The Week in Breach: 05/08/19 – 05/14/19
This week, a global accounting firm is afflicted by a malware attack, more media companies are brought down by ransomware, and Magecart makes another appearance in an online store.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums (99%)
Top Compromise Type: Domain (99%)
Top Industry: Manufacturing
Top Employee Count: 11 – 50 Employees
United States – Baltimore City Government
http://www.baltimoresun.com/news/maryland/politics/bs-md-ci-ransomware-recovery-20190509-story.html
Exploit: Ransomware
Baltimore City Government: City government serving Baltimore, Maryland
 |
Risk to Small Business: 1.888 = Severe: A ransomware attack has disabled nearly all computerized functions for the Baltimore City Government, including email, online payment platforms, and more. Business operations have been interrupted for “almost every department,” and city officials have started using library computer labs to process payroll for employees. It’s entirely possible that paychecks for city employees will be delayed, which can ultimately cause staff members to leave. |
|
Individual Risk: 2.428 = Severe: Citing concerns about revealing the network vulnerability, city officials have not disclosed information about the breach. However, there is no indication that personal data was compromised as part of this breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: When adding up the costs of a data breach or ransomware attack, it’s important to consider the residual effects that take shape in the wake of a security incident. After factoring in the losses that result from customer and employee attrition, the ROI of security training and awareness solutions becomes irrefutable.
ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United States – Wyzant
https://www.zdnet.com/article/wyzant-online-tutoring-platform-suffers-data-breach/
Exploit: Database infiltration
Wyzant: Online education marketplace that matches tutors with students
|
Risk to Small Business: 1.777 = Severe: Hackers took advantage of a database anomaly to steal personally identifiable information (PII) from an undisclosed number of users on April 27, 2019. The tutoring company issued a patch to the database, and a more in-depth investigation is underway. |
| |
Individual Risk: 2.428 = Severe Although it’s unclear how many users were impacted by the breach, PII was definitely made available to hackers. This data includes names, email addresses, zip codes, and more. The company’s platform lets users sign in using their Facebook credentials, enabling hackers to siphon off .jpegs of Facebook profile pictures, which can be leveraged to facilitate phishing scams. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Failing to understand the security vulnerabilities that impact your IT infrastructure can have significant consequences for your users. Especially for companies handling PII for minors, protecting customer information has to remain a top priority. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee data.
ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, MSPs’ clients can proactively protect employees and customers while enhancing their overall cybersecurity awareness with Spotlight ID™: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United States – Watertown Daily Times
https://www.cybersecurity-insiders.com/ransomware-attack-disrupts-sunday-newspaper-edition-of-the-watertown-daily-times/
Exploit: Ransomware
Watertown Daily Times: Daily newspaper published in Watertown, New York
|
Risk to Small Business: 2 = Severe: A company employee discovered ransomware on the company’s network while working on computer systems that are responsible for ad design and newspaper production. In addition to disabling certain publication capabilities, the ransomware restricted access to the company’s email servers and internet-based phones. While the newspaper was able to publish its latest edition, some sections were inaccessible, and reporters were forced to work from home. |
 |
Individual Risk: 3 = Moderate Risk: There is no indication that individual data was compromised in this breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are on the rise in every industry. Companies should proactively assess their threat landscape while establishing protocols for restoring operations and protecting sensitive data. Meanwhile, understanding what happens to sensitive data after it’s accessed is a natural next step for repairing the product and reputation damage that frequently follows a data breach.
ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
United States – Augustana College
https://cyware.com/news/augustana-college-hit-with-ransomware-attack-0ff35671
Exploit: Ransomware
Augustana College: Private liberal arts college in Rock Island, Illinois
|
Risk to Small Business: 2.111 = Severe: A university server housing personal information of students was hijacked by a ransomware attack. Although the server was taken offline and existing data was migrated to a new server, the hackers were able to view student information before the breach was detected. A third-party forensic investigation team has been hired to review the incident, and the organization is undergoing new initiatives to prevent an attack like this in the future. |
|
Individual Risk: 2.571 = Moderate: Augustana did not reveal the exact nature of the personal information compromised in the attack, but university staff and students should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: When it comes to preventing malicious hacking attempts, the best offense is a strong defense. This means that all campus dwellers at a university should be enrolled in ongoing security training. Untrained employees are a significant security risk, but they can be transformed into an organization’s best defense against cybercrime.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Canada – Freedom Mobile
https://www.zdnet.com/article/freedom-mobile-data-breach-impacts-thousands-of-customers/
Exploit: Server leak
Freedom Mobile: Canada-based telecommunications company
|
Risk to Small Business: 2 = Severe: Security researchers located an unencrypted company database that contained sensitive personal information for thousands of customers. Not only was the server without a password, the company took a week to secure the leaked data. So far, it is believed that the database is part of a logging system used to determine glitches and errors. However, all information was recorded in plain text, instead of being anonymized and encrypted. |
|
Individual Risk: 2.285 = Severe: The compromised database included customers’ email addresses, phone numbers, home addresses, dates of birth, Freedom account numbers, and IP addresses. At the same time, unencrypted financial data was exposed, including credit card numbers, security codes, and credit score responses. |
Customers Impacted: 15,500
How it Could Affect Your Customers’ Business: Freedom Mobile is enduring harsh criticism for their delay in identifying and responding to the breach, which should cause small businesses to take notice. Protecting customer data is a top priority in today’s digital environment, and an unencrypted database is a self-inflicted and avoidable wound to any company.
ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United Kingdom – Airbnb
https://cyware.com/news/airbnb-user-accounts-allegedly-hacked-previous-bookings-canceled-and-new-bookings-made-04e3fe87
Exploit: Account hacking
Airbnb: Global, online marketplace for hospitality services
|
Risk to Small Business: 2.111 = Severe Airbnb customers in the U.K. are taking to Twitter to report unauthorized account takeovers. Compromised users have noted everything from cancelled bookings and new appointments, to account lockouts and deletions. |
|
Individual Risk: 2.571 = Moderate: Anyone with an Airbnb account should check their accounts for suspicious activity including booking cancellations, new bookings, or other changes. It’s likely that hackers accessed accounts by using previously stolen password information. Therefore, users should ensure that they are using unique, strong passwords for all accounts, and they should enable two-factor authentication whenever possible. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Eliminating password redundancies is a critical step in identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it’s extremely difficult to understand how stolen data is being misused by hackers. Companies of all sizes need to help protect customer data by knowing what happens to their credentials in the event that they are lost or stolen.
ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Netherlands – Wolters Kluwer
https://www.cnbc.com/2019/05/08/wolters-kluwer-accounting-giant-hit-by-malware-causing-quiet-panic.html
Exploit: Malware attack
Wolters Kluwer: Tax accounting and cloud services company
|
Risk to Small Business: 1.777 = Severe: Wolters Kluwer distributes tax and accounting software to the vast majority of global banks and Fortune 500 companies, and this malware attack has rendered its software and cloud storage services unusable. The firm’s clients have been unable to access services, an untimely delay given the May 15th deadline for business tax filings. In the wake of the attack, company officials took communications systems offline to prevent the malware from spreading further, making it challenging for the company’s clients to gain clarity on the issue. In addition to the service delays, the scope of the attack on the company’s expansive database makes data loss a top concer. |
|
Individual Risk: 2.428 = Severe:: Although company officials don’t believe that any account information was accessed during the attack, accountants and financial firms store people’s most sensitive information in their digital files. Therefore, those impacted by the malware attack should immediately sign up for credit monitoring services while being mindful of other data misuses. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Not only is a data breach a practical disruption, but it can be a veritable PR nightmare as well. Ensuring that your organization is protected against the most prominent threats is only the first step to navigating today’s dangerous digital environment. Every organization needs a plan for navigating the threat landscape, especially those who serve B2B clients that depend on their systems.
ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
France – Burger King
https://www.bleepingcomputer.com/news/security/burger-kings-online-store-for-kids-exposes-customers-info/
Exploit: Unprotected Elasticsearch cluster
Burger King: Global fast food chain
|
Risk to Small Business: 1.888 = Severe: A database for Burger King’s France-based online store for kids was left unprotected, allowing anyone to access sensitive personal information from thousands of shoppers. Those with access to the database were able to edit, download, or delete any of the database details, which were stored in plain text. Although the company immediately disabled controls, it’s entirely possible that data was compromised during the breach window. |
|
Individual Risk: 2.285 = Severe The data in question included personally identifiable information including names, emails, passwords, phone numbers, dates of birth, and voucher codes. Since the Kool King Shop caters to kids who bought Burger King menus, it’s probable that at least some of the exposed information belongs to minors, something that is especially noteworthy in any data breach. Although there is no indication that data was stolen, customers who participated in this program should assume that their data may have been accessed, and they should enroll in identity monitoring services. |
Customers Impacted: 37,900
How it Could Affect Your Customers’ Business: Security researchers did not find any ransom notes in the database, something that is more attributable to luck than cybersecurity prowess. As companies around the world grapple with the aftermath of a ransomware attack, security providers at every level must understand the importance of addressing cybersecurity vulnerabilities and updating infrastructure accordingly. In many cases, partnering with a third-party can help companies identify their greatest risks before hackers can exploit them.
ID Agent to the Rescue: Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Card Data Stolen From 201 Online Campus Stores
201 online campus stores for universities based in the U.S. and Canada were victimized by the popular Magecart attack, where hackers plant malicious JavaScript code on a website. This code collects payment information from customers using an affected platform. Once the financial data is collected, it is remotely stored by hacking groups who subsequently sell that information on the Dark Web.
The Magecart skimming code has been identified on at least ten other platforms and has spread to e-commerce sites as well.
Interestingly, cybersecurity researchers noticed that Magecart groups often don’t pursue e-commerce sites directly. Instead, they target components that often accompany their online store, such as chat and support widgets.
The weight of this incident serves as a reminder: companies need to invest in a holistic suite of cybersecurity solutions that accounts for today’s entire evolving threat landscape.
What We’re Listening To:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A note for your customers:
As you’ve probably noticed from tuning into our weekly newsletter, ransomware attacks are increasing in scope and severity at an alarming rate.
Security researchers are now tracking a new ransomware that is infecting computers by disguising itself as anti-virus software. Talk about a malicious advancement for an already meticulous cybersecurity threat!
This latest file-locking malware is disguised as an anti-virus installation that users willingly download on their computers. Victims are lured by the false request through phishing emails that prompt users to “update and verify” their anti-virus software with an embedded link.
When users click on the link, the malware downloads ransomware and an outdated anti-virus software. The download begins encrypting files in the background while unknowing users complete the anti-virus software installation.
While this tactic isn’t necessarily new, its reemergence should compel companies to train their employees to spot malicious materials and to create a comprehensive plan for dealing with phishing scams, malware, and ransomware attacks. Consider partnering with an MSP that can offer phishing simulation training, like BullPhish ID from ID Agent, that can help support such initiatives with state-of-the-art solutions.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!