The Week in Breach: 11/27/19 – 12/03/19
This week, ransomware costs companies on multiple fronts, phishing scams have extensive data security consequences, and companies fail to adequately evaluate their third-party data sharing standards.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Medical & Healthcare
Top Employee Count: 1 – 10 Employees
United States – DeBella’s Subs
https://www.democratandchronicle.com/story/news/2019/11/26/dibellas-subs-customers-your-credit-card-may-have-been-breached-rochester/4308295002/
Exploit: Malware attack
DeBella’s Subs: Rochester-based restaurant chain
Risk to Small Business: 2 = Severe: Credential stealing malware was discovered in the restaurant chain’s information systems almost a year after the initial incident. However, the company acknowledged that the breach investigation was completed well before the company notified the public, a misstep that will undoubtedly mar the recovery process. The company is taking steps to ensure that this type of attack won’t be successful in the future, but that won’t help the hundreds of thousands impacted by this data breach. | |
Individual Risk: 2.428 = Severe: Customers’ personal and financial data may have been compromised in the breach. This includes names, payment card numbers, expiration dates, and CVV numbers. The breach is limited to customers in Connecticut, Indiana, Michigan, Ohio, New York, and Pennsylvania between March 22, 2018 and December 28, 2018. Although the damage resulting from the data exposure may already been inflicted, those impacted should still take necessary precautions such as contacting their financial institutions and reviewing card histories to check for unauthorized charges. |
Customers Impacted: 305,000
How it Could Affect Your Customers’ Business: Reputation management and restoration is a critical component of an effective data breach response plan. Although it’s more difficult to quantify than direct financial losses, reputational damage can be extremely problematic for any company and even place their ability to recover in jeopardy. Instead, providing timely communications and a comprehensive overview of what happens to customer data after it’s stolen can help companies demonstrate that they are serious about data security, helping restore customer confidence along the way.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
United States – Great Plains Health
https://www.usnews.com/news/best-states/nebraska/articles/2019-11-27/north-platte-hospital-reports-ransomware-attack
Exploit: Ransomware
Great Plains Health: Local hospital
Risk to Small Business: 2.333 = Severe: A ransomware attack disrupted many services at Great Plains Health, including email and other internal communication technologies. As a result, the healthcare provider has cancelled some procedures and appointments, while continuing to provide emergency services as needed. Whether Great Plains Health ultimately decides to pay the ransom or to attempt a recovery from backups, the result will undoubtedly be expensive. Especially when coupled with the opportunity cost and reputational damage that accompanies a data breach, the consequences of a ransomware attack can be financially devastating and long-lasting. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Healthcare providers are increasingly caught in the crosshairs of ransomware attacks, as cybercriminals capitalize on the critical nature of their services and the quality of information stored. The industry as a whole already faces strong regulatory oversight that can have costly consequences for healthcare companies that succumb to a breach. Even more importantly, a disruption in care services or communication can have even more severe implications for patients and put their lives at risk. Therefore, a robust cyber defense should be considered a staple to any healthcare service provider in the digital age.
ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
United States – Magellan Rx Management
https://www.marketwatch.com/press-release/magellan-rx-management-statement-regarding-security-incident-2019-11-27
Exploit: Phishing scam
Magellan Rx Management: Full-service pharmacy benefit manager
Risk to Small Business: 1.777 = Severe: An employee fell for a phishing scam that provided hackers with access to his account, which contained health plan member data. The breach occurred back on May 28th, and it wasn’t identified until July 5th. However, it’s unclear why the company waited until November before disclosing the breach to the public. Officials haven’t found any evidence that the data was misused, but the lengthy response time makes it more difficult for those impacted by the breach to secure their information before it’s used for nefarious purposes. | |
Individual Risk: 2 = Severe: The breach included member information, including names, dates of birth, health plan member ID numbers, health plan names, providers, diagnoses, and other healthcare-related information. This information is often used to facilitate additional cybercrimes like spear phishing attacks, so those impacted by the breach should be critical of digital communications, especially those requesting personal information. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Despite advanced security practices and other defensive efforts, phishing scams will inevitably make their way into employees’ inboxes. Fortunately, such messages can be rendered harmless, unless they are acted upon by an employee. Every business can enhance its defensive posture by providing comprehensive awareness training to keep employees abreast of the latest threats and the best practices for protecting company data.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
Canada – Waterloo Catholic District
https://www.cbc.ca/news/canada/kitchener-waterloo/waterloo-catholic-district-school-board-responding-to-significant-malware-incident-1.5375226
Exploit: Ransomware attack
Waterloo Catholic District: Local academic institution
Risk to Small Business: 2.111 = Severe: A ransomware attack has significantly disrupted services at Waterloo Catholic School District, forcing the academic institution to hire a third-party IT security firm to try and restore their network’s functionality. Nearly a week after the attack, the district still hadn’t fully restored network functionality, which will curtail its ability to provide adequate student services. It underscores the opportunity cost that always accompanies a ransomware attack, which only compounds the rising expenses of this devastating attack vector. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Academic institutions are frequently seen as soft targets for cybercrimes. Given their modest resources for cyber defense and the critical nature of their services, many hackers see this as an opportunity to cash in. Unfortunately, once ransomware takes root, there are no good or affordable solutions, and costs can quickly escalate to catastrophic levels. Simply put, a proactive defense is the only response that can actually make a meaningful difference toward protecting the IT infrastructure and the bottom line.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
Canada – Waterloo Brewing Company
https://www.cbc.ca/news/canada/kitchener-waterloo/waterloo-brewing-cyberattack-1.5367658
Exploit: Spear phishing attack
Waterloo Brewing Company: Ontario-based brewing company
Risk to Small Business: 1.666 = Severe: Cybercriminals executed a social engineering cyber-attack that tricked an employee into responding to fraudulent wire transfer requests totaling more than $2 million. The brewer doesn’t believe that their systems were breached, but bad actors were able to use readily available information to generate authentic-looking, incredibly effective invoices. The company is trying to recover the funds, but those efforts may ultimately be fruitless, making this an expensive learning experience for the employee and the company. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals have an ever-evolving arsenal of attack methodologies all aimed at separating businesses from their money. Not only do SMBs need to stay abreast of these tactics, but the services that provide Dark Web monitoring can give them a head start toward addressing potential vulnerabilities, giving them a chance to respond before that information is used to dupe unsuspecting employees into willingly facilitating significant monetary losses.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.
United Kingdom – Datrix
https://www.theregister.co.uk/2019/11/28/datrix_phishing_attack/
Exploit: Phishing attack
Datrix: Network services and cloud solutions provider
Risk to Small Business: 2.111 = Severe: While reading emails on a smartphone, an employee accidentally clicked on a phishing email that provided hackers with access to his entire email account, which was used to send additional phishing messages to the company’s accounting department and customer-base. The company shut down the affected account in 15 minutes, but not before hundreds of malicious emails were sent, potentially spreading the damage even further. | |
Individual Risk: 2.285 = Severe: Approximately 300 Datrix customers received phishing emails purportedly originating from the company. Datrix is encouraging everyone impacted by the breach to permanently delete the malicious communications and to be wary of any future communications from the company. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: It only takes a single compromised account to wreak havoc on your company’s reputation and bottom line. This data disaster was contained in fifteen minutes, but the repercussions will be far-reaching and wide-spread. Employee awareness training can help mitigate this threat by transforming potential vulnerabilities into a robust defense against cybercrime.
ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.
