Please fill in the form below to subscribe to our blog

The Week in Breach: 04/23/19 – 04/30/19

May 01, 2019

This week, employee phishing runs rampant, ransomware brings an airport offline, an NBA team’s online store leaks credit card information, and another Dark Web marketplace takes a dive.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry:
Manufacturing
Top Employee Count: 
11 – 50 Employees 


United States – EmCare
https://www.scmagazine.com/home/security-news/data-breach/emcare-data-breach-exposes-60000-employees-patients/

Exploit: Employee email account breach
EmCare: Dallas-based healthcare provider that offers physician services and other healthcare functions

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: An unauthorized third party accessed employee emails, allowing them to view sensitive personal information and confidential patient data. Through this vulnerability, hackers were able to access as many as 60,000 individual records, including 31,000 patient records. The company was quick to indicate that they don’t believe any personal data has or will be misused, and it’s unclear why this information was accessed. Nevertheless, EmCare will now bear the costs of providing free credit monitoring services and managing public relations.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.149 = Severe: Employees and patients who received care from the company could have had their name, birth date, age, social security number, and driver’s license number exposed. In some cases, protected health information was also made vulnerable.

Customers Impacted: 60,000
How it Could Affect Your Customers’ Business: This episode is a reminder that even minor vulnerabilities can have extensive consequences. In this case, accessing just a few email accounts compromised thousands of patient records, creating serious problems for both the victims and the company. Since healthcare organizations are explicitly charged with protecting this information, they need to take every precaution to make sure that their systems are secure. By monitoring where and how hackers use patient and employee information on the Dark Web, providers can offer lasting protection.

ID Agent to the Rescue:  SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Atlanta Hawks Shop
https://labs.sansec.io/2019/04/24/atlanta-hawks-magecart/

Exploit: Malware
Atlanta Hawks Shop: Online store for the Atlanta Hawks, a professional basketball team in the NBA

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: A malicious code bearing the signature of Magecart, a well-known collective of online credit card thieves, was planted on the online store for the Atlanta Hawks. The malware records keystrokes on the payment platform, allowing the thieves to acquire sensitive payment information from buyers. It’s believed that hackers accessed the store through unprotected third-party extensions affiliated with the shop’s cloud hosting service.
1.51 – 2.49 = Severe Risk Individual Risk: 2.248 = Severe The Atlanta Hawks online store has more than seven million visitors each year, and this particular strain of malware was introduced on April 20th. Anyone who made purchases through the online store on or after that date should assume that their name, address, and credit card information was compromised. As a result, those impacted should immediately sign up for credit monitoring services while staying vigilant for other misuses of this sensitive data.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: E-commerce has quickly become the shopping method of choice for many consumers, and securing this process is critical for any company looking to capitalize on this trend. To put it simply, if customers don’t trust that your checkout is secure, they are less likely to make a purchase on your platform. Businesses must vet their third-party payment processing providers and implement additional layers of security through MSPs who can navigate digital marketplaces to understand how compromised payment data is being used by hackers.

ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Doctors’ Management Service
https://cyware.com/news/doctors-management-service-hit-with-gandcrab-ransomware-attack-compromising-patient-data-b6eebd02

Exploit: Ransomware attack
Doctors’ Management Service: Medical billing service provider

1 – 1.5 = Extreme Risk Risk to Small Business: 1.444 = Extreme: Nearly 40 healthcare centers were significantly impacted by a ransomware attack that compromised patient data. Although the company deployed a network backup to avoid paying the ransom, the hackers had access to sensitive patient information including names, addresses, dates of birth, social security numbers, driver’s license numbers, and health insurance information.
1.51 – 2.49 = Severe Risk Individual Risk: 2 = Severe: The company was unable to determine if personal health information was viewed or downloaded, and patients at any of the healthcare providers working with Doctors’ Management System could be impacted by the breach. Therefore, all patients within this network are encouraged to obtain credit and identity monitoring services.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a serious problem for healthcare companies and those tasked with managing patient data. Having the right backup infrastructure in place is important, and, in this case, allowed the company to avoid paying a ransom to reclaim its data. However, implementing the right security measures for proactive detection is even more critical for preventing attacks from occurring in the first place.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach

