The Week in Breach

by Amy McNeal

The Week in Breach News: Cybersecurity educators get taken to school by bad actors, the ancestral home of cybersecurity gets hit with a third party data breach, credential stuffing rocks Canada’s Revenue Authority, and unexpected risks to businesses as kids head back to school and parents continue working remotely.


Dark Web ID’s Top Threats


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Aerospace & Defense
  • Top Employee Count: 11-50

The Week in Breach News – United States 


United States –  Michigan State University 

https://apnews.com/876fddc3c0b7dc1cc4ad0a7d6a19fb23

Exploit: Malware

Michigan State University: Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.171 = Severe

Just in time for back to school, attackers were able to steal credit card and personal information from roughly 2,600 users of Michigan State University’s online store. Cybercriminals used malicious scripts designed to harvest and exfiltrate customers’ payment cards between Oct. 19, 2019, and June 26, 2020.

cybersecurity news represented by agauge showing severe risk  & New Breach News

Individual Risk: 2.311 = Severe

MSU is notifying all potentially affected customers of the data breach and is offering free identity protection and credit monitoring.

Customers Impacted: 2,600

How it Could Affect Your Customers’ Business: Magecart or skimming attacks are a regular tool of the trade for cybercriminals and the data that they collect often ends up for sale on the Dark Web.

ID Agent to the Rescue: More than 65% of the data on the Dark Web can damage businesses. Put the power of Dark Web ID to work for your clients to guard against credential compromise danger. LEARN MORE>>


United States – Brown-Forman

https://www.infosecurity-magazine.com/news/jack-danielsmaker-suffers-revil/?&web_view=true

Exploit: Ransomware

Brown-Forman: Wine and Spirits Conglomerate

cybersecurity & breach news represented by a gauge showing severe risk  & New Breach News

Risk to Small Business: 1.979 = Severe

REvil ransomware strikes again, this time at beverage giant Brown-Forman, the maker of Jack Daniel’s and other spirits. Although the company has been mum on the details of the attack aside from claiming it successfully prevented attackers from encrypting its files, the cybercriminal gang says that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches.

Individual Risk: No individual data has been reported as compromised in this breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware often makes its way into company inboxes in the form of a phishing email. Phishing resistance training must be a crucial component of any company’s cybersecurity strategy.

ID Agent to the Rescue: Security awareness and phishing resistance training is not something companies can afford to cut back on. The cost-effective solutions in our digital risk protection platform fulfill the need for updated training without breaking the bank. LEARN MORE>> 


United States – FHN

https://portswigger.net/daily-swig/medical-records-exposed-in-data-breach-at-illinois-healthcare-system

Exploit: Email Account Compromise

FHN: Healthcare System 

cybersecurity news represented by agauge showing severe risk  & New Breach News

Risk to Small Business: 1.870 = Severe

In a just disclosed incident, an unspecified “email account compromise” of “several” employee accounts resulted in a data breach that impacted patient PII at FHN healthcare facilities in Illinois. An unauthorized party was detected accessing employee email accounts on February 12 and 13. Information that may have been exposed in the breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some instances, patients’ health insurance information and/or Social Security numbers were also identified as exposed in the compromised email accounts. 

cybersecurity news represented by agauge showing severe risk  & New Breach News

Individual Risk: 1.821 = Severe

Not all patients of FHN were impacted, and FHN has contacted those patients were as well as offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Not only will this cause customer anger, this breach will also incur a potentially substantial HIPPA violation penalty. Placing better protections, including multifactor authentication, on systems that handle sensitive data can prevent incidents like this from happening.

ID Agent to the Rescue:  Secure sensitive information fast by adding multifactor authentication with Passly. Even if a bad actor manages to get a login for an employee account, MFA makes sure that it’s not going to allow them access to anything. SEE A DEMO>>


United States – SANS Institute

https://www.infosecurity-magazine.com/news/sans-phishing-attack/?&web_view=true

Exploit: Phishing/Accidental Data Sharing

SANS Institute: Cybersecurity Education and Certification

cybersecurity news represented by agauge showing severe risk  & New Breach News

Risk to Small Business: 1.875 = Severe

Somebody needs to stay after class for extra tutoring at SANS Institute after an accidental data sharing incident led to a data breach that exposed over 28,000 PII records. The information was apparently mistakenly forwarded to an outside party. The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. One phishing email resulted in 513 emails full of PII being forwarded to the external address and a malicious Office 365 add-on was also installed on the infected machine as part of the attack.

