The Week in Breach News: 04/14/21 – 04/20/21
This week has it all! Codecov discloses a doozy of a breach, ransomware wins at casinos in Tazmania, see customer retention secrets and get tips for helping spending-shy customers bolster security (and your MRR).
United States – LogicGate
https://techcrunch.com/2021/04/13/logicgate-risk-cloud-data-breach/
Exploit: Hacking
LogicGate: Software Company
Risk to Business: 1.631= Severe
LogicGate notified customers that an unauthorized third party obtained credentials to its Amazon Web Services-hosted cloud storage servers storing customer backup files for its flagship platform Risk Cloud in 02/21. The risk and complaince specialty firm noted that only data uploaded on or prior to 02/23/21 would have been included in that backup file. The company said that an unauthorized third party was able to use filched credentials to decrypt files stored in AWS S3 buckets in the LogicGate Risk Cloud backup environment.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Hacking into databases is a profitable enterprise for cybercriminals. Ebsuring that you’re using strong security for information storage is a modern essential.
ID Agent to the Rescue: Make sure that everyone on the IT team is up to date on today’s threats and ready for tomorrow’s with the tips and tricks in “The Security Awareness Champion’s Guide“. GET THIS FREE BOOK>>
United States – Codecov
https://therecord.media/codecov-discloses-2-5-month-long-supply-chain-attack/
Exploit: Third Party Data Breach
Codecov: Software and Cloud Developer
Risk to Business: 1.337 = Extreme
Codecov is facing a mess after a threat actor managed to breach its platform and add a credentials harvester to one of its tools, Bash Uploader Codecov said the breach occurred “because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.” The attacker gained access to the Bash Uploader script sometime in 01/21 and made periodic changes to add malicious code that would intercept uploads and scan and collect any sensitive information like credentials, tokens, or keys. Unfortunately, the bad guys had 2.5 months to run wild – the breach wasn’t discovered until 04/01. The damage isn’tlimited to only to clients who used the Bash Uploader script, either. Because the script is also embedded in other products, a large chunk of the company’s customers may be affected.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Not only did Codecov fall victim to a cyberattack that adulterated its product, it didn’t find out for 2.5 months. Not a good look.
ID Agent to the Rescue: Make sure that you’re covering all of the bases to avoid breaches and nasty regulatory action with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>
Canada – The Regional Municipality of Durham
Exploit: Third-Party Breach (Ransomware)
The Regional Municipality of Durham: Regional Government Services Entity
Risk to Business: 1.741 = Severe
The Regional Municipality of Durham, which provides regional services to eight local municipalities north of Lake Ontario, announced in an email that it “recently became aware of a cybersecurity incident that occurred with a third-party software provider which impacted the region.” That incident was through data services provider Accellion, breached several weeks ago by the Clop ransomware gang in an incident that continues to ripple into other organizations. The content of the leaked data is unclear but appear to be administrative records.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This kind of data will be a windfall for the gang in today’s booming dark web data markets, but the Accellion breach will also continue to be a nightmare for impacted organizations.
ID Agent to the Rescue: Dark Web ID alerts businesses to credential compromise fast, giving them the edge to fix vulnerabilities before the bad guys even know they’re there. WATCH A VIDEO DEMO>>
United Kingdom – Castle School Education Trust
https://www.bristolpost.co.uk/news/bristol-news/latest-ransomware-attack-24-schools-530891
Exploit: Ransomware
Castle School Education Trust: School System
Risk to Business: 2.463 = Severe
A massive ransomware incident has snarled the start of the new term for 24 schools near Bristol. Laptops, whiteboards and more than 1,000 devices have been disabled, impacting educators and students in 7 schools run by the Castle School Trust and the 17 others maintained by the local authority who relied on the academy group’s IT infrastructure.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware has been an increasingly popular tool for cybercriminals to use against targets in the education sector. Preventing it from hitting systems is just as important as protecting data.
ID Agent to the Rescue: Stopping ransomware starts with stopping phishing. in “The Phish Files“, you’ll learn strategies to spot and stop phishing attacks fast. READ THIS BOOK>>
Ireland – Matthew Clark Bibendum (MCB)
Exploit: Ransomware
Matthew Clark Bibendum (MCB): Beverage Distributor
Risk to Business: 1.672 = Severe
Matthew Clark Bibendum (MCB) said they were “temporarily supporting customers and suppliers manually” after experiencing a cyberattack on 04/16. The probable ransomware attack has severely interrupted operations throughout Ireland and the UK. MCB is owned by C&C Group, which manufactures and distributes two of its most well-known brands, Irish cider Bulmers and Scottish beer Tennent’s, to more than 40 countries.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen.
ID Agent to the Rescue: Don’t let cybercriminals steal your profits – learn to mitigate the risk in Ransomware 101. DOWNLOAD FREE EBOOK>>
Australia – Federal Group
https://www.infosecurity-magazine.com/news/cyberattack-shutters-half/
Exploit: Ransomware
Federal Group: Casino Operator
Risk to Business: 1.612 = Severe
Threat actors struck casinos on the Australian island of Tasmania. Sole casino operator Federal Group was targeted in a ransomware attack that impacted both gambling and hospitality operations. The attack affected hotel booking systems in the company’s Wrest Point and Country Club venues. It also knocked out operations at the perennially-popular slot machine floors. The company is working on fully restoring services and investigating the incident. Federal Group’s other 2 casinos in Tasmania were not affected.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen.
