Please fill in the form below to subscribe to our blog

The Week in Breach News: 01/27/21 – 02/02/21

February 03, 2021

This Week in Breach News:

Ransomware romps through the UK, USCellular has a CRM disaster that goes from bad to worse, big takedowns of ransomware gangs match the big surge in ransomware but don’t fix the problem and we’ve got expert secrets, tips, and tricks that will help you create a winning customer experience!

Dark Web ID’s Top Threats This Week

Top Source Hits: ID Theft Forum
Top Compromise Type: Domain
Top Industry: Sales & Retail
Top Employee Count: 501+

United States – USCellular

Exploit: Credential Compromise

US Cellular: Mobile Phone Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.379 = Extreme

USCellular, the fourth largest mobile network in the US, has suffered a data breach after a successful malware attack. Hackers used malicious code disguised as a routine software update to gain access to systems including its Customer Relationship Management (CRM) and client records. This is not USCellular’s first time at this rodeo – the company has had consistent information security problems.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.321 = Extreme

USCellular advised customers that their account records including name, address, PIN code, and cellular telephone numbers(s) as well as information about the customer’s wireless services including service plan, usage and billing statements, personal information, PIN code, service plan, and billing statements might have been compromised. However, data such as social security numbers and credit card information remained inaccessible to the hackers. Clients should be wary of spear phishing, business email compromise and identity theft using this information.

Customers Impacted: 4.9 million

How it Could Affect Your Customers’ Business: Data like this is sought-after by cybercriminals to power phishing operations. Unfortunately for these folks, it often hangs around for years on the Dark Web, acting as fuel for future cybercrime.

ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>

United States – DSC Logistics

Exploit: Ransomware

DSC Logistics: Shipping and Freight Logistics 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.775 = Severe

DSC logistics received an unwelcome delivery of Egregor ransomware. The attack was announced on the gang’s ransomware site. The company noted that it was successfully able to continue operations without incident. DSC has called in outside experts to investigate, and declined to comment on whether any data was stolen.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware has been a plague on every industry, but freight and logistics companies have been hit especially hard in recent months.

ID Agent to the Rescue: Everyone needs to understand the seriousness of today’s threats. Our Security Awareness Champion’s Guide makes understanding cyber threats easy and fun. GET THE BOOK>>

United States – Nissan North America

Exploit:  Misconfiguration

Nissan North America: Automotive Manufacturer 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.779 = Moderate

Nissan North America recently suffered a data breach that resulted in source code for its mobile apps and internal tools turning up online. The data leak is reportedly the result of a misconfigured Git server. The source code is reported by a security researcher to pertain to Nissan NA Mobile apps, some parts of the Nissan ASIST diagnostics tool, the Dealer Business Systems and Dealer Portal, Nissan internal core mobile library, Nissan/Infiniti NCAR/ICAR services, client acquisition and retention tools, sale and market research tools and data, various marketing tools, the vehicle logistics portal and vehicle connected services.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Keeping data safe from hackers starts with keeping data secure by using strong identity and access management tools across the board and basic security protocols like multifactor authentication.

ID Agent to the Rescue: Passly provides the toolkit that businesses need to keep cybercriminals locked out of data and systems including multifactor authentication and secure shared password vaults. SEE IT IN ACTION>>

United Kingdom – UK Research and Innovation (UKRI)

Exploit: Ransomware

UKRI: Scientific Research Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.411 = Severe

The UK Research and Innovation (UKRI) agency is now researching a ransomware incident that encrypted data and impacted its proprietary services. The impacted services include a service offering information to subscribers and the platform for peer review of various parts of the agency. The agency has not yet disclosed if data was stolen or any other impact, and the incident is under investigation. UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and research, and it’s generous budget may have made it an attractive target for ransomware.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a huge risk for every business, and it’s essential that everyone in your team is on board to spot and stop ransomware attacks.

ID Agent to the Rescue: Go back to school to learn why ransomware has become such a prevalent threat in today’s landscape and how to stop it in our ebook Ransomware 101. READ THE EBOOK>>

UK- Mensa

Exploit: Password Compromise

Mensa: Intellectual Club 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.827 = Severe

Mensa UK experienced a hack on its website that has resulted in the theft of members’ personal data. The organization had reportedly failed to secure the data of its 18,000 members properly. The stored passwords of Mensa members who accessed the site were not hashed or encrypted in any way, with some sent and stored in plain text, making it a snap for hackers to gain entry. The hackers were able to access and use a Director’s password, to extract an indeterminate amount of information including personal details of members and private conversations conducted on the platform.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: 21,000

How it Could Affect Your Customers’ Business: Password compromise is a constant menace for companies that don’t use contemporary safety protocols like multifactor authentication, let alone handling passwords in plain text files.