Individual Risk: No sensitive data or financial information was reported as stolen. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.

ID Agent to the Rescue: Just because they’re “experts”, they’re not immune to the dangers of phishing, but they might not believe that they need training. With Goal Assist, our Partners know that they can count on backup when they need it to score the win. Learn More >>


The Week in Breach News – Canada


Canada – Canadian Revenue Authority

https://globalnews.ca/news/7281074/cra-hack-online-services/

Exploit: Credential Stuffing

Canadian Revenue Authority: Government Agency

cybersecurity news gauge indicating extreme risk Week in Breach

Risk to Business: 1.412 = Extreme

A series of cybersecurity incidents have rocked then Canadian Revenue Authority, leading to a complete shutdown of services that may take some time to restore. In three credential stuffing attacks, hackers compromised the usernames and passwords of thousands of accounts. Over the course of several days, the first and largest attack targeted GCKey accounts, the second attack took advantage of a “vulnerability in security software”, and the third resulted in the CRA suspending online services while it assessed the breach and attempted mitigation.

cybersecurity news represented by a gauge indicating moderate risk  & New Breach News Week in Breach

Individual Risk: 2.511 = Moderate

About 15,000 accounts are known to have been compromised, but the investigation is complex and ongoing. Service is expected to be restored for online users this week.

Customers Impacted: 15 million

How it Could Affect Your Customers’ Business: Credential stuffing attacks are so successful because password reuse and recycling are endemic. Even though most people know that it’s dangerous, it’s still incredibly common – and incredibly risky for businesses who fail to secure their access points.

ID Agent to the Rescue: Add a secure identity and access management solution like Passly to blunt the impact of credential stuffing attacks, keeping systems and data secure even when someone reuses an already compromised password. LEARN MORE>>


The Week in Breach News – United Kingdom & European Union


United Kingdom – Bletchley Park Trust 

https://www.bbc.com/news/technology-53771942

Exploit: Third Party Breach Exposure

Bletchley Park Trust – Non-Profit Organization 

cybersecurity news represented by a gauge indicating moderate risk Week in Breach

Risk to Small Business: 2.707 = Moderate

Another victim of the Blackbaud breach, the Bletchley Park Trust announced that its donor information has been compromised. It’s just the latest addition to a huge list of universities, trusts, charities, and non-profit organizations that have been impacted by the massive breach at fundraising giant Blackbaud in July.

Individual Risk: No sensitive data or financial information was reported as stolen. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third party risks are a constant in today’s business world, as more companies rely on online transactions to do business, and organizations contract outside providers to deliver specialty services like accounting or fundraising.

ID Agent to the Rescue: A third party data breach can put your company at risk without your knowledge. With Dark Web ID, companies can the Dark Web for compromised credentials to keep an eye on potential sources of trouble. LEARN MORE>>


France – SPIE Group


https://securityaffairs.co/wordpress/106969/malware/nefilim-ransomware-spie-group.html?web_view=true 

Exploit: Ransomware

SPIE Group: Energy and Communications Services

cybersecurity news represented by agauge showing severe risk & New Breach News Week in Breach

Risk to Small Business: 2.137 = Severe

Nefilim ransomware operators claim to have infiltrated SPIE Group, a major European technical services provider, and exfiltrated a large amount of proprietary data. In an initial ransom post on their website, the cybercriminals released 65,042 files contained in 18,551 data folders as a “first installment” and have promised more if their demands aren’t met.

Individual Risk: No personal information was reported as stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Although we can’t be sure how it happened, ransomware is almost inevitably the result of a phishing attack that successfully lured in a staffer. Phishing attacks aren’t just email attachments anymore – they can be delivered through SMS, text, and messaging too.

ID Agent to the Rescue: Keep every staffer’s training up to date to increase phishing resistance and raise cybersecurity awareness with BullPhish ID. It’s regularly updated to include the latest threats, including COVID-19 threats. See BullPhish ID at work in a demo video>>


The Week in Breach News – Asia


Japan – Konica-Minolta

https://securityaffairs.co/wordpress/107226/cyber-crime/konica-minolta-ransomware.html?&web_view=true  

Exploit: Ransomware

Konica Minolta: Optical Products Company 

cybersecurity news represented by agauge showing severe risk & New Breach News Week in Breach

Risk to Business: 2.335 = Severe

The Japanese technology giant fell victim to a ransomware attack in late July that impacted business services and operations. Cybercriminals were able to deploy RansomEXX malware, a new variety of human-operated ransomware that encrypts systems but does not exfiltrate data. No other information has been made available about the attack.

