Please fill in the form below to subscribe to our blog

The Week in Breach: 03/19/19 – 03/26/19

March 27, 2019

This week, a Dutch academic publisher is exposed, US sleep companies snooze on payment fraud, UK police face ransomware attack and Uber might be spying on us (again)…

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry: 
Construction & Engineering
Top Employee Count: 
11 – 50 Employees 



United States – Oregon Department of Human Services (DHS)
https://thehill.com/homenews/state-watch/435218-oregon-state-agency-suffers-breach-potentially-exposing-personal-data

Exploit: Employee phishing scam.
Oregon Department of Human Services (DHS): State agency of Oregon.

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: Last Thursday, the Oregon DHS announced that it suffered a data breach after nine employees opened phishing emails and exposed their accounts to hackers. As a result, the social security and personal information of an undecided number of citizens could have been exposed. Along with having to inform the affected individuals, the state’s largest agency will be forced to upgrade security efforts and likely conduct cybersecurity training for employees.
2.5 – 3 = Moderate Risk Individual Risk: 2.571 = Moderate: The privacy breach could have included first and last names, addresses, DOBs, SSNs, and case numbers related to DHS programs. State residents should monitor their credit reports for possible payment fraud but will remain at risk.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: In the wake of numerous phishing attacks resulting in privacy breaches, organizations storing personal information must take notice and begin protecting individuals. Employee phishing scams are entirely preventable with proper cybersecurity training, which can effectively mitigate the risk of breach. The case and ROI for phishing security solutions becomes intuitive when we consider the potential damages and costs.

ID Agent to the Rescue:  BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – MyPillow and Amerisleep
https://www.bleepingcomputer.com/news/security/payment-card-thieves-slip-into-mypillow-and-amerisleep-bedding-sites/

Exploit: Magecart attack on website checkout pages.
MyPillow and Amerisleep: Pillow and mattress companies in the US.

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: After being targeted as early as 2017, both online retailers faced card skimming attacks. In this scheme, hackers will insert malicious code into website checkout pages and covertly swipe customer payment information. Although MyPillow discovered the first compromise almost immediately, it argued that the second attack did not result in the loss of information. On the other hand, Amerisleep has not responded to comments. Depending on what further investigations reveal, it is possible that the sleep companies will face hefty fines for their delay in responding as well as scrutiny from online shoppers.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe As you can imagine, any information provided on a checkout page is up for grabs during a Magecart attack. This could include first and last names, addresses, credit card numbers, and more.

Customers Impacted: To be determined.
How it Could Affect Your Customers’ Business: Most recent Magecart attacks such as those on British Airways and Newegg were targeted towards larger firms, but now hacking groups are shifting their focus to small businesses. Skimming schemes are especially dangerous since they can be hard to trace, yet able to extract valuable customer information. Once cybercriminals can get their hands on such data, they will move to the Dark Web to make profits or conduct payment fraud.

ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSPs and MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/ 

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada- Natural Health Services
https://calgaryherald.com/cannabis/cannabis-news/electronic-data-breach-sees-medical-cannabis-users-personal-information-compromised

Exploit: Breach of medical records.
Natural Health Services: Largest referral network of medical cannabis users.

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.555 = Severe: Between December 4, 2018, and January 7, 2019, attackers gained access to the electronic medical records (EMR) system containing personal health information. The company was forced to notify its B2B clients, which could result in turnover and a degradation of trust.
1.51 – 2.49 = Severe Risk Individual Risk: 2.142 = Severe Exposed information included patient’s personal information, medical diagnoses, and referral data. At the same time, no patient prescriptions, credit card information, or SSNs were involved.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Organizations that store large amounts of personal data on behalf of B2B clients should be especially vigilant for cyber-attacks, given the amount of information at stake. In the event of such a breach, a security solution that employs a Dark Web monitoring tool can be crucial in determining if stolen information is trading hands between cybercriminals.

ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSPs and MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom- UK Police Federation
https://techcrunch.com/2019/03/21/police-federation-ransomware/ 

Exploit: Ransomware attack
UK Police Federation: Organization that represents 119,000 police officers across England and Wales.

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = SevereA ransomware attack hit computers at the federation’s Surrey headquarters on March 9, encrypting several databases and email systems. This led to a disruption in services, along with the deletion of all backup data. The organization will be forced to rebuild its systems and ensure that data was not compromised.
2.5 – 3 = Moderate Risk Individual Risk: 2.714 = Moderate Risk  Currently there is no indication that data was extracted from their systems, but the attack has severely damaged the organization’s infrastructure.

Customers Impacted: Undisclosed
How it Could Affect Your Customers’ Business: The National Crime Agency is investigating the attack, but the police federation believes that it was not targeted specifically and was victim to a larger campaign. As the threat of ransomware continues to evolve, companies must avoid getting caught in the crosshairs by arming themselves with cybersecurity training and protocols.


ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID complements that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Ireland- Health Service Executive
https://www.irishtimes.com/business/technology/data-from-hse-website-users-leaked-to-commercial-actors-1.3829547

Exploit: Unauthorized adtech.
Health Service Executive (HSE): National health service website. 

