The Week in Breach: 11/13/19 – 11/19/19
This week, ransomware erodes profitability, healthcare providers struggle to protect PII, and data breaches officially reach an all-time high.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 1 – 10 Employees
United States – Florida Blue
https://www.beckershospitalreview.com/cybersecurity/florida-blue-alerts-members-of-data-breach.html
Exploit: Phishing attack
Florida Blue: Health insurance provider
Risk to Small Business: 2.2 = Severe: A phishing attack at one of Florida Blue’s third-party vendors successfully duped an employee into compromising patients’ personally identifiable information (PII). The event included less than 1% of Florida Blue’s members, but it shines a spotlight on the underlying cybersecurity vulnerabilities within third-party partnerships. Now, because of an event outside of their immediate control, Florida Blue will face intense regulatory scrutiny and suffer from less-quantifiable reputational damage in the wake of breach. | |
Individual Risk: 2 = Severe: Patients’ PII was exposed in the breach, including names, dates of birth, and prescription information. Florida Blue is offering free credit monitoring and identity theft protection for anyone impacted by the breach. Although Florida Blue doesn’t believe that patient data has been misused, these services will provide long-term oversight to ensure that patients’ credentials remain secure. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In today’s digital environment, cybersecurity needs to be a central component of any third-party partnership. Unprotected companies place your data at risk, potentially undermining your best efforts to secure infrastructure. In contrast, strong cybersecurity standards can serve as a competitive advantage, allowing companies to market their strong defensive posture as a reason to subscribe to their services.
ID Agent to the Rescue: Designed to protect against human error, BullPhish ID™ simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/dark-web/#contact.
United States – SmartASP.NET
https://www.zdnet.com/article/major-asp-net-hosting-provider-infected-by-ransomware/
Exploit: Ransomware attack
SmartASP.NET: Web hosting platform
Risk to Small Business: 2 = Severe: Hackers encrypted the web hosting platform’s data, crippling both its IT infrastructure and customer data. After the attack, the company’s phones and website were both inaccessible, and SmartASP.NET was forced to notify customers that their data was encrypted. In addition to encrypting customer-facing infrastructure, a common target for ransomware attacks, the attack locked up significant amounts of back end data and delayed recovery efforts considerably.
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks inevitably have significant financial repercussions, and this is only compounded by the reputational damage that follows such a newsworthy incident. However, hackers need an avenue to deploy this malware, and companies can protect themselves by ensuring that their defensive posture is sufficient to repel today’s most prescient threats.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
United States – Starling Physicians
https://www.nbcconnecticut.com/news/local/Starling-Physicians-Warns-Patients-of-Data-Breach-564814302.html
Exploit: Phishing attack
Starling Physicians: Connecticut-based healthcare group
Risk to Small Business: 1.555 = Severe: Three employees fell for a phishing scam, providing hackers with access to their email accounts which contained patients’ personally identifiable information. The breach originally occurred on February 8th but wasn’t discovered until September. It’s taken the company two months to identify those impacted by the breach and send notifications. This lengthy response time will make it more difficult for patients to protect their information, while also opening the company up to increased regulatory scrutiny that could result in fines or penalties that will compound the financial implications of the breach. | |
Individual Risk: 2.142 = Severe: The compromised email accounts contained a limited number of patient data. Starling Physicians estimate that less than 1% of their patients are impacted, but the personal data includes patients’ names, addresses, dates of birth, passport numbers, Social Security numbers, and medical information. Starling Health is offering free credit and identity monitoring for patients whose Social Security numbers were exposed, and they are encouraging all victims to contact their financial institutions and to monitor their accounts for unusual activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Despite the best efforts of cybersecurity software, some phishing emails will inevitably make their way into your employees’ inboxes. Fortunately, these emails aren’t malicious until acted upon by employees. Comprehensive awareness training can equip all employees to identify and neutralize possible threats. It’s a low level of effort, high impact form of defense that can make a significant impact on your company’s data security efforts and ultimately, your bottom line.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – Boardriders
https://www.bleepingcomputer.com/news/security/quiksilver-and-billabong-affected-by-ransomware-attack/
Exploit: Ransomware
Boardriders: Action sports retailer
Risk to Small Business: 2.222 = Severe A ransomware attack crippled Boardriders’ operations, forcing several of their online stores to close and preventing employees from accessing any of the company’s IT. The event occurred during the last week of October, leaving the business with nearly two weeks of lost sales, productivity, and inventory. Until the ransomware was cleared from the network, employees were asked not to even turn on their computers. This productivity loss is one of the many hidden costs of ransomware attacks that are becoming increasingly prevalent as hackers look to extract large, single-payment sums from their victims.
