The Week in Breach News: 02/17/21 – 02/23/21
This Week in Breach News:
Kia hits a bump in the road with ransomware, Underwriters Laboratories didn’t check their cyber safety, Simon Fraser University is back for a cyberattack encore, enhance your password power and see how increased phishing risk means it’s time to increase cyber resilience for your clients.
United States – Automatic Fund Transfer Services
Exploit: Ransomware
Automatic Funds Transfer Services (AFTS): Payment Processor
Risk to Business: 1.879 = Severe
Cuba ransomware is the culprit of an attack at AFTS, a payment processor that serves state government clients including the states of California and Washington. This cyberattack has caused major disruption to AFTS operations, making their website unavailable and impacting payment processing. The gang claims to have stolen financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents.
Individual Risk: 1.847 = Severe
It is unclear how many individuals may have been impacted. The California Department of Motor Vehicles and several cities in Washington state have released data breach notifications. The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware at your third party business services partner’s business is also your problem. It pays to make sure that your company’s credentials haven’t been exposed.
ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>
United States – Kia Motors America
Exploit: Ransomware
Kia Motors America: Ransomware
Risk to Business: 1.381 = Severe
Kia Motors America has experienced a suspected ransomware attack that has had a severe impact on its entire US operation. crippling some functions and impacting others for dealers and consumers. Sevices impacted include mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: 50 million
How it Could Affect Your Customers’ Business Ransomware can come calling at any time at any business with a devastating impact on operations, customer service, productivity and profit.
ID Agent to the Rescue: With BullPhish ID, staffers learn to spot and stop the latest phishing-based cyberattacks because we provide fresh content every month for training. LEARN MORE>>
United States – Jones Day
https://siliconangle.com/2021/02/16/law-firm-jones-day-hit-clop-ransomware-attack-files-stolen/
Exploit: Ransomware
Jones Day: Law Firm
Risk to Business: 2.315 = Severe
Clop ransomware says that they’ve hit Jones Day law firm, although Jones Day is saying that their network was not compromised. The Clop gang claim that they’ve got 100 gigabytes of files from servers belonging to Jones Day. They have started to publish redacted files as proof of their successful hit. Jones Day is claiming that those files were obtained from a third party source.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: 50 million
How it Could Affect Your Customers’ Business: Ransomware can strike any business, and ransomware gangs love to steal sensitive data in order to score higher paydays. Special data needs special protection.
ID Agent to the Rescue: Ready to learn more about the ins and outs of ransomware? Read Ransomware 101 to learn how to protect your data and your business from cybercrime. READ IT>>
United States – Sequoia Capital
https://www.axios.com/sequoia-capital-says-it-was-hacked-590dcdd6-fe49-46c6-8422-60a944272302.html
Exploit: Phishing
Sequoia Capital: Venture Capital Firm
Risk to Business: 1.933 = Severe
Sequoia Capital, a major venture capital firm, announced this week that it has experienced a phishing-related cyberattack. The firm invests in companies like Airbnb, DoorDash, Robinhood and cybersecurity firms like FireEye and Carbon Black. Sequoia’s investors include university endowments, tech executives and charitable foundations.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: More than 65 percent of cybercrime is phishing based. Training employees to spot and stop phishing is essential to avoid becoming one of those 65 percent of hacked companies.
ID Agent to the Rescue: Read our Security Awareness Champion’s Guide, for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals conduct them. GET THE BOOK>>
United States – Underwriters Laboratories
Exploit: Ransomware
Underwriters Laboratories: Safety Regulator
Risk to Business: 2.022 = Severe
Underwriters Laboratories, the oldest and largest device safety certifier in the world, should have checked the safety of their email systems a little more closely. They’ve experienced a ransomware attack that has encrypted its servers and caused them to shut down systems while they recover.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a huge hit to every company’s performance and budget – and it’s preventable through security awareness training.
ID Agent to the Rescue: BullPhish ID gets your staff ready to fight back against phishing, and that’s something that every business has to make a priority to protect their bottom line. SEE IT IN ACTION>>
Canada – Simon Fraser University
Exploit: Hacking
Simon Fraser University: Institution of Higher Learning
Risk to Business: 1.623 = Severe
Simon Fraser University is in the spotlight again after another data breach. Cybercriminals breached a server that stored information on student and employee ID numbers and other data, including admissions or academic standing. This is the second data breach at Simon Fraser University in 12 months.
