The Week in Breach: 03/12/20 – 03/18/20
This week, a ransomware attack impacts COVID-19 care, what happens when a company ignores basic security protocols, and mitigating cybersecurity risks during the Coronavirus pandemic.
Dark Web ID Trends:
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: Finance & Insurance
- Top Employee Count: 1-10
United States – Whisper
Exploit: Unsecured database.
Whisper: Privacy-focused messaging app.
Risk to Small Business: 2.111 = Severe:
Developers overlooked basic security protocols when they left a database containing customer information unprotected by even a password, and hackers pounced. As a result, 900 million files dating back to the company’s launch in 2012 were made available online. Although the company was quick to secure the database, its reactive efforts will do little to assuage the doubts and concerns of its privacy-minded customer base.
Individual Risk: 2.571 = Moderate:
Users’ names were not stored in the exposed database, but nicknames, ages, ethnicities, genders, hometowns, group memberships, and location data were all available. Some personal information was highly sensitive and could be used to execute spear phishing campaigns or targeted ransomware attacks.
Customers Impacted: Unknown.
How it Could Affect Your Customers’ Business: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
United States – Champaign-Urbana Public Health District
https://statescoop.com/amid-coronavirus-scare-ransomware-targets-public-health-agency-illinois/
Exploit: Ransomware.
Champaign-Urbana Public Health District: Healthcare service provider.
Risk to Small Business: 2.111 = Severe:
A ransomware attack disabled the healthcare provider’s website as concerns over Coronavirus are reaching a fever pitch. While the incident spared the provider’s email accounts, health records, and patient records, it limited the agency’s ability to communicate with patients. The Champaign-Urbana Public Health District has begun using its social media accounts to communicate with the public, and they’ve launched a backup website to replace the disabled page. This is an expensive and potentially harmful incident at a time when quickly communicating information can be a matter of life and death.
Individual Risk: At this time, no personal information was compromised in the breach
Customers Impacted: Unknown.
How it Could Affect Your Customers’ Business: The particular malware strain that infected the Champaign-Urbana Health District targets enterprises running Windows 10. It’s a reminder that ransomware is on the rise and companies can take simple steps to ensure that malware doesn’t enter their system through outdated software, phishing attacks, or other vulnerabilities
ID Agent to the Rescue: BullPhish IDTM simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
Canada – EVRAZ
https://www.zdnet.com/article/one-of-roman-abramovichs-companies-got-hit-by-ransomware/
Exploit: Ransomware.
EVRAZ: Steel manufacturer.
Risk to Small Business: 2 = Severe:
A ransomware attack crippled the company’s North American operations, including production at its Canadian steel plants. This attack complicates the company’s financial outlook at a time when it is already experiencing a significant drop in share price. Now, EVRAZ will have to grapple with the high cost of recovery, diminished productivity, and making significant improvements to its IT infrastructure – expenses no company needs during a time of worldwide uncertainty.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Few cyberattacks wreak as much havoc as ransomware attacks. Not only are they one of the most expensive attacks to recover from, but they are uniquely disruptive, creating many obstacles on the road to recovery. Every organization can protect itself from possible ransom attacks and other malware by securing accounts and otherwise safeguarding critical IT.
ID Agent to the Rescue: PasslyTM protects everyone’s password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect user credentials and company data from ransomware and other malware. Find out more at https://www.idagent.com/passly.
Canada – Koodo
Exploit: Unauthorized database access.
Koodo: Wireless carrier
Risk to Small Business: 1.88 = Severe:
On February 13th, hackers used compromised credentials to access Koodo’s database. Once inside, they stole sensitive user data from August and September 2017. Hackers were not able to access phone numbers, which would have allowed them to receive two-factor authentication codes and further compromise user accounts. In response, Koodo has disabled some features to prevent hackers from misusing customer accounts.