Netherlands – Vistaprint
https://techcrunch.com/2019/11/25/vistaprint-security-lapse/
Exploit: Exposed database
Vistaprint: Small business marketing product provider
Risk to Small Business: 1.888 = Severe: Vistaprint left an unencrypted database exposed, allowing anyone to access information related to customer service calls, chats, and emails. After the company was publicly alerted to the oversight on Twitter, they brought the database offline. The database has been exposed since November 5th, giving cybercriminals extensive access to sensitive customer data. At the very least, the episode was embarrassing for Vistaprint, which was exposed in a public forum and forced to issue a public notification of their poor data management standards. This hard-to-quantify reputational damage can be an impediment to businesses operating in competitive, digital spaces where customers are increasingly unwilling to do business with companies that can’t protect their data. | |
Individual Risk: 2.285 = Severe: In addition to information related to users’ customer service interactions, the data breach compromised personally identifiable information, including names, email addresses, phone numbers. The company can’t guarantee that this information wasn’t accessed by bad actors. Since personally identifiable information has a robust market on the Dark Web, those impacted by the breach should closely monitor their online accounts for suspicious activity, and some users may want to enroll in identity monitoring services. |
Customers Impacted: 51,000
How it Could Affect Your Customers’ Business: Today’s customers are increasingly unwilling to do business with companies that can’t protect their personal data. That reality makes an unforced error, like an exposed database, especially egregious. In today’s tech-centered business environment, expansion and advanced features can’t be implemented at the expense of data security, a reality that privacy regulators and ordinary consumers are ready to enforce.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
Spain – Prosegur
https://www.zdnet.com/article/security-firm-prosegur-weve-shut-our-it-network-after-ryuk-ransomware-attack/
Exploit: Ransomware
Prosegur: Cash logistics and private security company
Risk to Small Business: 2.333 = Severe: A ransomware attack brought the company’s website offline and disrupted client services. To prevent the malware’s continued spread, Prosegur ultimately brought its entire IT infrastructure offline, compounding the customer-facing problems and forcing the company to issue a public statement. At the same time, many employees were sent home because their computers and account access were unavailable. These opportunity and productivity costs have become one of the most prominent complications of ransomware attacks, which have grown in prominence and cost in 2019.
Individual Risk: No personal data was compromised in the breach, but client security services were unavailable during the ransomware attack. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In addition to the potential for multimillion-dollar ransom payments, these malware attacks inflict significant opportunity costs that can sometimes be the proverbial financial nail in the coffin for many companies. Fortunately, malware always needs an entry point, and SMBs can protect their infrastructure through simple measures like protecting employee accounts and providing phishing scam training.
ID Agent to the Rescue: With AuthAnvil™, you can prioritize password integrity at every level. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Australian Companies have dangerous Data Sharing Practices
Third-party partnerships have become a normative, even necessary, component of doing business in 2019. Unfortunately, for many companies these potentially beneficial relationships are often a liability when it comes to data security. According to a recent study by Security in Depth, 84% of Australian companies had not completed a formal review of their data sharing practices with third-party partnerships, a staggering amount of negligence in today’s digital environment.
For instance, nearly 60% of those surveyed acknowledged that they had experienced a third-party data breach in the past 12 months, a 3% increase from the previous year. These figures reveal a growing chasm between the known threat landscape and the steps that companies are willing to take to protect their valuable company and customer data.
Indeed, today’s threat landscape is expansive, but companies can mitigate many of the most prescient threats by partnering with MSPs that can offer best practices for securing third-party vulnerabilities. As the cost of a data breach quickly escalates, business leaders have millions of reasons to focus on cybersecurity as a business priority.
https://www.cio.com.au/article/669005/data-sharing-practices-australia-appalling-report/
What We’re Listening to:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A Note for Your Customers:
Netherlands Warns of Global Ransomware Attacks
As this week’s newsletter reveals, ransomware attacks are impacting businesses of every size in every sector. This malware, which restricts access to a company’s IT infrastructure, is often totally debilitating, resulting in opportunity and productivity costs that accompany the already high price associated with ransomware recovery.
Now a report from the National Cyber Security Center in the Netherlands is shedding some light on just how expansive this malady really is. The report found that 1,800 companies around the world are currently impacted by ransomware, a staggering number that officials believe underrepresents the real sum, since many ransomware incidents go unreported.
What’s more, the report found that cybercriminals often rely on a single network intruder to plant the malware. These credentials can cost as much as $20,000 on the Dark Web, but they are readily available, and businesses need to know if their information is available on underground marketplaces to protect their IT from infiltration. Ransomware attacks have proven to be a low-risk, high-reward endeavor for many cybercriminals, which means that these attacks are unlikely to abate any time soon. Instead, SMBs should turn their attention towards maintaining a robust defensive posture capable of ensuring that their company name isn’t added to the growing list of companies impacted by ransomware.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!