Individual Risk: No data was reported stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Most ransomware attacks are the result of phishing, and no company is immune to the impact of today’s biggest cybersecurity menace.

ID Agent to the Rescue: BullPhish ID offers training in 8 languages to get staffers up to speed on today’s phishing threats fast, including video lessons and online testing. LEARN MORE>>


The Week in Breach News – Australia & New Zealand


Australia – ACT Education Directorate

https://www.itnews.com.au/news/act-education-blocks-student-gmail-access-after-spam-email-storm-551773

Exploit: Credential Stuffing

ACT Education Directorate – Government Agency 

cybersecurity news represented by agauge showing severe risk & New Breach News Week in Breach

Risk to Small Business: 2.301 = Severe

ACT Education was forced to block all public school students from accessing their Google email accounts after a spamming and credential stuffing incident led to students being exposed to lewd material – and the exposure of some students’ personal data. The educational authority is investigating the incident, and conflicting reports attribute the incident to either credential stuffing or internal hacking, possibly by a student.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybersecurity awareness is more important than ever for people of every age. Without updated, consistent security awareness and phishing resistance training, standards can slip and incidents like this can become major headaches.

ID Agent to the Rescue: Make sure your clients are aware of the risk of danger from improper training and encourage them to employ a consistently updated phishing resistance training solution like BullPhish ID that adds 4 new training kits and 4 new video lessons each month to keep staffers on guard against potential attacks. LEARN MORE>>


The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


The Week in Breach News: Added Intelligence


Go Inside the Ink to Get the Inside Scoop

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch up on what you need to know now: 


Free eBook of the Week & Bonus Content


Get Ready to Start Planning Your 2021 Road to Success By Getting Up to Speed on Today’s Dark Web

As you start planning how to expand your business and your MRR by adding solutions to your stack and exploring must-have cybersecurity upgrades for your customers in 2021, you should review the changes that have come to the Dark Web in the wake of COVID-19. Get the facts in our eBook “State of the Dark Web”.  DOWNLOAD IT>> 

Want to take an even deeper dive?

These two webinars will take you into the bustling data markets and cybercrime dens of the Dark Web, featuring analysis from our experts and genuine Dark Web screenshots that you can use to power up your next pitch for Dark Web ID. 

MSPs Are Lifting the Veil of the Dark Web – Get an MSP-driven perspective on Dark Web dangers presented by Channel Experts Suzanne Parent from Veriato and Matt Solomon from ID Agent! DOWNLOAD IT>>

Unveiling Cybercrime Markets on the Dark Web – Take a trip into the lawless world of Dark Web data markets with Kyle Hanslovan, Founder & CEO Huntress, and Kevin Lancaster, CEO ID Agent & GM Security Solutions. DOWNLOAD IT>> 


Week in Breach Spotlight


Email Security Training Has Never Been More Important – or Worse.

A recent report from Mimecast on the state of email security raised some interesting data points. Although most companies are aware of the risk to their organization from email-based threats, many of them are still failing at doing anything to effectively stem the tide of dangers.

One of the most disturbing statistics of note is that only 1 in 5 companies provide regular email security and phishing resistance training to their employees. Even with 57% of the companies surveying saying that they had been impacted by a ransomware attack, and a hugely publicized 600% increase in phishing attack attempts since the start of the global pandemic, companies are still failing to take security awareness training seriously.

FAILURE TO PREPARE IS AN EMERGENCY

Don’t allow your customers to make the same mistakes. Cybersecurity and phishing awareness training sounds like something that can be put off until they have more time or more money, but it isn’t – it’s crucial for maintaining their data security. Employee security awareness training, like phishing resistance training with BullPhish ID, can reduce the risk of a cybersecurity incident impacting a company by up to 70%.

With 80% of the survey respondents agreeing that email volume is only going to increase, and that fact being borne out by current events like the Great Work From Home and distance learning pitfalls, regularly updated email security training has to be a high priority for every organization.