Individual Risk: 2.428 = Severe:
Customer account details, including account numbers and identifying information, were obtained by the thieves and are now for sale on the Dark Web. It’s possible that hackers can use customer data to change user account information or receive two-factor authentication codes, which would further compromise personal data. Those impacted by the breach should take steps to ensure that their accounts are secure and that they are not vulnerable to additional attacks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches have profound implications for companies and customers. In this instance, a customer-focused data breach could have undermined the company’s network integrity, allowing hackers to further infiltrate Koodo’s IT infrastructure. Rather than waiting to discover a data breach, use responsive monitoring tools to take preemptive steps to identify stolen credentials and to prevent a breach before it occurs.
ID Agent to the Rescue: We go into the Dark WebTM to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. Our award-winning platform combines sophisticated human and Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
France – Lise Charmel
Exploit: Ransomware.
Lise Charmel: Retailer.
Risk to Small Business: 2 = Severe:
A ransomware attack devastated the high-end lingerie retailer, costing it millions and forcing it into receivership. The attack, which first began on November 8, 2019, encrypted the company’s entire IT infrastructure, including employee workstations and data stores. As a result, all company employees were rendered unable to work with dire consequences for the 70-year-old business.
Individual Risk: At this time, no personal data was compromised in the breach.
Customers Impacted: Unknown.
How it Could Affect Your Customers’ Business: Ransomware attacks have been ramping up and they can have serious consequences. Businesses must be prepared to defend their infrastructure and to orchestrate a comprehensive recovery process. This incident is a reminder that cybersecurity is a bottom-line issue that has real implications for a company’s viability in today’s dangerous digital landscape.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of dynamic, well-designed cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help you get the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team is here to support you from call to close! Learn more here: https://www.idagent.com/goal-assist.
United Kingdom – Anteus Tecnologia
Exploit: Exposed database.
Anteus Tecnologia: Developer and distributor of fingerprint identification systems
Risk to Small Business: 1.888 = Severe:
A cyberattack on February 20, 2020, compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.
Individual Risk: 2.142 = Severe:
In addition to precise fingerprint data, the database also contained the email addresses and phone numbers of employees who store their information with the company. Those impacted by the breach should take every precaution to secure their data and beware of potential instances of fraud resulting from this compromised information.
Customers Impacted: 76,000.
How it Could Affect Your Customers’ Business: Today’s regulatory landscape promises steep penalties for companies that fail to protect customer information. In this environment careless errors, like failing to password protect a database, are especially egregious to regulators and customers – and all companies need to ensure that data security is a day-one, top-down priority.
ID Agent to the Rescue: Compliance ManagerTM can automate regulatory compliance in maintaining required data privacy standards, eliminating guesswork, and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager.
Australia – Melbourne Polytechnic
https://www.itnews.com.au/news/melbourne-tafe-data-breach-exposes-55k-student-staff-files-539180
Exploit: Unauthorized database access.
Melbourne Polytechnic: Academic institution.
Risk to Small Business: 1.555 = Severe:
Melbourne Polytechnic has updated its data breach notification to reflect an incident that occurred between September and December 2018. The school didn’t identify the breach until October 2019 and has since been conducting an IT investigation to assess the damage. In response, the institution has issued an apology to staff and students impacted by the breach. However, users are still in danger of further compromise because the stolen data puts them at serious risk for fraud and other cybercrimes.
Individual Risk: 1.857 = Severe:
The compromised data is limited to staff and student information between September and December 2018. However, it includes highly sensitive personal details, including PII, healthcare-related data, and financial information. In addition, some victims had their usernames, email addresses, and passwords stolen. Although the culprit has been apprehended, this information has a long shelf life on the internet, and those impacted by the breach should carefully monitor their accounts and credentials for potential misuse.
Customers Impacted: 90,000.
