The Week in Breach News: 10/14/20 – 10/20/20
This Week in Breach News: Mystery cyberattacks do massive damage to Barnes & Noble, Robinhood, and the Hackney Borough Council, Dickie’s Barbecue gets served some skimming trouble, and ransomware puts a beloved Indian snack food brand in danger – plus a deep dive into the Dark Web to jumpstart your 2021 planning.
The Week in Breach News: Dark Web ID’s Top Threats This Week
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
The Week in Breach News – United States
United States – Barnes & Noble
https://boston.cbslocal.com/2020/10/15/barnes-noble-cyberattack-hack-data-breach-personal-info/
Exploit: Malware
Barnes & Noble: Bookseller
Risk to Business: 1.411 = Extreme
Barnes & Noble has been starring in its own horror story in the last week, as a massive network outage for its Nook customers rolled into the discovery of a massive cyberattack. The bookseller informed customers on Monday that it had experienced a data breach that exposed customers’ transaction histories and PII. Recovery and restoration efforts are underway. It’s unknown if the Nook outage was a facet of the data breach or unrelated.
Individual Risk: 2.206 = Severe
Barnes & Noble says that the only data stolen was transaction history information, names, and email addresses. The company doesn’t anticipate that any financial information was stolen, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: No one can afford a data breach right now, not even a corporate giant. incidents that impact online sales are especially problematic as online sales remain a focus area during the pandemic.
ID Agent to the Rescue: Strengthening gateway security is a good data loss prevention strategy. Passly guards against intrusion with cracked, stolen or compromised passwords by adding simple but effective secure identity and access management protection. LEARN MORE>>
United States – Intcomex
Exploit: Ransomware
Intcomex: Managed Services Provider
Risk to Business: 1.772 = Severe
The Miami-based managed services provider suffered a huge data breach, exposing nearly 1Tb of very sensitive data. The leaked data contains a collection called “Internal Audit” at 16.6GB, and “Finance_ER” totaling 18GB. The most recent data was from July 2020. The data included credit cards, license scans, payroll, customer databases, and more. The company serves more than 50,000 resellers in over 41 countries.
Individual Risk: No individual information was reported as compromised in this incident, although the potential is there. No details about the uncovered data are available.
Customers Impacted: up to 50,000
How it Could Affect Your Customers’ Business Third party data breaches are a big risk to every business these days. Even if you’re keeping your company’s sensitive data secure, your vendors might not be.
ID Agent to the Rescue: Dark Web ID keeps your business credentials safe by monitoring the Dark Web 24/7/365 to alert you right away if your protected credentials show up in a Dark Web data dump. LEARN MORE>>
United States – Robinhood
https://nypost.com/2020/10/16/hackers-broke-into-nearly-2000-robinhood-trading-accounts/
Exploit: Hacking/Database Intrusion
Robinhood: Investment App
Risk to Business: 1.552 = Extreme
Robinhood informed its users last week that hackers had obtained access to funds and information in some of its accounts. The firm claims that there was no intrusion and that customer email addresses were compromised outside of the app, giving cybercriminals the ability to steal money and data, but investigators and clients say that’s not possible, citing the fact that most accounts were protected with MFA.
Individual Risk: 1.412 = Extreme
Personal and financial information about users was accessible and potentially stolen by hackers, and some users had money stolen directly from their accounts. Users should assume that their accounts have been compromised and act accordingly.
Customers Impacted: 2,000
How it Could Affect Your Customers’ Business: Providing services that use highly sensitive information implies that you’re using the best technology to keep that data safe – especially at a fintech startup.
ID Agent to the Rescue: Keep data safer by reducing the ways that thieves can get to it. With single sign-on through passly, each employee has their own personalized LaunchPad, making it easy for IT staff to secure access points. LEARN MORE>>
United States – Dickie’s Barbecue Pit
https://www.zdnet.com/article/card-details-for-3-million-dickeys-customers-posted-on-carding-forum/
Exploit: Malware/Skimming
Dickie’s Barbecue Pit: Restaurant Chain
Risk to Business: 1.691 = Severe
Dickie’s Barbecue Pit has been serving up a side of skimming to every customer. Between August 2019 and July 2020, cybercriminals were operating skimmers at 156 of Dickey’s 469 locations in 30 states, with the highest exposure in California and Arizona. The breach was discovered by cybersecurity monitors after hackers began advertising the data stash for sale as “Blazingsun”.
Individual Business: 1.771 = Severe
Customers who made purchases at Dickie’s Barbecue Pit during that window have likely experienced a credit card compromise and should contact their card issuer for guidance.
