Please fill in the form below to subscribe to our blog

The Week in Breach News: 05/20/21 – 05/25/21

May 26, 2021

The spotlight is on supply chain risk and security blunders this week as we see the ripple effect of the Codecov and SITA supply-chain attacks continue, plus we’ll dive into the new Verizon Data Breach Investigation Report for 10 things you need to see and give you an introduction to our new Nano Sessions!




United States – Utility Trailer Manufacturing

https://www.freightwaves.com/news/trailer-maker-utility-targeted-in-ransomware-attack

Exploit: Ransomware

Utility Trailer Manufacturing: Trailer Fabrication 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.655= Severe

California-based Utility Trailer Manufacturing was hit by the Clop ransomware gang. As proof of the hit, the gang released 5 gigabytes of data to the dark web this week. The company has not been clear on the impact of the breach beyond saying that client data including payment records were not accessed and manufacturing remains normal.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.507= Severe

While the company is staying mum about the content of the breach, researchers have determined that an extensive amount of sensitive personal data about employees, including payrolls and human resources information was included in the incident after finding it on the dark web. Past and present employees should be alert for identity theft and spear phishing attempts.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: A new ransomware attack is launched every 40 seconds, and every business is in the line of fire. Making sure that you have all the bases covered and taking smart precautions like increased security awareness training can help reduce risk.

ID Agent to the Rescue: Are your clients fully protected from ransomware risk? Make sure they’re covered with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


United States – Alaska Department of Health and Social Services 

https://www.govinfosecurity.com/alaska-health-department-services-affected-by-malware-attack-a-16708

Exploit: Malware

Alaska Department of Health and Social Services: Regional Human Services Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.833= Severe

The Alaska health department’s website was taken offline Monday evening and will be unavailable to the public for an indeterminate amount of time as IT teams work to investigate and recover from a malware attack. COVID-19 immunization and most data dashboards are maintained by an outside contractor and are still operational. The department’s main website, background check system, the state of Alaska’s vital records system, Alaska’s behavioral health and substance abuse management system and the state’s system for schools to report vaccine data to public health have all been impacted.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Malware that takes important systems offline can seriously impact an organization’s operations, costing a fortune in remediation, investigation and recovery. Government targets have been especially appealing to cybercriminals due to their notoriously weak security.

ID Agent to the Rescue:  Which sectors are the most at risk for a data breach? Find that information and more useful data to inform security decisions in The Global Year in Breach 2021. READ IT NOW>>


United States – Bergen Logistics 

https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/

Exploit: Unsecured Database

Bergen Logistics: Shipping & Fulfillment 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate

Security researchers recently discovered an exposed database belonging to Bergen Logistics. The Elasticsearch server contains a trove of 467,979 login credentials and shipment records relevant to the company’s customers. Bergen Logistics handles import/export, picking and packing for clients in the fashion industry. the company also direct ships to customers of online marketplaces and e-commerce stores.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.772= Moderate

The exposed data for customers includes names, addresses, order numbers and details, email and contact information and plaintext passwords to customer accounts. This data could be used for spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business There are enough ways to suffer a cybersecurity incident without causing them through negligence, even though employee error is still the number one cause of a data breach. Making sure to cover the bases with basics goes a long way toward improving security.

ID Agent to the Rescue:  Our Security Awareness Champion’s Guide is a wealth of knowledge to help beat cybercrime, including expert strategies to make security budgets stretch just a little bit further. READ IT NOW>>




United Kingdom – One Call 

https://www.doncasterfreepress.co.uk/news/one-call-cyber-attack-all-you-need-to-know-about-hackers-darkside-and-insurance-boss-john-radford-3244076

Exploit: Ransomware

One Call: Insurer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.606 = Severe

Insurer OneCall admitted last week that a ransomware attack disrupted its core IT system and forced it to shut down its servers. The attack was perpetrated by the notorious DarkSide gang, which purportedly went dark after the Colonial Pipeline fiasco. the hackers are demanding a ransom of more than $20k. The company has released no clear information on what data was stolen or how long the investigation and recovery will take, although news outlets are reporting customer and financial data as potentially stolen by the gang.

