The Week in Breach: 08/07/19 – 08/13/19
This week, a data breach causes travel delays, ransomware compromises the first day of school, and small businesses are enduring an unprecedented number of data breaches.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 1-10 Employees
United States – City of Naples
Exploit: Phishing attack
City of Naples: Local government serving residents in Naples, Florida
|Risk to Small Business: 2 = Severe: Spear phishing campaigns have evolved in sophistication, often relying on previously stolen credentials and inflicting greater damage than ever before. Therefore, awareness training is a critical element of any organization’s cybersecurity defense, since it can equip employees to successfully defend against all types of phishing campaigns that threaten company data and resources.|
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.
ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – Broken Arrow Public Schools
Broken Arrow Public Schools: Public school district in Broken Arrow, Oklahoma
|Risk to Small Business: 2.555 = Moderate Risk: A ransomware attack compromised the school district’s network, making it briefly inaccessible to all personnel. Fortunately, the school district maintained comprehensive backups that were not impacted by the data breach, and they were able to restore normal operations without paying a ransom. The attack came as school was preparing to begin, and it temporarily put critical services like scheduling, bus routes, and even the first day of school at risk|
|Individual Risk: No personal information was compromised in the breach.|
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A ransomware attack can come at any time, which means that a comprehensive response plan is an immediate and necessary element of every business or organization’s cybersecurity strategy. By planning for a ransomware attack, which could include everything from data backups to ransomware insurance, every business can put its best foot forward to thwart these increasingly common attacks.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
United States – Presbyterian Health Services
Exploit: Phishing attack
Presbyterian Health Services: Private, not-for-profit healthcare system and provider
|Risk to Small Business: 1.777 = Severe: Beginning on May 9th, hackers gained access to employee email accounts that contained copious amounts of patient data. The employees fell for a phishing scam that compromised their accounts, which criminals accessed for nearly a month before the healthcare provider discovered the breach. While Presbyterian Health Services secured their employee accounts after discovering the unauthorized access, cybercriminals had plenty of time to exploit this vulnerability. Healthcare data breaches are incredibly expensive, and Presbyterian Health Services will incur the immediate cost of identity and credit monitoring services as well as increased regulatory scrutiny because patient data was involved.|
|Individual Risk: 2.142 = Severe: Hackers accessed patients’ names, dates of birth, Social Security numbers, and other healthcare related data. This information can quickly spread on the Dark Web, and those impacted by the breach need to attain the services necessary to protect this information.|
Customers Impacted: 183,000
How it Could Affect Your Customers’ Business: Every organization wants to avoid the high cost of a data breach, so succumbing to defensible attacks like a phishing scam is uniquely frustrating. Phishing scams are cheap and easy to execute, and they are frequently making their way into employees’ inboxes. Therefore, comprehensive awareness training is a must-have element for every organization’s cybersecurity initiatives.
ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.
United States – Earnin
Exploit: Malware attack
Earnin: Mobile finance app offering cash advances on paycheck deposits
|Risk to Small Business: 1.555 = Severe: A group of white hat hackers accessed Earnin’s network and discovered significant security vulnerabilities, including customers’ financial information stored in plain text. Although the data breach was limited to the white hat hackers, the company’s subpar security standards are producing significant bad press that could hinder their development moving forward.|
|Individual Risk: 2 = Severe: There is no indication that personal information was misused in this data breach, but significant amounts of user data was accessed, including names, bank account numbers, routing numbers, and payment statements. Because of Earnin’s poor security standards, users should closely monitor their accounts for unusual activity, and they should carefully consider their participation in platforms that don’t prioritize data security.|
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In the past, tech startups operated with near impunity as they developed new platforms and services to meet our modern moment. Today, shifting consumer sentiments toward data privacy and a cadre of new privacy laws make this proposition more perilous. Instead, startups need to make cybersecurity a top priority from day one because failing to protect customer information can undercut their financial, regulatory, and customer-facing viability.
ID Agent to the Rescue: SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.
United States – Indian Prairie School District 204
Exploit: Unauthorized database access
Indian Prairie School District 204: Public school district providing educational services in Aurora, Illinois
|Risk to Small Business: 2 = Severe Risk: A data breach at Pearson Clinical Assessments has trickled down to Indian Prairie School District, compromising the personal information of tens of thousands of staff and students. The district believes the information was put up for sale the Dark Web, and they are offering free credit monitoring services for everyone impacted by the breach. In this case, a security vulnerability at a third-party contractor requires the district to pick up the heavy cost of credit monitoring services for thousands of former students. In a sector already strapped for cash, this expense alone is reason enough to prioritize cybersecurity initiatives pertaining to the contract work and beyond.|
|Individual Risk: 2.428 = Severe Risk: The data breach includes data from staff and students from the years 2001 – 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.|
Customers Impacted: 49,000
How it Could Affect Your Customers’ Business: Data breaches that compromise people’s personally identifiable information are always concerning, especially when they involve minors. Providing the supportive services necessary to recover from a data breach is the most important, and identity and credit monitoring services is the first place to start. These programs provide people the peace-of-mind necessary to successfully navigate the recovery process.
ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs.
