The Week in Breach: 04/29/20 – 05/05/20
This week, phishing scams compromise patient data, ransomware disrupts remote work, the sale of the world’s largest whiskey collection is thwarted, and employees struggle to deter cybersecurity threats while working from home.
Dark Web ID Trends:
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1-10
United States – Ambry Genetics
Exploit: Phishing scam
Ambry Genetics: Genetic testing laboratory
Risk to Small Business: 1.373 = Extreme
An employee failed to identify a phishing scam, interacting with the message and giving hackers access to patient data between January 22, 2020, and January 24, 2020. However, the incident wasn’t reported until March 22nd, as the company struggled to dedicate resources to cybersecurity while it transitioned to remote work. In total, the breach is the second largest healthcare breach of the year, and, although the company is updating its cybersecurity practices in response to the incident, they will need to navigate a challenging recovery process during a pandemic.
Individual Risk: 1.290 = Extreme
Hackers had access to patient data, including names, medical information, genetic-specific information, and a limited amount of Social Security numbers. This information has a strong market on the Dark Web, and those impacted by the breach should take steps to guard themselves against medical or identity theft. To support victims, Ambry Genetics is offering free identity monitoring services for a year. Also, those impacted by the breach should monitor their digital communications for potential spear-phishing messages that could compromise additional data.
Customers Impacted: 233,000
How it Could Affect Your Customers’ Business: Healthcare services collect and store peoples’ most sensitive personal information, and they are a top target for cybercriminals during the COVID-19 pandemic. Rather than reacting to a cybersecurity incident, companies should take a proactive stance to protect PII. The incredible rise in phishing scams targeting healthcare facilities during this time should make employee awareness training a top priority.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – CivicSmart
https://statescoop.com/smart-parking-meter-vendor-data-stolen-ransomware-attack/
Exploit: Ransomware
CivicSmart: Smart parking meter technology producer
Risk to Small Business: 2.130 = Severe
A ransomware attack encrypted CivicSmart’s network and exfiltrated company and customer data. The attack, which took place in March, was identified when hackers threatened to publish 159 gigabytes of sensitive data online. To prevent publication, the company paid an undisclosed ransom, and the files were brought offline. However, CivicSmart can’t rest easy. Despite promises to delete the information, it’s unlikely that cybercriminals will destroy valuable resources, which means that the stolen data could come back to haunt the company or its customers.
Individual Risk: 2.671 = Severe
Although the details are unclear, CivicSmart’s platform collects peoples’ personal and payment information as part of its smart parking meter service. What’s more, it partners with a variety of mobile apps and parking-garage vendors that could also be compromised in the breach. As a precaution, those impacted by the breach should notify their financial institutions of the incident, while carefully scrutinizing incoming messages for signs of a spear phishing scam.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even before bad actors began exfiltrating data, ransomware attacks were uniquely costly and incredibly destructive. Today, companies can expect that a ransomware attack will double as a data breach, giving every organization millions of reasons to ensure that their networks are guarded against this especially problematic malware.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
United States – Saint Francis Ministries
Exploit: Phishing scam
Saint Francis Ministries: Non-profit organization
Risk to Small Business: 1.583 = Severe
An employee interacted with a phishing scam that provided hackers with access to company IT. The breach, which was first identified on December 19, 2019, gave hackers access to user data between December 13, 2019, and December 20, 2019. However, it would be another two months before the organization understood the full scope of the breach. What’s more, it took until March 24, 2020, to determine that the breach included peoples’ personal data, and Saint Francis Ministries is just now notifying the public of the incident.
Individual Risk: 1.677 = Severe
The impacted email account contained peoples’ personally identifiable information, including names, Social Security numbers, dates of birth, driver’s license numbers, state ID information, bank account details, treatment and diagnosis information, account credentials, and other healthcare data. This comprehensive breach could have far-reaching ramifications for victims, who will need to protect themselves against future data misuse.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Whether hackers extract account credentials through phishing scams, purchase them on the Dark Web, or otherwise acquire this valuable data, organizations need to be prepared to protect accounts even when account information is compromised. Enabling easy-to-use tools like two-factor authentication is a natural first step.
