The Week In Breach

by Kevin Lancaster

This Week in Cybersecurity News: In cybersecurity news this week: Even tech giants have basic cybersecurity woes, third-party data breaches put every business at risk, and a webinar featuring 5 steps to success.  


Cybersecurity News: Dark Web ID’s Top Threats


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Finance & Insurance
  • Top Employee Count: 251-500

Cybersecurity News: United States 


United States – Twitter 

https://apnews.com/860daee9d51ceb588c9bd0feebddc323

Exploit: Account Compromise 

Twitter: Social Media Platform 

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.216 = Extreme

The hack heard ‘round the world this week is a huge embarrassment for social media powerhouse Twitter, after dozens of high-profile accounts were accessed illegally and used to transmit messages inviting their followers to “invest” in a bitcoin scam. Some of the affected accounts included Bill Gates, Barack Obama, Elon Musk, and Jeff Bezos. The hack was quickly discovered, and those accounts were frozen briefly while Twitter assessed and fixed the security flaw. Twitter is now reporting that the hackers targeted 130 accounts, were able to take control of 45, and 8 accounts had data downloaded. While early reports speculated on the threat actors as a sophisticated hacking group, The New York Times uncovered that the attack was actually carried out by a few unorganized hackers using a Discord server who obtained access through a “social engineering attack”. The attack is under investigation by numerous authorities including the FBI.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.890 = Moderate

The hackers were able to obtain some personal information and change passwords for some of the celebrity accounts, but did not gain access to any financial information, past password records, or other sensitive data in all but 8 cases. Those 8 cases are still being investigated, but it’s unlikely that any sensitive data was compromised. 

Customers Impacted: 130

How it Could Affect Your Customers’ Business: A “social engineering attack” is often just a fancy way of saying “phishing attack”. Failing to protect sensitive communications and data channels for your clients because of failing to undertake basic training in phishing resistance will not only cause an expensive recovery when an attack lands, it can also be embarrassing. Plus, the potential regulatory scrutiny is bound to be a headache and give ammunition to those who are looking to add more regulation to social media platforms through future legislation.

ID Agent to the Rescue: Phishing resistance training is a must for any organization. Bolster your clients’ defense against phishing with BullPhish ID, featuring constantly updated training with video content for today’s biggest threats including COVID-19 threats. LEARN MORE>> 


United States – BlackBaud

https://www.zdnet.com/article/cloud-provider-stopped-ransomware-attack-but-had-to-pay-ransom-demand-anyway/?&web_view=true

Exploit: Ransomware

BlackBaud: Cloud Services & Financial Technology 

cybersecurity & breach news represented by a gauge showing severe risk

Risk to Small Business: 2.177 = Severe

BlackBaud admitted that its’ success in preventing a recent ransomware attack in May 2020 wasn’t quite as straightforward as it seemed. It turns out that they did pay a ransom to the hackers, but not to decrypt files. The ransom was paid to prevent the release of the stolen data in an increasingly popular double-extortion ransomware scheme. The cloud provider, which primarily works with non-profits, foundations, educational charities, and healthcare organizations, said the incident only impacted the data of only a small subset of its customers, which they have now notified. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.797 = Moderate

According to BlackBaud’s statement about the incident,  no credit card information, bank account information, or Social Security numbers were stolen.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware is the bane of every company in today’s threat environment. Improved security awareness training, especially around phishing threats, is the best way for companies to quickly boost their defenses against ransomware.

ID Agent to the Rescue: ID Agent’s digital risk protection platform packs three essential components of an effective, dynamic defense of data and systems. Add in our sales and marketing support, and you’ll see why over 3,000 MSPs in 30 countries chose ID Agent.  Put the power of ID Agent to work for your clients by Partnering with us today. LEARN MORE>> 


United States – MyCastingFile.com 

https://www.zdnet.com/article/us-actor-casting-company-leaked-private-data-of-over-260000-individuals/?&web_view=true