Individual Impact: No confirmation is available as to whether sensitive personal or financial information was compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the preferred weapon of cybercriminals, especially those in major gangs. Increased security awareness training is a must for every client because it makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.

ID Agent to the Rescue: BullPhish ID provides customizable security awareness training including phishing resistance that enables MSPs to conduct training on industry-specific threats. SEE IT AT WORK IN A NEW VIDEO!>>


United Kingdom – FastTrack Reflex Recruitment

https://www.hackread.com/uk-recruitment-firm-exposed-applicants-data/

Exploit: Misconfiguration

FastTrack Reflex Recruitment: Staffing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.882 = Severe

FastTrack Reflex Recruitment is the latest company to join the ranks of businesses that have had data leaks due to misconfigured AWS S3 buckets. The leaky bucket contained CVs for applicants and also included PII. Experts counted 21,000 client files (including duplicates), equating to 5GB of data,

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.780 = Severe

In the bucket, applicant CVs were exposed including attached identity documents like passports, work permits, identity card numbers and similar documents. In many cases, names, addresses, social media profile URLs, contact information DOBs and photos were also exposed

Customers Impacted: 21K applicants

How it Could Affect Your Customers’ Business: Simple failures in setup like this are a symptom of low standards and a sloppy cybersecurity culture. They’re also a quick way into disaster as this will not only cost money to fix, it will also incur penalties under GDPR and similar legislation.

ID Agent to the Rescue: Get tips to help your clients improve their security mindset to withstand challenges and keep moving forward in adverse conditions in The Road to Cyber Resilience. READ THIS BOOK>>


Ireland – Ardagh Group

https://portswigger.net/daily-swig/packaging-vendor-ardagh-admits-cyber-attack-disrupted-operations

Exploit: Ransomware

Ardagh Group: Packaging Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

Glass and metal packaging giant Ardagh Group was snarled in a suspected ransomware attack. The company said that metal and glass packaging facilities remained operational, but the attack has caused shipping delays and interruptions. Investigation and remediation are underway, and the company expects to have everything back online by the end of the month.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Make sure your clients are taking every possible precaution against ransomware because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.

ID Agent to the Rescue: The tips in Ransomware 101, our most popular eBook, can help you secure your clients effectively against this devastating threat. READ IT>>




New Zealand – Waikato District Health Board 

https://www.theregister.com/2021/05/19/new_zealand_hospitals_taken_down/

Exploit: Ransomware

Waikato District Health Board: Regional Healthcare Agency 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.115 = Extreme

Waikato District Health Board (DHB) had most of its IT services go offline Tuesday morning as the result of a suspect Conti ransomware attack, severely impacting services at six of its affiliate hospitals. Only email service has escaped the shutdown. With patient notes inaccessible, clinical services were disrupted and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only, using pencil and paper records. Service disruptions are expected to continue for several days.

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks on healthcare targets have been at the top of the cybercriminals playbook since the beginning of the global pandemic, and they represent a threat to public health, not to mention overstressing already burned-out hospital staffers.

ID Agent to the Rescue: Ransomware is almost always the fruit of phishing. See strategies to mitigate phishing risk short term and long term in The Phish Files. GET THIS BOOK>>




India – Air India

https://www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/

Exploit: Third Party Data Breach

 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.001 = Severe

Air India disclosed a data breach impacting 4.5 million of its customers following the hack of airline passenger service system provider SITA in February 2021. Dozens of airlines around the world had data exposed in that ransomware incident and the fallout is still shaking out. The airline confirmed that the breach involved personal data and credit card information registered between August 2011 and February 2021 by Air India or its subsidiaries.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.113 = Severe

The exposed data is reported to include passenger details like name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card numbers.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.

