Please fill in the form below to subscribe to our blog

The Week in Breach 07/08/20 – 07/14/20

July 15, 2020

This Week in Cybersecurity News: Malicious insiders strike, gambling with security doesn’t pay off for a gambling app, and the debut of our newest eBook to help you transform into a marketing superhero!

Cybersecurity News: Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Hospitality
  • Top Employee Count: 1-10

Cybersecurity News: United States 

United States – DataViper

Exploit: Unauthorized Database Access (Malicious Insider)

DataViper: Information Security  

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.239 = Extreme

A malicious insider is the culprit in a data breach at information security firm DataViper. 8,200 databases containing the personal information of millions of users were snatched from the company’s data leak monitoring service. The hacker, purportedly a former employee of Night Lion who is using that name for Dark Web activity, claims to have spent three months inside DataViper servers while exfiltrating databases indexed for the DataViper data leak monitoring service. The hacker also posted ads on the Empire Dark Web marketplace where they put up for sale 50 of the biggest databases that they found inside DataViper’s backend.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.117 = Severe

While these databases contained the information of billions of people worldwide, much of the information was from old breaches. Some new information was included, but researchers have not ascertained how much and what kind. This kind of information is often used in phishing and credential stuffing attacks.

Customers Impacted: Unknown 

How it Could Affect Your Customers’ Business: Insider threats are a menace to every business. Our insider threats eBook helps companies spot and stop insider threats.  While most insider incidents at organizations are caused by unintentional threats like human error, malicious insider attacks count for more than 20% of insider incidents. Some malicious insiders sell company secrets or even their own credentials on the Dark Web.

ID Agent to the Rescue: Our digital risk protection platform includes Dark Web ID to alert businesses to user passwords appearing in Dark Web markets to help organizations detect password compromise and insider threats faster. LEARN MORE>> 

United States – Benefit Recovery Specialists

Exploit: Malware

Benefit Recovery Specialists: Medical Billing and Debt Collection 

cybersecurity & breach news represented by a gauge showing severe risk

Risk to Small Business: 1.974 = Severe

A malware incident was just confirmed at Benefit Recovery Systems by the US Department of Health and Human Services’ Office for Civil Rights. Several computers at the Houston-based company were infected, leading to a breach that exposed thousands of customer records. In a breach notification statement posted on BRSI’s website, the company says that on April 30, it discovered a malware incident affecting certain company systems. The company stated that customer files containing personal information may have been accessed and/or acquired by the unknown actor between April 20 and April 30, 2020.  

cybersecurity & breach news represented by a gauge showing severe risk

Individual Risk: 2.227 = Severe

Information that may have been exposed includes name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code. A small number of Social Security numbers may also have been exposed. Patients that were impacted should be alert for spear phishing attempts or identity theft. 

Customers Impacted: 275,000 

How it Could Affect Your Customers’ Business: Healthcare data is one of the hottest commodities in today’s data markets – especially COVID-19 related patient or research data. Plus, healthcare companies face steep fines for HIPPA violations like this, making it prudent for every healthcare organization to add data loss prevention and security awareness training as priorities before a breach.

ID Agent to the Rescue: Phishing is a common delivery system for malware. Our security awareness training solution BullPhish ID helps prevent malware attacks by teaching users to be aware of phishing attempts. LEARN MORE>> 

Cybersecurity News: Canada

Canada – Canadian Defence Academy

Exploit: Ransomware

Canadian Defence Academy: Military Training College System 

cybersecurity & breach news represented by a gauge showing severe risk

Risk to Small Business: 1.694 = Severe

Computer systems at Canada’s four military academies have been taken offline by a purported ransomware attack. The schools affected include the Royal Military College, the Royal Military College Saint-Jean, the Canadian Forces College and the Chief Warrant Officer Robert Osside Profession of Arms Institute. Early indications suggest this incident resulted from a mass phishing campaign. An officer at an engineering school that was impacted reported the incident as a ransomware attack on his personal blog. The incident has not affected any classified systems or classified research. 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the business scourge that keeps information security professionals up at night. Most ransomware arrives through a successful phishing attack, and phishing is the biggest threat of 2020 so far, with a more than 600% increase in attempts noted since the start of the pandemic.

ID Agent to the Rescue: Protection from ransomware starts as protection from phishing. Improved phishing resistance training with BullPhish ID will arm staffers with the knowledge and awareness that they need to spot and stop potentially ransomware-infected emails. LEARN MORE>> 

Cybersecurity News: United Kingdom

United Kingdom – Xchanging

Exploit: Ransomware

Xchanging = Insurance Managed Services Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.307 = Severe

Ransomware strikes again, this time taking systems hostage at Xchanging, the UK based subsidiary of DXC Technology. The problem appears to be limited to several of the company’s customer-facing services. Xchanging offers business process services in areas such as customer administration, finance and procurement, and technology services including application management, infrastructure management, specialist software, and data integration. No data is believed to have been stolen in this incident. 