Exploit: Unsecured Database 

MyCastingFile.com: Entertainment Staffing Platform 

cybersecurity & breach news represented by a gauge showing severe risk

Risk to Small Business: 1.643 = Severe

Researchers discovered an unsecured Elasticsearch database owned by MyCastingFile.com and filled with information about clients of the casting agency, including current and aspiring actors. It’s estimated that the breach started on May 31 and wasn’t addressed until mid-June. The New Orleans based company acted quickly after they were informed of the problem, but still suffered a breach estimated to be 1GB in size, with over 260,000 user profiles leaked of clients, actors, and members of staff, including minors. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.349 = Severe

The leak included names, physical addresses, email addresses, phone numbers, work histories, dates of birth, height and weight, ethnicity, and physical descriptions. Anyone with a profile at the platform should be alert for potential identity theft and spear phishing attempts.  

Customers Impacted: 260,000 

How it Could Affect Your Customers’ Business:  Failure to secure a database is a rookie move, and no company’s clients are going to look at that kindly – especially when that failure involved children. Customers today are concerned about data privacy, and more aware of Dark Web danger than they used to be – and they will not want to continue doing business with companies that can’t keep their information safe.

ID Agent to the Rescue:  Dark Web activity has never been higher, and in the wake of the global pandemic, the Dark Web has changed just as much as the rest of the world. Get an overview of what’s happening on the Dark Web now and how that can affect your clients’ security in our eBook “State of the Dark Web 2020”. DOWNLOAD IT>> 


United States – LiveAuctioneers 

https://portswigger.net/daily-swig/liveauctioneers-data-breach-millions-of-cracked-passwords-for-sale-say-researchers

Exploit: Unauthorized Database Access 

LiveAuctioneers: Online Antiques Auction House 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.172 = Severe

LiveAuctioneers has reported a major data breach courtesy of one of its third-party data processing partners. The company first noted the incident on July 10, 2020, after monitors spotted Dark Web posts advertising the sale of the company’s records company records of 3.4 million LiveAuctioneers users, as well as three million cracked username and password combinations. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.172 = Severe

While no financial data has been reported as compromised, the investigation is still ongoing. Those affected have been notified via email. Every user should reset their account password and be alert to potential identity theft.  

Customers Impacted: 3.4 million 

How it Could Affect Your Customers’ Business:  Third party risk is a growing menace that’s hard for businesses to overcome. By maintaining a constant watch on Dark Web markets, businesses can get notified when credentials, including those used in accounts at third party partners, suffer a breach, lowering their risk of compromise from the stolen information.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web 24/7/365 using Channel-leading human and machine analysis to find compromised business credentials and report it to your clients fast, to keep cybersecurity incidents from becoming cybersecurity disasters. SEE A DEMO>> 


Cybersecurity News: United Kingdom


United Kingdom – Tesco

https://www.infosecurity-magazine.com/news/consumers-targeted-tesco-scam/

Exploit: Phishing/Impersonation

Tesco: Grocery Retailer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Small Business: 2.877 = Moderate

Retail giant Tesco was recently used as a front for an elaborate phishing operation that used a fake Facebook page as well as SMS and email communication to trick consumers into handing over their details and steal confidential and payment data as part of a fake giveaway for a  new HD TV. Facebook users who shared the post helped it spread. Victims received an email offering them the chance to “register to claim their prize. A button in the message then linked victims to a landing page to enter their name, home address, telephone number, and bank account details. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.667 = Moderate

The Facebook portion of the scam was shut down quickly, but some consumers did fall for the email, providing bad actors with personal and financial data, and the scam may still be circulating via email. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In a booming Dark Web economy, everything is for sale. Your client’s brand is just as valuable as their data. Digital risk protection can’t stop impersonation schemes, but it can prevent bad actors from masquerading as your client in Dark Web forums or on social media if your client is alerted to the problem quickly enough.