ID Agent to the Rescue: Get affordable, state-of-the-art protection from password-based cyberattacks with secure identity and access management from Passly. LEARN MORE>>

Austria – Palfinger

Exploit: Ransomware

Palfinger: Crane Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.006 = Severe

Crane manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations. The company notes that its enterprise resource systems and many online or digital functions are unavailable to customers. No information is available on the kind of ransomware involved or an expected date for service restoration.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is almost always the result of a phishing attack, and it’s been a constant danger for healthcare organizations around the world as the global pandemic continues.

ID Agent to the Rescue: BullPhish ID makes training a breeze for both employees and trainers, helping reduce the chance of a ransomware attack succeeding. SEE IT AT WORK>>

Hong Kong – Dairy Farm

Exploit: Ransomware

 Dairy Farm: Retail Conglomerate 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616 = Severe

Enormous Pan-Asian retailer Dairy Farm is the latest victim of REvil ransomware. The attackers claim to have demanded a $30 million ransom. As proof, REvil has released images of the company’s Active Directory Users and Computers MMC. The attackers claim to still be in control of the company’s computer systems, including full control over Dairy Farm’s corporate email, which they state will be used for phishing attacks.

Individual Risk: No personal or business data was reported as confirmed to be stolen in this incident that is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice of most of today’s cybercriminals, and it can strike any buiness of any size from corner stores to retail giants.

ID Agent to the Rescue: BullPhish ID is newly upgraded and updated with customizable campaign materials and white labeling capability to take your training experience to the next level. SEE IT IN ACTION>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Learn The Secret of Creating a Great Customer Experience

In today’s competitive MSP space, you need every advantage you can get – and providing a superior customer experience is your secret weapon. Learn the fundamentals of creating customer experience magic in Customer Experience Confidential, featuring ID Agent’s Amelia Paro and Smileback’s Andrew Wallace. In this webinar, you’ll learn winning secrets including:

  • How to effectively measure and track customer experience data
  • How to leverage that data to boost client retention and identify growth opportunities
  • How to enhance your customer experience with sales and marketing tools through Kaseya Powered Services
  • And more!

Start improving your retention and winning new clients with a killer customer experience today!  LISTEN NOW>>

Have you finished making your New Year’s resolutions? It’s not too late – there’s still time to create a solid plan of action for cybersecurity success in 2021 with the expert tips on our Cybersecurity New Year’s Resolutions Checklist! GET IT>>

Major Ransomware Gangs Get Crushed but Risk Keeps Climbing 

On the heels of a surge in cybercrime, especially ransomware, officials around the world have taken steps to shut down cybercrime gangs and destroy their networks. While several major cybercrime purveyors have been recently impacted in those operations, ransomware is still chugging along as an extremely dangerous and growing cybercrime sector.

It’s no wonder that ransomware is the preferred weapon of cyber criminals worldwide. More than 50% of businesses have been impacted in some way by ransomware in the last 12 months. Ransomware is at the root of 50% of data breaches in the healthcare sector alone. It’s also a tremendous player in other industries, with the rest of the top 5 being manufacturing, Government, retail and construction.

Hitting Them Hard and Fast Works

Government officials around the world have been acting to crack down on ransomware gangs and the technology that services them, for years, but they’ve really stepped up their efforts in the last 6 months. A massive US-based operation in November 2020 dealt a strong blow to TrickBot in the run-up to the US elections after fears of nation-state interference impacted public concern, and other operations occur daily to make things harder for cybercriminals

One recent success in the fight against ransomware was the takedown of the Emotet botnet and crippling of the NetWalker ransomware gang. Officials in the US, Canada, UL, and EU worked together to perform a well-timed series of arrests and seizures, including criminal arrests and seizing hardware. A Canadian national has been detained in connection with the NetWalker attacks and more than $450K in cryptocurrency was seized. Bulgarian authorities also seized resources including hardware that NetWalker attackers used to facilitate their crimes.

The RCMP, FBI and EU authorities took the legs out from under the legendary Emotet botnet as part of a concurrent operation. Canadian officials seized or disabled 13 of the 50 command and control servers behind Emotet, and officials in The Netherlands disabled or seized the technology powering their European operations center. Dutch authorities are planning to release an update through captured Emotet servers on March 25 designed to erase any malware delivered through the botnet.

