The Week in Breach: Cybersecurity and Breach News 09/02/20 – 09/08/20
Breach News This Week: This week: Warner Music sings the blues after a skimming attack surfaces, data breach costs (and risks) are soaring for businesses in every sector, and our new eBook on the state of phishing in 2020 shows you why it’s today’s biggest risk.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1 – 10
Breach News This Week – United States
United States – Telmate
Exploit: Unsecured Database
Telmate: Correctional Facility Communications
Risk to Business: 2.014 = Severe
A misconfigured Amazon S3 Bucket is to blame for a nasty data breach involving Telnet, makers of the Getting Out app used for inmate communications. The app, (which charges an exorbitant fee of up to $0.50 per minute for families to communicate with their incarcerated loved ones), is commonly monitored by prison officials, but the data that has been leaked is the kind of highly sensitive personal information like whether an inmate identifies as transgender, their relationship status, prescription medication they take, and their religion. The company, part of the Global Tel Link family, blames a third party vendor for the incident. Experts say that 11,210,948 inmate records and 227,770,157 messages were exposed.
Individual Risk: 2.314 = Severe
While Telnet maintains that no medical data, passwords, or consumer payment information were affected, the information that has been widely available through this unsecured bucket is potentially personally damaging and opens prisoners and their families up to identity theft and blackmail risks, as well as targeting for hate crime.
Customers Impacted: 2.3 million inmates and their families
How it Could Affect Your Customers’ Business: Failing to secure simple data storage tools like this is indicative of a lax attitude toward security throughout a company, and can turn off customers and potential partners. This is Telnet’s second security incident this year.
ID Agent to the Rescue: Simple, effective secure identity and access management for any company is just a step away – Passly packs essential features like single sign-on, multifactor authentication, and shared password storage vaults into one affordable package. LEARN MORE>>
United States – Cygilant
Cygilant: Information Security Firm
Risk to Business: 1.337 = Extreme
Cybersecurity startup Cygilant finds itself in hot water after falling victim to a ransomware attack. Cygilant is believed to be the latest victim of NetWalker ransomware. A site on the Dark Web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant. It is unknown if they paid the ransom, but the Dark Web listing has disappeared.
Individual Risk: No personal information was disclosed as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware is most commonly delivered through a phishing email, today’s most common vector for cyberattacks. Preventing phishing email from landing in employee inboxes is a strong defense against ransomware.
ID Agent to the Rescue: Get Graphus. Our smart AI-driven automated phishing defense solution uses a patented algorithm to learn how businesses communicate, putting 3 layers of defense between a phishing email and an employee inbox. LEARN MORE>>
United States – Roper St. Francis Hospital
Exploit: Unauthorized Database Access (Phishing)
Roper St. Francis Hospital: Medical Center
Risk to Business: 2.354 = Severe
A newly-announced security breach occurred at Roper St. Francis Hospital between June 13 and June 17. An attacker was able to gain access to a treasure trove of healthcare data by compromising an employee’s email in a suspected phishing incident at the Charleston, SC hospital. The patient information that was compromised contained names, birth dates, detailed medical records, insurance information, and Social Security numbers.
Individual Risk: 2.004 = Severe
Patients and former patients can determine if attackers got their data by calling a toll-free call center for more information at 1-888-498-0916
Customers Impacted: 6,000
How it Could Affect Your Customers’ Business: Health care information is at a premium right now because it is a hot seller on the Dark Web – and with an exponential increase in phishing, every healthcare sector organization is high on the hit list for bad actors.
ID Agent to the Rescue: This information will likely end up in a Dark Web data dump, serving as ammunition for future spear phishing attempts. BullPhish ID helps train staffers to spot and stop spear phishing . SEE A DEMO>>
United States – The Jewish Federation of Greater Washington
Exploit: Hacking Instrusion
The Jewish Federation of Greater Washington: Non-Profit
Risk to Business: 1.211 = Extreme
A cyberattack at The Jewish Federation of Greater Washington gave cybercriminals a solid payday. Bad actors were able to hack in through an employee’s home WiFi to a privileged user account and snatch an estimated $7.5 million. The hack was discovered on August 4 by a security contractor who noticed unusual activity in an employee’s email account. That assessment indicates that the hacker had access to the system long before stealing the money, as early as the first months of summer. The organization has 52 employees.