ID Agent to the Rescue: Get expert advice to minimize damage from incidents like this in our ebook Breaking Up with Third Party and Supply Chain RiskGET THE BOOK>> 


India – Domino’s Pizza India

https://ciso.economictimes.indiatimes.com/news/user-info-linked-to-18cr-dominos-orders-leaked/82899181

Exploit: Hacking

Domino’s Pizza India: Restaurant Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.774 = Severe

Customer and employee information has been exposed in a hacking incident at Domino’s Pizza India. Security researchers discovered 13TB of employee files and customer details exposed on the dark web. The data leak may be connected to another breach of the pizza chain earlier in April. Jubilant FoodWorks, operator of the chain, said that customers’ financial information remains safe.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.671 = Severe

It is unclear what if any payment data was snatched, but personal information for customers including order dates, addresses, names, order invoices and similar data is available. The hackers claim to also have employee data, but that is unconfirmed.

Customers Impacted: 180 million

How it Could Affect Your Customers’ Business: Personal data is the most desirable information for cybercriminals right now, and every company needs to take precautions to keep them out of databases.

ID Agent to the Rescue:  Secure your client’s data and systems for less with Passly. They’ll love the full-featured functionality, the added security and the value that Passly provides. SEE IT IN ACTION>>


Japan – Mercari

https://www.bleepingcomputer.com/news/security/e-commerce-giant-suffers-major-data-breach-in-codecov-incident/

Exploit: Supply Chain Data Breach

Mercari: E-commerce Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.922 = Severe

In another big supply chain hit this week, Japanese marketplace Mercari has been compromised as a result of the recent Codecov breach. earlier this year, code coverage tool Codecov disclosed that it had been a victim of a supply-chain attack that lasted for two months and allowed cybercriminals to meddle with its popular Bash Uploader, opening hundreds of companies up to risk. Mercari announced that tens of thousands of customer records, including financial information, were exposed to external actors due to the Codecov breach.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.942 = Severe

In the final tally, 17,085 records related to the transfer of sales proceeds to customer accounts were exposed including bank code, branch code, account number, account holder (kana) and transfer amount; 7,966 records on business partners of “Mercari” and “Merpay,” including names, date of birth, affiliation, e-mail address, and other data were exposed. 2,615 records on employees were also impacted including those working for a Mercari subsidiary. The data is comprised of names of some employees as of April 2021, company email address, employee ID, telephone number, date of birth and other PII plus details of past employees, some contractors and employees of external companies who interacted with Mercari. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third-party data breaches like this one are the future of business. Reliance on outsourced service providers gives cybercriminals an easy way to scoop up data or snatch access credentials for multiple targets in one fell swoop.

ID Agent to the Rescue: Protect your data from unwelcome visitors will a strong password policy that helps keep credentials secure. Our eBook “Is This Your Password” gives you a look at password dos and don’ts. READ IT>>




1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


should you diclose a data breach represented by the words "hacking detected" in red on a blue and white touchscreen

Don’t become a cybercrime statistic. The Cybersecurity Risk Protection Checklist will help you find and fix security gaps. GET IT>>



Strengthen Your Business and Your Client’s For a Prosperous Future


Grow Your Business in 15 Minutes!

Do you have time for a cup of coffee? Great, you have time for one of our Nano Sessions! Perfect for busy MSPs, in the Nano Sessions, we’ll take a quick dip into a topic with the basics that you need to know and what to do next if we’ve piqued your interest. In our first Nano Session, we take a look at how you can show clients and prospects their real dark web risk in minutes. It’s a game-changer! LISTEN NOW>>

Supply Chain Risk is More Dangerous Than Ever. We Can Help.

As this week’s breaches show, third party and supply chain risk is a constant menace that businesses face. With 22 billion new records added to the dark web last year, that risk is only growing for organizations worldwide. These tools can help stave it off.