ID Agent to the Rescue: Learn more about the impact of ransomware in 2020 and see how we expect it will impact businesses in 2021 in The Global Year in Breach 2021. GET THIS BOOK>>
Australia – Spotless
Exploit: Ransomware
Spotless: Hospitality Services
Risk to Business: 2.112 = Severe
Hackers may have obtained past and present staff members’ passport and IRD numbers in a growing data breach at banquet and cleaning company Spotless. Impacted workers were informed by email last week. The company expects that a large amount of HR information may have been stolen by the cybercriminals in a suspected ransomware incident that is still under investigation.
Risk to Business: 2.206 = Severe
Current and former staff members may be at risk for identity theft and spear phishing. Fraud attempts have already begun to come to light.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen.
ID Agent to the Rescue: Get the tools that you need to conduct security awareness training that includes phishing resistance painlessly in the new BullPhish ID. SEE THE UPDATE WEBINAR>>
India – Bizongo
https://www.hackread.com/india-bizongo-supply-chain-exposed-data/
Exploit: Ransomware
Bizongo: Packaging Manufacturer
Risk to Business: 1.755 = Severe
Packaging powerhouse Bizongo is in the hot seat after a data breach caused by a leaking AW3 bucket. researchers noted that approximately 2,532,610 files were exposed, equating to 643GB of data. The exposed data includes an assortment of operations info including business files and client records
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercrime is around every corner. It’s no longer acceptable to just survive a cyberattack – businesses have to be prepared to endure challenges and still keep going.
ID Agent to the Rescue: Is your organization ready to repel cyberattacks and keep on going? You are if you’re cyber resilient. Learn how to transform your business in “The Road to Cyber Resilience” today. GET THIS BOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Why You Should Worry About the Booming Dark Web Economy
- Lessons Learned from the Global Year in Breach: Remote Workforce Security Presents Challenges
- The Week in Breach: 04/07/21 – 04/13/21
- 10 Must-See Business Email Compromise Statistics
- Don’t Put Off Cybersecurity Incident Response Planning
Happy Customers Buy More! Let Us Help You With That.
Learn Expert Secrets to Make Your Customers Your Biggest Fans!
Get essential insight from experts on how to keep your customers happy and keep your MSP’s bottom line happy! Find out how to maximize your profits now and keep growing tomorrow with Amelia Paro, Channel Development Manager at ID Agent, and Ray Orsino, CEO of OIT to study The Ultimate Customer Retention Blueprint for MSPs.
In this webinar, you’ll learn:
- How to position secure access controls, dark web monitoring, phishing simulation, phishing defense and security awareness training for profit
- Why streamlined, advanced unified communications like hosted UCaaS, next-gen fax and mobile apps are hot right now
- What you can do to keep your customers sticky with tools, services, solutions and a partner program that gives you a high margin but requires low effort
Third-Party Cybercrime is Exploding. Are You Ready?
Third-party and supply chain cyberattacks have been sending shockwaves around the world with security failures at Accellion, Codecov and Microsoft spawning devastating cyberattacks on their customers in just the last few weeks. Are you and your clients ready to guard against today’s fastest-growing risk? In our essential guide Breaking Up with Third-Party and Supply Chain Risk, you’ll find strategies and solutions to mitigate this danger! GET THIS BOOK>>
3 Winning Tips to Demonstrate Value to Budget-Minded Clients
While everyone is excited to see things open back up after the pandemic lockdowns we’ve all experienced, there’s one thing that’s definitely not opening up: business checkbooks. A challenging economy is leading to cuts across the board at many companies, and IT is always one of the biggest targets on the chopping block. So how can you clearly demonstrate to your clients and prospects that adding solutions and making critical upgrades security isn’t optional? Use these tips to meet them where they are by starting security conversations that put value front and center while reinforcing the message that today’s cybersecurity landscape is more volatile than ever.
One Tool to Stop 99% of Problems
That’s right. 99.9% of password-related cybercrime, from hacking to phishing-related password theft can be stopped dead by one tool: multifactor authentication (MFA). Experts overwhelmingly favor MFA, including the United States Cybersecurity and Infrastructure Security Agency (CISA) and The European Union Agency for Cybersecurity (ENISA). So do tech giants like Microsoft. Over 40% of respondents in a recent study said that their organization had been compromised because of a bad, stolen or cracked password. That could have been avoided with MFA, which is a major contributing factor to the fact that 48% of CISOs in an executive IT study said that their top priority was implementing secure identity and access management for their organization.