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: Webpage users are having their data “continuously and invisibly leaked to commercial actors,” including sensitive topics with health-related information. A study of adtech installed on public health service websites found that 73% of HSE landing pages contained ad trackers. Although organizations are not being held responsible for this type of data exposure, consumers are easily spooked. Because of the study and the looming threat of GDPR compliance fines, the HSE is in the process of redesigning its website.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe Cookies placed on the website could be used to infer sensitive information about user health information. These companies can build profiles and sell them to third-party marketers, insurers, credit raters, and more. Nevertheless, this news only brings mid-level risk since the companies involved are typically not malicious in nature.

Customers Impacted: To be determined.
How it Could Affect Your Customers’ Business:  The business of leveraging customer data for precision marketing is coming under scrutiny, especially with the introduction of GDPR in Europe. As the public becomes more aware of how their data is being used, companies must adapt by implementing security solutions to protect their consumers.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs to offer protection to individuals while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Italy- Group of Italian Investors
https://finance.yahoo.com/news/bitcoin-fraudster-duped-italian-investors-171632857.html

Exploit: Crypto fraud via social engineering.
Group of Italian Investors: Independent investors.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.444 = Severe: The Italian authorities recently arrested a computer expert who was able to exploit communication channels and false identities from the Dark Web to defraud crypto investors. The hacker posed as a representative of a reputable Swiss investment firm to earn the trust of the victims. Although no individual business faces risk, more crypto-related breaches may result in an eventual downturn in investments.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: Investors in the crypto market should be wary of such hacks, since crypto transactions are typically untraceable and irreversible. Nevertheless, personal and payment information is not at stake, so the individual risk of future breaches is not impacted.

Customers Impacted: Unknown.
How it Could Affect Your Customers’ Business: This incident is proof of how identities on the Dark Web can be leveraged by hackers to conduct payment fraud via social engineering. To stop such exploits from occurring in the first place, companies must protect employees and customers by investing in security solutions that can guard against phishing and privacy-related attacks.

ID Agent to the RescueWith BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Netherlands- Elsevier
https://motherboard.vice.com/en_us/article/vbw8b9/elsevier-user-passwords-exposed-online

Exploit: Server misconfiguration.
Elsevier: Scholarly paper publisher and analytics company.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Login credentials for users were exposed after the company’s servers were misconfigured, affecting students and teachers at universities across the world. Since it was a human error attack, Elsevier was able to secure the leaky server quickly and is issuing password reset links to users. Like other B2B breaches, such an exposure is certainly bad for business and can result in the loss of clientele.
2.5 – 3 = Moderate Risk Individual Risk: 2.714 = Moderate: User email addresses and passwords may have been compromised, which could jeopardize other accounts where the same passwords are used. Those affected should change their passwords across all accounts immediately.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Organizational data can be leveraged by hackers and put up for sale on the Dark Web or used to conduct payment fraud. With the knowledge that cybercriminals are looking for targets with limited security controls and valuable data, small businesses need to work with security providers to protect themselves and their customers.

ID Agent to the Rescue:   Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia- Uber
https://threatpost.com/uber-surfcam-spyware-australia/142977/

Exploit: Spyware.
Uber: Transportation network company headquartered in San Francisco, California.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: A rogue employee deployed a “secret spyware program” to help Uber get a competitive advantage against local businesses in Australian markets. Dubbed Surfcam, the software was developed in 2015 and scraped driver and vehicle data. The company spokesperson is denying any claims, but this is now the second time Surfcam has been mentioned after similar allegations were made in Singapore.
2.5 – 3 = Moderate Risk Individual Risk: 3 = Moderate: Although the spyware program is likely using rider data to optimize marketing efforts on behalf of Uber, it can have serious consequences for competitors and consumers in the long run. At the same time, users do not face immediate threat.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The improper use of data is making headlines across the world, and companies must do everything they can to avoid being involved. The stewardship of personal and payment information should be at utmost importance for small businesses and can be accomplished by partnering with the right security solution.

ID Agent to the Rescue:  SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Why small businesses struggle with cybersecurity best practices

A recent report unveiled that almost 70% of companies have cybersecurity best practices in place but neglect to take the necessary steps for securing their business. The new study by ESET and Kingston Digital that surveyed 500 British business leaders also found that 44% do not even secure devices with anti-virus software, exposing themselves to cyber threats and GDPR fines.

The reason? A disconnect between the procurement teams responsible for providing equipment, IT teams who implement guidelines, and employees who follow them. To shift the paradigm, security professionals must work closely with other departments to avoid silos and use the right tools to ensure employee adherence.

https://www.helpnetsecurity.com/2019/03/22/companies-neglect-cybersecurity-guidelines/


What We’re Listening To:

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A note for your customers:

8 tips for protecting your small business from phishing attacks

Phishing continues to be a top exploit for small business breaches, and companies should take notice. Of the 360,000 spear phishing email attacks examined over a three-month period, the most common types were brand impersonation (83%) and business email compromise (11%). Such breaches can be leveraged to steal payment and personal information.

Here are some best practices for protecting your business:

1) Take advantage of AI

2) Don’t rely solely on traditional security

3) Deploy account-takeover protection

4) Use multi-factor authentication

5) Conduct proactive investigations

6) Train staffers to recognize and report cyber-attacks (with BullPhish ID!)

7) Conduct proactive investigations

8) Maximize data-loss prevention

https://www.techrepublic.com/article/how-to-prevent-spear-phishing-attacks-8-tips-for-your-business/


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!