Customers Impacted: 3 million
How it Could Affect Your Customers’ Business: The number one cause of a data breach is human error. Failing to keep up with security awareness and phishing resistance training leads to expensive cybersecurity disasters.
ID Agent to the Rescue: The ID Agent digital risk protection platform enables organizations of any size to implement security awareness training painlessly at a great price. LEARN MORE>>
United States – Nez Pierce Tribal Casinos
Exploit: Ransomware
Nez Pierce Tribal Casinos: Gambling Parlors
Risk to Business: 2.002 = Severe
Two popular casinos owned and operated by the Nez Peirce Native American tribe were hit with ransomware, resulting in a complete shutdown for at least a week. Systems were frozen at both the tribe’s Clearwater River Casino near Lewiston and the Ye-Ye Casino at Kamiah in Idaho. Restoration efforts and investigations are underway, but the casinos are expected to reopen imminently.
Individual Risk: No personal data has been reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Attacks aren’t always about stealing data. Ransomware is a devastating weapon that bad actors are using to shut down businesses too., and that can sometimes be even worse.
ID Agent to the Rescue: Learn how to protect systems and data from ransomware in our eBook “Ransomware 101“. DOWNLOAD IT NOW>>
The Week in Breach News – Canada
Canada – Municipality of Westlake-Gladstone
https://winnipeg.ctvnews.ca/nearly-450k-stolen-from-manitoba-municipality-in-cyber-attack-1.5146916
Exploit: Hacking/Intrusion
Municipality of Westlake-Gladstone: Local Government
Risk to Business: 2.309 = Severe
Nearly $450K was snatched from the operating account of this Manitoba municipality in a hacking incident that could be the result of an insider threat. The money was stolen in a series of withdrawals or transfers beginning in November 2019 and continuing until at least January 2020.
Individual Risk: No individual information has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Schemes like this are often the result of a business email compromise scam. It’s a devastating variant of phishing that preys on business relationships- and it’s consequently more devastating.
ID Agent to the Rescue: Prevent business email compromise by boosting phishing resistance training for everyone, including executives who are frequently targeted in these scams. SEE BULLPHISH ID IN ACTION>>
The Week in Breach News – United Kingdom & European Union
United Kingdom – Hackney Borough Council
https://www.zdnet.com/article/serious-cyberattack-hits-london-council/
Exploit: Ransomware
Hackney Borough Council: Municipal Government
Risk to Business: 1.334 = Extreme
A devastating cyberattack shut down operations at websites for the Hackney Borough Council, bringing everything from bill payments to services for the elderly and vulnerable to a halt briefly. Many functions have been restored, but some business is still impacted. The incident has also been reported to the Information Commissioner’s Office (ICO). Experts from theNational Cyber Security Centre (NCSC), the National Crime Agency (NCA), external security experts, and the Ministry of Housing, Communities and Local Government are also assisting with investigation and recovery. The incident shows hallmarks of ransomware.
Individual Risk: No personal or financial data is reported as stolen or compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Attacks on municipalities and municipal service providers have become more rare- and more damaging, especially from nation-state hackers and other highly organized cybercrime gangs.
ID Agent to the Rescue: When ransomware comes calling, it’s usually part of a phishing attack. BullPhish ID is key to preventing these incidents, with 4 new plug-and-play phishing kits added every month to keep you up to date on the latest threats. LEARN MORE>>
Sweden – Panion
https://cybernews.com/security/social-media-app-leaking-data-of-172000-users/
Exploit: Unsecured Database
Panion: Social Media App
Risk to Business: 2.337 = Severe
Swedish social media app Panion committed an unfriendly blunder by failing to secure an AWS bucket, leaving personal information for its users exposed. All told, about 2.5 million user records were exposed. The data included full names, email addresses, genders, interests, location coordinates, and last login dates, as well as selfies and document photos.
Individual Risk: 2.227 = Severe
Users should be aware that their location data has been exposed, as well as personal information that can empower spear phishing attacks or other crimes.
Customers Impacted: 2 Million
How it Could Affect Your Customers’ Business: Don’t make rookie mistakes. Companies that leave databases open tell their clients that they’re not committed to using cybersecurity best practices, making clients less likely to do business with them.
