The Week in Breach: Cybersecurity and Breach News 08/12/20 – 08/18/20
The Week in Breach News: Cybersecurity educators get taken to school by bad actors, the ancestral home of cybersecurity gets hit with a third party data breach, credential stuffing rocks Canada’s Revenue Authority, and unexpected risks to businesses as kids head back to school and parents continue working remotely.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Aerospace & Defense
- Top Employee Count: 11-50
The Week in Breach News – United States
United States – Michigan State University
https://apnews.com/876fddc3c0b7dc1cc4ad0a7d6a19fb23
Exploit: Malware
Michigan State University: Institution of Higher Learning
Risk to Small Business: 2.171 = Severe
Just in time for back to school, attackers were able to steal credit card and personal information from roughly 2,600 users of Michigan State University’s online store. Cybercriminals used malicious scripts designed to harvest and exfiltrate customers’ payment cards between Oct. 19, 2019, and June 26, 2020.
Individual Risk: 2.311 = Severe
MSU is notifying all potentially affected customers of the data breach and is offering free identity protection and credit monitoring.
Customers Impacted: 2,600
How it Could Affect Your Customers’ Business: Magecart or skimming attacks are a regular tool of the trade for cybercriminals and the data that they collect often ends up for sale on the Dark Web.
ID Agent to the Rescue: More than 65% of the data on the Dark Web can damage businesses. Put the power of Dark Web ID to work for your clients to guard against credential compromise danger. LEARN MORE>>
United States – Brown-Forman
https://www.infosecurity-magazine.com/news/jack-danielsmaker-suffers-revil/?&web_view=true
Exploit: Ransomware
Brown-Forman: Wine and Spirits Conglomerate
Risk to Small Business: 1.979 = Severe
REvil ransomware strikes again, this time at beverage giant Brown-Forman, the maker of Jack Daniel’s and other spirits. Although the company has been mum on the details of the attack aside from claiming it successfully prevented attackers from encrypting its files, the cybercriminal gang says that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches.
Individual Risk: No individual data has been reported as compromised in this breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware often makes its way into company inboxes in the form of a phishing email. Phishing resistance training must be a crucial component of any company’s cybersecurity strategy.
ID Agent to the Rescue: Security awareness and phishing resistance training is not something companies can afford to cut back on. The cost-effective solutions in our digital risk protection platform fulfill the need for updated training without breaking the bank. LEARN MORE>>
United States – FHN
Exploit: Email Account Compromise
FHN: Healthcare System
Risk to Small Business: 1.870 = Severe
In a just disclosed incident, an unspecified “email account compromise” of “several” employee accounts resulted in a data breach that impacted patient PII at FHN healthcare facilities in Illinois. An unauthorized party was detected accessing employee email accounts on February 12 and 13. Information that may have been exposed in the breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some instances, patients’ health insurance information and/or Social Security numbers were also identified as exposed in the compromised email accounts.
Individual Risk: 1.821 = Severe
Not all patients of FHN were impacted, and FHN has contacted those patients were as well as offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Not only will this cause customer anger, this breach will also incur a potentially substantial HIPPA violation penalty. Placing better protections, including multifactor authentication, on systems that handle sensitive data can prevent incidents like this from happening.
ID Agent to the Rescue: Secure sensitive information fast by adding multifactor authentication with Passly. Even if a bad actor manages to get a login for an employee account, MFA makes sure that it’s not going to allow them access to anything. SEE A DEMO>>
United States – SANS Institute
https://www.infosecurity-magazine.com/news/sans-phishing-attack/?&web_view=true
Exploit: Phishing/Accidental Data Sharing
SANS Institute: Cybersecurity Education and Certification
Risk to Small Business: 1.875 = Severe
Somebody needs to stay after class for extra tutoring at SANS Institute after an accidental data sharing incident led to a data breach that exposed over 28,000 PII records. The information was apparently mistakenly forwarded to an outside party. The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. One phishing email resulted in 513 emails full of PII being forwarded to the external address and a malicious Office 365 add-on was also installed on the infected machine as part of the attack.