Individual Risk: No personal information or donor financial data was reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This is an enormous blow to any business, but especially a non-profit that needs funding to continue doing good work in hard times. Notoriously unsafe home WiFi and device or network sharing between parents and children creates opportunities for hackers to slip through.
ID Agent to the Rescue: Passly is the solution to prevent unauthorized access to important things. Our affordable secure identity and access management tool includes single sign on launchpads for every user, making it easy for IT staff to remove privileged access if a user account is compromised. LEARN MORE>>
USA – View Media
Exploit: Unsecured Database
View Media: Online Marketing Firm
Risk to Business: 2.201 = Severe
A publicly accessible Amazon Web Services (AWS) server that belongs to View Media was discovered by cybersecurity researchers, overflowing with more than 38 million US user records, including their full names, email and street addresses, phone numbers, and ZIP codes. The data included 700 statement of work documents for targeted email and direct mail advertising campaigns stored in PDF files, and 59 CSV and XLS files that contained 38,765,297 records of US citizens in total, of which 23,511,441 records were unique. The bucket also contained thousands of files for various marketing materials, such as banner advertisements, newsletters, and promotional flyers sorted by locations and ZIP codes that the marketing company’s campaigns targeted.
Individual Risk: 2.919 = Moderate
While this is a huge trove of information, no financial or protected personal information was involved, although this information will make its way into Dark Web data dumps.
Customers Impacted: 38 million +
How it Could Affect Your Customers’ Business: Failing to undertake a simple bit of maintenance like this doesn’t look good in front of potential partners, who may become concerned that your business is a third party security risk and reconsider hiring you.
ID Agent to the Rescue: Data like this lives on in Dark Web markets, providing fuel for cyberattacks like phishing and credential stuffing. By choosing a strong digital risk protection platform, you can reduce your risk of cyberattacks. SEE HOW IT WORKS>>
United States – Warner Music
Exploit: Malware (Magecart)
Warner Music: Entertainment Company
Risk to Business: 2.307 = Severe
In a just disclosed breach, Magecart skimming was in action at Warner Music from April 25 and August 5. Warner Music said hackers compromised “a number of US-based e-commerce sites” that were “hosted and supported by an external service provider.” The details that the cybercriminals checked out with include names, email addresses, telephone numbers, billing addresses, shipping addresses, and payment card details (card number, CVC/CVV, and expiration date) for account holders and guests who placed items into shopping carts or made purchases in that timeframe.
Individual Risk: 2.297 = Severe
The company did not specify in it’s filing exactly which parts of its retail operations were impacted. Warner Music is offering free credit monitoring through Kroll for victims.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Skimmers like Magecart are a result of hackers gaining access to parts of a website, often by compromising the weak credentials of a privileged account. Improving credential security is a must for strong cybersecurity.
ID Agent to the Rescue: Dark Web ID provides 24/7/365 protection to user credentials including especially privileged accounts, alerting you if their credentials appear in Dark Web markets to allow you to take action before cybercriminals do. SEE DARK WEB ID IN ACTION>>
Breach News This Week – United Kingdom & European Union
United Kingdom – Northumbria University
Northumbria University: Institution of Higher Learning
Risk to Business: 2.717 = Severe
Northumbria University was sent reeling by a suspected ransomware attack which forced it to reschedule exams and close its entire campus. The college announced that it is undertaking a restoration and recovery operation, but that students would not have access to the student portal, blackboard, and potentially other university platforms for some time during a particularly important part of the educational year.
Individual Risk: No information has been released about the type of data that may have been impacted, if any.
Customers Impacted: 26,675 students
How it Could Affect Your Customers’ Business: Ransomware typically comes calling as part of a phishing attack. Adding strong protection from phishing attacks and improving phishing resistance training for every user can lower ransomware risks.
ID Agent to the Rescue: Graphus and BullPhish ID are a 1-2 punch in the fight against ransomware and cybercrime. Graphus features seamless integration with O365 and G Suite. BullPhish ID trains staffers to be aware of today’s constantly changing phishing threats, including COVID-19 threats. LEARN MORE>>
Breach News This Week – Australia & New Zealand
Australia – Service New South Wales
Exploit: Unauthorized Database Access (Phishing)
Service New South Wales: Government Entity
Risk to Business: 2.077 = Severe
Australian government agency Service New South Wales (NSW) confirmed that a recent attack resulted in the personal details of 186,000 customers being compromised. Hackers were able to gain access to 47 staff email accounts, giving them a pass into a huge amount of information. 738GB of data comprised of 3.8 million documents was stolen from the email accounts in April 2020.
