by Kevin Lancaster

This week, phishing attacks reel in a bountiful catch in the healthcare sector, how social distancing makes companies vulnerable to a data breach, and cybersecurity tips for working from home.   

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Media & Entertainment
  • Top Employee Count: 251 – 500

United States – Tandem Diabetes Care

https://portswigger.net/daily-swig/healthcare-data-breach-medical-device-manufacturer-discloses-phishing-attack

Exploit: Phishing scam

Tandem Diabetes Care: Medical device manufacturer

Risk to Small Business: 2.555= Severe

Five employees fell for a phishing scam that gave hackers access to email accounts containing customer data between January 17 and January 20, 2020. Although the company acted quickly to secure the compromised employee accounts, they were unable to recoup the stolen information. Given the sensitive nature of their industry, Tandem Diabetes Care will likely face increased regulatory scrutiny and hefty financial penalties.

Individual Risk: 2.428 = Severe

Although Tandem Diabetes Care has expressed in the integrity of their data storage, hackers likely had access to names, contact information, service-related details – even some patients’ Social Security numbers were exposed in the breach. Victims should consider enrolling in credit and identity monitoring services.   

Customers Impacted: 140,000

How it Could Affect Your Customers’ Business: In response to this breach, Tandem Diabetes Care is updating its email security protocols to prevent a similar incident in the future. However, phishing scams account for a significant portion of all data breaches, and preparing for these attacks should be a built-in component of every organization’s defense strategy.

ID Agent to the Rescue: BullPhish IDTM simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id 


United States – University of Utah Health 

https://www.securityweek.com/university-utah-health-discloses-data-breach?&web_view=true

Exploit: Phishing scam

University of Utah Health: Research and teaching hospital

Risk to Small Business: 1.889= Severe

A phishing scam provided hackers with access to the University of Utah Health’s network for more than a month, beginning on January 22, 2020. In addition, the healthcare provider discovered malware on its network that allowed hackers to access patient data. Although the University of Utah Health responded quickly, bad actors still had prolonged access to company and customer data, including HIPPA-protected healthcare records – creating financial, reputational, and regulatory consequences both now and in the future.

Individual Risk: 2.428= Severe

The compromised accounts included patients’  names, dates of birth, medical record numbers, and clinical data. This information can be used to craft authentic-looking spear phishing campaigns. Victims should carefully evaluate all digital communications, and consider enrolling in identity and credit monitoring services to ensure that this information isn’t being misused in other ways.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Like many companies responding to a data breach, the University of Utah Health is promising changes to its defensive posture to prevent a similar breach in the future. However, companies should assume that malware attacks and phishing scams are an “if” not a “when” proposition, and they should prepare their defensive posture accordingly.

ID Agent to the Rescue: Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id


United States –  Tupperware

https://www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/?&web_view=true

Exploit: Malware attack

Tupperware: Home products line

Risk to Small Business: 2.334= Severe

Hackers infiltrated Tupperware’s online store, injecting payment skimming malware into the checkout process. The malicious script was active for at least five days, and it effectively mimicked Tupperware’s official payment form. After shoppers entered their data into the fake form, a “time out” error appeared, redirecting customers to the actual payment page and disguising the theft, which allowed it to go undetected.  

Individual Risk: 2.428= Severe

The payment skimming malware collected customer data entered including names, addresses, phone numbers, credit card numbers, expiration dates, and CVV codes. This data could allow hackers to commit financial theft or identity fraud. Those impacted by the breach should immediately notify their banks, as they will likely need to be issued new payment cards and carefully monitor their accounts for misuse.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The COVID-19 pandemic has heightened the already-important online shopping experience for many businesses, and online shopping is a singular respite in an otherwise bleak outlook for retailers. Companies can’t afford to lose customers because of a cybersecurity vulnerability. Many customers indicate that they will not return to an online store after a data breach, which means that companies looking to capitalize on their online stores need to make sure this avenue is secure.

ID Agent to the Rescue: Dark Web IDTM can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/  


Canada – Finastra    

https://krebsonsecurity.com/2020/03/security-breach-disrupts-fintech-firm-finastra/

Exploit: Ransomware 

Finastra: Financial technology provider

Risk to Small Business: 2.556= Severe

A ransomware attack has forced Finastra to bring its Canadian services offline temporarily. The company worked quickly to secure its IT infrastructure after detecting the breach, but those efforts will not alleviate the high recovery and reputational cost of the incident. Finastra believes that company and customer data is secure, and that customer and employee data was not exposed or exfiltrated nor were client networks impacted. 