Individual Risk: No sensitive data or financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.
ID Agent to the Rescue: Just because they’re “experts”, they’re not immune to the dangers of phishing, but they might not believe that they need training. With Goal Assist, our Partners know that they can count on backup when they need it to score the win. Learn More >>
The Week in Breach News – Canada
Canada – Canadian Revenue Authority
https://globalnews.ca/news/7281074/cra-hack-online-services/
Exploit: Credential Stuffing
Canadian Revenue Authority: Government Agency
Risk to Business: 1.412 = Extreme
A series of cybersecurity incidents have rocked then Canadian Revenue Authority, leading to a complete shutdown of services that may take some time to restore. In three credential stuffing attacks, hackers compromised the usernames and passwords of thousands of accounts. Over the course of several days, the first and largest attack targeted GCKey accounts, the second attack took advantage of a “vulnerability in security software”, and the third resulted in the CRA suspending online services while it assessed the breach and attempted mitigation.
Individual Risk: 2.511 = Moderate
About 15,000 accounts are known to have been compromised, but the investigation is complex and ongoing. Service is expected to be restored for online users this week.
Customers Impacted: 15 million
How it Could Affect Your Customers’ Business: Credential stuffing attacks are so successful because password reuse and recycling are endemic. Even though most people know that it’s dangerous, it’s still incredibly common – and incredibly risky for businesses who fail to secure their access points.
ID Agent to the Rescue: Add a secure identity and access management solution like Passly to blunt the impact of credential stuffing attacks, keeping systems and data secure even when someone reuses an already compromised password. LEARN MORE>>
The Week in Breach News – United Kingdom & European Union
United Kingdom – Bletchley Park Trust
https://www.bbc.com/news/technology-53771942
Exploit: Third Party Breach Exposure
Bletchley Park Trust – Non-Profit Organization
Risk to Small Business: 2.707 = Moderate
Another victim of the Blackbaud breach, the Bletchley Park Trust announced that its donor information has been compromised. It’s just the latest addition to a huge list of universities, trusts, charities, and non-profit organizations that have been impacted by the massive breach at fundraising giant Blackbaud in July.
Individual Risk: No sensitive data or financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third party risks are a constant in today’s business world, as more companies rely on online transactions to do business, and organizations contract outside providers to deliver specialty services like accounting or fundraising.
ID Agent to the Rescue: A third party data breach can put your company at risk without your knowledge. With Dark Web ID, companies can the Dark Web for compromised credentials to keep an eye on potential sources of trouble. LEARN MORE>>
France – SPIE Group
https://securityaffairs.co/wordpress/106969/malware/nefilim-ransomware-spie-group.html?web_view=true
Exploit: Ransomware
SPIE Group: Energy and Communications Services
Risk to Small Business: 2.137 = Severe
Nefilim ransomware operators claim to have infiltrated SPIE Group, a major European technical services provider, and exfiltrated a large amount of proprietary data. In an initial ransom post on their website, the cybercriminals released 65,042 files contained in 18,551 data folders as a “first installment” and have promised more if their demands aren’t met.
Individual Risk: No personal information was reported as stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Although we can’t be sure how it happened, ransomware is almost inevitably the result of a phishing attack that successfully lured in a staffer. Phishing attacks aren’t just email attachments anymore – they can be delivered through SMS, text, and messaging too.
ID Agent to the Rescue: Keep every staffer’s training up to date to increase phishing resistance and raise cybersecurity awareness with BullPhish ID. It’s regularly updated to include the latest threats, including COVID-19 threats. See BullPhish ID at work in a demo video>>
The Week in Breach News – Asia
Japan – Konica-Minolta
Exploit: Ransomware
Konica Minolta: Optical Products Company
Risk to Business: 2.335 = Severe
The Japanese technology giant fell victim to a ransomware attack in late July that impacted business services and operations. Cybercriminals were able to deploy RansomEXX malware, a new variety of human-operated ransomware that encrypts systems but does not exfiltrate data. No other information has been made available about the attack.