Breaking Up With Third Party & Supply Chain Risk – Get the inside scoop on why supply chain risk is at an all-time high and what you can do to protect your business and your clients from trouble.  GET THIS EBOOK>>

The Cybersecurity Risk Protection Checklist – Are you making all the right moves to secure systems and data against threats like supply chain risk in a volatile threat atmosphere? Find out now.  GET THE CHECKLIST>>

The Road to Cyber Resilience – What do top organizations have in common that enables them to efficiently mitigate dangerous threats and keep operating smoothly in adverse conditions? Cyber resilience. Learn how to build it.  GET THIS EBOOK>> 


Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>



10 Things You Need to See From the 2021 Verizon Data Breach Investigations Report & Why They Matter


Every year, industry players await the Verizon Data Breach Investigations Report. While it is always a cornucopia of information that can help MSPs and businesses make informed decisions about cybersecurity, it’s also a lot to read. We’ve gone through the whole thing and pulled out 10 data points that we think deserve a second look. We’ll also share our analysis of why those things are so important as well as how to secure your business and your clients against the risks that we highlight.

In the 2021 edition, the 14th iteration of their influential report, the researchers at Verizon looked at 29,207 incidents and then refined that pool down to 5,258 confirmed data breaches that could be clearly demonstrated – one third more breaches than last year. To create the 2021 dataset researchers collected data from 83 contributors spanning 88 countries, 12 industries and 3 world regions.



10 Things You Need to See from the 2021 Verizon DBIR

1. 85% of breaches involved a human element.

This is important because it illustrates that the top cause of data breaches is still human beings. Specifically, errors made by employees. Diving deeper, the top error that spawns data breaches is misconfiguration. In second place, misdelivery is still riding high on the chart. That includes accidentally sending someone information that they’re not authorized to have or sending the wrong information outside the organization.

2. 3-time champion phishing remained the top threat action that resulted in a breach.

To no one’s surprise, phishing remains the top data breach threat for the third year in a row. It actually increased by 10%, which tracks with the tremendous increase in email volume and record-breaking cybercrime rates that started in March 2020. This category does not include ransomware, which has become such a behemoth that it has its own category these days. This reinforces how crucial phishing defense is for every business.

3. The number of breaches that involved ransomware doubled.

The villain of the year in 2020 was ransomware, and that’s reflected in this report. The number of breaches studied that included ransomware doubled, a confirmation of just how dangerous this phishing-related threat is for every organization. Ransomware is already up by more than 100% in 2021 over record numbers in 2020 and it’s still climbing, making this the top security concern for 2021. Eliminating ransomware threats starts with eliminating phishing incidents.



4. 61% of breaches involved credentials.

Everyone wants to do things the easy way, even cybercriminals. The easy way for them to snatch up data is to obtain credentials through phishing, making strong access control a necessity. But beyond just phishing a credential from an employee, huge quantities of dark web records including 22 billion more added in 2020 provide ample resources for password cracking. Taking the power out of stolen or cracked passwords is one of the prime benefits of multifactor authentication (MFA), and every company needs to be using it now.

5. 85% of social engineering actions that lead to a data breach are done via email.

Once again, there’s no surprise here but there is a strong illustration of why phishing resistance training is absolutely vital. Cybercriminals are using many different lures to entice employees into action through social engineering and they can be difficult to unmask. Phishing resistance training that teaches employees to spot and reject social engineering tricks, especially sophisticated social engineering attempts, is critical to keeping cybercriminals away from data.

6. 23% of monitored organizations experienced brute force or credential stuffing attacks.

Remember credential stuffing? It seems like all that the security world has been talking about is ransomware, but credential stuffing is just as dangerous. Almost a quarter of breaches last year were the fruit of credential stuffing- with 95% of them getting hit with between 637 and 3.3 billion credentials in order to force entry. This is an important reason why single sign on (SSO) is a must-have for access control. In case of trouble, SSO enables techs to quickly isolate a compromised user account and prevent further intrusion.



7. Over 80% of breaches were discovered by external parties.

This should be a troubling number for anyone securing data. More breaches are discovered by researchers than internal teams, a strong indication that lax cybersecurity practices can create big problems. Increased security awareness training and building a strong cybersecurity culture is the prescription for increasing vigilance to make sure that breach risks are caught sooner rather than later.

