The Week in Breach: 03/27/19 – 04/01/19
This week, US healthcare provider gets breached 3 times, third-party ransomware parks Canadian agency for days, hackers steal French gas, and last year’s Facebook breach in Australia nearly doubles in size.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums (99%)
Top Compromise Type: Domain (99%)
Top Industry: Medical & Healthcare
Top Employee Count: 11 – 50 Employees
United States – Verity Medical Foundation
https://healthitsecurity.com/news/verity-reports-third-data-breach-caused-by-employee-email-hack
Exploit: Employee phishing scam
Verity Medical Foundation: Healthcare provider based in San Jose, CA
Risk to Small Business: 2.333 = Severe: VMF recently notified its patients of another security breach it suffered on January 16th of this year, immediately following two similar phishing incidents. A hacker was able to compromise an employee’s Office 365 account for several hours and send phishing emails internally and externally to gather usernames and passwords. Although the organization maintains that there is no evidence of patient information being accessed, they will now face scrutiny by the media and patients, along with being forced to deploy mandatory training for employees. | |
Individual Risk: 2.571 = Severe: Aside from account usernames and passwords, protected health information including DOBs, patient identification numbers, phone numbers, addresses, health plans, treatments received, SSNs, and even insurance details may have been exposed. While the company believes that it was unlikely that the attacker was after the data, affected patients should enlist in identity monitoring and additional security measures. |
Customers Impacted: 14,894 patients
How it Could Affect Your Customers’ Business: The compounding effects of back-to-back breaches can amount to serious losses for organizations. Even worse, employee phishing attacks are entirely preventable through the implementation of security training and education. If breach occurs, businesses are forced to enroll their employees in such programs anyway, and likely at a higher cost. By then, however, the damage will have already been done.
ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United States – Earl Enterprises
https://www.zdnet.com/article/card-breach-reported-at-buca-di-beppo-planet-hollywood-and-other-restaurants/
Exploit: Malware installation on point-of-sale (POS) systems
Earl Enterprises: Hospitality industry giant that owns Buca Di Beppo, Planet Hollywood, Earl of Sandwich, and other restaurant brands
Risk to Small Business: 2 = Severe: In a press release published last Friday, the company announced that hackers had planted malware on POS systems, affecting over 100 restaurants between May 23, 2018, and March 18, 2019. After noticing a mysteriously large card dump in February, cybersecurity researchers realized that this incident is related to a database that is already available for sale on the Dark Web. In addition to dealing with customer churn and brand degradation, the company will now have to do its best to protect the users whose card information is up for grabs on the Dark Web. | |
Individual Risk: 2.428 = Severe Credit and debit card numbers, expiration dates, and cardholder names were exposed in the incident and will eventually be sold to the highest bidder on the Dark Web. Anyone who dined at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, or Tequila Taqueria should consider cancelling their cards, monitoring their financial reports, and changing their passwords. |
Customers Impacted: 2.15 million cardholders
How it Could Affect Your Customers’ Business: In the wake of a breach, understanding how fraudsters plan on using stolen data is crucial to risk mitigation. If Earl Enterprises had worked with security providers capable of monitoring the Dark Web, the company would have been able to identify the threat earlier and act accordingly.
ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Canada – Canadian Internet Registration Authority
https://www.bleepingcomputer.com/news/security/ransomware-hits-garage-of-canadian-domain-registration-authority/
Exploit: Ransomware infection to third-party system
Canadian Internet Registration Authority: Canada’s not-for-proft agency that manages domain registry
Risk to Small Business: 2 = Severe: On March 26th, the CIRA’s parking garage suffered from a ransomware attack, allowing anyone to enter without a security check and park for free. The compromise persisted for two days, resulting in systems being locked with a ransom note displayed by the attackers. Since the parking garage company Precise Link did not have a backup of the files, restoring the systems will come at an incredibly high cost. | |
Individual Risk: 2.482 = Severe It is unclear if the hackers gained access to employee data, but the risk for citizens should be little to none. |
Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Vendors that serve as third-party service providers for large firms should be wary of upcoming attacks. As hackers shift their focus towards the smallest vulnerabilities within an organization, they will certainly consider targeting the third-party companies that manage their data. To avoid future compromises, companies should work with a security solution that employs a Dark Web monitoring tool which can be crucial in determining if stolen information is trading hands between cybercriminals.
