The Week in Breach 06/24/20 – 06/30/20
This Week in Cybersecurity News: Healthcare data breaches keep climbing, Twitter apologizes for its breach, and Australian cyberattacks illustrate the importance of basic training.
Cybersecurity News: Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1-10
Cybersecurity News: United States
United States – Twitter
Exploit: Accidental Data Sharing
Twitter: Social Media Platform
Risk to Small Business: 2.602 = Moderate
Twitter sent a notification to business clients last week acknowledging a data breach that exposed the personal and billing information of some users. The breach occurred due to an issue that led to some users’ sensitive information being stored in the browser’s cache. Twitter explained that it recently became aware of this issue. Business users were warned that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter your account’s billing information may be at risk.
Individual Risk: 2.602 = Moderate
Twitter did not release an estimate of the accounts affected, but it did specify that only business customers were at risk, and only a percentage of business customers had any details exposed. The leaked information potentially included email addresses, users’ contact numbers, and the last four digits of credit card numbers used for Ads accounts. Twitter business customers should monitor potentially affected payment accounts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Information like this quickly makes its way to the Dark Web, setting businesses up for cyberattacks including spear phishing attempts. In addition, failing to guard a business customer’s recurring payment information can negatively impact their relationship with that service provider.
ID Agent to the Rescue: Dark Web ID enables companies to keep an eye on potentially compromised credentials and contact information for privileged accounts, like executives and administrators who have access to major corporate vendor accounts and credit cards. LEARN MORE >>
United States – AMT Healthcare
https://portswigger.net/daily-swig/amt-healthcare-data-breach-impacts-nearly-50-000-patients
Exploit: Internal Email Account Compromise
AMT Healthcare: Medical Care Solutions Provider
Risk to Small Business: 1.662 = Severe
AMT Healthcare revealed this week that it had experienced a data breach affecting a large pool of customers in December 2019 that was discovered through suspicious activity on an employee email account. The California-based company recently completed an investigation into the incident and contacted those who were affected. Potentially compromised data includes patient names, Social Security numbers, medical record numbers, diagnosis information, health insurance policy information, medical history information, and driver’s license/state identification numbers.
Individual Risk: 1.899 = Severe
Anyone that may be at risk of compromise was informed this week. Extremely sensitive data was compromised in this breach, and those affected should beware of the potential for fraud, identity theft, and spear phishing attempts that this stolen data creates. A filing of the account posted to the breach portal at the U.S. Department of Health and Human Services noted that potentially affected patients are being offered free credit monitoring services.
Customers Impacted: 47,767
How it Could Affect Your Customers’ Business: When clients choose to do sensitive business with a company, they’re also trusting that company to guard their information. This imperative is even stronger for companies that collect health information. Not only does a data breach cost healthcare organizations patient confidence, but it also costs a fortune in HIPPA-related fines.
ID Agent to the Rescue: Insider threats like a compromised email account can result from the actions of malicious insiders or careless staffers. Learn to spot and stop insider threats in our “Combatting Insider Threats” resource package, including a free eBook. GET IT NOW>>
United States – CentralSquare Technologies
https://www.databreachtoday.com/payment-card-skimmer-attacks-hit-8-cities-a-14512
Exploit: Malware
CentralSquare Technologies: Public Sector Services Provider
Risk to Small Business: 1.977 = Severe
Eight cities in three U.S. states that use CentralSquare’s Click2Gov payment systems for municipal transactions were recently affected by a payment card skimming attack that exploited a software vulnerability in the Click2Gov platform. Using Magecart-style malware designed specifically to work on Click2Gov payment sites, cybercriminals were able to capture payment card information from people using the affected Click2Gov sites to make municipal services transactions like paying bills or fines. The attacks began in April 2020 and are ongoing. Reports note that 5 of the 8 cities affected were also targeted in attacks in 2019. The names of the affected cities were not released.
Individual Risk: 2.378 = Severe
Financial data was directly compromised in this attack, including payment card numbers, expiration dates, and CVV. Similar information from previous attacks against Click2Gov in 2019 and 2018 was made available on the Dark Web quickly.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Payment skimming malware is an increasing threat for any business that processes online payments. Compromised financial and identity information can also hang around in Dark Web markets for a long time, creating continued risk.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web 24/7/265 using human and machine intelligence to uncover potential threats, like stolen data and compromised credentials, and alert you to danger so that you can take action. SEE HOW IT WORKS>>
United States – University of California San Francisco
https://www.infosecurity-magazine.com/news/ucsf-pays-114m-ransomware-fee/
Exploit: Ransomware
University of California San Francisco: Education and Research Institution
Risk to Small Business: 1.275 = Extreme
The University of California San Francisco (UCSF) confirmed this week that it paid cybercriminals $1.14 million to decrypt data following a ransomware attack. Although UCSF was able to detect the incident quickly, it was not fast enough to allow cybersecurity teams to quarantine the affected servers, and a significant portion of its medical school and research data was encrypted. The ransom was demanded to free essential COVID-19 research data that was captured in an intrusion on June 1. Reports indicate that UCSF was one of four academic institutions targeted in a single week by the Netwalker ransomware group.