United Kingdom – Oyster
Exploit: Credential stuffing attack
Oyster: Travel smartcard system for UK public transportation
|Risk to Small Business: 2.111 = Severe Risk: Hackers accessed more than 1,000 Oyster user accounts by applying login credentials from other platforms to their Oyster login. This technique, known as a credential stuffing attack, uses stolen data from other websites and compounds the damage by applying that data logins across the internet. To prevent further access, the smartcard system was taken offline for two days, creating delays to the public transit system while damaging their reputation as users took to social media to voice their frustrations about the delays.|
|Individual Risk: 2.428 = Severe Risk: Oyster is notifying customers who had their accounts compromised, and those users should assume that all available information was compromised in the breach. Moreover, because their accounts were accessed using credential stuffing, users should ensure that they use strong, unique passwords across all accounts..|
Customers Impacted: 1,200
How it Could Affect Your Customers’ Business: With credential stuffing attacks can be difficult to defend because they rely on users choosing strong, unique passwords across all of their accounts. However, businesses can get ahead of the threat by adopting the monitoring services necessary to know if their customers’ credentials might be compromised.
ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.
New Zealand – Air New Zealand
Exploit: Phishing attack
Air New Zealand: Flag carrier airline of New Zealand
|Risk to Small Business: 1.666 = Severe Risk: Two Air New Zealand employees fell for a phishing attack that compromised customer data. The company is enduring significant online criticism for their management of the data breach, meaning that they are now responsible for improving their cybersecurity standards while they also work to restore their customers’ confidence.|
|Individual Risk: 2.285 = Severe Risk: In total, the breach compromised the personal information for 3.5% of the airline’s customers. The company notified customers their account passwords and payment details were not compromised. However, other sensitive information, including passport numbers, names, addresses, phone numbers, job titles, employer details could be compromised. Therefore, victims should closely monitor their personal accounts for unusual activity, and credit and identity monitoring services can provide long-term oversight of personally identifiable information.|
Customers Impacted: 112,000
How it Could Affect Your Customers’ Business: Phishing attacks can give hackers unprecedented access to a company’s IT infrastructure. They are cheap to deploy, and they can frequently avoid detection by screening software. Fortunately, phishing attacks are also entirely defensible. Comprehensive awareness training can equip employees to detect phishing attacks, effectively rendering them useless. The increasing, holistic cost of a data breach makes deploying these services an obvious priority for every company.
ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.
New Zealand – New Zealand Institute of Directors
Exploit: Unauthorized database access
New Zealand – New Zealand Institute of Directors: Professional organization supporting company directors in New Zealand
|Risk to Small Business: 1.666 = Severe: Hackers exposed a vulnerability in the organization’s website, defacing the homepage with anti-government propaganda. In response, the website was brought offline until the security incident could be contained and repaired. Furthermore, all employees were asked to change their passwords to further protect their data integrity.|
|Individual Risk: 2.428 = Severe: While the institute described the possibility that employee data was compromised as “highly unlikely,” it’s possible that employee email addresses and passwords were compromised. All employees should reset their passwords, and they should avoid using these credentials on other accounts.|
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are continually looking for vulnerabilities, which can result in embarrassing or highly destructive data breaches. Therefore, businesses should prioritize security awareness to identify and repair cybersecurity vulnerabilities before they are exploited by bad actors.
ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
UK SMBs Fend Off 10,000 Cyber Attacks Per Day
According to a recent report by the Federation of Small Businesses (FSB), UK-based SMBs are enduring significant cyber-attacks that total nearly 10,000 per day.
Respondents indicated that one in five small businesses were the victim of a data breach in the past two years, and the survey identified other ancillary consequences accompanying this incredibly high number. For instance, the threat landscape is both expansive and diverse with businesses reporting 530,000 phishing attacks, 374,000 malware incidences, and 260,000 ransomware attacks.
Moreover, the collective cost of these data breaches exceeds £4.5 billion with the average cost of an attack costing companies £1,300.
Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.
Partnering with qualified security professionals can help augment your company’s cybersecurity posture, shoring up vulnerabilities to address the significant cyber security risk facing SMBs.
What We’re Listening to:
Know Tech Talks
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
A Note for Your Customers:
GermanWiper Ransomware Targets SMBs
German SMBs are the target of a new ransomware that’s wreaking havoc on company data.
The ransomware is delivered by a phishing campaign purporting to be from a potential job applicant, and the email contains an attachment that poses as a PDF resume from the sender.
When users click on the attachment, it unleashes a ransomware attack that demands payment in Bitcoin to decrypt the files.
Unfortunately, even if businesses pay the ransom, their files are unrecoverable. This particular ransomware, dubbed GermanWiper, erases the encrypted data, making it permanently inaccessible to users.
GermanWiper is a reminder of the precarious nature of ransomware attacks that are increasingly targeting businesses and government organizations to extract large payments. If companies are unprepared for a ransomware attack, there is no guarantee that they will ever recover their information by paying a ransom, and other restorative processes can be even more costly than the ransomware demands.
Therefore, defensive initiatives are business’s best bet for avoiding a ransomware attack, and, with security specialists (Like us!) ready to help out, now is the right time to ensure that your company is ready to defend against today’s always-shifting threat landscape.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!