The Week in Breach News: 03/17/21 – 03/23/21
This Week in Breach News:
Acer gets hit for a massive ransom, Chinese hackers meddle in Western Australia’s Parliament, school is out at two hacked colleges, we’ll take a fresh look at the growing menace of double extortion ransomware and a new checklist to help businesses stay away from cybercrime.
United States – Descartes Aljex Software
https://www.hackread.com/shipping-management-software-firm-data-online/
Exploit: Unsecured Database
Descartes Aljex Software: Shipping Software Developer
Risk to Business: 1.726 = Severe
An unsecured database is always trouble as Descartes Aljex Software discovered this week. 103 GB worth of data belonging to the New Jersey-based company was discovered by researchers after it was left exposed on a misconfigured AWS S3 Bucket. The exposed data contained corporate, client and employee information.
Risk to Business: 1.667 = Severe
An unsecured database is always trouble as Aljex clients’ account data that was exposed included full names, phone numbers, email addresses, Aljex usernames, and plaintext passwords. Carrier information, their full names and email addresses as well as their house addresses and phone numbers were compromised. Client shipment details, shipment information, recipient’s consignee name, shipment origin and destination, addresses, and phone numbers were included in the data that was exposed. Sales representative details were also exposed including full names, corporate emails, Aljex usernames, and sales representative IDs
Customers Impacted: 4,000
How it Could Affect Your Customers’ Business: Third-party and supply chain risk is growing more dangerous for businesses as the ripple effect of breaches like this fuels cybercrime. Take precautions now to avoid headaches later.
ID Agent to the Rescue: Read our eBook “Breaking Up With Third-Party & Supply Chain Risk” for tips to minimize the impact of this risk and defensive strategies. GET THIS BOOK>>
United States – Guns.com
https://www.hackread.com/hacker-dumps-guns-com-database-customers-admin-data/
Exploit: Hacking
Guns.com: Online Gun Marketplace
Risk to Business: 1.227 = Extreme
An enormous database from Guns.com made an appearance in a hacker forum this week and it’s a major trove of information. The abundant data contains both administrator and user information including user IDs, full names, an estimated 400,000 email addresses, password hashes, physical addresses, ZIPcodes, city, state, Magneto IDs, phone numbers, account creation date and other personal details. One of the folders in the leaked database includes customers’ bank account details including full name, bank name, account type and Dwolla IDs. To top it off, an Excel file in the database was exposed containing sensitive login details of Guns.com including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials, with all admin credentials including admin emails, passwords, login links, and server addresses in plain text format.
Individual Risk: 1.112 = Extreme
Users of Guns.com are significantly impacted, as extensive banking and personal information has been exposed. They should be wary of identity theft, spear phishing, and business email compromise/fraud risks as well as change any passwords shared with this account
Customers Impacted: 400,000
How it Could Affect Your Customers’ Business Sensitive Personally Identifiable Information (PII) requires strong protection, especially when financial information for clients is at stake.
ID Agent to the Rescue: Make sure that your systems and data have strong protection from hackers with multifactor authentication from Passly. SEE PASSLY IN ACTION>>
United States – Maricopa Community College
Exploit: Ransomware
Maricopa Community College: Institution of Higher Learning
Risk to Business: 2.312 = Severe
Classes have been disrupted as a suspected ransomware attack has caused extensive IT outages at Maricopa Community College. Education tools including MyInfo, Canvas, RioLearn, Maricopa email, Maricopa Google Tools and the Student Information System/Student Center are unavailable. The 10 college system has extended the semester by at least a week and expects service to be restored this week.
Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: One small email handling mistake can have devastating consequences. Stop ransomware from clobbering your business by preventing employees from interacting with phishing emails.
ID Agent to the Rescue: Ransomware risks are up by more than 100%. learn how to fight back in Ransomware 101. GET THIS BOOK>>
United Kingdom – South and City College Birmingham
Exploit: Ransomware
South and City College Birmingham: Institution of Higher Learning
Risk to Business: 1.102 = Extreme
The eight sites of South and City College Birmingham closed down in-person learning again this week after a purported ransomware attack wreaked havoc. Students will be back to learning online until systems can be restored, which may take weeks. An investigation is underway.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: 13,000
How it Could Affect Your Customers’ Business: Even without data theft, ransomware can cause a massive disruption that cripples your business. Scenarios like this are also ripe for exploitation with double extortion ransomware.