Individual Risk: None

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are on the rise and uniquely consequential, carrying incredible repair costs and unparalleled opportunity costs as companies are rendered unable to conduct business and employees are left unable to work. Since there are no satisfying solutions to a ransomware attack once it strikes, companies should turn their attention to ensuring that their cyber defensive capabilities can turn away this growing threat.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring and other services to guard against ransomware. Learn more here: https://www.idagent.com/goal-assist       


Canada – Data Deposit Box

https://www.securitymagazine.com/articles/91985-data-breach-report-cloud-storage-exposes-users-private-information

Exploit: Unsecured database 

Data Deposit Box: Cloud storage provider

Risk to Small Business: 2.334= Severe

Cybersecurity researchers identified an unsecured database containing thousands of customer files uploaded to the company’s secure cloud storage service. The exposed records include information dating back to 2016, which the company eventually secured. However, it’s unclear how long cybercriminals could have accessed this data or why it took Data Deposit Box nearly a week to close the database after being notified that it wasn’t password protected.

Individual Risk: 2.428= Severe

The exposed database includes users’ personally identifiable information that was uploaded to the cloud service, including admin login credentials, IP addresses, email addresses, and GUIDs. The login credentials were stored in plain text, so those impacted by the breach should immediately change their Data Deposit Box password and any other account credentials using the same password combination.  

Customers Impacted:  270,000

How it Could Affect Your Customers’ Business: The cost of a data breach is at an all-time high, and it’s expected to continue climbing higher in the years ahead. An unforced error, like failing to password protect a database, is especially troubling for a company that is trusted to provide secure services. As a result of this seeming carelessness, Data Deposit Box has undermined its core value proposition and incurred a costly recovery process, both of which were entirely avoidable.  

ID Agent to the Rescue: Good passwords are the single fastest way to secure your data. With PasslyTM, you can protect your employees’ password integrity. Our integrated multi-factor authentication, single sign-on, and identity management solutions will protect your credentials and your data. Find out more at: http://www.idagent.com/passly.


United Kingdom – Hammersmith Medicines Research

https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#584bcdc818e5

Exploit: Ransomware  

Hammersmith Medicines Research: Medical testing provider.  

Risk to Small Business: 2.112 = Severe

Hammersmith Medicines Research was hit with a ransomware attack that encrypted its systems and stole company data that was later posted online. This incident is particularly ill-timed as Hammersmith Medicines Research is a provider of critical COVID-19 testing. The attack was perpetrated by the Maze ransomware group, who previously promised not to attack healthcare facilities during the COVID-19 outbreak. It’s a reminder that there is no honor among thieves, and companies should not use their promises as an excuse to avoid putting their best foot forward when it comes to cybersecurity.

Individual Risk: 2.714 = Moderate

It’s clear that cybercriminals exfiltrated company data in the attack. However, Maze attackers only published a sample online, intending to pressure the company to pay the ransom. All patients and employees should assume that their personal information was compromised, and they should carefully monitor their accounts for usual activity or messages.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: As we reported on our blog, healthcare providers are an especially enticing target for cybercriminals because they collect and store uniquely sensitive and valuable information. In 2020, many ransomware attacks also include a data breach,  incurring the ire of regulators and clients. Every healthcare provider has millions of reasons to prevent a ransomware attack before it strikes.

ID Agent to the Rescue: With Compliance ManagerTM, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone – especially useful in the healthcare space. Click the link to get started today: https://www.idagent.com/compliance-manager  


European Union – Norwegian Cruise Line      

http://techgenix.com/norwegian-cruise-line-data-breach/  

Exploit: Phishing scam

Norwegian Cruise Line: Cruise tourism provider

Risk to Small Business: 2.334 = Severe

A Norwegian Cruise Line employee was reeled in by a phishing scam that compromised the personal details of thousands of independent travel agents. The information was then posted on Dark Web forums, making it widely accessible to bad actors. The company, already reeling from the COVID-19 crisis, has now damaged its relationship with partners that are critical to its recovery.    

Individual Risk: 2.714= Moderate

The data breach includes plain text passwords and email addresses for thousands of travel agents. While many are associated with TUI and Virgin Holidays, it also covers independent agents and those working with other organizations. Those impacted by the breach should immediately reset their login credentials while also monitoring their accounts for unusual or suspicious activity.    

