The Week in Breach 06/17/20 – 06/23/20
This Week in Cybersecurity News: A massive data breach leaks thousands of police records going back two decades, ransomware strikes again, and the publication of our new eBook on the State of the Dark Web in 2020.
Cybersecurity News: Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: Manufacturing
- Top Employee Count: 11 – 50
Cybersecurity News: United States
United States – Netsential
https://securityaffairs.co/wordpress/104351/cyber-crime/st-engineering-maze-ransomware.html
Exploit: Unauthorized Database Access
Netsential: Web Development Firm
Risk to Small Business: 1.272 = Extreme
A security breach at this Texas-based web development company led to the exposure of hundreds of thousands of potentially sensitive files from U.S. police departments. Dubbed “BlueLeaks”, this massive data breach contained 270 gigabytes of information going back 24 years, from August 1996 through June 19, 2020. Files contained names, email addresses, phone numbers, PDF documents, images, and video, CSV, and ZIP files related to criminal investigations. Some of these files also contained sensitive financial information as well as personally identifiable information and images of suspects from law enforcement and government agency reports.
Individual Risk: 1.405 = Extreme
While there is no estimation of how many individual records were exposed, anyone who suspects that their information may have been affected should monitor their personal and financial accounts for potential fraud and beware of spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: One compromised credential can lead to a data breach that has a devastating impact on any business, destroying the trust that partners have in a company’s commitment to making and maintaining secure, high-quality software -especially when it’s intended to handle sensitive information.
ID Agent to the Rescue: Dark Web ID uses human and machine intelligence to watch the Dark Web 24/7/365. We scour every corner for leaked passwords, compromised credentials, or sensitive data that could create a data breach risk. LEARN MORE>>
United States – SB Tech
Exploit: Ransomware
SB Tech: Online Gambling Technology Provider
Risk to Small Business: 2.302 = Severe
In an SEC filing made as part of a three-way merger including Diamond Eagle Acquisition Corporation last week, DraftKings noted that SB Tech had been hit with a ransomware attack in March 2020 that caused an approximate one-week outage its online sports and casino betting capability. It also caused online betting sites that used the platform to suffer service outages. As a result, DEAC renegotiated the merger to include a $30 million fund to fend off future litigation and costs associated with the attack.
Individual Risk: No individual data was reported compromised
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The results of a cyberattack aren’t just problematic immediately – they can affect future business transactions. While the attack did not stop this merger, it did add potential additional cost and could cause future partners to think twice.
ID Agent to the Rescue: Ransomware is commonly delivered through email as the result of a successfully landed phishing attack. BullPhish ID trains staffers at every level to detect and repel phishing attacks, providing greater safety against threats like ransomware. LEARN MORE>>
Cybersecurity News: Canada
Canada – Agromart Group
https://www.bankinfosecurity.com/7-ransomware-trends-gangs-join-forces-decryptors-improve-a-14401
Exploit: Ransomware
Agromart Group: Agricultural Services Conglomerate
Risk to Small Business: 2.020 = Severe
As ransomware attacks ramp up around the globe, Dark Web DDoS group REvil has innovated their attack tactics to include auctioning off stolen data if victims refuse to pay the ransom. This just happened to Canadian agribusiness services company Agromart Group, which also owns Sollio Agriculture. The first 22,000 files stolen from the agricultural company entered Dark Web markets last week with the starting price of $50,000.
Individual Risk: No individual data was reported compromised
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A data breach at a third-party partner can be just as problematic as a data breach at home for businesses. Compromised financial and identity information can hang around in Dark Web markets for a long time, creating continued risk.
ID Agent to the Rescue: With Dark Web ID, find out fast about sensitive information that has been compromised. You will be alerted to stolen credentials and passwords hitting the Dark Web even if the information was stolen from another company. LEARN MORE>>
Cybersecurity News: United Kingdom
United Kingdom – Wiggle
https://www.infosecurity-magazine.com/news/wiggle-investigates-cyberattack/?&web_view=true
Exploit: Credential Compromise
Wiggle: Sporting Goods Retailer
Risk to Small Business: 2.807 = Moderate
Online sporting goods retailer Wiggle has announced that an indeterminate number of customer accounts have been tampered with, including delivery address changes and unauthorized purchases made on customers’ stored payment cards. Complaints about unauthorized purchases have been reported since mid-May, but the UK retailer just announced the incident this week. The company has released a statement saying that a small number of accounts were affected and blaming the incident on customers reusing passwords that have been compromised elsewhere online.