ID Agent to the Rescue: The new BullPhish ID removes training pain points for employees and trainers, making better (and more frequent) training a snap. SEE IT IN ACTION>>
United Kingdom – The Defence Academy of the United Kingdom
https://securityaffairs.co/wordpress/115870/hacking/ministry-of-defence-hacked.html
Exploit: Nation-State Hacking
The Defence Academy of the United Kingdom: Specialty Graduate School
Risk to Business: 2.775 = Moderate
A nation-state hacking incident took the website and IT system of the UK Ministry of Defence training school offline this week. Systems at the academy were extensively compromised and it will take time to completely restore the impacted computers and servers. Russian and Chinese state-sponsored hackers are suspected to be behind the offensive. IT at the school is run separately by a contractor and no systems at the Ministry of Defence were impacted.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.
ID Agent to the Rescue: BullPhish ID now features customizable “set it and forget it” phishing simulation kits that include attachments, enabling you to simulate the real threats employees face every day. LEARN ABOUT THE NEW BULLPHISH ID>>
Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>
Australia – The Parliament of Western Australia
https://www.abc.net.au/news/2021-03-17/wa-parliament-targeted-cyber-attack/13253926
Exploit: Nation-State Hacking
Parliament of Western Australia: Regional Legislative Body
Risk to Business: 1.603 = Severe
Western Australia’s parliamentary email network was infiltrated by suspected Chinese hackers in the fallout of the recent massive Microsoft Exchange incident. The intrusion was detected on 03/04 in the middle of the state election campaign and led to intervention from Australia’s cybersecurity watchdog. Email service was disrupted but an investigation by Western Australia’s Parliamentary Services Department concluded that no sensitive data was stolen in the attack.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Nation-state hacking is a menace that doesn’t show signs of slowing down. Couple that with a massive third party breach at a major technology vendor and danger escalates
ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity disasters. READ THE BOOK>>
Taiwan – Acer
Exploit: Ransomware
Acer: Computer Manufacturer
Risk to Business: 2.020= Severe
Acer has the dubious honor of setting a new record this year. The REvil cybercrime gang has executed a massive ransomware attack and they’re demanding the largest known ransom to date, $50,000,000. The audacious threat actors offered a 20% discount if payment was made by this past Wednesday. Data to prove the hit including samples of leaked images are for documents that include financial spreadsheets, bank balances, and bank communications has been posted as proof to hacker forums. The incident is ongoing.
Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.
ID Agent to the Rescue: Look at the ascension of this menace in 2020 to see where we think it’s headed in 2021. GET THE GLOBAL YEAR IN BREACH 2021 NOW>>
Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Even Low-Level Malicious Insider Threats Cause High-Level Damage
- Get the Facts About the Global Year in Breach 2021 & What’s Next
- The Week in Breach 03/10/21 – 03/16/21
- 60% of Companies Go Out of Business After a Cyberattack
- Microsoft Hack Draws New Attention to Third-Party Risk
Learn the Secret of How Cybercriminals Trick You Into Falling for Phishing Messages!
NEW RELEASE! The Cybersecurity Risk Protection Checklist
Download our Cybersecurity Risk Protection Checklist for 10 critical things to check to see if your company’s risk is under control. Based on data from the Global Year in Breach 2021, we’ll help you make sure you’ve found your vulnerabilities before cybercriminals do! GET THE CHECKLIST>>
Get Your Copy of The Global Year in Breach 2021
We’ve tabulated the data and it’s official: 2020 was a banner year for cybercrime. See how a global pandemic set off a wave of cybercrime fueled by dark web data and opportunity presented by a chaotic business landscape and an untested remote workforce – plus see what we’re predicting to trend in 2021. In “The Global Year in Breach 2021” you’ll find:
- 5 key trends that impacted cybersecurity in 2020 and what they tell us for the future
- The scoop on how the dark web economy contributed to a cybercrime explosion
- The risks we’re watching for tomorrow
- and so much more!
Download “The Global Year in Breach 2021” and take a deep dive with us. GET THIS BOOK>>
NEW RELEASE! Mind Games: Protecting Your Business From Social Engineering Attacks
Social engineering is the driver of today’s most devastating phishing disasters – 98% of cyberattacks in 2020 used social engineering as their main component. Join Jamie Woodruff, Europe’s top ethical hacker and ID Agent for a fascinating webinar where you’ll learn:
- What tricks cybercriminals favor the most
- How social engineering can catch even wary employees
- What you can do to secure businesses against this rising threat
Don’t let supply chain and third-party risk rain on your parade in 2021! Learn how to protect your business (and your profits) in the eBook “Breaking Up with Supply Chain & Third-Party Risk“! GET IT NOW>>
Double Extortion Ransomware is the Gift That Keeps On Giving – to Cybercriminals
Double extortion ransomware having another moment in the sun as cybercriminals double down on their attacks to double their profits. In this devastating style of attack, cybercriminals aim to get paid twice – once for the usual decryption code to unlock systems and data and a separate fee to not have the encrypted data copied by the gang.