ID Agent to the Rescue: With Passly, you can protect your employees’ digital identities, data, and business continuity. We offer integrated multi-factor authentication, single sign-on, and password management solutions to protect your credentials and your data. Find out more at https://www.idagent.com/passly
United States – LearnPress
Exploit: Software vulnerability
LearnPress: WordPress plug-in
Risk to Small Business: 1.708 = Severe
Cybersecurity researchers identified flaws in the LearnPress plug-in that could allow hackers to access student information, steal money from course creators, or to alter their access privileges to become teachers. The popular WordPress plug-in is used by more than 100,000 schools, organizations, and content creators who rely on these digital services even more now that eLearning is the de-facto presentation method for nearly all students.
Individual Risk: At this time, there is no evidence that personal information was compromised in the breach. However, users should carefully monitor their accounts and credentials for misuse or abuse.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Developers took steps to repair the vulnerability, but businesses that want to thrive in our altered digital environment will need to identify threats before their products reach the public. As other organizations have discovered, the COVID-19 pandemic can be an excellent time to demonstrate strength or expose yourself to issues that will erode your brand’s image long after the crisis abates.
ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.
Canada – Northwest Territories Power Corporation
https://www.cbc.ca/news/canada/north/ntpc-apparent-ransomware-attack-1.5551603
Exploit: Ransomware
Northwest Territories Power Corporation: Electricity provider
Risk to Small Business: 1.571 = Severe
A ransomware attack disabled the power provider’s servers and email accounts. Website visitors were abruptly greeted by a message from the hackers notifying them of the attack and providing steps to purchase a decryption key to unlock the data. The event brought dismay from consumers who lamented another hurdle in an already tumultuous time. What’s more, it’s unclear if the company will be able to restore services from backup files, meaning they will likely have an expensive path to recovery.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks can feel random and inevitable. In reality, they always require an access point, and companies can take steps to defend their digital environment from these attacks. For instance, assessing your network for vulnerabilities and identifying compromised login credentials can go a long way toward ensuring that your company isn’t the next victim.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web IDTM is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
United Kingdom – Zaha Hadid Architects
https://www.cisomag.com/zaha-hadid-architects-suffers-a-ransomware-attack/
Exploit: Ransomware
Zaha Hadid Architects: Architectural design firm
Risk to Small Business: 2.207 = Severe
A ransomware attack forced Zaha Hadid Architects to bring its network offline, disrupting its remote operations as its distributed teams work from home during the COVID-19 pandemic. Fortunately, the company restored operations using backup data, but they were unable to determine the specific data sets that hackers exhilarated before encrypting the network. As a result, the consequences will likely continue, as those responsible try to extract financial value from their efforts.
Individual Risk: At this time, it’s unclear if personal data was compromised in the breach. However, employees and customers should be especially vigilant to monitor their accounts and messages for unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: As companies battle to remain productive and profitable during the COVID-19 crisis, ransomware remains a constant threat to both priorities. Now, more than ever, every company needs to ensure that its defensive posture is ready to address this growing threat.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
EU – Proton Technologies AG
https://threatpost.com/data-leak-gdpr-advice-site/155199/
Exploit: Exposed database
Proton Technologies AG: GDPR compliance advice website
Risk to Small Business: 1.672 = Severe
An exposed database compromised users’ login credentials on GDPR.EU, an advice site for organizations striving to improve data privacy compliance that is partially sponsored by the Horizon 2020 Framework Programme, an EU research program. The ironic cybersecurity incident was easily-identifiable by cybersecurity researchers, who reported the vulnerability to developers. For a company that relies on institutional funding to power its platform, this incident is an embarrassing failure that could impact its long-term viability as a government partner.