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The costs of a ransomware attack are enormous. Whether companies pay the ransom or restore a system from backups, the immediate expense can cripple a business, and the long-term repercussions are a serious deterrent to profitability. In this case, Boardriders offered consumers deep discounts to entice them to return to the store, and their inventory and productivity losses will further erode profitability.
ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.
Canada – Nunavut
http://www.digitaljournal.com/tech-and-science/technology/government-services-in-nunavut-caught-in-ransomware-cyberattack/article/561203
Exploit: Ransomware
Nunavut: Local government
Risk to Small Business: 2 = Severe: A comprehensive ransomware attack has crippled the government’s ability to provide standard services. In total, the attack disabled medical services, family and education offerings, the finance department, and the territory’s legal system. In addition to the immediate price of restoring functionality, opportunity costs and reputational damage will further erode revenue. This episode reflects the total consequence of ransomware attacks, which bring uniquely troubling financial and technological repercussions for any business unlucky enough to be victimized.
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Once a ransomware attack strikes, there is no good or affordable response plan. Therefore, businesses need to have a laser-like focus on defense. In this case, an employee fell for a phishing attack containing a malicious attachment that ultimately infected the entire system. Simply put, ransomware attacks are often avoidable, and every business has millions of reasons to ensure that they are prepared to prevent their execution.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
United Kingdom – University of Hertfordshire
https://www.bbc.com/news/uk-england-beds-bucks-herts-50333367
Exploit: Accidental data exposure
University of Hertfordshire: UK-based academic institution
Risk to Small Business: 2.555 = Moderate: In an email promoting an upcoming lecture, the university accidentally attached a file that included the recipients’ names and email addresses. Although the data breach is relatively restrained, it is another reminder that organizations of all sizes in every sector are charged with protecting their customers’ data, and this is a task that no organization can afford to take lightly. | |
Individual Risk: 2.857 = Moderate: The list was only provided to those attending the lecture, and it included students’ names and email addresses. However, this information can quickly spread beyond the immediate circulation, increasing the risk of data exposure. Those impacted by the breach should be mindful that this information can be used to perpetrate phishing scams or other forms of fraud, so they should be especially critical of their digital communications. |
Customers Impacted: 2,000
How it Could Affect Your Customers’ Business: In a digital environment full of cybercriminals looking to exploit your organization’s vulnerabilities, a self-inflicted wound can be especially frustrating. Whether employees are accidentally sharing the personal data of customers or falling for phishing attacks, preparing your team to protect your customers’ information is one of the best ways to ensure that criminals have less opportunity to compromise your users’ data.
ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.
