they were able to participate. In response, victims are speaking out in interviews with media outlets and across social media channels. While the company worked to minimize the fallout, this incident is an irrefutable black eye on an otherwise well-regarded event.|
Individual Risk: 2.285 = Severe: The ballot information contained riders personally identifiable information, including their names, addresses, and dates of birth. This information can be used for a variety of nefarious purposes, and those impacted by the breach should consider enrolling in identity monitoring services while also carefully evaluating their online accounts and communications for evidence of fraud.
Customers Impacted: 2,100
How it Could Affect Your Customers’ Business: In today’s regulatory environment, even accidental data breaches can have serious consequences for any organization. With the possibility of financial penalties and other repercussions looming, every company needs to prioritize compliance by ensuring that they are taking every step to secure their users’ personal data.
ID Agent to the Rescue: Compliance ManagerTM automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at: https://www.idagent.com/compliance-manager.
New Zealand – Generate
Exploit: Unauthorized database access
Generate: Voluntary, work-based savings initiative
|Risk to Small Business: 1.888 = Severe: Hackers accessed and downloaded customers’ personal data in a holiday heist that wasn’t identified until January 27th. The data breach, which did not include investor funds, is a serious privacy violation for its users, and the company’s slow identification and delayed response will only make matters worse. Now, the company faces an uphill battle to restore customer trust, which will be crucial to maintaining a competitive edge in an already crowded marketplace.|
Individual Risk: 2 = Severe: Customers’ personal data was compromised in the breach. This includes photographic ID images, tax document numbers, names, and addresses. This information puts victims at risk of identity theft or financial fraud, and victims should enroll in credit and identity monitoring services to protect their credentials’ long-term integrity. Moreover, Generate is asking all users to reset their account passwords.
Customers Impacted: 26,000
How it Could Affect Your Customers’ Business: Customers are growing weary of working with companies that can’t protect their personal data. Since they often have many options to choose from, a data security incident could be the differentiator that encourages customers to take their business elsewhere. In today’s digital landscape, data security is a bottom line issue that companies can’t take seriously enough.
ID Agent to the Rescue: Dark Web IDTM monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more: https://www.idagent.com/dark-web.
Australia – Ashley Madison
Exploit: Unauthorized database access
Ashley Madison: Adult romance website
|Risk to Small Business: 2 = Severe: Cybercriminals are redeploying data from Ashley Madison’s 2016 data breach to target Australian users with sextortion emails. These messages contain intimate and highly personal information gleaned from the breach, and cybercriminals are threatening to publicly release the information if victims don’t pay a Bitcoin ransom. The emails are highly personalized, and include sensitive personal details derived from the initial data breach. While it’s easy to write-off a data breach at an adult website, it reflects the IT environment experienced by any company that collects personal data, and the many ways that hackers exploit that information to make money.|
Individual Risk: 2.142= Severe: The personalized emails include users’ names, bank account numbers, phone numbers, addresses, and dates of birth. It also contains private content and communications conducted on the website.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches impact more than just a company’s bottom-line. They often have tangible consequences for each individual compromised in a breach, and even years after a breach, they can continually reappear, causing personal, psychological, and financial trouble for victims. It should encourage every company to take every step possible to protect personal data.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
IBM Threat Report Presents Risks for 2020
The latest IBM threat report examines the most prescient threats facing business in 2020, and its findings should alarm cybersecurity leaders. Notably, the report found that hackers are not turning to overly sophisticated techniques to access company IT. Rather, they are relying on the deluge of personal data already available to access an organization’s infrastructure. When those methods fail, many are deploying phishing scams as a cheap, relatively safe way to compromise employee credentials.
According to IBM, phishing attacks and unauthorized credential use were two of the most prominent attack methodologies, with the exploitation of vulnerabilities completing a risk triumvirate for companies to address in the year ahead.
The report’s silver lining is that companies are not powerless against these threats. Employee awareness training can render these attacks useless, and integrated two-factor authentication can prevent unauthorized account access even when credentials are compromised. Together, they present a meaningful way for every company to protect itself against the most likely threats in the year ahead.
Where in the World is ID Agent:
Feb. 19 – Tampa, FL: ID Agent Roadshow
Feb. 20 – Raleigh, NC: Kaseya Connect IT Local
Feb. 27 – Virtual: MSP Growth Summit 2020
Feb. 26 – 27 – Long Beach, CA: ASCII City Tour
Feb. 27 – 28 – San Diego, CA: TAG MTSP West
Feb. 27 – 28 – Tampa, FL: TAG MTSP East
Feb. 27 – 28 – Dallas, TX: TAG MTSP Central
A Note for Your Customers:
Ransomware Attacks Are Driving Up Cyber Insurance Rates
Ransomware attacks were one of the defining cybersecurity threats of 2019, and just one month into 2020, it’s clear that bad actors will continue to deploy this malware to capitalize on their criminality. As companies grapple with the implications of this new reality, many are turning to cybersecurity insurance as a way to offset the cost and consequences of an attack. Unfortunately, ransomware attacks have become so common that cyber insurance rates have soared in response.
According to some reports, cybersecurity insurance has increased by as much as 25% in the past year. At the same time, insurance companies are expanding their offerings, adapting their business model for a shifting data security and regulatory landscape. However, companies relying on cyber insurance will likely be disappointed as payouts rarely cover the cost of an attack, and increasingly high premiums make it an affordable option to begin with.
Instead, many organizations would be better off investing in a robust defense strategy that can defend against a ransomware attack before it happens. It’s the only way to truly avoid the escalating costs and consequences of a ransomware attack.
Data Breach Lists by State:
There are a lot of U.S. state agencies that publish lists of reported data breaches in their respective states. We created a chart of published lists and will keep this updated:
|New Hampshire||2,786 (2007-present)|
|New Jersey||152 (2017-present)|
|North Carolina||6,230 (2005-present)|
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!