Individual Risk: No patient or personal data was reported as compromised at this time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a growing menace to every organization, and it’s not just sensitive business or financial data that Dark Web criminals are after. Research data has become an increasingly hot commodity. Paying ransoms to cybercriminals to decrypt research data sets a dangerous precedent. Collecting large sums will embolden other groups that can take down big fish to score big paydays.
ID Agent to the Rescue: The most common way that a system becomes infected with ransomware is through phishing. Don’t allow staff training updates to lag as you wait for things to slow down. BullPhish ID includes phishing resistance training kits that are perfect for training in office and remote staffers featuring video content and online testing to judge user competence in 8 languages. LEARN MORE>>
Cybersecurity News: Canada
Canada – OneClass
Exploit: Unsecured Database Access
OneClass: E-learning Platform
Risk to Small Business: 1.407 = Extreme
An unsecured Amazon Secure Storage Services bucket is the culprit for a data breach at North American education services provider OneClass. The Canadian company was informed of the breach on May 25 by cybersecurity researchers and the database was secured within 24 hours. However, personally identifiable information for more than 1 million students, some as young as 13, had already been extracted. The compromised 27GB database includes 8.9 million records.
Individual Risk: 1.719 = Severe
Students, teachers, and other users of the platform had personally identifiable data including full names, email addresses (some masked), schools and universities attended, phone numbers, course enrollment data, textbooks, testing results, faculty data, and other OneClass account details compromised. No payment information or financial data is believed to have been affected.
Customers Impacted: 1 million
How it Could Affect Your Customers’ Business: Failure to secure the personally identifiable data of users, especially children, is distasteful to both potential and current clients. Students, teachers, and schools may look at other education platforms to find a more secure alternative. Information compromised in this incident could haunt those affected for years to come as it lingers on the Dark Web.
ID Agent to the Rescue: Dark Web ID provides 24/7/365 human and machine powered monitoring and analysis to alert businesses quickly if their credentials or data appear in Dark Web markets, giving them a chance to prevent a cybersecurity incident from snowballing into a cybersecurity disaster. LEARN MORE>>
Cybersecurity News: United Kingdom
United Kingdom – Babylon Health
Exploit: Accidental Data Sharing
Babylon Health: Telemedicine Technology Developer
Risk to Small Business: 2.207 = Severe
A recently completed investigation revealed that a flaw in the software created by Babylon Health to enable telemedicine appointments also allowed users to see the consultations of other patients after they finished their own telemedicine visits. The app is used by about 2.3 million UK users. It allows members to book medical appointments, access a triage chatbot, and have consultations with NHS doctors via smartphone video or audio-only call. Apparently, when users switched from video to audio-only during their call, they also gained access to the audio recordings of the medical consultations of other users.
Individual Risk: 2.919 = Moderate
Babylon Health reports that the issue was discovered in early June and repaired rapidly, with a “very small” unspecified number of users affected.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: More and more interactions are taking place over video these days, especially in the wake of the global pandemic. Many video conferencing service providers have had issues with intrusions and software glitches that put the private conversations and meetings of users at risk, creating doubt in the security of this type of communication. Because of this, data that is shared during a video conference through display, audio, or screen sharing may be in danger of compromise.
ID Agent to the Rescue: In an era when more business is being done remotely, it’s essential that businesses have appropriate security solutions in place to mitigate these risks – but that can be a hard sell in a challenging economy. With Goal Assist, our Partners can tag in extra help when they need it to reinforce the value that they’re offering to clients and score a sales win. FIND OUT MORE>>
Cybersecurity News: Australia & New Zealand
Australia – Chem Pack
Exploit: Ransomware
Chem Pack: Liquid Chemical Formulation Manufacturer
Risk to Small Business: 1.779 = Severe
As a barrage of cyberattacks continues to affect companies in Australia, Chem Pack has been caught in a ransomware attack. Cybercriminals using REvil ransomware have compromised and encrypted data at the Melbourne-based manufacturer. REvil ransomware exploits a known 2018 Windows vulnerability to elevate account privileges, enabling these bad actors to strike. The attackers claim to have exfiltrated financial information, personal information, and other essential business data, and recently posted a screenshot of a sample of the data on a Dark Web forum. Typically, this group posts a screenshot as proof that they’ve encrypted the affected data and asks the victim to contact them to negotiate a ransom for the key to unlock it.