ID Agent to the Rescue: Convincing clients that they need to extend or upgrade their digital risk protection can be difficult at the best of times, and this economy adds an extra challenge. We’re here to help. With Goal Assist, our sales team acts as your backup on tough sales calls to provide the extra support that scores the win. LEARN MORE>> 


Cybersecurity News – European Union


France – Orange 

https://www.bleepingcomputer.com/news/security/orange-confirms-ransomware-attack-exposing-business-customers-data/?&web_view=true

Exploit: Ransomware  

Orange: Telecom Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.323 = Severe

French telecommunications giant Orange has confirmed that they suffered a data breach affecting customers in their Orange Business Services Division. The Nefilim ransomware group added Orange to its data leak site on July 15, 2020. Orange noted that it was quickly able to mitigate the attack and stop the leak, but some business clients had their data captured by the hackers. No mention of a ransom or payment was released by Orange.   

Individual Risk: No individual personal or financial data has been reported as compromised, but no details have been released about the contents of those 20 compromised enterprise accounts.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is everywhere these days, and cybercriminals are often choosing to make more targeted attacks than in the past to lower their chances of quick detection. Every company needs to make defending against ransomware a top security training priority.

ID Agent to the Rescue: The most common vehicle of delivery for ransomware is through email. Keep those attacks from landing with phishing resistance training using a dynamic solution like BullPhish ID – with training available in 8 languages. LEARN MORE>> 


Belgium – Argenta Bank

https://cyware.com/news/jackpotting-attackers-are-back-in-action-belgiums-argenta-bank-targeted-072676cb

Exploit: Malware 

Argenta Bank: Banking and Financial Services 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.778 = Severe

Argenta Bank is the latest victim of an increasingly popular malware attack, jackpotting. In these schemes, cybercriminals infect operating systems for ATM machines, turning them into free money fountains. These very precise attacks require specific knowledge and technical skills, and the machines affected were manufactured by Diebold Nixdorf. The bank was forced to turn off 143 machines at various times over two days. 

Individual Risk: No consumer personal or financial data was reported as stolen in this breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Sophisticated attacks that require specialized information are becoming more common as attackers seek maximum profit from minimum work and malicious insiders offering cybercrime services like access credentials“as a service” become more common. Guarding against insider threats helps reduce the chance of this kind of crime. 

ID Agent to the Rescue: Insider threats are a constant worry for businesses, while most insider threats are caused by accidental actors, malicious insiders are also a danger that has to be guarded against. Learn how to spot and stop insider threats in our “Stop Insider Threats” resource package. DOWNLOAD IT>> 


Cybersecurity News – Australia & New Zealand


Australia – Western Australia Department of Health 

https://www.msn.com/en-au/news/australia/wa-department-of-health-data-breach-under-investigation-after-confidential-information-published-online/ar-BB16XYAT

Exploit: Unauthorized Database Access 

Western Australia Department of Health: Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.227 = Severe

Confidential data from the state’s Department of Health was made publicly available on a website after it was distributed over a third-party paging service. Security researchers discovered that a website was recently set up which provided confidential information about Western Australian patients and doctors, including those with suspected COVID-19 infections. The State Government and Western Australia Police are working to have the site taken down, but it was still up as of a recent check.  

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.623 = Moderate

No financial information was reported stolen, but sensitive health data may have been compromised. Affected users should be alert for potential spear phishing attempts or blackmail using this data. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Health data is extremely valuable right now, especially COVID-19 related data. Both private companies and international threat actors are paying top dollar for research and treatment data as healthcare organizations race to find a lucrative vaccine or treatment that works against COVID-19. This incident combines a third-party data breach with a reliance on outdated technology to create trouble.  

ID Agent to the Rescue: As password fraud is often a gateway to other cybercrime, it pays to put an additional layer of protection between data thieves and critical information and systems with Passly. The powerful combination of multifactor authentication, single sign on, and easy remote management makes it simple to make sure that access is safely controlled fast. LEARN MORE>


Cybersecurity News: South America


Argentina – Telecom Argentina 

https://www.zdnet.com/article/ransomware-gang-demands-7-5-million-from-argentinian-isp/?&web_view=true

Exploit: Ransomware 

Telecom Argentina: Telecom and Internet Service Provider

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.870 = Severe

REvil gang attackers made a bold foray into Telecom Argentina last week, culminating in successfully gaining entry to an internal Domain Administration account, giving them free access to deploy their ransomware payload to more than 18,000 workstations. The company moved quickly to combat the incident, and alerted workers to the danger of potentially corporate network, not to connect to its internal VPN network, and not open emails containing archive files. 