Individual Risk: No data was reported stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Most ransomware attacks are the result of phishing, and no company is immune to the impact of today’s biggest cybersecurity menace.
ID Agent to the Rescue: BullPhish ID offers training in 8 languages to get staffers up to speed on today’s phishing threats fast, including video lessons and online testing. LEARN MORE>>
The Week in Breach News – Australia & New Zealand
Australia – ACT Education Directorate
Exploit: Credential Stuffing
ACT Education Directorate – Government Agency
Risk to Small Business: 2.301 = Severe
ACT Education was forced to block all public school students from accessing their Google email accounts after a spamming and credential stuffing incident led to students being exposed to lewd material – and the exposure of some students’ personal data. The educational authority is investigating the incident, and conflicting reports attribute the incident to either credential stuffing or internal hacking, possibly by a student.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybersecurity awareness is more important than ever for people of every age. Without updated, consistent security awareness and phishing resistance training, standards can slip and incidents like this can become major headaches.
ID Agent to the Rescue: Make sure your clients are aware of the risk of danger from improper training and encourage them to employ a consistently updated phishing resistance training solution like BullPhish ID that adds 4 new training kits and 4 new video lessons each month to keep staffers on guard against potential attacks. LEARN MORE>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach News: Added Intelligence
Go Inside the Ink to Get the Inside Scoop
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Catch up on what you need to know now:
- 3 Lessons Learned from the Biggest Ransomware Attacks of 2020
- Password Sharing is a Data Breach Danger
- The Week in Breach: Cybersecurity and Breach News 08/05 – 08/11
- How to Not Get Caught by the New SBA COVID-19 Relief Scam
- Cybersecurity News: Explore the Ink This Week
- 10 Facts About the State of Cybersecurity Education (and Why That Matters to Your Business)
Free eBook of the Week & Bonus Content
Get Ready to Start Planning Your 2021 Road to Success By Getting Up to Speed on Today’s Dark Web
As you start planning how to expand your business and your MRR by adding solutions to your stack and exploring must-have cybersecurity upgrades for your customers in 2021, you should review the changes that have come to the Dark Web in the wake of COVID-19. Get the facts in our eBook “State of the Dark Web”. DOWNLOAD IT>>
Want to take an even deeper dive?
These two webinars will take you into the bustling data markets and cybercrime dens of the Dark Web, featuring analysis from our experts and genuine Dark Web screenshots that you can use to power up your next pitch for Dark Web ID.
MSPs Are Lifting the Veil of the Dark Web – Get an MSP-driven perspective on Dark Web dangers presented by Channel Experts Suzanne Parent from Veriato and Matt Solomon from ID Agent! DOWNLOAD IT>>
Unveiling Cybercrime Markets on the Dark Web – Take a trip into the lawless world of Dark Web data markets with Kyle Hanslovan, Founder & CEO Huntress, and Kevin Lancaster, CEO ID Agent & GM Security Solutions. DOWNLOAD IT>>
Week in Breach Spotlight
Email Security Training Has Never Been More Important – or Worse.
A recent report from Mimecast on the state of email security raised some interesting data points. Although most companies are aware of the risk to their organization from email-based threats, many of them are still failing at doing anything to effectively stem the tide of dangers.
One of the most disturbing statistics of note is that only 1 in 5 companies provide regular email security and phishing resistance training to their employees. Even with 57% of the companies surveying saying that they had been impacted by a ransomware attack, and a hugely publicized 600% increase in phishing attack attempts since the start of the global pandemic, companies are still failing to take security awareness training seriously.
FAILURE TO PREPARE IS AN EMERGENCY
Don’t allow your customers to make the same mistakes. Cybersecurity and phishing awareness training sounds like something that can be put off until they have more time or more money, but it isn’t – it’s crucial for maintaining their data security. Employee security awareness training, like phishing resistance training with BullPhish ID, can reduce the risk of a cybersecurity incident impacting a company by up to 70%.
With 80% of the survey respondents agreeing that email volume is only going to increase, and that fact being borne out by current events like the Great Work From Home and distance learning pitfalls, regularly updated email security training has to be a high priority for every organization.