EMAIL SAFETY TRAINING SHOULDN’T WAIT

BullPhish ID is ideal for remote or in-office workers. With simple remote management and fully stocked plug-and-play phishing kits available, you can easily divide workers into custom groups for training campaigns and run scenarios including mew COVID-19 threats. Simple online testing tools allow administrators to quickly see who needs more training.

At a time when everyone’s budget is a little tight, no one can afford a disastrous data breach or ransomware incident. A little extra expenditure on security awareness and phishing resistance training now means that businesses are more likely to avoid that nasty consequence later.

Watch this 10-minute technical demonstration video of our digital risk protection platform including Dark Web ID, BullPhish ID, and Passly.


COMING NEXT WEEK!


CONNECT IT GLOBAL is August 24 – 27, 2020 

We still have a limited amount of spaces available for CONNECT IT GLOBAL. Here are 5 reasons why you can’t miss this landmark event: 

  • Go inside a breach with expert white hat hackers to find out exactly how they did it – and how you can protect your clients in “Anatomy of an O365 Breach” 
  • See the future of ID Agent and your success as we unveil the ID Agent Roadmap 2020 
  • Get a rare chance to gain insight on cybercrime from the US Secret Service 
  • Learn how to improve your clients’ defense against today’s biggest threat, phishing, at Go Phishing: Detecting Advanced, Persistent Phishing Threats” 
  • Add new certifications to your portfolio: Certified Dark Web ID & BullPhish ID Administrator plus Certified Passly Administrator 

Plus, it wouldn’t be a convention without fun, surprises, contests, prizes, and more – you won’t want to miss a thing!

Connect IT Global

A CONNECT IT GLOBAL Pass is only $99 for all 4 days of expert panels, networking, education and excitement.

REGISTER NOW>>


Catch Up With Us at These Virtual Events

  • AUG 24 – 27: Connect IT 2020 REGISTER >  
  • AUG 26 – How Phishing and Security Awareness Training Will Reduce Your Largest Attack Surface = Your Employees REGISTER>> 
  • AUG 30 – SEPT 1: Build IT 2020 REGISTER>> 
  • SEPT 2 Power Up! Supercharge Your Sales & Marketing with Powered Services REGISTER>>  
  • SEPT 9: 5 Proven, Practical Steps to Close New Security Business REGISTER>>  
  • SEPT 27 – 29: GlueX 2020 REGISTER>>  
  • OCT 28 – 29: MSP CONNECT LIVE MIDWEST REGISTER>> 
  • NOV 18 -19: MSP CONNECT LIVE MID-ATLANTIC REGISTER>>
  •  DEC 2 – 4: MSP CONNECT SOUTHWEST REGISTER>>



A note about cybersecurity and this week in breach news for your customers:


IoT and Home Router Vulnerabilities Can Spell Trouble For Businesses

As kids start heading back to class, colleges begin another year, and parents work to find a new home/life balance, things have changed a bit from the usual back-to-school routine. Unlike in past years, most everyone is doing their thing by logging in from home – and that can create an unexpected danger for your business.

While we’ve been at home during the pandemic, many people realized that their homes could use a little sprucing up. Maybe they had time that they didn’t usually have to research new devices, or they decided to treat themselves at a dark time. For many folks, that translated into fun conveniences like smart plugs, a digital assistant, or a robot vacuum that can be controlled by an app.

Internet of Things (IoT) devices have never been more popular – 5.8 billion home and auto IoT devices are expected to connect to the internet this year. While these small creature comforts may not seem like a source of harm for your business, they can be – 57% of IoT devices are vulnerable to medium or high severity attacks.

That means that if a cybercriminal hacks into your employee’s smart plug, then uses that opening to get into their smartphone, then slips through another opening to get into their business email account – you’ve been hacked, and the resulting danger to your systems and data is no different than it would be if the same thing happened from a hacker penetrating your enterprise security directly.

So how can companies combat this danger? The fastest way is to add a secure identity and access management solution like Passly. Multifactor Authentication (MFA) provides a crucial extra layer of security between hazards like this and your data. Adding MFA means that you can rest a little easier knowing that no matter how a cybercriminal manages to sneak past your security, they won’t be able to affect your business severely – helping alleviate one source of stress in uncertain times.


Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Follow us on social media to find out about breach news, upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to marketing@idagent.com to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!


FOLLOW US ON SOCIAL MEDIA!

Share This Post!