Customers Impacted: 1.000+ 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.

How it Could Affect Your Customers’ Business:  Every business has relationships with service providers, making the risk of a third-party data breach unavoidable. Especially when transacting business with companies that handle payment, financial or personnel data, organizations have to be cognizant of the potential for a data breach that comes through business services relationships, and the Dark Web danger that brings to the table.

ID Agent to the Rescue: Teaching clients about the risks of incidents like a third-party data breach is essential for increasing MRR, but it can be an undertaking that MSPs could use a hand with. That’s why our Partners love Goal Assist. We provide marketing materials, training, and more to our Partners – we’ll even hop on a call to help you notch the win! LEARN MORE>> 

Cybersecurity News – European Union

Portugal – Energias de Portugal (EDP)

Exploit: Ransomware 

Energias de Portugal: Energy Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.109 = Severe

Energy giant EDP reported through its North American subsidiary, EDP NA, that it had been affected by a ransomware attack using Ragnar Locker. While the attack was not recent, the company just confirmed the parameters of it publicly as it became apparent that recovery would include notifying potentially affected customers. The attackers reportedly demanded that EDP Group pay a ransom of 1580 bitcoins for a decryptor and to stop the cybercriminals from releasing over 10 TB of data allegedly stolen in the incident.   

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.022 = Severe

Attackers reportedly gained access to some personal information stored on the impacted servers, including personally identifying information and Social Security numbers. No financial or payment card data was accessed. The company is offering customers one year of free data protection via Experian as a proactive measure. 

Customers Impacted: 11,500

How it Could Affect Your Customers’ Business:  As ransomware continues to wreak havoc with cybersecurity at businesses of any size, every business needs to have a plan in place to both recover from a ransomware incident and bolster their security to defend against potential ransomware attacks because Dark Web activity has never been higher – or a bigger threat to businesses.

ID Agent to the Rescue: Our Partners enjoy access to our comprehensive digital risk protection platform, enabling them to help their clients put the innovative security solutions in place that help guard against threats like ransomware. LEARN MORE>> 

Cybersecurity News – Australia & New Zealand

New Zealand – Fisher and Paykel

Exploit: Ransomware  

Fisher and Paykel: Appliance Manufacturer and Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.374 = Severe

The saga continues for New Zealand appliance company Fisher and Paykel, as they continue to experience damage following a ransomware attack last month. In June, attackers took the company’s data hostage, releasing a teaser on the Dark Web as part of its initial ransom demand. The attackers used Nefilim ransomware, whi9ch is effective against Windows systems.  A larger trove of corporate data just hit the Dark Web after the company apparently failed to meet the ransom demand. So far the materials released are financial documents dating back to 2014. 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: It’s become increasingly common for ransomware attacks to have multiple components, with attackers initially making a ransom demand while providing sample data as proof that they have information, and then escalating incidents if their demands are not met. With a huge rise in phishing attempts, businesses can’t afford to take security awareness training chances.

ID Agent to the Rescue: Security awareness training that includes phishing resistance with BullPhish ID helps companies shore up their primary line of defense against ransomware, turning workers who are potential security risks into real security assets. LEARN MORE>>

Cybersecurity News: Asia & Pacific

India – T7 Games/Ouroboros Games

Exploit: Unsecured Database

T7 Games/Ouroboros Games: Gambling Games Application Developer 

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.217 = Extreme

The world’s most popular social gambling app Clubillion suffered a major data breach that affects customers around the world. A research team initially discovered the problem on March 19, finding the database hosted on Amazon Web Services during the course of working on a web mapping project. The developers of Clubillion were notified by the researchers quickly, but continued inaction exposed approximately 200 million user records per day – 50GB worth of data. The active database included constantly updated gameplay information for affected users as well as IP addresses, e-mail addresses, winnings, and private messages. The database was recorded as open for 16 days before action was taken to contain the leak.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.219 = Severe

While researchers did not see any personally identifying or financial information in the affected database, the complexity of the breach prevents certainty about exactly what was leaked. Users of the app should be aware of potential phishing attacks fueled by this data.  

Customers Impacted: 160,000+

How it Could Affect Your Customers’ Business: Staffers aren’t just using their favorite apps and services on their personal phones and computers – they’re doing it on their work machines too. As companies continue to adopt “Bring Your Own Device” policies and the work/personal line gets murkier for staffers, companies have to be concerned about the potential for danger caused by breaches in entertainment and social media apps. 

ID Agent to the Rescue: Protect company systems with an essential second layer of security. Multifactor authentication with Passly means that even if a staffer’s password is stolen or compromised through an incident like this, the authentication code needed to log in to company systems puts another door between cybercriminals and company data. LEARN MORE>>

The Week in Breach Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybersecurity News 

Every weekday, our blog features timely cybersecurity news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch up on what you need to know now: 

Free eBook of the Week

New Release!

