The Week in Breach: Cybersecurity and Breach News 08/19/20 – 08/25/20
New This Week in Cybersecurity News: This week: Carnival can’t sail out of a ransomware attack, Instacart has a second security stumble, rising breach penalties include legal troubles for a former Uber executive, and meet Graphus: a fresh automated phishing defense solution that’s the perfect addition to our digital risk protection platform.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 500+
New This Week in Cybersecurity News – United States
United States – Cooke County, Texas
Exploit: Ransomware
Cooke County, TX: Municipal Government
Risk to Business: 1.972 = Severe
Attackers claimed to have used REvil ransomware on July 4 in a ransomware attack on the Cooke County Sheriff’s Office (CCSO). In the resulting in a data breach, cybercriminals snatching personal identification information from an internal database. The compromised data came from either CCSO reports or cases going back several years. The gang posted their typical announcement about the hack showing data folders with filenames that appeared to reflect archived case files as well as current cases, including a threat that the files would be uploaded in seven days.
Individual Risk: 2.201 = Severe
While no financial information was reported as stolen, PII was involved in the breach – not to mention potentially damaging or embarrassing legal records.
Customers Impacted: 2,000+
How it Could Affect Your Customers’ Business: Ransomware is most commonly delivered via a phishing email, although cybercriminals are expanding their use of phishing through messaging and SMS text.
ID Agent to the Rescue: Teach staffers to spot phishing attempts fast with BullPhish ID. We continually update our plug-and-play phishing kits so that you can continually update your training against today’s biggest threat. LEARN MORE>>
United States – University of Utah
https://www.zdnet.com/article/university-of-utah-pays-457000-to-ransomware-gang/?&web_view=true
Exploit: Ransomware
University of Utah: Institution of Higher Learning
Risk to Business: 2.077 = Severe
Netwalker ransomware appears to be the culprit in a data breach at the University of Utah. The school reportedly paid a ransomware gang $457,059 in order to avoid having student information released online. The hack occurred on July 19, and the cybercriminals gained access to the network of the university’s College of Social and Behavioral Science [CSBS].
Individual Risk: 2.224 = Severe
Even when a ransom is paid, there’s never proof that the gang really did destroy the stolen data, instead of copying it or selling it. Students should be aware of this data being used in spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware is a persistent and pernicious threat to any business. Paying the criminals doesn’t guarantee the safety of stolen data – but blocking the initial attack does.
ID Agent to the Rescue: Ransomware often makes its way into company inboxes in the form of a phishing email. Why not stop that email from ever arriving with our NEWEST addition to our digital risk protection platform: Graphus, a smart AI-driven automated phishing defense solution so unique that it uses a patented algorithm to learn how businesses communicate for exactly the protection they need. LEARN MORE>>
United States – Instacart
Exploit: Unauthorized Access to Data
Instacart: Grocery Shopping and Delivery Service
Risk to Business: 1.775 = Severe
In a statement posted to its website, Instacart has announced that it has suffered another data breach, less than a month after a breach that was widely reported in the media containing user account data. This time, two employees at a third-party service provider accessed accounts that they shouldn’t have, exposing customer information again.
Individual Risk: 2.821 = Moderate
Instacart’s forensic investigation did not find any evidence the two support agents had downloaded or digitally copied data from its systems. The company’s contract with the third-party vendor has been terminated, and impacted accounts have been notified via email.
Customers Impacted: 2,180
How it Could Affect Your Customers’ Business: Although the pandemic will continue to drive their business as people who are unable to shop in person flock to the service, in other circumstances this would assuredly cause customer dissatisfaction, especially after the information for 278,531 Instacart accounts turned up in a Dark Web marketplace after the first one.
ID Agent to the Rescue: Third party risk is a problem that every business faces today. Ensure that business credentials are monitored and protected from endangering companies if they end up in a Dark Web data dump as a result of a third party data breach with Dark Web ID. SEE A DEMO>>
United States – Freepik
Exploit: Unauthorized Database Access (Hacking)
Freepik: Photo and Graphic Library
Risk to Business: 1.903 = Severe
Photo and graphics giant Freepik the security breach occurred after hackers were able to exploit an SQL vulnerability to gain access to one of its databases storing user data. The unidentified cybercriminals gained access to usernames and passwords for the oldest accounts registered on the Freepik and Flaticon websites, impacting millions of users.