Individual Risk: 2.509 = Moderate
The breach compromised usernames and passwords, and victims should immediately reset their account credentials. In addition, any accounts that use the same username and password combination could also be compromised, and users should immediately update that information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While we rightly give a lot of attention to the financial cost of a data breach, many organizations fail to appraise the reputational damage that accompanies a cybersecurity incident. Especially for organizations predicated on their data privacy expertise, even a relatively small oversight can have significant consequences.
ID Agent to the Rescue: Passly protects employees’ digital identities, data, and business continuity through an integrated multi-factor authentication, single sign-on, and password management solution. Learn more at https://www.idagent.com/passly.
Australia – WhiskyAuctioneer.com
Exploit: DDoS attack
WhiskyAuctioneer.com: Online auction platform
Risk to Small Business: 1.393 = Severe
A DDoS attack disrupted and ultimately forced the cancellation of an auction of the largest private whisky collection for public sale. The event was expected to net millions of dollars, and the cancellation will undoubtedly hurt the company’s bottom line. To protect critical data, the company was forced to bring its website offline, and members are encouraged to stay alert for future breach notifications.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even before COVID-19 forced everyone online, many people already preferred digital platforms to in-person buying experiences. Of course, the pandemic has only accelerated this trend, which means that companies looking to capitalize on digital platforms need to ensure that they are safe, secure amidst a rapidly expanding threat landscape.
ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News
Many Employees Feel Vulnerable to Cyberattacks
A survey of more than 1,500 UK employees found widespread fear of becoming the victim of a cyberattack following the national order to impose social distancing and transition to remote work. 49% of respondents indicated that they lack confidence in their computer hardware, and 42% reported receiving a suspicious email while working from home.
Notably, 18% indicated that they’d experienced a cybersecurity event while working from home, and more than half of breach victims indicated a malicious email was to blame. Phishing attacks have soared, up over 600% in the wake of COVID-19.
While some participants felt that their employers provided helpful defensive tools, like antivirus software or access to a VPN service, only 28% received specific training for the endpoints and applications that comprise their workflow.
The risks of remote work are well-documented, and with this arrangement likely to continue for the foreseeable future, now is the perfect time to ensure that your employees have the tools necessary to protect your valuable data.
https://www.techradar.com/uk/news/half-of-remote-workers-feel-vulnerable-to-growing-cyberattacks
Catch Up With Us at These Virtual Events & Webinars
MAY 11-15= CharTec Virtual Academy REGISTER>>
MAY 19-20 = ACES Conference 2020: The Prequel REGISTER>>
AUG 30-SEPT 1= ITBYDesign BuildIT REGISTER>>
A Note for Your Customers
IT Leaders Recognize the Risks of Remote Work
The cybersecurity risks of remote work have received center-stage in light of the workplace restrictions in place because of COVID-19. However, these risks were well-known, even before COVID-19. According to a recent study, in 2019, nearly half of IT leaders admitted that remote workers had intentionally or accidentally put data security at risk. Most prominently, apathy or a failure to take security seriously was identified as one of the most substantial risks associated with remote work.
Simply put, many remote workers are not attuned to the data security risks experienced when working from home. In some cases, murky technology policies contribute to the risk, but other factors, like being unprepared to identify and respond to phishing scams, pose a significant threat to data security. Fortunately, companies can move the meter in this regard, as intentional strategies, like comprehensive employee awareness training, can equip employees to be a prominent defender of data security.
We have created a toolkit to help you secure your remote workforce quickly and affordably. Please don’t hesitate to contact my team to find out more about how our cybersecurity suite can help mitigate the risks of remote work.
https://www.helpnetsecurity.com/2020/04/27/remote-workers-security-risk/
Do you need high-quality marketing tools to help you connect with your customers? Our marketing team is here to help with free, packaged resources for print, social media, and other applications.
Follow us on social media to get our latest news, events, blog posts, insights, product updates, marketing tools, and so much more!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner yet? Let’s talk about how your business can benefit from our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID and our newest addition Passly. Contact us today!