The Week in Breach: Staples leaves a door open for cybercriminals, Razer misclicks a database failing to secure user information, ransomware and skimming are causing trouble worldwide, and a new threat intelligence tool is available to arm you for the fight against phishing.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Service Provider
- Top Employee Count: 11- 50
The Week in Breach – United States
United States – American Payroll Association
American Payroll Association: Professional Organization
Risk to Business: 2.087 = Severe
The American Payroll Association just notified its members that it has suffered a breach. Threat actors installed skimming malware on both the login web page of the APA website and the checkout section of the association’s online store by exploiting a vulnerability in the APA’s content management system. It was discovered around July 13, but before it could be removed unauthorized individuals gained access to information including first and last names, email address, job title/role, primary job function, company structure, gender; date of birth, address (either business or personal), including country, province or state, city, and postal code, company name and size, industry details, and the types of payroll and attendance software used at the member’s company.
Individual Risk: 2.404 = Severe
Information like job title, company structure, personal contact details, and more from this breach can be used to construct spear phishing attacks. Victims of the data breach have been offered 12 months of free credit monitoring and $1,000,000 in identity theft insurance by APA.
Customers Impacted: 21,000
How it Could Affect Your Customers’ Business: Malware is commonly delivered via a phishing email, but can also directly infect systems, stealing credit card data and PII that impacts large swathes of customers. Cutting off access from infection points is a vital defense.
ID Agent to the Rescue: Passly includes essential features like single sign-on, allowing IT teams to isolate infected machines quickly to minimize damage and remove access to systems quickly and easily anytime, anywhere. LEARN MORE>>
United States – Staples
Exploit: Unauthorized Access
Staples: Office Supply Retailer
Risk to Business: 2.702 = Moderate
Staples has notified some customers of a cybersecurity incident that occurred earlier this month around 9/02 and consisted of unauthorized access to a system. Little information is available, but the event. The letter notes that “a limited amount” of order data for customers of Staples.com was obtained, and may contain names, addresses, email addresses, phone numbers, last four credit card digits, details about the order (delivery, cost, product), and other non-sensitive information.
Individual Risk: No information about whether the customers impacted were corporate accounts or consumer retail purchasers is available.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Unauthorized access to data can be a deliberate inside attack or an employee accident, but it’s always a problem that opens you up to a cascade of potential headaches.
ID Agent to the Rescue: Whether it’s an employee error or a malicious act by a staffer, data access problems are insider threats. Learn to spot and stop insider threats faster with our eBook and resource package. DOWNLOAD IT>>
United States – SeaChange International
SeaChange International: Video on Demand Provider
Risk to Business: 2.133 = Severe
Video on demand provider SeaChange is the latest victim of REvil ransomware. The gang posted a claim for an attack earlier this year that included a US Department of Defense video on demand proposal. The attack is believed to have occurred in April 2020, and included sensitive business information about contracts, proposals, and other proprietary data.
Individual Risk: No individual or consumer data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Corporate secrets are a huge market, and attacks like this are on the rise with the growth of “as a service” cybercrime. Extra protection must be provided for proprietary data, especially when a company handles sensitive information.
ID Agent to the Rescue: The primary delivery system for ransomware is 2020’s biggest treat – phishing. BullPhish ID trains staffers to be alert to suspicious messages, preventing phishing disasters. SEE A DEMO>>
United States – Magento
Exploit: Skimming (MageCart)
Magento: eCommerce Platform
Risk to Business: 1.775 = Severe
Adobe’s Magento platform experienced a nasty skimming attack last weekend that compromised almost 2,000 online stores this with MageCart malware to steal credit cards. The attack started Friday when ten stores were infected with a credit card skimming script, then ramped up on Saturday with 1,058 sites hacked, 603 more on Sunday, and an additional 233 on Monday to finish out a long weekend of cybercrime. The hacked shops were using Magento version 1, which ended support in June.
Individual Risk: 1.872 = Severe
No details have been provided about which stores were impacted. Anyone who made a purchase over the weekend from a store powered by Adobe Magento should be alert for credit card fraud
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: When you’re running a hosting platform, especially one that empowers financial transactions, clients expect you to have cybersecurity under control, and will be less likely to do business with a company that fails at that basic requirement.