Individual Risk: 2.782 = Moderate
Potentially affected users have been notified via email the company reports that impact varies per account. Not all users had passwords associated with their accounts. The company estimates that number at 4.5 million users who used federated logins (Google, Facebook, or Twitter) to log into their accounts. For the remaining 3.77M users the attacker got their email address and a hash of their password. For 3.55M of those users, the method to hash the password was bcrypt. For 229K users, the method was salted MD5. Since the attack, all users have been updated to bcrypt.
Customers Impacted: 8.3 million
How it Could Affect Your Customers’ Business: It pays to guard old data too by updating storage security and access security. Many of the oldest databases and accounts involved in this incident had never had their security updated and it had long since become obsolete, making it easier for hackers to break in and steal.
ID Agent to the Rescue: Protect access points to data and systems with Passly, state-of-the-art security that minimizes threats by minimizing the openings that criminals can use to get at your data – but maximizing the identity and access management controls that keep that data safe. LEARN MORE>>
United States – Carnival Corporation
Exploit: Ransomware
Carnival Corporation: Cruise Line
Risk to Business: 1.903 = Severe
Carnival has released a statement noting that on August 15 attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network. preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees’ personal data, but it is still investigating the incident. This is Carnival’s second breach this year after another breach was disclosed in March.
Individual Risk: 2.312 = Severe
The investigation into exactly what data and what kind of data was stolen is ongoing. Carnival expects that both passenger and employee data has been impacted, but has offered no specifics. Anyone who has traveled on a Carnival cruise and staffers should be wary of phishing and identity theft attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Protection from ransomware starts with protection from phishing – including adding automated phishing protection and phishing resistance training to your security stack.
ID Agent to the Rescue: Our digital risk protection platform packs a punch to protect your data from phishing threats through the combined power of BullPhish ID and Graphus. SEE HOW IT WORKS>>
The Week in Breach News – Canada
Canada – Royal Military Colleges
https://globalnews.ca/news/7283754/student-financial-rmc-data-leak-cyber-attack/?web_view=true
Exploit: Ransomware
Royal Military Colleges – Military Training Higher Education System
Risk to Business: 2.045 = Severe
A DoppelPaymer ransomware incident was reported last month affecting Canada’s military college system. Now that data from the Royal Military College (RMC) of Canada has appeared on the Dark Web this week. The Department of National Defence (DND) did not confirm the leak contains RMC information. Reports from analysts who have seen the data say that the files appear genuine and include student progress reports and acceptance letters, as well as a myriad of financial documents like tax receipts and budgets for various departments.
Individual Risk: 2.603 = Moderate
No personally identifiable information or financial data for students appears to have been affected. Financial data appears to be concentrated in official channels. Exposure of student disciplinary records could potentially be embarrassing, and data could be used for spear phishing or blackmail attempts
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: No institution is immune to phishing – not even a huge government entity with access to cutting-edge technology and training. Every business of every size needs phishing resistance training.
ID Agent to the Rescue: Add phishing resistance training to your must-have solutions list to empower employees to remain aware of trouble in order to spot, stop, and report phishing attacks fast. LEARN MORE>>
Canada – Canpar Express
https://www.theregister.com/2020/08/24/in_brief_security/?&web_view=true
Exploit: Ransomware
Canpar Express: Shipping and Logistics
Risk to Business: 2.175 = Severe
Canadian logistics giant Canpar Express is just beginning to dig out from a ransomware attack that shut down some company capability last week. Extensive website outages including an inability to schedule pickups or deliveries led to many frustrated commercial and private customers, and they complained extensively on social media about delayed shipments and a lack of information. As of publication time, service had not yet been restored, and the company’s website contains only one page announcing the attack, with no estimated time of recovery listed.
Individual Risk: There is no information available about what (if any) information was stolen in this attack.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A complete lack of communication on the company’s part is not soothing any tempers, and what little information has been made available doesn’t disclose any details or an expected recovery timeline, making customers feel disregarded.