Individual Risk: No individual data was reported as compromised.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a scourge that doesn’t just hold a company’s operations hostage, it also creates extended cybersecurity risks as data that has been obtained in attacks is copied and shared on the Dark Web. Even when a ransom is paid, victims have no guarantee that the captured data is returned without being replicated or sold to others first.
ID Agent to the Rescue: Dark Web ID alerts companies immediately when their protected data hits Dark Web markets, giving IT security teams actionable intelligence about potential threats and vulnerabilities that allows them to act fast to throw a roadblock up against attackers and mitigate potential damage. SEE IT IN ACTION>>
The Week in Breach’s Cybersecurity News Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Added Intelligence
Go Inside the Ink to Get the Inside Scoop on Cybersecurity News
Every weekday, our blog features timely cybersecurity news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Catch up on what you need to know now:
- How to Define Insider Threats (and Why That Matters)
- Expert Tips to Grow an MSP Fast and Keep Climbing
- The Ink This Week: Cybersecurity News and Analysis 6/26
- Data Loss Prevention is a Must to Avoid Rising Breach Penalties
- Is Phishing the Biggest Insider Threat of 2020?
- Rocket Fuel For Sales and Marketing For MSPs in 2020
Free eBook of the Week
Stronger Passwords Are Essential for Stronger Security
Human error is the number one cause of a data breach One major error that any staffer can make is to create a terrible password. If any user’s password is weak, recycled, or easy-to-guess, it’s a risk to data and system security for the whole company. See three ways that bad passwords are born, and learn three techniques to create better passwords now. How does your password measure up?
Read “Is This Your Password? 3 Common Password Fails & Three Quick Password Wins” today! DOWNLOAD THE BOOK>>
The Week in Breach Cybersecurity News Spotlight
Australian Cyberattacks Prove That Threat Resistance Training is Always a Good Investment
Sophisticated cyberattack risks are growing throughout the world, and the attacker isn’t always just a group of opportunistic cybercriminals. A recent explosion of cyberattacks against targets in Australia has been reported to be linked to potentially malicious state-sponsored actors, creating a new level of worry for cybersecurity architects.
Ransomware has become an even greater menace for Australian companies. Government officials have warned that ransomware that is delivered through spear phishing attacks is suspected to be part of the overall larger attack picture in this wave of attacks. Therefore, it’s clear that frequent, high-quality phishing defense and resistance training is essential to protect a company from ransomware attacks.
Ransomware is devastating to any business, as was recently demonstrated by two incidents at Australian drinks conglomerate Lion. Systems at the beverage company have been infected twice in the last month alone, freezing essential production and operations technology just as it began to ramp up its post-pandemic production.
Get tips to help secure a remote workforce fast and insight into the unexpected risks that remote operations bring in our Remote Working Cybersecurity resource package.
A dynamic solution like BullPhish ID is the right choice for state-of-the-art phishing resistance training. BullPhish ID’s constantly updated educational tools allow staffers to learn through video and be tested on that knowledge with online quizzes – with pre-made phishing kits including the latest threats available in 8 languages for quick deployment. These features also make it an ideal vehicle for remote training because training shouldn’t stop just because staffers aren’t in the office.
Updating a company’s cybersecurity stack to boost ransomware defense should always include upgrading phishing resistance training. Dark Web monitoring is a great place to start when constructing a strong cybersecurity defense, but every building block in that defense is important – and improved phishing resistance with BullPhish ID is an easy and affordable block to add.
Watch this 10-minute technical demonstration video of BullPhish ID in action.
Catch Up With Us at These Virtual Events
JULY 22 – 23: ASCII MSP Connect Live REGISTER>>
AUG 24 – 27: Connect IT Global in Las Vegas REGISTER >>
SEPT 27 – 29: GlueX 2020 REGISTER>>
A note about cybersecurity news for your customers:
An Ounce of Prevention is Worth a Pound of Cure
We’ve all heard this old saw, and it’s still popular for a reason: it’s right. Taking strong preventative measures now to protect your data saves both time and money later. More than 50% of businesses had a data breach in 2020 – and that’s a time-consuming money pit for any company. By taking the right preventative measures now, you can lower your risk of a data breach later.
One of the most important preventative measures to take right away is updated training about current phishing threats. Right now, cybercriminals are using many new tricks to mount phishing attacks. While your staff may be aware that they shouldn’t open unexpected attachments, do they know not to click surprise links, or open unanticipated PDFs, or accept unverified Zoom invitations? Updated phishing training prepares them to resist these threats and protect your data.
Coupling phishing resistance training with 24/7/365 Dark Web monitoring guards your data on two fronts. Not only are you preventing bad actors from getting a front door key to your data with improved phishing resistance, but you’re also making sure that cybercriminals aren’t sneaking in the back door either by watching for Dark Web threats. By combining multiple solutions that work together well, you can maximize the ways that your security solutions help prevent data loss – because strong, sensible preventative measures always pay off.
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Follow us on social media to find out about upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!