Individual Risk: 2.117 = Severe
The server contained personal information for some current and former students, faculty, staff and student applicants including student or employee ID numbers.
Customers Impacted: 200,000
How it Could Affect Your Customers’ Business: Continued security problems at any organization aren’t acceptable to consumers anymore as people become more serious about protecting their data.
ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. READ THE BOOK>>
The Netherlands – Dutch Research Council (NWO)
Exploit: Malware
Dutch Research Council: Government Entity
Risk to Business: 1.913 = Severe
NWO has reported that it was the victim of a malware attack. Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future. Impacted functions include the organization’s email service (Outlook) and online resources for two entities under NWO, the Netherlands Initiative for Education Research (NRO) and the National Governing Body for Practice-oriented Research (SIA).
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Malware can strike when you least expect it and cause a cascade effect that ripples through an entire organization, gumming up the works, with an expensive cleanup.
ID Agent to the Rescue: Are you ready to defend against malware like ransomware? Learn how to keep your data from being a cybercriminal’s next score in our eBook Ransomware 101. GET IT>>
The Netherlands – Réseaux IP Européens Network Coordination Centre (RIPE NCC)
Exploit: Credential Stuffing
Réseaux IP Européens Network Coordination Centre (RIPE NCC): World Regulatory Body
Risk to Business: 1.913 = Severe
RIPE NCC has reported that it recently defended against a credential stuffing attack that attempted to breach its single sign-on system. There was minimal disruption and the organization has resumed operations normally.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing is a favorite cyberattack technique because it’s cheap and simple – and cybercriminals won’t be giving it up anytime soon.
ID Agent to the Rescue: Single sign on is a valuable mitigation, but it’s best coupled with multifactor authentication, and both are included with Passly. LEARN MORE>>
Want to Borrow Our Sales and Marketing Teams? OK!
Get expert sales and marketing help to power up your MSP in a flash with Powered Services Pro. LEARN MORE>>
France – Beneteau SA
Exploit: Malware
Beneteau SA: Maritime Vessel Builder
Risk to Business: 2.062 = Severe
French boat builder Beneteau SA has experienced a malware attack that has forced it to temporarily suspend some operations. The company says that it will be deploying backups and production at some of its units, particularly in France, will have to slow down or stop for a few days.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Malware is frequently used to damage a company’s operations capability, and its most commonly delivered by a phishing email.
ID Agent to the Rescue: Is your business ready to fend off today’s tricky phishing attacks? Learn what cybercriminals are using as bait and how to stay off the hook in our eBook Phish Files. GET THIS EBOOK>>
Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Cybercrime Undercover: Phishing Attacks Imitating Famous Brands Proliferate
- Zombie Accounts Can Take a Bite Out of Your Business
- North Korean Hackers Charged in WannaCry Ransomware & $1.3 Billion Cybercrime Spree
- The Week in Breach News 02/10/21 – 02/16/20
- You’ll Be Shocked by the Percentage of Employees Clicking Phishing Emails
Password Protection Power
How strong is your password? Take a deep dive into how bad (and good) passwords are made, plus learn why it pays to take password security to the next level. Explore these password power essentials to make sure that you have the resources that you need to make safe passwords a priority!
Build Better Passwords – Learn the real truth about how bad passwords are born, how cybercriminals crack them so easily, and how to stop them! READ IT>>
Is This Your Password? – See some really bad ways to make passwords and see some really good ways to make (and protect) passwords – READ IT>>
Guarding the Gate Webinar – Investigate why Passly is the perfect secure identity and access management solution for every business – WATCH IT>>
Ready for a preview of this year’s terrible password lists? Here you go. We’ll have the full story for you in our new Spring 2021 Password Package coming soon!
Phishing Flood Continues to Swamp Companies and Create Security Sinkholes
Phishing became the biggest cybersecurity threat of 2020 for every business to handle very quickly at the beginning of the global pandemic as cybercriminals sought to capitalize on pandemic-related challenges to companies that were suddenly forced into remote operations. That tide continues to rise with new phishing threats and new security sinkholes that can swallow up data, time and money.
COVID-19 Threats Aren’t Over Yet
In a recent study, experts estimated a minimum growth rate of 220 percent for overall phishing in 2020 (including SMS, voice, message and social media) – and that trend is expected to continue into 2021 with a minimum 15 percent increase in overall phishing this year.