Individual Risk: No individual personal or financial data is reported as affected at this time. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Administrator accounts are often compromised through whaling, a type of phishing – and an expressway for cybercriminals to race into the heart of a business. Combat that risk by putting extra protections in place like multifactor authentication that help keep administrator accounts safe. 

ID Agent to the Rescue: As password fraud is often a gateway to other cybercrime, it pays to put an additional layer of protection between data thieves and critical information and systems with Passly. The powerful combination of multifactor authentication, single sign on, and easy remote management makes it simple to make sure that access is safely controlled fast. LEARN MORE>


Cybersecurity News – Asia


Hong Kong – UFO VPN 

Exploit: Unsecured Database 

UFO VPN: Virtual Private Network Host/ Provider 

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.086 = Extreme

Users who were relying on VPN provider UFO for a safe, anonymous way to secure their communications and data got a nasty surprise this week. Researchers uncovered more than 20 million user logs from the company available on the Dark Web. It’s a double reputation blow for a VPN provider that claims to retain no login or usage information. The 894 GB database was reportedly hosted on an Elasticsearch cluster that was not even password protected.  The data allegedly included plaintext passwords, IP addresses, timestamps of user connections, session tokens, device information, and user operating system types, along with geographical information in the form of tags. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.910 = Severe

Anyone who has used the service for a VPN should be concerned about compromise, spear phishing, identity theft, blackmail, or fraud connected to this event.  

How it Could Affect Your Customers’ Business: Securing a remote workforce can be complex, especially as communications tools become more easily compromised, like messaging and SMS text. One common security measure that companies take when setting up for remote work is encouraging staffers to connect through a VPN. Failing to adequately investigate the safety record of that VPN provider could create additional risk instead of decreasing it.

ID Agent to the Rescue: As password fraud is often a gateway to other cybercrime, it pays to put an additional layer of protection between data thieves and critical information and systems with Passly. The powerful combination of multifactor authentication, single sign on, and easy remote management makes it simple to make sure that access is safely controlled fast. LEARN MORE>


The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop on Cybersecurity News 

Every weekday, our blog features timely cybersecurity news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch up on what you need to know now: 


Free eBook of the Week


Learn to Spot and Stop Insider Threats Fast

One common thread that we saw this week in breach news was the danger of insider threats. Whether it’s a malicious insider or a careless employee, insider threats are one of the biggest threats any business faces.

It’s essential to know what constitutes an insider threat and how they happen so easily. Learn how to spot and stop insider threats using simple solutions in our eBook “Combatting Insider Threats”, included with our “Stop Insider Threats” resource package.

Download “Combating Insider Threats” GET IT NOW>> 


NEW WEBINAR!


MSPs: Take 5 Easy Steps to Faster Profit!

In these busy days, you don’t have time to sort through a bunch of theories about how to grow your MSP business. You need expert advice from someone who knows the business inside and out to help you land new clients, close deals, and pump up your MRR.

ID Agent delivers the help that you need in this hard-hitting webinar. Channel leader and ID Agent VP of Business Development Matt Solomon shares his best practical tips for growing your MSP and your bank account by closing new deals and generating new revenue fast.

Download “5 Proven, Practical Steps to Close New Security Business” now! GET IT NOW>>


The Week in Breach Cybersecurity News Spotlight


Does Remote Work Really Increase Cyberattack Risks? 

It’s long been debated whether remote work demonstrably increases the risk of a cyberattack. As we move through the pandemic, we’re all taking part in an unexpected experiment in remote working – and we’re just starting to see if the increased risk that’s often associated with remote work is fact or fiction

The third Global Threat Report is out, and it’s got some important data to consider when debating the risk of remote work or securing a remote workforce. According to researchers, 91% of executives surveyed believe that remote work has placed their companies at higher risk for a cyberattack, with a high incidence of phishing attempts named as the biggest factor that drove that opinion.  