But Risk is Still Outrageous

International authorities executing major crackdowns against ransomware gangs is good news, but it doesn’t come close to addressing the full scope of the problem. Ransomware is by far the biggest bully on the playground, and it grew by an estimated 311% in 2020. That’s because it’s still a goldmine – ransomware payments in just the health sector alone increased to more than $230k.

Protecting your clients from ransomware has to be a top of the list priority for every MSP. No business is too large or too small to get walloped by ransomware, but you can add a few security precautions that can help your clients be less likely to fall prey to an attack. Successful ransomware attacks against all kinds of targets have drastically increased the odds of a spear phishing or ransomware attack arriving because of a third party data breach as well.

Encourage the immediate adoption of a secure identity and access management solution. Not only is it a fast, affordable mitigation against cybercrime that includes conveniences like single sign on and easy remote management, Passly also features the current champion of mitigation: multifactor authentication, a single tool that can stop up to 99% of password-based cybercrime.

Starting and maintaining an efficient security awareness training program is the preferred long term solution for your clients. Studies show that employees retain the training that companies give if it’s refreshed at least quarterly. That’s good for businesses because security awareness training including phishing resistance with a solution like BullPhish ID can prevent up to 70% of damaging cyberattacks from landing.

We’ve just given BullPhish ID a makeover too, bringing it in line with the wishes that MSPs have expressed to us to make it perfect for every client including white labeling, customizable phishing simulation materials with attachments, and individualized, user-friendly training portals that make the whole process painless – and you can include custom URLs and your branding throughout the experience, keeping your business top-of-mind. LEARN MORE ABOUT THE NEW BULLPHISH ID IN THIS WEBINAR>>

Contact the experts at ID Agent and let’s talk about how we can work together to help you build a stronger business, secure your clients increase your MRR with our security solutions.

Feb 3 – Five Proven, Practical Steps to Close New Security Business REGISTER NOW>>

Feb 4, 11, & 18 – Making a Battle Plan for Profit (choose from 3 regions) REGISTER NOW>>

Feb 11 – MSP Mastered® Level 1: Staffing, Hiring and Designing High-Performing Compensation Plans REGISTER NOW>>

Feb 11 – Phish and Chips (EMEA Edition) – REGISTER NOW>>

Feb 25 – MSP Mastered® Level 1: Pricing and Bundling for Profit REGISTER NOW>>

Mar 3 – Business Management Online Summit REGISTER NOW>>

Mar 11 – MSP Mastered® Level 1: Developing Effective Master Service Agreements and SOWs REGISTER NOW>>

Mar 25 – MSP Mastered® Level 1: Optimizing and Integrating Your Business Platforms REGISTER NOW>>

Remote Work Raises Ransomware Risks & Fears 

Your employees feel more vulnerable to cyberattacks when working remotely – and they’re right. But you can put the brakes on many threats quickly and easily without breaking the bank in just one step, and it’s practically painless: institute regular security awareness and phishing resistance training with the NEW BullPhish ID.

One cyberattack that employees are especially concerned about spotting is ransomware. About 48% of the employees in a recent survey named ransomware and similar malware as their biggest cybersecurity concern. That’s a valid concern because ransomware attacks ramped up by more than 300% in 2020.

Almost half of all damaging cyberattacks were ransomware attacks in 2020 with the total financial damage from ransomware operations clocking in at over $1 billion. That trend looks to continue into 2021 as a tight economy spurs cybercriminals into new territory looking for fresh profit centers.

Continuing stress from the global pandemic means that many employees will be working remotely well into the future. Unfortunately, many employees don’t feel safe from cyberattacks when they’re working from home – about 30% of workers do not feel confident about cybersecurity when working from home. Almost 60% of those workers cited a lack of security awareness training as a root cause of that lack of confidence.

Fortunately, we have a solution that can bolster your staff’s cybersecurity awareness: BullPhish ID. We’ve just added exciting new features like individual training portals for employees and simplified reporting, making the training process painless for everyone involved. Don’t forget, regular security awareness training can reduce your chance of falling prey to a cyberattack by up to 70%.

Don’t wait for a better time (or for everyone to be back in the office) to start your security awareness training for 2021. BullPhish ID is an affordable, remote-friendly solution that fits every business. Give your employees the kind of training that leaves them confident that they’re ready to help fight back against cybercrime anytime, anywhere.

Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!