Individual Risk: 2.776 = Moderate
Service New South Wales says that the stolen data is made up of internal documents such as handwritten notes and forms, scans, and records of transaction applications. There was no evidence that individual MyServiceNSW account data or Service NSW databases were compromised during the cyber attack.
Customers Impacted: 186,000
How it Could Affect Your Customers’ Business: Tricking a staffer into giving up a password can be easy, especially at large companies like Twitter. That password can be the key to the kingdom for cybercriminals, giving them access to all sorts of systems and data – and you a new headache.
ID Agent to the Rescue: Take the power out of a filched password by adding multifactor authentication to your cybersecurity tool belt with Passly, with a multiple options for identifier code delivery. SEE A DEMO>>
Breached This Week – South America
Argentina – Dirección Nacional de Migraciones
Dirección Nacional de Migraciones: Government Agency
Risk to Business: 2.341 = Severe
Dirección Nacional de Migraciones, Argentina’s border control agency, was hit by a Netwalker ransomware attack that caused the interruption of the border crossing into and out of the country for four hours on August 27th. Systems were shut down after the agency’s tech support began receiving a suspiciously large amount of requests for assistance with irretrievable Office files. Government officials indicated that they will not pay the ransom and will not negotiate with Netwalker ransomware operators, who are currently demanding a $4 million ransom (up from $2 million after the expiration of the cybercriminals’ first deadline).
Individual Risk: No individual data has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware has a devastating impact on any organization, causing service disruptions and lost business plus an expensive recovery even if no information is stolen or it can be retrieved from backups.
ID Agent to the Rescue: Stop ransomware from shutting you down by adding a new team member just to stop phishing attacks from reaching your staff – Graphus. SEE A DEMO>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Added Intelligence
Go Inside the Ink to Get the Inside Scoop
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Catch Up on What You Need to Know Right Now to Protect Your Business.
- Start Your 2021 MSP Cybersecurity Marketing Planning Now!
- Follow Phishing Trends in 2021 Automatically
- The Week in Breach 8/26/20 – 9/01/20
- Cybersecurity Disaster Preparedness 101: Business Continuity Planning
- Use Secrets From the Masters to Create a 2021 Cybersecurity Plan
- Identity and Access Management Rules CISO Top Priorities
- MSPs: Use These Tools to Sell Dark Web Monitoring
- 10 Facts About the Danger of Cybercrime as a Service
Breach News This Week: Featured Threat
A Ransomware Attack Attempt at Tesla is a Wild Ride That Leaves Questions for Business Owners
In a story with so many twists and turns that it seems like an action movie, Tesla dodged a bullet this week when FBI investigators revealed that it was the target of an audacious insider threat/ransomware/nation state attack .
According to reports, a potentially state-backed Russian cybercrime gang attempted to bribe a Tesla employee $1 million to install malicious ransomware code designed to steal corporate secrets and lock down Tesla’s operations at its Gigafactory near Reno, Nevada.
So, what’s the big takeaway from this sensational cybersecurity incident? Every company must consider insider threats in its cybersecurity plan.
Money talks, and there is always a danger that someone could fall prey to the siren song of a bribe. A malicious insider can have many motivators. Sometimes it’s simple greed, sometimes its extortion – and sometimes it’s just a staffer in a bad spot trying to pay for something their family needs. No matter why that employee is willing to take a cybercrime gang’s money, it’s your business that suffers.
These staffers were specifically recruited to do this job by bad actors that were trying to steal Tesla’s proprietary secrets, disrupt their business, score a big payday, and make a splash in the hacking world. While the company was fortunate that its staffers weren’t taken in by the cybercriminals’ sales pitch, relying on employee satisfaction to prevent insider threats isn’t a strong defensive strategy – you need to do a little bit more.