Customers Impacted: 27,000

How it Could Affect Your Customers’ Business: This incident underscores the heightened risk and outsized consequences of falling for scams during the COVID-19 crisis. With more employees working remotely and a general, pervasive sense of uncertainty overshadowing many companies, there is a higher risk of damage from cyberattacks including phishing and ransomware encountered (and interacted with) by anxious employees.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity, especially in today’s remote work landscape. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist   


Australia – Henning Harders  

https://www.itwire.com/security/ransomware-group-said-to-be-publishing-freight-forwarding-firm-s-data.html  

Exploit: Ransomware

Henning Harders: Freight forwarding and logistics firm  

Risk to Small Business: 2.556 = Moderate

Henning Harders was the victim of a ransomware attack that restricted its operations between March 15 and March 18. However, the company, which refused to pay the ransom demand, is having continual cybersecurity trouble. Hackers have begun posting the company’s stolen data on the Dark Web and using the information to send spear phishing emails to employees. While the company is touting its restored operations, it’s clear that it will have to deal with a lingering data security issue that will not be resolved quickly.

Individual Risk: 2.857 = Moderate

Henning Harders was the victim of a ransomware attack that restricted its operations between March 15 and March 18. However, the company, which refused to pay the ransom demand, is having continual cybersecurity trouble. Hackers have begun posting the company’s stolen data on the Dark Web and using the information to send spear phishing emails to employees. While the company is touting its restored operations, it’s clear that it will have to deal with a lingering data security issue that will not be resolved quickly.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Increasingly, ransomware attacks are just a first step for cybercriminals, who will continue to exploit businesses by selling company data on the Dark Web or using it to enact phishing scams. The high recovery expense, opportunity cost, reputational damage, and productivity degradation of ransomware attacks make this growing menace as a uniquely harrowing cyber risk.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/


Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News

Expert Cybersecurity Tips for Working From Home   

The COVID-19 pandemic has brought about an unprecedented work-from-home experiment as social distancing measures require millions of employees around the world to work from home. As we’ve already seen, this presents unique cybersecurity challenges for both companies and their employees. To help you secure data while working remotely, here are four simple steps that every company and employee can take

1. Use a trusted VPN. These services can provide a layer of protection by encrypting network traffic and making it more difficult for bad actors to spy on your activity. Choose a reputable VPN provider, as a number of VPN scams have tricked employees into downloading malicious software that steals their login credentials

2. Enable two-factor authentication. Account security is critical, especially when entire companies are working remotely. Enabling two-factor authentication is an affordable and effective way to keep company accounts secure at all times.  

3. Refrain from using personal devices. Many employees may be tempted to use personal devices for work-related tasks, especially when working from home. It’s always possible that these devices contain malware or other exploits that could compromise company data.  

4. Look out for Phishing Scams. Cybercriminals are always looking for ways to capitalize on our vulnerabilities. At this moment, COVID-19-related phishing scams abound, targeting employees’ sense of isolation and vulnerability to capture critical information.  


Upcoming Online Events

APRIL 8 & 9 – Remote Reality LIVE REGISTER>>

APRIL 21 – The Bigger Better MSP Summit REGISTER>>


A Note for Your Customers

Social Isolation Puts Company Data at Risk 

As the COVID-19 pandemic continues to cause chaos for businesses, we continue to be committed to helping keep your data secure. To that end, we’ve compiled several resources to help you navigate this unique terrain, and if we can serve you in any way, please don’t hesitate to contact us.     

This week, we wanted to highlight a cybersecurity vulnerability that is especially prescient as many people work from home and practice social distancing. According to a study by the Better Business Bureau, the FINRA Investor Education Foundation, and the Stanford Center on Longevity, people are more likely to fall for a scam when they are socially isolated.  

Cybercriminals are already taking advantage of our new digital environment sending a flurry of phishing and other fraudulent messages meant to compromise personal and company data, and isolated employees are more vulnerable than usual to these attack methodologies. Therefore, in addition to preparing employees for this troubling trend, make an effort to reach out to employees, coworkers, and family members to make personal connections during this challenging time.  

https://www.helpnetsecurity.com/2020/03/24/risk-scams/?web_view=true  

Don’t forget to follow us on social media for our latest news, events, product updates and more!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

Share This Post!