ID Agent to the Rescue: Protecting companies from ransomware starts with protecting them from phishing with Graphus. The smart AI learns and grows to provide just the right protection for every unique business. SEE A DEMO>>
New This Week in Cybersecurity News – United Kingdom & European Union
United Kingdom – Myerscough College
https://www.bbc.com/news/uk-england-lancashire-53822246?&web_view=true
Exploit: DDos/Hacking
Myerscough College: Institution of Higher Learning
Risk to Business: 2.707 = Moderate
In what had to be the most frustrating end-of-school saga possible for students and teachers, Myerscough College suffered a brutal denial of service attack that it said “severely damaged all IT infrastructure” on exam results day. The college’s systems were so badly impacted that everything was taken offline, with staff only able to be contacted through social media. Students were eventually able to recover test results after staffers manually emailed their grades.
Individual Risk: No sensitive data or financial information was reported as stolen, but the incident is still under investigation.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: An attack this crippling will not just impact the teachers and students involved, it will incur a significant recovery and rebuilding cost.
ID Agent to the Rescue: Protect access to systems and data with a multifunctional secure identity and access management solution like Passly. Get protection that goes to work on day one and deploys in days, not weeks, to protect data and systems in a flash. SEE A DEMO>>
United Kingdom – SnapFulfil
https://www.theregister.com/2020/08/20/snapfulfil_ransomware_attack/?&web_view=true
Exploit: Ransomware
SnapFulFil: Warehouse Management Software Developer
Risk to Small Business: 1.407 = Extreme
In an email to customers last week, UK logistics software developer SnapFulFil reported that it had suffered a ransomware attack, shutting down operations for at least one customer, with other customers potentially impacted as well. There was no report on what data or systems were affected, and the developer claimed to be making upgrades that would protect clients from further harm.
Individual Risk: No personal information was reported as stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can shut down your business completely, causing chaos for customers and damaging your professional reputation. A total systems shutdown will not help burnish the reputation of a company that specializes in warehouse management software.
ID Agent to the Rescue: Protecting a business from ransomware requires many tools these days. Our suite of digital risk protection solutions is ready to help businesses fight back against cybercrime like ransomware. SEE DEMO VIDEOS OF OUR SOLUTIONS>>
New This Week in Cybersecurity News – Asia
India – RailYatri
https://www.infosecurity-magazine.com/news/travel-site-exposed-37m-records/?&web_view=true
Exploit: Unsecured Database
RailYatri: Travel Facilitation Website
Risk to Business: 1.791 = Severe
Cybersecurity researchers discovered an Elasticsearch server without password protection or encryption on August 10 containing 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker. An estimated 37 million records linked to around 700,000 unique users of the popular site and a mobile app had data exposed including users’ full name, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location, and names/first and last four digits of payment cards.
Individual Risk: 2.227 = Severe
The data exposed in this breach could create an opportunity for identity theft, spear phishing attempts, or other social attack driven cybercrime. Users should reset their account password and stay alert for fraud attempts.
Customers Impacted: 700,000+
How it Could Affect Your Customers’ Business: Unsecured databases continue to be a problem, and with new cyberattacks like MeowBot that don’t just lock up data but delete it, guarding against intrusions like this is crucial to prevent unrecoverable data disasters.
ID Agent to the Rescue: Passly provides extra protection for data by creating fewer, more controlled pathways for access through individual staff Launchpads that allow IT teams to quickly manage permissions and add or remove access anytime, anywhere. LEARN MORE>>
New This Week in Cybersecurity News – Africa
South Africa – Experian
Exploit: Phishing (Impersonation Scheme)
Experian: Credit Rating and Monitoring Firm
Risk to Business: 1.394 = Extreme
In an audacious impersonation scheme, a hacker convinced staffers at Experian that they were a client who should be allowed to access consumer data to create insurance and credit-related marketing leads, enabling them to obtain information about 24 million citizens and 794,000 businesses. The hacker has been apprehended and the devices used confiscated. Experian maintains that no financial or sensitive data was compromised, but the incident and the extent of the damage is still being investigated.
Individual Risk: 1.591 = Severe
At this time, Experian is not reporting that any sensitive financial or personal data was stolen, but this is an incident that could have long-reaching implications for South African consumers and businesses, and there is no guarantee that PII or financial data wasn’t compromised. Consumers and businesses should use caution in communications around financial topics and be alert for fraud, identity theft, or spear phishing attempts.