United States – BodyBuilding.com
https://www.zdnet.com/article/bodybuilding-com-discloses-security-breach/

Exploit: Employee phishing scam
BodyBuilding.com: Idaho-based online forum and retailer for supplements

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: A single phishing email targeting staff members managed to compromise an entire network, allowing hackers to access the personal information of the platform’s users. Even more alarmingly, the company was unable to confirm if data was actually stolen, signaling a lack of privacy stewardship. Along with the threat of fines or lawsuits, the company stands to lose the trust of customers who catch wind of the breach.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: While the platform contends that credit card and social security numbers were not compromised in the breach, they acknowledged that it’s possible that hackers accessed customers names, email addresses, billing/shipping addresses, phone numbers, order history, and company communications.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are preventable, and the right training coupled with proactive security software can stop such an attack before it compromises the entire network. This incident serves as reminder that untrained and unfamiliar staff can be a point of vulnerability that hackers tap into, creating significant security risks for any company.


ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started:  https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Cleveland Hopkins International Airport
https://www.cleveland.com/cityhall/2019/04/computer-hack-crashed-info-boards-at-cleveland-hopkins-international-airport-sources-say-city-remains-tight-lipped.html

Exploit: Ransomware attack
Cleveland Hopkins International Airport: A public airport located in Cleveland, Ohio.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: A ransomware attack on the airport disabled information screens that provide information about incoming arrivals, imminent departures, and baggage claim status. At the same time, other network components including email, electronic payroll, and record keeping services were also affected. These disruptions occurred for many days, and the FBI is investigating the source of the attack.
2.5 – 3 = Moderate Risk Individual Risk: 3 = Moderate: There is no indication that any personal information was compromised in this attack, but users with information stored on this network should be mindful of its vulnerabilities while monitoring for possible misuse of stored information.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  When data breaches occur at companies providing critical services like air travel, the prospect of a disruptive data breach can have far-reaching consequences. While this data breach didn’t compromise any critical infrastructure, travelers might be less likely to trust the company’s infrastructure to guard against more progressive or intrusive tasks. When public safety is concerned, preventing a breach becomes an even more critical concern.

ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Partners for Quality
https://www.databreaches.net/pa-partners-for-quality-notifies-3673-clients-after-employee-email-accounts-compromised/

Exploit: Compromised email accounts
Partners for Quality: Pennsylvania-based agency providing educational services for children with intellectual and developmental disabilities

1 – 1.5 = Extreme Risk Risk to Small Business: 1.222 = Extreme: A malicious third party gained access to several employee email accounts, giving them broad access to their users’ sensitive personal information. This is the company’s second data breach this year, and, since the company handles uniquely sensitive information about their customers, the responsibility to secure this data is magnified.
1.51 – 2.49 = Severe Risk Individual Risk: 2 = Severe: Hackers gain access to protected health information (PHI) including names, social security numbers, diagnosis/treatment, medical records, billing claims, health insurance credentials, passport information, and banking numbers. Those impacted by the breach should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes.

Customers Impacted: 3,673
How it Could Affect Your Customers’ Business: Every company managing PHI needs to be especially aware of their cybersecurity vulnerabilities, since a breach not only imperils their users but it also casts doubt on their competence. Since most email-based threats are preventable, companies handling PHI should take every action to educate their employees and to secure their networks.

ID Agent to the Rescue: Dark Web ID can find out how payment data is used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Switzerland – Aebi Schmidt
https://techcrunch.com/2019/04/23/aebi-schmidt-ransomware/

Exploit: Ransomware attack
Aebi Schmidt: Manufacturing company that produces vehicles for airport maintenance and road cleaning

1.51 – 2.49 = Severe Risk Risk to Small Business:  1.888 = Severe: A company-wide ransomware attack paralyzed the organization’s global operations, sending their manufacturing systems and email network offline. Major workflows were disrupted for 24 hours, including other ancillary systems that were shut down as a precaution. The company regained operations by launching a backup recovery process that restored the network and limited the attack’s damage.
2.5 – 3 = Moderate Risk Individual Risk: 3 = Moderate: While the company’s business operations were significantly restricted, there is no evidence that any personal information was compromised or put at risk.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Unlike other recent victims of ransomware attacks, Aebi Schmidt was able to quickly restore operations by launching a backup system that was free from the malady. By having a plan in place to adequately address a ransomware attack, the company was able to mitigate the damage while avoiding having to a pay a ransom to the perpetrator. As malware infections continue to make news headlines on a weekly basis, businesses must partner with providers of comprehensive cybersecurity suites.