All of this solid data on efficacy makes it easy to show your clients the value of MFA. That became very apparent as we gathered data for The Global Year in Breach – MFA is a security rockstar. That’s one of the reasons why Passly is such a great deal. Your clients get MFA with Passly but they get other powerful security tools as well that will strengthen their defenses against cybercrime like single sign on and secure shared password vaults. Plus, Instead of buying multiple solutions to implement those security recommendations, the whole shopping list is included with Passly enhancing it’s value. It even includes automated password resets, reducing trouble tickets and their related costs. If they’re only going to be able to afford one security upgrade this year, tell your clients to make it Passly.
Third Party Data Breach Danger is Reduced with Dark Web ID
Third party and supply chain-related data breaches are looking like they’re shaping up to be the story of the year in security. As the cumulative amount of business data that’s available in dark web data markets and dumps grows, so does the chance that your clients’ security is at risk due to stolen user records from service providers, retailers, colleges, utilities, hotels, business services providers and similar organizations. It’s not even just business data that they have to worry about. The endemic nature of password reuse means that chances are at least one of their staffers is using a password for business applications that they also use for their personal online user accounts that could have been compromised in a data breach – 48% of workers use the same passwords in both their personal and work accounts.
Third party and supply chain risk like this is something every company will want to get in front of now. Show illustrations of the danger using stories like the recent Microsoft Exchange disaster. It’s a great starting point for a conversation about dark web monitoring. While your clients will gain strong protection against some of the perils of third party risk with Passly, backing that up with Dark Web ID is a great way to ensure that they won’t be faced with unexpected security surprises from compromised credentials, especially for privileged and administrator accounts. Dark Web ID also gives them extra protection that can be added to private accounts of executives, a value-added perk that they may not be considering.
Phishing Costs a Fortune
Phishing is still the biggest danger that your clients are facing, but it may be hard for them to see the value in something that seems as nebulous as security awareness training. However, more than 70% of organizations around the world experienced some kind of phishing attack in 2020, making it by far the most common kind of cyberattack that their employees will face and more than 60% of office workers in a recent survey admitted that they regularly open suspicious messages. That’s just too much risk. It’s also an important reason why cutting back on training sounds economical but it’s really dangerously short sighted.
Security awareness training that focuses on phishing resistance like BullPhish ID packs a punch against that risk. It can reduce your client’s risk of falling victim to a phishing attack by up to 70%. If nation-state cyberattacks are on their radar, remind them that phishing is the root of most of those attacks. Also, ransomware gangs overwhelmingly favor phishing, and that’s a plague that no one wants. By engaging in training with a dynamic solution like BullPhish ID that includes content that can be customized to reflect their real industry threats, your clients are also adding support staffers to their security team – and everyone needs to be on that team in this risk atmosphere. If they want to take their phishing defense a step further, automating phishing security with Graphus should be next on their list to more dramatically reduce their phishing risk by 40% more than competing solutions.
Even in a budget crunch, it’s important for clients to understand that cybersecurity is not a luxury. Preventing cybercrime is a necessity. Over 60% of companies that suffer a cyberattack go out of business. That’s a stark reality that can be avoided with a smart defensive strategy. Contact our sales team for more help finding effective, economical cybersecurity solutions that can really make a difference for your clients without breaking the bank.
Apr 22 MSP Mastered® Level 2: The Service Dispatch Process for SLA Success…Utilization REGISTER NOW>>
Apr 20 – 21 Managed Services Summit Live (EMEA Special) REGISTER NOW>>
Apr 26 The Phish Files Webinar REGISTER NOW>>
May 5 Deploy Your Secret Weapon: Security-Savvy Employees w/ Lisa Forte Webinar REGISTER NOW>>
May 4 – 5 GlueX 2021 REGISTER NOW>>
May 11 – 14 Robin Robins Boot Camp (Orlando and Virtual) REGISTER NOW>>
Small Changes Now Pay Big Dividends Later
A down economy is forcing many companies to make spending cuts. But when you’re going through your budget looking at things that you can pare down or put off, don’t add cybersecurity to that list. Instead, look at the ways that your security solutions can be maximized to ensure that you’re getting the real value out of them that you’re already paying for – you’re almost certainly going to find a few unexpected features.
For example, if you’re already using Dark Web ID for dark web monitoring, you’re making a strong move to protect your business from credential compromise danger, even if that risk comes from your employees reusing their work passwords elsewhere (which 65% of people do). But are you monitoring your executives’ private email accounts too? You don’t need to buy anything extra to do it – you can do that with Dark Web ID, an often overlooked bonus!
Password protection isn’t really protection anymore. That’s why multifactor authentication (MFA) is a modern essential that authorities like Microsoft recommend to stop 99% of password-based cybercrime. But experts also recommend single sign-on, and secure password vaults. Instead of buying multiple solutions to accomplish those goals, you can find one solution that does everything, like Passly, making your IT budget stretch even farther. Plus, Passly also provides automated password resets, a huge time (and money) saver.
While it may be tempting to slash your security budget and put off making security adjustments, it’s a dangerous proposition. Overall cybercrime increased approximately 85% in 2020 and things aren’t slowing down. Make the smart decision to play the long game and still profit in the short term by making careful investments in cybersecurity upgrades – and avoid having your business get knocked for a loop in the wake of today’s cyber crimewave.
Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!