Individual Risk: 2.623 = Moderate
Customers with online payment information stored in the company’s online shopping platform should suspect potential suspicious activity on those payment cards, and all customers should change their account login credentials for Wiggle’s online store.
Customers Impacted: 100+
How it Could Affect Your Customers’ Business: It’s not just customers – reusing passwords is a common behavior among staffers too, and that’s a sure-fire way to open a channel to trouble. Staffers must learn the importance of password security and how to make strong, unique passwords to protect systems and data.
ID Agent to the Rescue: It’s essential for staffers at every level in an organization to learn good password habits and create strong, secure passwords. Our new eBook “Is This Your Password: 3 Common Password Fails & 3 Quick Password Wins” covers some common password pitfalls and includes security tips for improvement.
United Kingdom – National Health Service (NHS)
https://www.infosecurity-magazine.com/news/nhs-100-email-accounts-hijacked?&web_view=true
Exploit: Email Compromise
National Health Service (NHS): UK National Healthcare System
Risk to Small Business: 2.671 = Moderate
113 internal email accounts from Britain’s NHS were used to send malicious spam to targets outside the organization. The NHS confirmed last week that this misuse by bad actors occurred between May 30 and June 1, 2020. The account compromise discovery comes as part of a larger investigation by the National Cyber Security Centre (NCSC) into a widespread phishing attack campaign across many public service organizations in the UK that the NHS first reported in October 2019.
Individual Risk: 2.892 = Moderate
All of the internal NHS accounts that were compromised and used to send out malicious emails in this incident were identified, and everyone who received a malignant email has been warned. Authorities noted that no personal information was leaked, but targets of the scheme did receive a phishing email sent from an NHS account.
Customers Impacted: 500+
How it Could Affect Your Customers’ Business: Phishing campaigns are always dangerous, whether the attacks are intended to compromise 10 accounts or 1000 accounts. All staffers must be alert to phishing attempts and ready to report them quickly to administrators.
ID Agent to the Rescue: Phishing training and testing with BullPhish ID turns staffers into an effective asset in any company’s phishing defense. With frequently updated training materials in 8 languages, it’s perfect to keep users up to date on the latest threats LEARN MORE>>
Cybersecurity News: European Union
Italy – Ariix Italia
Exploit: Unsecured Database
Arix Italia: Wellness Multilevel Marketing
Risk to Small Business: 1.489 = Severe
An unsecured Amazon Simple Storage Service bucket that containing more than 36,000 documents was recently compromised at Ariix Italia, the newly launched Italian subsidiary of multilevel marketing firm Ariix. Sensitive information including scans of national IDs, credit cards, and health insurance cards was exposed. The database also contained sales representative enrollment contracts that included full names, addresses, tax identification numbers, and signatures of mostly Italian citizens.
Individual Risk: 1.489 = Severe
Ariix Italia customers and sales representatives who have previously provided the company with their personal information should verify that their identities have not been used to commit fraud or other illegal activities and beware of attempted identity theft or phishing attempts.
Customers Impacted: 30,000
How it Could Affect Your Customers’ Business: Failure to adequately protect customer and employee data is no longer a mistake that gets overlooked as an accident. Partners, whether clients or representatives, expect that by entering a business relationship with a firm, that organization will protect any sensitive data involved, and will be less likely to want to do business with a company that can’t.
ID Agent to the Rescue: Sometimes, you need extra help to demonstrate the importance of cybersecurity solutions and upgrades. With Goal Assist, our experts will help set you up for the win with virtual support, training, and even directly talking to your client. LEARN MORE>>
Cybersecurity News: Australia & New Zealand
Australia – Lion Beer Australia
https://www.theregister.com/2020/06/19/lion_brewery_second_cyber_attack_australia/?&web_view=true
Exploit: Ransomware
Lion Beer Australia: Brewing and Beverage Conglomerate
Risk to Small Business: 1.339 = Extreme
For the second time, beverage giant Lion Beer Australia has been walloped with a major cyberattack. Ransomware appears to be the culprit again as attackers using REvil ransomware disrupted both brewing and distributing operations again, but did not completely shut down the company this time. Lion Beer Australia is still reeling from a ransomware attack reported just a week ago. Attackers have reportedly demanded $800,000 to decrypt the affected files. The company has turned from recovery after the prior attack to boosting security in an attempt to avoid future incidents.