ID Agent to the Rescue: Our digital risk protection platform has you covered, with tools that allow you to monitor credentials, control access, and guard against phishing. LEARN MORE>>
USA – Equinix
Equinix: Data Center Operator
Risk to Business: 2.816 = Severe
Netwalker ransomware made itself at home at data center giant Equinix, and the cybercriminals gang responsible is asking for $4.5 million to move out. The attack occurred over the US Labor Day holiday weekend, and appears to impact Equinix’s Australian clients most heavily. An accompanying screenshot showing a sample of the encrypted/stolen data includes folders of financial information, payroll, accounting, audits, and data center reports.
Individual Risk: No individual information was reported as compromised, but that could be a future consequence as events unfold.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Once again, a professional services provider fails to protect customer information by failing to resist a phishing attack – and this time they’re in the information business. That could put future clients off.
ID Agent to the Rescue: Automate your company’s defense against phishing with Graphus and put three layers of protection between a phishing email and your data fast. SEE HOW IT WORKS>>
United States – Razer
Exploit: Unsecured Database
Razer: Gaming Hardware and eServices Company
Risk to Business: 2.307 = Severe
An unsecured Elasticsearch cluster is the culprit in a sloppy data leak at gaming equipment leader Razer. More than 100K customers had data including their full name, email, phone number, customer internal ID, order number, order details, and billing and shipping address exposed in the incident.
Individual Risk: 2.347 = Severe
While no financial information was exposed, the data that was leaked could be used in spear phishing attacks.
Customers Impacted: 100,000
How it Could Affect Your Customers’ Business: An unlocked database like this is a treasure trove for cybercriminals – and a rookie mistake by a tech company. It’s a ding on Razer’s reputation.
ID Agent to the Rescue: Information like this lives forever on the Dark Web. Dark Web ID provides 24/7/365 protection to user credentials alerting you if they appear in Dark Web markets. SEE DARK WEB ID IN ACTION>>
United States – Digital Point
Exploit: Unsecured Database
Digital Point: Webmaster Community Platform
Risk to Business: 2.303 = Severe
in July 2020, an internet researcher found an unsecured Elasticsearch database containing over 62 million records. In total, data belonging to 863,412 Digital Point users was included in the leak. Names, email addresses, and internal user ID numbers for forum users were made publicly available. The leak also exposed details for thousands of internal records and reported user posts.
Individual Risk: 2.787 = Severe
While no financial information was exposed, but the data that was exposed, especially the post data, could be used in spear phishing attacks.
Customers Impacted: 863,412
How it Could Affect Your Customers’ Business: An unsecured database points to sloppy data handling practices at a company, making customers or users less likely to want to trust that company with their personal information in the future.
ID Agent to the Rescue: Fast, easy, smart secure identity and access management is just a click away. Passly adds crucial security weapons like multifactor authentication to make sure only the right people have access to your data. SEE PASSLY IN ACTION>>
The Week in Breach – Canada
Canada – Manitoulin Transport
Manitoulin Transport: Freight Transport and Logistics Provider
Risk to Business: 2.314 = Severe
Another Canadian freight company has fallen victim to ransomware. In the latest incident, the Ontario-based carrier became aware of the attack on July 31, when some of its personnel reported systems access issues. The group claiming responsibility is Contee and they’ve also claimed responsibility for several other hacks against Canadian trucking companies – Manitoulin Transport is the sixth Canadian supply chain company to see its data posted by ransomware groups in less than a month.
Individual Risk: No consumer data has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware typically comes calling as part of a phishing attack. Improving your defense against today’s biggest risk is essential. Businesses need to add strong protection from phishing attacks and improve phishing resistance training.
ID Agent to the Rescue: Graphus and BullPhish ID are a 1-2 punch in the fight against ransomware. Graphus features seamless integration with O365 and G Suite. BullPhish ID provides the second hit to phishing with updated resistance training including COVID-19 threats. LEARN MORE>>
The Week in Breach – United Kingdom & European Union
United Kingdom – Virtual Mail Room
Exploit: Unsecured Database
Virtual Mail Room: Communications Firm
Risk to Business: 1.661 = Severe
More than 50,000 letters and financial statements sent by Councils and banks to people in the UK, US, EU, and Canada were left exposed in an unsecured database in a blunder by London-based Virtual Mail Room. A database of letters sent by local authorities reveals the names and addresses of 2,300 people living in Croydon. Councils in Eastbourne, Reigate, North Tyneside, Ashford, North East Derbyshire and West Lindsey. Also exposed were letters to 6,500 customers of Aldermore Bank, 250 Metro Bank customers, and royalty statements for the publishing firm Pearson. The names, email addresses, and telephone numbers of staff with access to Virtual Mail Room’s systems were also visible.