Much of that phishing was devoted to COVID-19 threats. Google indicated that it saw a 660 percent increase in phishing in Q2 2020 as it bulwarked the onslaught of phishing that powered a cybercrime burst in 2020. COVID-19 was Google’s biggest phishing topic in history, a record that’s unlikely to be broken anytime soon. More than 80 percent of businesses saw an increase in cybercrime including phishing in 2020 – and not all of that steep increase can be chalked up to COVID-19 threats.
2 Popular Phishing Categories That Trap the Unwary
Brand Impersonation
One major lure that cybercriminals have been profiting from is brand impersonation. Especially as email volumes surged at the start of the pandemic, faux branded phishing emails were a fast, easy way for cybercriminals to get past security and get into employee inboxes (which would be 40 percent less likely with Graphus). About than 405 percent of those emails mimicked just one brand – Microsoft. Rounding out the Top 5 were DHL (18 percent) LinkedIn, (6 percent), Amazon (5 percent) and Rakuten (4 percent). An estimated 55 percent of phishing sites made use of target brand names and identities in their URLs.
Remote Workforce Support
Remote workers face a unique set of challenges, and every business in the world got to experience them in 2020. Phishing is an especially dangerous threat for remote workers. In a comprehensive study of over 1,000 remote workers, 47 percent of respondents cited distraction as the main factor in their failure to spot phishing attempts. Over half of employees said they were more likely to make security mistakes when stressed and 41 percent flubbed security procedures when tired. Overall 43 percent of the surveyed employees admitted that they’d made cybersecurity blunders as a result of newly remote workforce stress.
Training Works against These Threats
A key way for companies to prevent these lures from snagging their staffers is through regular, comprehensive security awareness training that includes phishing. Up to 70 percent of phishing attacks now lack a malicious payload – employees aren’t just looking for an attachment anymore, and they need to know that. Most phishing is done through spurious links, and employees need to be ready for that.
The newly revamped BullPhish ID is perfect for making sure that every staffer knows how to spot phishing. We’ve added functionality that allows trainers to customize training materials to more realistically imitate the threats that employees face every day. Plus we’ve created a user-friendly, while labelable portal that makes training easy for everyone.
Learn more about the NEW BullPhish ID in this webinar. WATCH IT>>
Contact our sales team to get a personalized tour. BOOK A TOUR>>
Land and keep more clients when you know the secret to creating an unforgettable customer experience!
Feb 25 – MSP Mastered® Level 1: Pricing and Bundling for Profit – REGISTER NOW>>
Mar 3 – Business Management Online Summit REGISTER NOW>>
Mar 11 – The MSP Lounge (EMEA Special) REGISTER NOW>>
Mar 11 – MSP Mastered® Level 1: Developing Effective Master Service Agreements and SOWs REGISTER NOW>>
Mar 23 – Xaas Summit: Innovation on Demand Via the Channel (EMEA Special) REGISTER NOW>>
Mar 25 – MSP Mastered® Level 1: Optimizing and Integrating Your Business Platforms REGISTER NOW>>
Mar 31 – Apr 1 – Zero Trust World (MSP Edition) REGISTER NOW>>
Are You Cyber Resilient?
Is your company prepared to not just survive a cyberattack but thrive? You are if you’re cyber resilient. By building your organization’s defenses with an eye toward cyber resilience, you give your business a better chance of making it through the unpleasantness of a cyberattack with minimal disruption to your workflow or your budget.
Companies that are cyber resilient have their bases covered, with security solutions that work together to provide layered protection. That creates strength by adding more roadblocks and warning systems between cybercriminals and your data. For example, if your IT team is getting real-time threat intelligence from Dark Web ID, they know immediately if one of your company’s credentials appears in a Dark Web market, giving them time to take care of the issue before it becomes a disaster.
Building cyber resilience also means making sure that your business can keep operating during challenging times. You shouldn’t have to shut down operations and experience major disruptions like loss of access to email because of cybercrime. In many defense plans, even when a cyberattack is repelled, businesses experience significant disruptions.
A cyber resilient organization can quarantine problems, keeping them away from operations to minimize the impact of a cyberattack. Companies that are using Passly have access to that capability through single sign on backed up with even more protection through multifactor authentication.
A new cyberattack is launched every 39 seconds , but in this economy, you can’t afford to buy every solution on the market. Get more value out of simple solutions when they work together and build your company’s cyber resilience.
Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!