Individual Risk: No individual data was reported compromised
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a growing menace for every business, and it can have especially devastating consequences on companies that are engaged in manufacturing and distribution. As ransomware becomes both more widely used and more effective, cybercriminal groups are engaging in a high-stakes game of chicken with affected companies, demanding soaring sums for relief.
ID Agent to the Rescue: Phishing is the favored vehicle for delivery in ransomwareattacks, and even one user falling for a phishing attempt is enough to wreak havoc on a company’s systems. BullPhish ID includes video lessons to train staffers every level to resist phishing – including training to resist skyrocketing COVID-19 themed threats. LEARN MORE>>
Australia – BigWorld Technology
https://www.infosecurity-magazine.com/news/stalker-online-breach-13-m-user/?&web_view=true
Exploit: Unauthorized Database Access
BigWorld Technology: Massively Multiplayer Online Game Developer
Risk to Small Business: 1.997 = Severe
Usernames, passwords, email addresses, phone numbers, and IP addresses belonging to players of popular adventure MMO Stalker Online recently appeared on the Dark Web. Game developer BigWorld Technology admits the passwords were stored in MD5, a known insecure secure encryption algorithm. Two databases were found on underground sites by cybersecurity researchers, one containing around 1.2 million records and another of 136,000 records. Bad actors had also set up a shop on Shoppy.gg hawking the data, which was operational for more than a month and has since been shut down.
Individual Risk: 2.215 = Severe
While no financial information was reported compromised in the breach, Stalker Online does involve microtransactions making account data compromise a risk. Players may also be at risk of identity theft and should reset their credentials immediately.
Customers Impacted: 1.3 million
How it Could Affect Your Customers’ Business: This breach was discovered by white hat actors outside the company. If they hadn’t reported it, who knows how long it would have been before affected users were informed of the potential risk. Failure to secure customer information is bad enough, but failure to even notice that a breach has occurred is devastating to customer confidence.
ID Agent to the Rescue: By keeping an eye on the Dark Web, we find your compromised information fast. Dark Web ID monitors every corner of the Dark Web 24/7/365, watching for compromised data and passwords to appear to give your MSP the edge in mitigating the problem before it becomes a disaster. LEARN MORE>>
The Week in Breach Risk Levels for Cybersecurity News
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Added Intelligence
Go Inside the Ink to Get the Inside Scoop on Cybersecurity News
Have you been reading our blog? We’re bringing you timely cybersecurity news, problem-solving advice, and expert analysis of today’s threats every day, plus intelligent cybersecurity insight that helps you plan for tomorrow.
Catch up on what you need to know now:
- National Go Fishing Day: Phish Facts
- Expert Tips to Grow an MSP Fast and Keep Climbing
- 42% of Companies Must Improve Password Security. Here’s How to Do It.
- Spear Phishing Growth is a Whale of a Problem
- How to Define Insider Threats (and Why That Matters)
Free Education, Sales & Marketing Resources
NEW EVENT RECORDING!
Get Ready to PIVOT2GROW
Or recent weeklong online event in concert with Marketopia was packed with tips to help MSPs learn how to respond to challenging market conditions, and why instead of retrenching, they should be focusing on their potential to grow.
Over a dozen Channel experts in sales and marketing shared their secrets to success in any conditions, including actionable steps that you can take right away to take advantage of the new opportunities that have been created in the post-pandemic sales landscape. Learn how to:
- Maximize your social media connections for prospecting
- Find and leverage connections to create new clients
- Position your MSP as a confident leader in your market
Download the recordings of each session of PIVOT2GROW
NEW WEBINAR!
Fire Up Your Sales This Summer
Are you ready to supercharge your sales and race to the next level? This is the webinar for you. ID Agent and TruMethods recently held a virtual event featuring tips and tricks from sales experts to help MSPs shift their businesses into the fast lane.