Individual Risk: 1.721 = Severe
The data exposed included personal financial information and sensitive data. This kind of information can be used for cybercrime including impersonation scams, identity theft, and spear phishing.
Customers Impacted: 20,000+
How it Could Affect Your Customers’ Business: This egregious mistake highlights the risk of third-party exposure that many businesses face from service providers or work that’s farmed out. Not only can your data be stolen through carelessness with cybersecurity practices, but your customers’ can also be stolen too, reflecting poorly on you.
ID Agent to the Rescue: Reduce the chance of third-party risks damaging your business with our comprehensive digital risk protection platform, featuring solutions that protect your business without breaking the bank. LEARN MORE>>
The Week in Breach – Australia & New Zealand
Australia – K7 Maths
Exploit: Unsecured Database
K7 Maths: Education Services Provider
Risk to Business: 2.077 = Severe
The Australian Computer Emergency Response Team (AusCERT) determined that The Department of Education, Skills, and Employment (DoE), was not to blame in a breach incident after researchers downloaded the personal details of more than one million students, teachers, and staff from a Dark Web site. Instead, the breach was traced to education services provider K7 Maths and an unsecured Elasticsearch cluster, likely as part of a March 2020 incident. The leaked data contained details such as first names, emails, password strings, and K7Maths site settings.
Individual Risk: 2.837 = Moderate
The leaked information could be used to launch spear phishing attacks and credential stuffing attempts. Users of the system should use caution in handling suspicious messages.
Customers Impacted: 1,000,000
How it Could Affect Your Customers’ Business: Failing to keep information secure as a service provider could mean that your business loses contracts and opportunities. It can also damage your business reputation as a reliable partner because it creates an impression of carelessness.
ID Agent to the Rescue: Credential reuse is an epidemic, and that can spell trouble for businesses. Dark Web ID guards against exposure risks from compromised credentials that your staff could be using at work and at home. SEE A DEMO>>
The Week in Breach – South America
Chile – BancoEstado
BancoEstado: Financial Institution
Risk to Business: 1.421 = Extreme
Ransomware was able to shut down all branches of Chilean bank BancoEstado, one of the largest banks in the country, after an audacious ransomware attack rocked it. The incident was caused by REvil ransomware, and impacted the bank for several days, putting a stop to all of its business. The ransomware caused extensive damage and encrypted the vast majority of internal servers and employee workstations.
Individual Risk: No individual data has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware has a devastating impact on any organization, causing service disruptions and lost business plus an expensive recovery even if no information is stolen or it can be retrieved from backups.
ID Agent to the Rescue: Stop ransomware from shutting you down by adding a new team member just to stop phishing attacks from reaching your staff – Graphus. SEE A DEMO>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Added Intelligence
Go Inside the Ink to Get the Inside Scoop
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Catch Up on What You Need to Know Right Now to Protect Your Business.
- Identity and Access Management Rules Top CISO Priorities
- MSPs: Use These Tools to Sell Dark Web Monitoring
- 10 Facts About Cybercrime as a Service
- 3 Ways to Avoid Being the Catch of the Day in the 2020 Phishing Boom
- The Week in Breach 09/02 – 09/08/20
- The Ink This Week: Blog Roundup & News 09/11/20
- 3 Ways That Social Media is a Data Breach Risk – and How to Fight Back
- Spear Phishing Threats Rise as Dark Web Data Grows
The Week in Breach: Product Feature Update
Get More Detailed Phishing Threat Intelligence for Your Business With This Add-on
One of the most valuable things that you can do to strengthen your business cybersecurity fight phishing is to add an automated phishing defense solution like Graphus. But you don’t just get peace of mind against today’s biggest threat when you deploy Graphus – you also get detailed, actionable intelligence about what phishing threats your clients have faced and been protected from by Graphus when you choose to include the Graphus Threat Intelligence add-on.
Here’s how it works:
- Graphus detects malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your email users.
- You can use this valuable threat intelligence to protect your organization from future attacks.
- Graphus integrates with industry-leading Security Incident and Events Management (SIEM) platforms such as Splunk and Elastic:
- Threat indicators are pushed to a SIEM platform in real-time
- SIEM platform pushes threat intel to Intrusion Detection & Prevention Systems (IDS), Firewalls, Web Application Firewall (WAF), Unified Threat Management, Secure Web Gateways, End Point Protection, etc. that monitor network traffic.
- Each of these controls is enabled to take protective actions (e.g., block traffic from a malicious IP), based on policy defined by your organization
Ready to find out more? See a video of Graphus at work or learn more about Graphus and schedule a demonstration today.