This tactic was in vogue before when it first emerged in late 2019 and spread across the cybercrime landscape. It’s reemerged as a favorite of major gangs including REvil, DoppelPaymer and Clop. Even cybercriminals are working a little harder in this economy, leading to this style of attack trending upward again as cybercriminals look for new ways to expand their revenue streams. Practitioners of double extortion ransomware were responsible for more than 50% of all ransomware attacks in 2020.
See how automated, affordable phishing defense with Graphus can save your business a fortune! GET THE EBOOK>>
Ransomware Continues to Rule the Roost
Ransomware risks show no signs of slowing down, and they’re costing companies a fortune. The average ransomware payment rose 33% in 2020 over 2019, to $111,605. The worldwide cumulative cost of ransomware doubled last year as well, from an estimated $11.5 billion in 2019 to $20 billion in 2020. Insurers felt the pinch too – cyber insurance claims for ransomware attacks increased 41% in the first half of 2020 alone.
All of this translates into huge financial danger for companies in every sector. Healthcare led the pack – An estimated 560 US healthcare targets alone were impacted by ransomware in 2020. More than 45% of cyberattacks against healthcare targets in 2020 were ransomware, but no industry was spared. Manufacturers experienced one-quarter of all ransomware attacks, professional services companies clocked in at 17% and government entities were hit with 13%.
Protection from Ransomware is Priceless
Phishing is the primary delivery source for ransomware, making phishing resistance and defense the cornerstone of a strategy to protect businesses from disasters. There is plenty of room for growth in the area as well – 62% of businesses do not do enough cybersecurity awareness and phishing resistance training.
The new BullPhish ID has been freshly updated and upgraded to provide a smooth, efficient and effective training experience for everyone involved. You’ll love:
- Customizable, intuitive training portals that make the whole process of taking and conducting training a breeze!
- Customizable training emails including attachments enabling you to create better simulations of real threats in your industry
- Simple, clear reporting to gauge the effectiveness of training and find out who needs more help
- Over 80 plug-and=play phishing simulation kits are ready to go, enabling you to start training immediately
- 4 new kits added every month to reflect new lures and keep staffers on their toes including COVID-19 threats
- Video lessons, online testing, and training in 8 languages
- White labeling capability to provide a superior customer experience
- Take a tour of the new BullPhish ID in this webinar that goes over all of the details! WATCH THE WEBINAR>>
We’re here to help you find the perfect combination of solutions to protect your clients and your business from ransomware through the ID Agent Digital Risk Protection Platform and IT Complete. Book a meeting with one of our solutions experts now and let’s explore the possibilities. BOOK IT>>
Mar 24 Lessons Learned from the Pandemic REGISTER NOW>>
Mar 25 MSP Mastered® Level 1: Optimizing and Integrating Your Business Platforms REGISTER NOW>>
Mar 31 Phish & Chips (EMEA Special) REGISTER NOW>>
Mar 31 – Apr 1 Zero Trust World (MSP Edition) REGISTER NOW>>
Apr 20 – MVP Growthfest featuring Wayne Gretzky REGISTER NOW>>
Apr 20 – 21 Managed Services Summit Live (EMEA Special) REGISTER NOW>>
May 11 – 14 Robin Robins Boot Camp (Orlando) REGISTER NOW>>
One Ransomware Attack Can Cost You Twice as Much as Before
A tight global economy has everyone looking for new revenue streams – including cybercriminals who are doubling down on ransomware threats by doubling the price tag to get your data and systems back.
In a double extortion ransomware attack, cybercriminals make money two ways by asking victims to pay twice: once for a decryption code to unlock their impacted systems or data, and a separate fee to not have the encrypted data copied by the gang Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020.
This week’s record-setting ransomware incident at Acer proves that the cost of a ransomware incident is only going up – cybercriminals presented Acer with a $50,000,00 ransom demand to hand over the key to decrypt their data. The risk is going up too. Researchers noted a 50% increase in the daily average of ransomware attacks between Q1 2020 and Q4 2020
Protecting your business from ransomware starts with protecting it from phishing. Regular security awareness training that emphasizes phishing prevention is a key part of any defensive strategy against ransomware. An estimated 65% of ransomware attacks are delivered via phishing.
Phishing resistance training solution BullPhish ID has just been updated to include more customizable training campaigns and user-friendly features that make training painless for everyone. Launch a new campaign this week to start building your company’s ransomware protection.
Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!