How it Could Affect Your Customers’ Business: Handing out information to hackers in a conversation is just as bad as opening an infected email attachment – they’re both phishing, one’s just dressed up differently. Failing to update employee training to raise awareness of phishing dangers that go beyond suspicious email attachments (especially now that messaging and SMS are popular formats for phishing attacks) opens companies up to diasters like this one.
ID Agent to the Rescue: Guard against phishing by training staffers to stay alert for all kinds of phishing attempts from impersonation schemes to malicious PDFs with BullPhish ID. We update our plug-and-play training kits and videos monthly to assure that training stays up-to-date. LEARN MORE>>
New This Week in Cybersecurity News – Australia & New Zealand
Australia – Canva
Exploit: Unauthorized Systems Access
Canva – Digital Design Platform
Risk to Business: 1.667 = Severe
Digital design powerhouse Canva found itself in hot water this week as hackers accessed the platform and used it to facilitate spear phishing attacks. Canva unwittingly provided phishing campaigns with graphics that then made the threat actors’ attacks appear more legitimate to facilitate pilfering credentials through social engineering trickery. The problem was first noted in February but has accelerated since. The hack may be related to a significant May 2019 data breach that Canva has not confirmed but was widely reported.
Individual Risk: 2.776 = Moderate
At this time, Experian is not reporting that any sensitive financial or personal data was stolen, but this is an incident that could have long-reaching implications for South African consumers and businesses, and there is no guarantee that PII or financial data wasn’t compromised. Consumers and businesses should use caution in communications around financial topics and be alert for fraud, identity theft, or spear phishing attempts
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Information that is stolen in a breach can end up on the Dark Web and reverberate for years. That data can be used in many ways by cybercriminals to capitalize on the results of cybercrime in phishing attacks, credential stuffing, and more.
ID Agent to the Rescue: Dark Web ID monitors employee credentials and specially protected email addresses to ensure that you’ll know which direction danger might be coming from. See the power of Dark Web ID’s Threat Exposure Reporting to see why it closes sales fast. SEE A DEMO>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
New This Week in Cybersecurity News: Added Intelligence
Go Inside the Ink to Get the Inside Scoop
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
New This Week in Cybersecurity News: Catch Up on What You Need to Know Right Now to Protect Your Business.
- Cybersecurity Marketing: 3 Wins for MSPs & Back to School
- Student Data Breach Danger Also Impacts Businesses
- Why Phishing Resistance Training for Students is a Must-Have for Businesses
- Automatic Phishing Defense with Graphus Stops Threats Fast
- 10 Facts About the State of Cybersecurity Education (and Why That Matters to Your Business)
- The Ink This Week: Cybersecurity & Threat News 8/21/20
New This Week in Cybersecurity News
MEET GRAPHUS
We’ve just added a fresh solution to our digital risk protection platform to help defend businesses from today’s biggest threat – phishing. Meet Graphus, a unique automated phishing defense solution. Here are the critical things that you need to know about Graphus:
- This automated phishing defense solution is smart – it uses a patented smart AI to evolve an algorithm that learns from a company’s communication patterns to help guard against potential phishing emails landing in inboxes.
- The 3 pillars of the Graphus defense system add layered protection between staffers and potentially malignant phishing emails.
- TrustGraph® automatically detects and quarantines any malicious emails that break through an organization’s email security platform or existing Secure Email Gateway (SEG).
- EmployeeShield® alerts intended recipients of a potentially suspicious message by placing an interactive warning banner at the top that allows users to quarantine or mark the message as safe with a single click.
- Phish911™ empowers employees to proactively report suspicious and unwanted emails for IT to investigate.
- Get superior short-term and long-term protection as it evolves to keep up with new threats.
- Simple deployment and operation that seamlessly meshes with Office 365 and GSuite.
- See Graphus in action in our newest demo video SEE IT NOW>>
There’s simply nothing else on the market like Graphus. Learn more about Graphus and how it can provide advanced protection against phishing danger for you and your clients in our blog. READ THE DETAILS>>
Free eBook of the Week
New This Week in Cybersecurity News: Insider Threats Prove More Dangerous Than Ever
Phishing is today’s biggest threat. It can also be classified as an unintentional insider threat – but not every “accident” like an employee clicking on a phishing email is really an accident. Learn about insider threats including how to spot and stop them in our free resource package. You’ll get the eBook ” Combatting Insider Threats” and take a deeper dive into insider threats in our whitepaper ” What You Need to Know About Insider Threats” to help you plan your next security move.