Supercharge Your MSP Sales and Marketing  

In our new eBook, you’ll find out why ID Agent Resources and Kaseya Powered Services are the secret weapon that you’re looking for to supercharge your marketing and drive your sales into the stratosphere. Marketing is a top pain point for many MSPs, but we’re here to help with heavy-hitting tools like: 

  • Webinars, eBooks, and training to make you a better marketer 
  • Free complete cobrandable marketing campaigns for our solutions 
  • Social media and blog content to enhance your thought leadership 

As we learned in PIVOT2GROW, an educated customer is a customer that buys more. Power up your marketing and enhance your customer’s education about cybersecurity issues and solutions to supercharge your sales and boost your MRR.  

Download “Supercharge Your MSP Sales & Marketing: 5 Ways Powered Services Will Make You a Hero” now! GET IT>>

Don’t Just Survive – Get Expert Insight to Grow and Thrive! 

PIVOT2GROW was an amazing event, packed with advice from Channel experts and marketing rainmakers to help MSPs make all the right moves in today’s turbulent landscape. There was so much excellent advice, including the tidbit cited above, that we highly recommend getting the recordings. This weeklong event held in concert with Marketopia gives you the fuel that you need to take advantage of unexpected Channel opportunities right now to set yourself up for explosive growth tomorrow. 


The Week in Breach Cybersecurity News Spotlight

Web-Based Apps Are Great Tools For Businesses But They Have Hidden Dangers 

Almost every business relies on web-based applications and tools to function these days. From data storage to video conferencing, web-based applications are everywhere. But they’re not as safe as you might think – and that can be a problem for businesses. 

Recently, a newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s widely used Chrome web browser. Google removed around 70 add-ons that it deemed “malicious” in response to that discovery.  

Remote workers are more likely to use work devices for everything. Improve your security to support a remote workforce more effectively with our Remote Working Cybersecurity resource package. GET YOUR FREE PACKAGE NOW!>>

The extensions were designed to avoid detection by antivirus or security software. If a user with one of the malicious browser extensions installed surfed the web on a home computer, it would connect to a series of websites and transmit information. Anyone using a corporate network, which would include security services, would be less likely to transmit sensitive information.

As the work/home device line blurs, every company needs to put protections in place to deal with cybersecurity incidents caused by these kinds of problems. A dynamic, comprehensive digital risk protection platform like ID Agent’s can help reduce the risk of damage from unintentional insider threats like this with Passly.

Our freshly updated secure identity and access management solution Passly, seamlessly integrates with over 1,000 applications to provide an essential added layer of security for companies by requiring multifactor authentication – keeping the bad guys out and company data in to help prevent a costly and potentially devastating breach. 

Watch this 10-minute technical demonstration video of Passly in action.

Catch Up With Us at These Virtual Events

JULY 21: MSPs Are Lifting the Veil of the Dark Web REGISTER>> 
JULY 21- 23: ASCII MSP Connect Live REGISTER>>
AUG 24 – 27: Connect IT Global REGISTER >> 
SEPT 27 – 29: GlueX 2020 REGISTER>>

advertisement for msp think tank an upcoming digital event july 27th through 31st exploring sales improvement and pricing structures

Register today for MSP THINK TANK, a digital tech festival for MSPs featuring 14 sessions with Channel leaders and special guests. Don’t miss these future-focused sessions packed with inspiration to gain the insight that you need to create a bright future for your business. REGISTER NOW>>

A note about cybersecurity news for your customers:

Third Party Data Breaches Endanger Every Company 

Just because your company hasn’t had a data breach, that doesn’t mean that your staffers’ credentials are safe. Third-party data breaches are an increasing problem for every company. These days everyone uses internet-enabled services for everything from shopping to airline tickets. But that convenience comes at a price for workers: the risk of a personally identifiable data breach – and those breaches endanger their employers as well. 

Recently, 45 million records of travelers to Thailand and Malaysia appeared on the Dark Web. The stolen information included extensive personal data on travelers from many countries including their Passenger ID number, full name, mobile numbers, passport details, home address, gender, and flight details. And as we reported recently, users of top gambling app Clubillion were recently impacted by a data breach as well, leading to millions of users having personally identifiable data leaked.  

These breaches provide the fuel that powers spear phishing attempts, blackmail, password compromise, and other cyberattacks. While companies can’t stop third-party breaches from accidental exposure of their workers’ personal information, they can mitigate the potential damage and add protections that can stop bad actors from using it against them.  

Ensure that you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan bulwarked by a digital risk protection platform featuring a Dark Web monitoring solution like Dark Web ID to watch for compromised credentials and alert companies to trouble. By making sure that you’re prepared for trouble from unexpected sources, you make your entire cybersecurity posture stronger to increase data loss prevention fast. 

Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.

Follow us on social media to find out about upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!