Australia – Monash IVF
https://kirbyidau.com/2019/11/06/incident-monash-ivf-patients-receive-bogus-emails-after-malicious-cyber-attack-on-fertility-company-abc-news-australia/
Exploit: Compromised email server
Monash IVF: IVF Clinic and fertility program
Risk to Small Business: 1.777 = Severe: Cybercriminals breached the Monash IVF’s email server, and they used their access to send malicious emails to patients. Since the company stores protected health information (PHI), there is concern about potential privacy violations resulting from the infiltration. To make matters worse, customers are complaining to the media, which will exacerbate the reputational damage that compounds the consequences of a data breach. | |
Individual Risk: 2.428 = Severe: Since hackers have such intimate access to the company’s IT infrastructure, it’s possible that patient information was exposed. However, the fraudulent emails being sent to patients represent a more potent data security threat, as unsuspecting patients could unwittingly provide personal data or account credentials to bad actors. In response, every patient should be especially vigilant to assess the veracity of incoming messages, while also being scrupulous about the information that they provide in response to digital communications. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: It’s never good for business when your brand is used to facilitate cybercrime. Not only can the costs of a data breach have far-reaching repercussions, but the loss in trust that follows can impact profitability for years to come. A data breach is one of the top causes of brand erosion, and every business needs to take steps to ensure that their technological capabilities improve the user experience without compromising their information.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
Australia – Perth
https://www.perthnow.com.au/news/consumer-protection/scammers-target-perth-settlement-agent-in-email-scam-worth-70000-ng-b881376125z
Exploit: Compromised email account
Perth: Capital of Western Australia
Risk to Small Business: 2.111 = Severe: Hackers cloned a Perth settlement agent’s email address, and they leveraged the vulnerability to scam consumers out of $70,000. Hackers simply changed one character in the email address before sending authentic-looking invoices to unsuspecting clients. At least two recipients thought the invoice was genuine, and they sent funds to the fraudulent account. As a result, the government is urging home and business buyers to be on high alert during the buying process. This problem will likely interrupt revenue-generating business activities, as the recovery effort will require both cybersecurity updates and reputation repair. | |
Risk to Small Business: 2.142 = Severe: Due to the personalized nature of this data breach, anyone conducting a personal or business real estate transaction is encouraged to be highly critical of digital funding requests. Perth officials are asking consumers to make a phone call verification of money requests and to be highly critical of digital communications from agents. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: It’s unclear exactly how hackers gained access to the agent’s information, but it’s evident that hackers were able to use transactional-specific information to dupe recipients into thinking the invoice was legitimate. When it comes to protecting account integrity, simple steps, like enabling two-factor authentication, can ensure that criminal activity doesn’t go unnoticed.
ID Agent to the Rescue: With AuthAnvil™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Data Breaches Reach New Highs
2019 has been a notorious year for data breaches, a reality that is playing out in front page headlines and major industry studies. According to Risk Based Security’s Q3 2019 Data Breach Report, it’s the worst ever recorded in history.
The year’s third quarter saw a year-over-year increase of 112% in the total records exposed. Unfortunately, this isn’t all attributable to the high-volume data breaches at major corporations. This year, SMBs, government agencies, and educational institutions are also seeing an uptick in cybersecurity incidents, together creating a 33.3% increase in the total number of breaches for the year.
Notably, many of these data breaches were avoidable. From misconfigured databases to phishing attacks, businesses have many options at their disposal for proactively protecting their most sensitive information. There is no indication that this recent data breach trend is likely to abate anytime soon, so businesses of every size have plenty of reasons to ensure that negligence isn’t the cause of yet another data catastrophe.
https://www.helpnetsecurity.com/2019/11/14/breaches-2019/
What We’re Listening to:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A Note for Your Customers:
New Threat Actor Impersonates Government Agencies
Cybersecurity researchers are warning consumers of a new threat actor impersonating government email accounts in the US and EU. To date, researchers have discovered hoax emails from the US Postal Service, the German Federal Ministry of Finance, and the Italian Revenue Agency. The emails are delivering malicious payloads containing ransomware to a variety of recipients.
While researchers found that cybercriminals are targeting a broad audience with their messages, they concluded that most are heavily skewed toward businesses, which offer higher payouts and more robust data sets when attacks are successful.
Fortunately, malicious emails rely on user response, so businesses can protect themselves by training their employees to spot fraudulent emails. This particular attack might be new, but the strategy is well-established, and today’s employees need to be aware of the threats that are potentially lurking in their inboxes.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!