The study, conducted in March and April of 2020, found that 85% of the surveyed executives (chief information officers, chief technology officers, and chief information security officers) felt that breach risks were too high because their workforce had not been properly equipped, trained, or secured to work from home, with 28% citing severe known gaps in security.

As the pandemic continues to affect the way that business is done, companies need to take adequate measures to secure their remote workforce long term. Our resource package “Remote Working Cybersecurity” can help with a checklist and more! DOWNLOAD IT>> 

Over 29% of the surveyed executives cited a lack of multifactor authentication as the biggest threat facing their organization, rising to 50% for companies in the financial services sector, and 46% for companies with 251-500 employees. COVID-19 related malware was reported by 43% of respondents as the biggest perceived threat organizations with 50-250 employees. 

Don’t wait to deploy essentials like multifactor authentication (MFA). By adding a solution like Passly to your security stack, you provide one affordable tool that packs a huge security punch by combining MFA, single sign on, remote management, seamless integration with over 100 applications, and easy deployment in days, not weeks.   

Companies should be proactive to avoid future headaches. By adding MFA and the remote workforce support power of our digital risk protection platform now, businesses can be ready for tumultuous times and avoid hazards like scrambling for added security or a costly data breach as we continue to grapple with the global pandemic. 

Watch this 10-minute technical demonstration video of Passly in action.


SPECIAL EVENT!


CONNECT IT IS COMING SOON AND BETTER THAN EVER!

We’ve just updated our plans and panels for Connect IT, and we’ve got an incredible event on the horizon for you! With a focus on “Vision, Innovation, and Execution,” Connect IT 2020 is an unmissable opportunity to connect with Channel leaders and gain insight into today’s security and business challenges from some of the best minds in the business.

While the global pandemic may have disrupted our plans to get together with you in Las Vegas this year, it hasn’t disrupted our commitment to providing you with an amazing event. You won’t want to miss a thing in our planned 4 days of expert panels, product announcements, networking, sales training, marketing help, and so much more – now coming to you virtually! 

Reserve your virtual seat for only $99 for this landmark event! REGISTER NOW>> 


Catch Up With Us at These Virtual Events

JULY 22 – 23: ASCII MSP Connect Live REGISTER>>

JULY 23: MVP GROWTHFEST APAC REGISTER>>

JULY 27 – 31: MSP THINK TANK REGISTER>>

JULY 28: Unveiling Cybercrime Markets 2 REGISTER>>

AUG 24 – 27: Connect IT 2020 REGISTER >>

SEPT 27 – 29: GlueX 2020 REGISTER>>

advertisement for msp think tank an upcoming digital event july 27th through 31st exploring sales improvement and pricing structures

Register today for MSP THINK TANK, a digital tech festival for MSPs featuring 14 sessions with Channel leaders and special guests. Don’t miss these future-focused sessions packed with inspiration to gain the insight that you need to create a bright future for your business. REGISTER NOW>>


A note about cybersecurity news for your customers:


Multifactor Authentication is a Security Must-Have in 2020

Today’s risk landscape is more complicated than ever. There’s a new danger to your systems and data lurking around every corner, and a new solution that you need to buy to mitigate it. Third-party data breaches are a constant worry not to mention the risk that comes from staff password recycling, or unintentional insider threats like falling for a phishing attack. So how can you provide an extra layer of security against most risks without spending a fortune? 

Multifactor authentication (MFA). Adding MFA on every user account us a fast, easy way to secure your company’s entry points. Even if cybercriminals are able to obtain a credential that would allow them access to your systems and data from an outside source, that credential isn’t going to do them any good without an authentication token like a code that’s sent to the real account holder’s cellphone. 

It’s wise to put a complete suite of digital risk protection solutions in place but you may need to economize. That makes cost-effective, multifunctional tools like Passly the ideal choice. By combining MFA with single sign-on, remote management, and seamless integration with over 100 common business applications, Passly gives a high return on investment and a high level of protection – because no one can afford a data breach in this economy.   


Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Follow us on social media to find out about upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to marketing@idagent.com to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!