The Week in Breach: Featured Threat
Remote Workers Change A Company’s Risk Calculus
The rapid transition to a fully remote workforce was an unexpected twist to the story of cybersecurity in 2020, but most companies were able to successfully make the shift, even during a disaster. Unfortunately, many companies also found out that their cybersecurity plans, solutions stack, and user training didn’t always keep up, leaving remote workforce vulnerabilities.
Tessian’s Psychology of Human Error Report surveyed 1,000 workers in the UK and 1,000 workers in the US at the height of the coronavirus outbreak in April 2020, to reveal how the effects of the increased stress, distraction, and workplace disruption led to cybersecurity danger.
- 52% of respondents said they were more error-prone due to stress
- 41% said they made more mistakes when they felt tired
- 42% said their mistakes were often caused by distraction
- 43% of employees reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company
- 57% of workers noted that they were more distracted when working from home
- 1 in 4 said they’d fallen for a phishing attack
- 47% of respondents cited distraction as the reason why they fell for a phishing attack
- 44% cited fatigue as a top reason for sending an email to the wrong person
The big takeaway: New circumstances, like suddenly supporting a remote workforce, bring new cybersecurity challenges that IT teams need to be able to respond to quickly to proactively mitigate potential risks.
Learn how to secure a remote workforce fast with our “Remote Working Cybersecurity” Resource Package. DOWNLOAD IT>>
Add Automatic Protection to Reduce Risk
Two solutions can help you quickly secure systems and data against the data breach and cybercrime threats posed by tired, distracted, or just plain careless workers. By relying on automation and adding more access control, companies can put protection in place that goes with their workforce and works anytime, anywhere.
- PASSLY is the ideal secure identity and access management solution for securing a remote workforce. With simple remote management, Passly allows IT teams to quickly give and remove access to over 1,000 business applications through each user’s single sign on LaunchPad. Passly also adds multifactor authentication, adding a crucial security step between business systems and data and a tired employee’s stolen password.
- GRAPHUS is the automated phishing defense solution that’s ready for today’s phishing threats. Using patented AI technology, Graphus provides 3 layers of defense against phishing. It’s also smart, so it keeps analyzing each company’s unique communication patterns to continually provide personalized protection as businesses grow.
By adding strong protection against employee error with two efficient and affordable solutions, it’s easy to make sure that companies are protected from insider threats like overtaxed staffers and always ready to get down to business.
The Week in Breach – Free eBooks of the Week
Have you started thinking about your 2021 cybersecurity plan, and how you plan to secure your customers? Be ready for whatever 2021 has to throw at you by taking an in-depth look at what happened in 2020 – and what impact that’s expected to have on the threat landscape in 2021.
The Week in Breach: A note for your customers:
Hackers for Hire are Here to Steal Corporate Secrets
As the rise of “as a service” cybercrime continues, some hackers aren’t just involved in ransomware and PII theft. They’re focused on specialized spying, like stealing trade secrets – and keeping them out of your business is easier than you think.
Corporate espionage is a growing industry in a world where information can be currency. From state-backed actors trying to filch technology to data thieves who want the results of COVID-19 testing, thriving cottage industries have grown up around specialized corporate cybercrime.
These bad actors aren’t just focusing on global corporations or well-known institutions anymore – companies of every size are at risk of attack. But you can quickly and efficiently add safeguards to your systems and data to reduce your risk of corporate espionage, and it’s not even expensive.
Add a secure identity and access management solution like Passly to add safeguards against hackers that make it harder for them to break in with a stolen or cracked password. It’s also smart to add automatic phishing protection with Graphus to put strong protection between your business and cybercrime like phishing and ransomware.
By beefing up security with these solutions and staying alert for credential compromise with Dark Web ID, you can ensure that you’re ready for potential corporate hacking attempts to keep your proprietary data safe.
Catch Up With Us at These Virtual Events
- SEPT 16: A Cybersecurity Trilogy: PREDICT – A New Idea Webinar REGISTER>>
- SEPT 23: Phishing Confidential: Offense and Defense Playbooks of a Phishing Attack Revealed REGISTER>>
- SEPT 27 – 29: GlueX 2020 REGISTER>>
- OCT 14: A Cybersecurity Trilogy: PROTECT – The Dark Side Strikes Back Webinar REGISTER>>
- OCT 20 – 22: Kaseya Connect IT Europe REGISTER>>
- NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>
Have a Prosperous Fall by Harvesting More MRR!
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
FOLLOW US ON SOCIAL MEDIA!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to firstname.lastname@example.org to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!