In “3 Steps to Rev Up Your Sales Engine”, you’ll learn professional secrets from top Channel leaders that will help you accelerate your sales even in this challenging economy. They’ll share expertise and advice that comes from years of being in your shoes to help you:
- Sell more recurring revenue and close more sales
- Use revamped marketing to find new clients
- Reset your goals to be poised for the next phase of growth
Download “3 Steps to Rev Up Your Sales Engine” today!
Free eBook of the Week – NEW RELEASE!
Get our analysis of the state of the Dark Web after COVID-19
The world has changed in the wake of the COVID-19 pandemic – and so has the Dark Web. Gain insight into the current climate of the post-pandemic Dark Web, see what threats are rising on the Dark Web now, and what we think you need to know to help your customers adjust their cybersecurity strategies. Get a snapshot of the facts that you and your clients can use, because 2020 has been a wild year everywhere, including on the Dark Web.
Click here to download “The State of the Dark Web 2020“
The Week in Breach Threat Spotlight
Cybersecurity News Reports That Insider Threats Have Grown by 47%
Insider threats are a top cybersecurity risk for any company, and that risk is growing rapidly. Recently in the news, statistics from the Ponemon Institute report show that insider threats have climbed by 47% over the last two years. Whether they come from malicious sources or just simple human errors, insider threats have the potential to devastate a business.
Malicious insiders are finding it very profitable to sell data on the Dark Web, especially COVID-19 healthcare and research data. An expanding market for credentials tempts staffers into taking advantage of lucrative opportunities to sell their access credentials, especially if they’re highly privileged. Over 25% of cyberattacks caused by insider threats come from malicious insiders.
Get the facts about the two main types of insider threats, how to spot them, and how to stop them in our free eBook “Combatting Insider Threats“ GET IT NOW>>
Unintentional insider threats are less ominous and more common. More than 60% of breaches caused by insider threats are caused by staffers who aren’t trying to damage the company – they just made a mistake. Unfortunately, that mistake can be the door to a data breach that results in your information hitting the Dark Web, plus and expensive and time-consuming recovery, sometimes with regulatory penalties topping it off.
For your clients, Learning how to define insider threats and having some examples of potential threat vectors to consider can help demonstrate why this is an issue that they should take seriously. Creating an effective defense against insider threats includes choosing a dynamic cybersecurity risk protection platform with multiple solutions that work together to mitigate the risk of a bad actor gaining access to systems and data.
Malicious insiders will almost always be looking for a way to profit off of the data or access that they’re selling, and they’re most likely to turn to the busy data markets on the Dark Web. With a solution like Dark Web ID, companies can find out fast if their data or credentials appear in Dark Web markets because of our 24/7/365 monitoring and analysis – empowering them to act to solve a problem before it becomes a catastrophe.
Fight back against insider threats to avoid data disasters with Dark Web ID.
Watch this 10-minute technical demonstration video of Dark Web in action.
Catch Up With Us at These Virtual Events
JULY 22-23: ASCII MSP Connect Live REGISTER>>
AUG 24-27: Connect IT Global in Las Vegas REGISTER >>
AUG 30-SEPT 1: ITBYDesign BuildIT REGISTER>>
A note about cybersecurity news for your customers:
Improving Password Security Improves All of Your Defenses
One of the top concerns that many businesses have when making a cybersecurity plan is how to protect themselves from cybercriminals. But that’s not the right thing to have at the top of your cybersecurity checklist. More cybersecurity incidents like a data breach are caused by human error than anything else – and one of the worst errors that many staffers make is creating a terrible password.
Bad, weak, cracked, or compromised passwords are the bread and butter of cybercrime. Login credentials are currency, especially for privileged users. The fastest, cheapest, and easiest way to immediately improve your cybersecurity is to teach and enforce good password hygiene, from creation to storage.
ID Agent provides several resources to help educate your users on making and storing secure passwords. Our new eBook details some common mistakes that users make when creating passwords. We’ve provided an analysis of several of the biggest password pitfalls of 2020 in our blog.
Our Password Education Package provides great information about how to make stronger passwords including the whitepaper “Building Better Passwords” – and our Top 50 Worst Passwords List to see how yours stacks up.
Contact ID Agent today for an expert analysis of how you can update your security plan to include solutions like Dark Web ID to mitigate the damage caused by bad passwords and maintain data security compliance to protect your company from threats at a price that doesn’t threaten your budget.
Get high-quality marketing tools to help you connect with your customer with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Follow us on social media to find out about upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!