8. Credentials remain the most sought-after data type and personal data is the second most sought-after data type.

Continuing its winning streak, credentials are the most desirable data for cybercriminals to snatch. It’s not a surprise that gaining access to the heart of a business is at the top of the cybercriminal wishlist. Credentials make it easy for them to conduct multiple operations quickly. Personal data remains in second place, valued both for its usefulness in identity theft and spear phishing.

9. The majority of known data breaches involves loss of personal data, quickly followed by medical data.

Bad actors want personal data to power all sorts of cybercrime operations, and they’re working hard to get it. Thanks to the hot market for COVID-19 data in 2020, medical data is in second place. A record number of breaches at hospitals, laboratories, pharmaceutical companies and even medical data processers bears out that conclusion. Anyone who handles data like this needs to be maintaining strong access controls and phishing resistance training to keep cybercriminals out of it.

10. Business Email Compromise (BEC) is the second most common vector for social engineering.

Although the primary reason that cybercriminals choose to conduct sophisticated social engineering attacks in 2020 was phishing for credentials, BEC scams took their turn in the spotlight. These fraud attempts were also buoyed by high email volumes and uncertainty as many inexperienced remote workers created a bumper crop of targets ripe for the picking. Reliance on doing business remotely also made 2020 the perfect year for BEC. Companies will benefit from stepping up security awareness training around BEC to avoid trouble from this constant threat.


BullPhish ID and Passly are the ideal combination of solutions to reduce your client’s exposure to risks like these while providing an excellent value for both of you.

Passly includes the functionality of 3 solutions in one affordable package, including:

  • MFA and SSO team up with secure shared password vaults to provide the tools you need for strong access control
  • Automated password resets eliminate the constant wave of reset tickets, saving time, money and stress
  • Learn more:

BullPhish ID is the streamlined, user-friendly solution to every training challenge, including:

  • A frequently updated library of plug-and-play phishing simulation kits that can be scheduled to run automatically.
  • Lots of options for customization and white labeling for everything from training content to access portals.
  • Learn more:

We’re here to help if you would like to learn more about ways that you can protect clients who may be in the line of fire from today’s nastiest cybersecurity nightmares. From dark web monitoring to phishing resistance training, the ID Agent digital risk protection platform has you covered. Let’s get together and talk about how we can help your clients and your business! SCHEDULE A CONSULTATION>>



May 26: How to Build a Robust Security Stack Using Layered Point Solutions REGISTER NOW>>

May 27: MSP Mastered® Level 2: Service Desk Reporting and KPI Analysis REGISTER NOW>>

May 27: IT Europa Security Round Table (EMEA Special) REGISTER NOW>>

Jun 01: Zero Trust Exposed REGISTER NOW>>

June 15: Deploy Your Secret Weapon: Security-Savvy Employees REGISTER NOW>>




There’s a Data Breach Risk Around Every Corner


In today’s topsy turvy world, it seems like there’s a new threat to your information security cropping up every day. Let’s cut through the chatter and look at the most important ones to focus on in order to make the most out of your cybersecurity budget while staying out of trouble.

  • Ransomware is a threat to every business, and it’s the favorite tool of every stripe of cybercriminal from solo operators to nation-state threat actors. Over 50% of businesses were impacted by ransomware in 2020.
  • Credential compromise is also high on the list. Bad actors are pulling out all the stops to obtain credentials that allow them to easily enter systems and steal data including phishing and password cracking.
  • Business email compromise is another danger to watch. Fraudsters have been using this technique throughout the pandemic to profit by stealing identities and having sham invoices or money transfers directed to them.

Fortunately, it’s possible to protect your business from cybercrimes like these without breaking the bank. Secure identity and access management with a dynamic solution like Passly is a one-stop-shop for tools that keep cybercriminals out and your data in – including multifactor authentication, which stops 99% of password-based cybercrime all by itself.

Take action now to prevent cybercrime disasters from ruining your summer with affordable, efficient access control from Passly.



ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to pr@kaseya.com to let us know – we love to hear about how our content works for you!