New This Week in Cybersecurity News – Week in Breach Danger Spotlight
Healthcare Breaches Climb As Attackers Branch Out
When we think about a healthcare data breach, we’re often thinking about someone stealing payment information or PII from a healthcare facility. But that’s not all hackers are looking for anymore, and they’re ranging far outside the usual setting to find the information that they want – leading to a huge cybersecurity headache for healthcare organizations.
Just last week, hackers launched ransomware attacks against a device manufacturer and several healthcare providers, and they weren’t just targeting patient information – they were also looking for treatment and testing data related to COVID-19, a hot commodity on the Dark Web.
HACKERS WANT RESEARCH DATA
Recently, hackers were able to secure a $1.14 million ransom from The University of California San Francisco after successfully landing a ransomware attack that encrypted the COVID-19 research data at their medical school, and drug manufacturers like Gilead have also had research data targeted.
Healthcare breaches have surged since the start of 2020 – The Department of Health and Human Services’ HIPAA Breach Reporting Tool website shows 302 major health breaches impacting nearly 8.7 million individuals have occurred so far in 2020. So how can you protect your clients?
3 WAYS TO PROTECT DATA FAST
Passly – Any of your clients that haven’t started using passly need to add it to their security stack immediately. The fastest way to add data security is to add multifactor authentication for employees to access it, preventing stolen and recycled passwords from giving cybercriminals an easy way in with credential stuffing or social engineering.
Graphus – Add our fresh automated phishing defense solution right now to add 3 layers of protection between a malignant email and an employee inbox. Graphus uses a smart AI to analyze your communication patterns and determine which incoming emails may be phishing threats, blocking some and quarantining others for IT review – automatically. There’s nothing else on the market like it, as you can see in this demonstration video.
BullPhish ID – Security awareness training is essential, especially phishing resistance training. Cybercriminals continue to evolve their methodology, and staffers need to be ready to spot and stop phishing attacks. Consistent, updated training will encourage that.
REVIEW SECURITY AND ADD MORE PROTECTION NOW
This is the time to approach clients in the healthcare sector to improve their security and training solutions to handle these new threats. This threat picture is only expanding, and as the pandemic continues, the pressure on healthcare-related organizations will grow. Review security and training with your clients now, and reach out to new prospects, because this situation will only grow darker in the days ahead.
Catch Up With Us at These Virtual Events
- AUG 30 – SEPT 1: Build IT 2020 REGISTER>>
- SEPT 2 Power Up! Supercharge Your Sales & Marketing with Powered Services REGISTER>>
- SEPT 9: 5 Proven, Practical Steps to Close New Security Business REGISTER>>
- SEPT 27 – 29: GlueX 2020 REGISTER>>
- OCT 28 – 29: MSP CONNECT LIVE MIDWEST REGISTER>>
- NOV 18 -19: MSP CONNECT LIVE MID-ATLANTIC REGISTER>>
- DEC 2 – 4: MSP CONNECT SOUTHWEST REGISTER>>
New this week in cybersecurity news: A note for your customers:
The Stakes Are Rising As Breach Penalties Expand
The former CSO of Uber was charged with obstruction of justice and misprision of a felony this week for his role in an alleged coverup of the notorious 2016 data breach which impacted an estimated 57 million individuals. What does that mean for companies that suffer a breach now, and what can you do to reduce your breach risk?
Breach penalties have been steadily increasing worldwide as regulators and lawmakers respond to public pressure to hold executives and companies to account that play fast and loose with data protection or attempt to cover up incidents. and the penalties aren’t just monetary – legal implications for executives and companies are becoming more common, especially if companies are uncooperative in investigations.
So what can you do right now to prevent a costly data breach? Add a secure identity and access management solution. A solution like Passly that combines multifactor authentication, secure shared password vaults, single sign-on, and simple remote management increases your company’s compliance with data safety best practices and protocols while also protecting your systems from cybercrime.
Adding better protection against hackers is essential for protecting not only your data, but it’s also essential for protecting your business. Between the exorbitant cost of recovery and the regulatory nightmares that can follow a sensitive data breach, investing in a secure identity and access management solution now to guard your gateways is a small price to pay for greater peace of mind.
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Follow us on social media to find out about breach news, upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!