Three Tools to Help You Fight Back Against Insider Threats
Learn what to look for to learn to spot and stop insider threats. Knowing how to read the signs of a problem, whether it’s a potentially malicious insider or a careless employee, can save your business. Get our “Stop Insider Threats resource package, featuring the “6 Things You Need to Know” whitepaper and a “Combating Insider Threats” eBook to see the things to watch for and what to do. DOWNLOAD IT>>
Add additional protection to data and systems with Passly. Take the sting out of a staffer’s stolen password with a secure identity and access management solution like Passly. Multifactor authentication means that entry requires a second identifier, and single sign on creates individual Launchpads for each user, making it easy to control access points and remove access to critical operations if an account is compromised. SEE A DEMO VIDEO>>
Find out how to think like a hacker to predict their next move at our epic three-part fall event “A Cybersecurity Trilogy: Predict, Protect, Plan”. Don’t miss this rare opportunity to hear from some of the finest minds in cybersecurity today in 3 webinars devoted to putting you inside the mind of a cybercriminal, making you a better cybersecurity planner. RESERVE YOUR VIRTUAL SEAT>>
Take steps now to reduce your risk of a business catastrophe caused by insider threats – because while no one wants to think that they can’t trust their staffers to do right by their business, unfortunately, it’s the truth.
Free eBook of the Week
Get the Facts About 2020’s Biggest Threat, Phishing, in Our New eBook!
How Big is the 2020 Phishing Boom? It’s a Tidal Wave.
Phishing has been the story of the year in cybersecurity. In the wake of the spring’s pandemic shutdown and the ensuing economic shockwave, phishing is up more than 600% since January 2020. The majority of ransomware attacks arrive via phishing and more than 60% of cybercriminals use phishing as their primary method of attack.
So in this climate of increased cyberattack danger, a booming Dark Web economy, and worldwide uncertainty, what can you do to protect your business against this phishing perfect storm? Read our new eBook to find out! You’ll learn:
- What’s enabling this massive increase in phishing attacks
- How phishing is evolving to be harder to detect
- Why simple security upgrades can provide big protection
- And more!
See the state of phishing in 2020 to protect your business from today’s biggest threat – and plan your defense for 2021. Download “Fresh Phish: How Not to Become the Catch of the Day in the 2020 Phishing Boom” now>>
Breach News This Week: A note for your customers:
Cyberattack Risks and Data Breach Costs are on the Rise in 2020
There’s no doubt that 2020 has been an expensive year for businesses in every way – and 2021 is just around the corner. What can you expect to need to consider in your 2021 cybersecurity budget? How about a few cost-effective upgrades, since both cyberattack risks and data breach costs are climbing (especially for government entities and healthcare providers), with no end in sight.
Reviewing the annual Ponemon Institute “Cost of a Data Breach” report, one figure sticks out: 70% of respondents expect remote working could increase the cost (and danger) of a data breach.
We’re finding that this is the case. From this week’s hacking attack on an employee’s home WiFi network that led to the theft of $7.5 million to intrusions enabled by IoT gadgets or parents and children sharing networks and devices at home, data breaches will rise from the sheer increase in opportunity afforded to cybercriminals by a remote workforce.
In today’s world, remote working isn’t going anywhere, especially as the COVID-19 pandemic continues to cause worldwide disruptions. But there are a few actions that businesses can take to reduce their risk of a cybersecurity disaster in these circumstances.
First and foremost, adopt a secure identity and access management solution like Passly that offers solid protection against unauthorized access to systems and data with essential security features like multifactor authentication, easy remote management, and single sign on Launchpads for every user
It pays to review your cybersecurity stack before you have an incident to ensure that it’s got all of the right tools to create a strong digital risk protection platform to guard your company against potential risk when supporting a remote workforce.
Watch this 10-minute technical demonstration video of our digital risk protection platform including Graphus, Dark Web ID, BullPhish ID, and Passly.
Catch Up With Us at These Virtual Events
- SEPT 2 Power Up! Supercharge Your Sales & Marketing with Powered Services REGISTER>>
- SEPT 9: 5 Proven, Practical Steps to Close New Security Business REGISTER>>
- SEPT 16: A Cybersecurity Trilogy: PREDICT – A New Idea Webinar REGISTER>>
- SEPT 23: Phishing Confidential: Offense and Defense Playbooks of a Phishing Attack Revealed REGISTER>>
- SEPT 27 – 29: GlueX 2020 REGISTER>>
- OCT 14: A Cybersecurity Trilogy: PROTECT – The Dark Side Strikes Back Webinar REGISTER>>
- OCT 20 – 22: Kaseya Connect IT Europe REGISTER>>
- NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!