EMAIL SAFETY TRAINING SHOULDN’T WAIT
BullPhish ID is ideal for remote or in-office workers. With simple remote management and fully stocked plug-and-play phishing kits available, you can easily divide workers into custom groups for training campaigns and run scenarios including mew COVID-19 threats. Simple online testing tools allow administrators to quickly see who needs more training.
At a time when everyone’s budget is a little tight, no one can afford a disastrous data breach or ransomware incident. A little extra expenditure on security awareness and phishing resistance training now means that businesses are more likely to avoid that nasty consequence later.
COMING NEXT WEEK!
CONNECT IT GLOBAL is August 24 – 27, 2020
We still have a limited amount of spaces available for CONNECT IT GLOBAL. Here are 5 reasons why you can’t miss this landmark event:
- Go inside a breach with expert white hat hackers to find out exactly how they did it – and how you can protect your clients in “Anatomy of an O365 Breach”
- See the future of ID Agent and your success as we unveil the ID Agent Roadmap 2020
- Get a rare chance to gain insight on cybercrime from the US Secret Service
- Learn how to improve your clients’ defense against today’s biggest threat, phishing, at Go Phishing: Detecting Advanced, Persistent Phishing Threats”
- Add new certifications to your portfolio: Certified Dark Web ID & BullPhish ID Administrator plus Certified Passly Administrator
Plus, it wouldn’t be a convention without fun, surprises, contests, prizes, and more – you won’t want to miss a thing!
Catch Up With Us at These Virtual Events
- AUG 24 – 27: Connect IT 2020 REGISTER >
- AUG 26 – How Phishing and Security Awareness Training Will Reduce Your Largest Attack Surface = Your Employees REGISTER>>
- AUG 30 – SEPT 1: Build IT 2020 REGISTER>>
- SEPT 2 Power Up! Supercharge Your Sales & Marketing with Powered Services REGISTER>>
- SEPT 9: 5 Proven, Practical Steps to Close New Security Business REGISTER>>
- SEPT 27 – 29: GlueX 2020 REGISTER>>
- OCT 28 – 29: MSP CONNECT LIVE MIDWEST REGISTER>>
- NOV 18 -19: MSP CONNECT LIVE MID-ATLANTIC REGISTER>>
- DEC 2 – 4: MSP CONNECT SOUTHWEST REGISTER>>
A note about cybersecurity and this week in breach news for your customers:
IoT and Home Router Vulnerabilities Can Spell Trouble For Businesses
As kids start heading back to class, colleges begin another year, and parents work to find a new home/life balance, things have changed a bit from the usual back-to-school routine. Unlike in past years, most everyone is doing their thing by logging in from home – and that can create an unexpected danger for your business.
While we’ve been at home during the pandemic, many people realized that their homes could use a little sprucing up. Maybe they had time that they didn’t usually have to research new devices, or they decided to treat themselves at a dark time. For many folks, that translated into fun conveniences like smart plugs, a digital assistant, or a robot vacuum that can be controlled by an app.
Internet of Things (IoT) devices have never been more popular – 5.8 billion home and auto IoT devices are expected to connect to the internet this year. While these small creature comforts may not seem like a source of harm for your business, they can be – 57% of IoT devices are vulnerable to medium or high severity attacks.
That means that if a cybercriminal hacks into your employee’s smart plug, then uses that opening to get into their smartphone, then slips through another opening to get into their business email account – you’ve been hacked, and the resulting danger to your systems and data is no different than it would be if the same thing happened from a hacker penetrating your enterprise security directly.
So how can companies combat this danger? The fastest way is to add a secure identity and access management solution like Passly. Multifactor Authentication (MFA) provides a crucial extra layer of security between hazards like this and your data. Adding MFA means that you can rest a little easier knowing that no matter how a cybercriminal manages to sneak past your security, they won’t be able to affect your business severely – helping alleviate one source of stress in uncertain times.
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Follow us on social media to find out about breach news, upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!