ID Agent to the Rescue: BullPhish ID™ simulates cyber attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against ransomware and cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Scotland – Royal Bank of Scotland
https://www.cybersecurityintelligence.com/blog/security-flaw-puts-uk-bank-customers-at-risk-4200.html
Exploit: Faulty security product
Royal Bank of Scotland: Retail banking company in Scotland
Risk to Small Business: 2 = Severe: After RBS group provided its business banking customers with free software, it was discovered that the product had a major security flaw. Attackers could have exploited the glitch to access and gain complete control of user computers, allowing them to view emails, internet history, and bank details. The patch was fixed, and the company explained that it should only affect Natwest customers, but such an incident could easily spook any clientele. | |
Individual Risk: 2.428 = Severe: It is unlikely that attackers were able to take advantage of the compromise since the company was able to immediately patch the flaw once it was discovered. Nevertheless, patrons of the bank should monitor their financial statements for suspicious activity. |
Customers Impacted: Around 50,000 customers
How it Could Affect Your Customers’ Business: This incident serves as a great example of why rapid detection is so important to preventing breach. Since the compromise was uncovered by security researchers, the company was able to make changes in the nick of time. By leveraging advanced monitoring tools that can proactively search the Dark Web for customer and employee data, security providers and businesses can be more confident in their solutions.
ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your employee or customers data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
France – Total
https://www.zdnet.com/article/french-gas-stations-robbed-after-forgetting-to-change-gas-pump-pins/
Exploit: Remote unlock
Total: Oil and Gas company that operates gas stations
Risk to Small Business: 2 = Severe: French authorities arrested five men connected to a scheme in which they stole over 120,000 liters in fuel from gas stations around Paris. Knowing that managers often do not change the default lock code on the gas pump, the hackers used a special remote to reset fuel prices and remove fill-up limits. The fraud was discovered back in April 2018 and one suspect was arrested, but last Monday all known members were apprehended. Along with losing over $168,000 in fuel, the company was forced to change protocols to avoid a similar incident from occurring in the future. | |
Individual Risk: 2.598 = Moderate: No individuals are at risk. |
Customers Impacted: N/A
How it Could Affect Your Customers’ Business: As we’ve come to learn, employees hold the keys to many valuable and potentially vulnerable pieces of most businesses. To prevent such attacks from occurring in the first place, employees must be trained to spot vulnerabilities and take proper action in the event of breach.
ID Agent to the Rescue: Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Australia – Facebook
https://www.theguardian.com/technology/2019/mar/27/more-than-110000-australians-caught-up-in-septembers-facebook-cyber-attack
Exploit: System vulnerability
Facebook: American social media company
Risk to Small Business: 2.333 = Severe: After news broke that the personal details of over 60,000 Australians were exposed in a cyber-attack against Facebook last year, it looks like the final number has almost doubled. The revelations were disclosed in a confidential correspondence between Facebook and Australia’s privacy watchdog, the OAIC. The company maintains that passwords and payment information was not at risk, but certainly stands to lose disenchanted users once they are notified. | |
Individual Risk: 2.428 = Severe: Although hackers were able to access only names, emails, and phone numbers for 47,912 Australians, a whopping 62,306 Facebook users had their hometowns, recent check-ins, birthdays, education, work history, Facebook search history, genders, relationship status, religions, and more exposed. Additionally, over 1,000 could have had their private conversations accessed through Messenger. As such, the extent of this breach is certainly alarming and AU citizens should do everything in their power to prevent identity fraud. |
Customers Impacted: At least an additional 60,000+ users
How it Could Affect Your Customers’ Business: For companies operating across borders, the landscape of cybersecurity has changed dramatically. With recent laws being implemented in Europe and Australia, businesses will be forced to notify affected customers in the wake of a cyberattack. If this wasn’t bad enough, public awareness and media surrounding data breaches continues to grow exponentially, making customer turnover and the loss of brand equity a reality instead of a simple afterthought.
ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your employee or customers data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United Arab Emirates – Taalem Education Group
https://gulfnews.com/uae/cyber-attack-on-dubai-school-network-parents-warned-1.62883738
Exploit: Password spraying
Taalem Education Group: Organization that runs the Dubai British School of Jumeirah Park
Risk to Small Business: 2 = Severe: A British school in Dubai is warning parents of a cyberattack on its network, which employed password spraying to take advantage of weak passwords and compromise employee email accounts. After recognizing and dealing with the incident within a few hours, their IT team reset compromised accounts and blocked attackers from the system. Since the breach, however, hackers did send phishing emails to employees and parents of students attempting to defraud them. Although the school has done their due diligence by securing their networks and warning parents and employees, it will be important to avoid similar incidents going forward. | |
Individual Risk: 2.428 = Severe: If parents and employees tread carefully and do not open up fraudulent phishing links, they should be able to avoid the scam. Yet, there is some risk since such a scheme can result in financial losses or identity theft. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: It’s no secret that hackers are targeting employee accounts to enter organizational ecosystems. Employee email accounts generally contain a level of trust or authority, and cybercriminals understand that they can leverage this to trick other employees and parents. By partnering with a solution that brings employee training to the fore and simulates phishing campaigns, you can always be prepared when fraudsters come knocking at your door.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Japan – Toyota
https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/
Exploit: IT System breach
Toyota: Japanese car maker
Risk to Small Business: 2.333 = Severe: Toyota announced another data breach last week, making it the second incident within the past few months. After breaching the Australian arm of the company, this time hackers targeted main offices in Japan to access sales information for up to 3.1M customers. The company has yet to determine if details were extracted vs. just accessed but explained that customer financial information was not stored on the compromised servers. Additionally, they are uncertain if the hacks were perpetrated by the same group, yet security experts believe that APT32 cyber criminals are the likely culprits. Furthermore, it is being speculated that the hacker scheme involved leveraging the data gained in the Australian breach to execute the latest attack on the company’s Japan office headquarters. | |
Individual Risk: 2.571 = Moderate: Details regarding what information was exposed are still being determined, but Toyota customers should watch out for suspicious activities on their personal and payment accounts. Also, looking back to see what information was provided to the car maker can help determine the level of risk that may be involved. |
Customers Impacted: 3.1 million users
How it Could Affect Your Customers’ Business: Just because a company has been hacked before does not mean that it won’t be targeted again. In this case, it is quite possible that the fraudsters intended to extract valuable information from the Australian breach of Toyota in order to access their main offices. To keep systems airtight, companies must reevaluate what data is shared across working groups, departments, and offices, along with emphasizing the importance of adhering to cybersecurity best practices when it comes to their employees.
ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID complements that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Robocall Scam is back, to the tune of $40M
Ever dropped everything you were doing to take a call, only to receive an automated message in a foreign language? You certainly are not alone.
Most of us likely hung up without thinking twice (and without understanding a word that was said). However, a recent slew of Mandarin-based calls has been targeting Chinese Americans, attempting to trick them into thinking that they are in legal trouble with the Chinese government. On Thursday, the FBI revealed it had received more than 350 complaints from victims of the scam, with aggregated losses reaching over $40 million. Dubbed the “Chinese Embassy Scam,” it has amounted to average losses upwards of $164,000 per victim.
Some of us may be wondering how such a scam could be so effective, but it all comes back to the concept of relevance, originality, and impact. By speaking in a familiar language and using phone spoofing to change caller ID tags, cyber criminals can defraud virtually anyone. To fight fire with fire, companies must invest in advanced cybersecurity solutions that are specifically designed to thwart phishing campaigns (like BullPhish ID!)
https://www.pcmag.com/news/367491/chinese-embassy-robocall-scam-rakes-in-40m-from-victims
What We’re Listening To:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A note for your customers:
The growing threat of business email compromise (BEC), and what you can do about it
BEC is a scam in which hackers target companies that pay their bills through wire transfers. Typically, scammers will impersonate C-suite employees and leverage social engineering techniques to route funds to themselves, resulting in hundreds of thousands in losses. In 2016, the global average for costs faced by a single company was $140,000.
Below are the 5 most common forms of BEC fraud, according to the FBI:
- The Bogus Invoice– Fraudsters pose as vendors requesting payments to accounts that are owned by them. Such an incident is most common among companies who deal with foreign suppliers.
- CEO Fraud– As the name implies, cyber criminals will assume the role of an executive and request fund transfers from their finance teams.
- Account Compromise– In this scenario, employee accounts are hacked and leveraged to request invoice payments from vendors.
- Attorney Impersonation– Attackers pretend to be lawyers in charge of confidential information and will ask for unusual requests via phone or email. This form of BEC tends to occur toward the end of a business day.
- Data Theft– Hackers will go after HR and finance employees to gain PII and tax statements of employees, which can be used for future attacks.
What makes BEC so dangerous is that such scams can circumvent traditional security solutions, since they do not contain any malicious links or attachments that can be identified. Some immediate security flags for such tactics are words like ‘request, payment, transfer, or urgent’ in an email subject line, but employee cybersecurity training and awareness remains the most effective solution to preventing BEC.
https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!