ID Agent to the Rescue:  Backed by ID Agent’s $1 million identity theft restoration policy, MSPs’ clients can proactively protect employees and customers while enhancing their overall cybersecurity awareness with Spotlight ID: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Philippines – GetGo
https://iapp.org/news/a/cebu-pacific-confirms-data-breach/

Exploit: Unauthorized server access
GetGo: The rewards platform of Cebu Pacific, a Philippines-based airline

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.222 = Severe: A tweet by a prominent hacking group alerted GetGo that its servers were breached. In response, the company shut down its servers and contained the incident. Although the Twitter post promised a significant data breach, no stolen data has been publicly posted. Nevertheless, the business may have to deal with customer attrition and an erosion of brand equity.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: The company claims that credit card information was not stored on the affected server, but it’s still unclear if any other personal information was compromised. In the meantime, GetGo users should monitor their accounts for potential misuse.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Without proper detection tools in place, Cebu Pacific had no means of determining the severity of the breach and was forced to temporarily shut down its website and mobile app. For a business operating in a cutthroat market such as airfare, every second offline can translate into millions of dollars in revenue lost. Additionally, rewards platforms are designed engender trust and loyalty with the customer, but a breach can produce the opposite result. It goes without saying that security should be a priority, with employee and customer privacy at the forefront.

ID Agent to the Rescue:  With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

Cyber-attacks are soaring in 2019

It’s no surprise that cyber criminals are always looking for new vulnerabilities to take advantage of, and we are now becoming inundated, and even accepting, of breaches making daily news headlines. However, their swift increase in the first quarter of 2019 is shocking even by today’s standards.

According to recent report by Malwarebytes, cyber threats are up 235% year-over-year, primarily the result of a surge in ransomware and trojans.

However, bad actors aren’t just increasing the frequency of their attacks. They are changing their focus. The study found that cyber criminals are targeting SMBs because they have less money and resources to spend on cyber defense.

Most prominently, cyber criminals are relying on ransomware. Corporate ransomware attacks are up 195% from the last quarter, and they have grown at an astonishing 500% since April 2018.

It’s no secret that today’s threat landscape is always evolving, and protecting small businesses requires a continual reevaluation of your organization’s most prominent vulnerabilities. However, in order to fight fire with fire, companies must enlist the help of security solutions that are designed to keep a pulse on hacker activities and employee/customer information.

https://www.infosecurity-magazine.com/news/attacks-on-businesses-soar-235-in-1/


What We’re Listening To:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A note for your customers:

Another Dark Web marketplace shuts down

The Dark Web, a section of the internet that has become famous for selling illegal drugs, weapons, malware, and other illicit materials, is undergoing a major shakeup. Authorities have already shuttered many of the most prominent marketplaces, culminating in last month’s announcement that Dream Market, the oldest and biggest platform, would close. Now, another major player, Wall Street Market, is ending as well.

According to multiple reports, the website’s admins have “exit scammed” the site’s users, siphoning $14.2 million in user funds into Bitcoin wallets not associated with the marketplace. At the same time, there are reports that customer support staff are blackmailing users who shared their information during customer support requests.

The Dark Web is a nefarious place, and it’s difficult to feel bad for anyone who is scammed when participating in such overtly illegal activities, but the episode is a reminder of the expansive marketplace fueling many cybersecurity vulnerabilities and the extensive demand for security-compromising products.

https://www.zdnet.com/article/another-dark-web-marketplace-bites-the-dust-wall-street-market/


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!