How it Could Affect Your Customers’ Business: Consumers and employees are increasingly unwilling to work with companies that can’t protect their information. While recovery costs and regulatory fines make a data breach an expensive pitfall, the damage to a company’s reputation can never be fully repaired, ensuring that any breach will have cascading consequences that outlive the initial incident.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised, allowing companies to quickly act to mitigate the effects of a data breach. We work with MSSPs to strengthen their security suite with the leading Dark Web monitoring and reporting tool in the Channel. Discover more at https://www.idagent.com/dark-web/.
Australia – Manheim Auctions
Exploit: Ransomware.
Alinta Energy: Car auction house.
Risk to Small Business: 2 = Severe:
The world’s largest wholesale auction house for cars got a surprise it didn’t want on Valentine’s Day- ransomware. Hackers accessed and encrypted the network of the Australian branch of Manheim Auctions, demanding a head-turning $30 million ransom to release the company. The company was forced to post a message to customers on its Facebook page noting the diminished functionality while promising not to pay the ransom. Even without paying the ransom, the company won’t emerge unscathed. Recovery efforts will be incredibly expensive, and the productivity loss and reputational cost incurred will have long-lasting implications.
Individual Risk: At this time, no personal data was compromised in the breach.
Customers Impacted: 1,100,000
How it Could Affect Your Customers’ Business: Recovering from a ransomware attack is an expensive proposition. Regardless of whether or not companies choose to pay the ransom, these attacks have a profound impact on the victim’s bottom line. Rather than rewarding bad actors, every company should invest in a robust ransomware defense for protection from these costly incidents.
ID Agent to the Rescue: The most common way that ransomware is delivered is phishing. Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against this kind of cybercrime. Learn more here: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News
Hackers Collect Millions from Stolen Payment Card Records
In an increasingly digital-first world, payment card skimming malware has been a growing threat to both customers and retailers – and a profitable business for the bad guys. Unfortunately, that trend is unlikely to abate anytime soon. According to cybersecurity researchers, hackers recently hauled in $1.6 million from selling 239,000 stolen payment cards on the Dark Web.
The card information was stolen throughout 2019 from as thousands of retailers fell victim to malware. In this web-skimming incident, attackers used malicious JavaScript to steal payment data at checkout from stores hosted on the Volusion cloud platform. Unfortunately, the high yield is likely to incentivize other cybercriminals to pursue payment card skimming, creating a serious liability for companies and customers processing payments online.
Customers routinely demonstrate an unwillingness to shop at online retailers after a data breach. Making cybersecurity at the point of sale a top priority could be the difference between a flourishing online store and a floundering operation. Any business planning to implement online sales needs to have a strong cybersecurity strategy that works mitigate some of the risk of this means of attack including regular malware assessments and Dark Web monitoring.
Upcoming Webinars
Join us for these excellent webinars in the next few weeks:
MARCH 19 – Webinar Marketing: The Beginner’s Guide to Generating Massive Sign-Ups, Engagement & Results
REGISTER >>
MARCH 26 – Global Channel Influencers Webinar
REGISTER >>
MARCH 31 – World Backup Day: Threats, Opportunities, and Strategies for MSP Success
REGISTER >>
A Note for Your Customers
Free Coronavirus Cybersecurity Support Resources!
The Coronavirus (COVID-19) pandemic continues to disrupt the normal flow of business. We know that this is causing challenges for our Partners and clients, and we’re committed to doing everything that we can to support you. We’ve put together some resources that address cybersecurity threats during this difficult time, and we’ll keep providing you with news and tips about protecting data and systems during this crisis to read and share in our blog.
- Take These 3 Steps to Protect Your Data from Coronavirus (COVID-19) Scams
- Remote Work Poses Data Breach Dangers During Coronavirus Lockdown
- New Phishing Attack Threat: Coronavirus Maps, Messages, and Attachments
We’re on top of staying responsive to this rapidly evolving threat environment and monitoring the Dark Web. If we can be of service don’t hesitate to contact us – we’re still working to stay one step ahead of the bad guys.
Don’t forget to follow us on social media for our latest news, events, product updates and more!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!