ID Agent to the Rescue: Start using Passly for staff access to databases and files. If everyone who needs access can be given it quickly, it eliminates the chance of people taking shortcuts like not locking a database. . SEE PASSLY AT WORK>>
The Week in Breach News – Australia & New Zealand
Australia – Kleenheat
https://www.zdnet.com/article/kleenheat-customer-names-and-addresses-exposed-in-system-breach/
Exploit: Unsecured Database
Kleenheat: Energy Company
Risk to Business: 2.894 = Moderate
Australia’s Kleenheat is warning customers that they may have had data exposed in a breach at a third party vendor. The data was collected and stored in 2014, and in a system that is no longer in use at a former data storage partner.
Individual Risk: 2.822 = Moderate
Clients impacted in the breach had what the company characterizes as general information exposed including names, residential addresses, and email addresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third party exposures aren’t just a risk for your business, they’re also a risk for your customers. Failing to provide quality security on data storage can expose you and your clients to unwanted consequences.
ID Agent to the Rescue: Data like the kind stolen in this breach lives forever on the Dark Web. Be certain that your staff’s credentials aren’t hanging around on the Dark Web from a past exposure with Dark Web ID. SEE DARK WEB ID AT WORK>>
Australia – Containerchain
Exploit: Ransomware
Containerchain: Logistics Platform
Risk to Business: 1.921 = Severe
In yet another attack on freight and transport, Containerchain was hit with a ransomware attack. Systems for its shipping customers were briefly shut down entirely but were restored quickly. The company does not believe that significant data was lost and noted that impacted customers (if any) would be in AU, NZ, SG, and MY. The investigation is ongoing.
Individual Impact: No personal data was exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A spate of recent attacks against shipping, transportation, and logistics targets has raised fears of potential cyberwarfare targets and put these essential parts of our infrastructure on notice that their cybersecurity is vital to operations.
ID Agent to the Rescue: Our digital risk protection platform offers businesses multiple tools for securing their systems and data, even from unexpected dangers. LEARN MORE>>
The Week in Breach – Asia
India – Haldiram’s Snacks
Exploit: Ransomware
Haldiram’s Snacks: Snack Food Manufacturer
Risk to Business: 1.451 = Extreme
Beloved Indian snack food maker Halidram’s has been hit with a ransomware attack that has brought chaos to its business and manufacturing arms. Bad actors encrypted much of the company’s essential data between October 12 and October 13, demanding a ransom payment for release. The negotiation, recovery, and investigation is ongoing.
Individual Risk: No individual information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware typically arrives as the nasty cargo of a phishing email. Phishing is today’s biggest cybersecurity risk, and this kind of damage is exactly what makes it every IT professional’s nightmare
ID Agent to the Rescue: Staffers only retain what they learned from security awareness training for approximately 4 months. Refresh that regularly with BullPhish ID to reduce the chance of your business falling prey to a ransomware gang. SEE A DEMO>>
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Added Intelligence
Go Inside the Ink to Get the Inside Scoop
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
- Are You Including IoT Danger in Your Cybersecurity Planning?
- The Week in Breach: 10/07/20 – 10/13/20
- Don’t Get Tricked by GDPR Compliance Phishing Scams
- Remote Work Phishing Threats Aren’t Slowing Down
- The Ink This Week: Cybersecurity News 10/16/20
- CISA NIST Ransomware Protection Guides Highlight Simple Solution
- Is Your Stolen Data in the Pot at a Poker Game?
The Week in Breach: New Resources
Dark Web Crash Course – Get Ready for the Threats of Tomorrow
2020 has been a rollercoaster ride for every MSP – are you ready for what 2021 will bring? October is National Cybersecurity Awareness Month, and one of the most important parts of growing a successful MSP is having what your clients need when they need it.
That’s why you might want to do a little homework on the Dark Web. Your customers will be thinking about their cybersecurity plans for 2021 soon, and they’ll be looking to you for advice about what risks they’re facing.
You’ll learn:
- 5 Proven, Practical Steps to Close New Security Business
- Digital Risk: Threats Opportunities, and Strategies to Position Yourself for Success
- Unveiling Cybercrime Markets on the Dark Web: Expert Edition
- MSPs Are Lifting the Veil of the Dark Web
- State of the Dark Web 2020
COVID-19 has left its mark on cybersecurity, and economic uncertainty has created a feeding frenzy in Dark Web data markets. Learn what risks to look for and how to mitigate them to guide your customers to the right solutions while increasing your MRR in our quick crash course in today’s Dark Web! SEE OUR COVID-19 CYBERSECURITY CONTENT>>
In case you missed it last week: See both sides of a phishing attack to really understand why phishing is so successful and so dangerous in our webinar “Phishing Confidential: Offensive and Defensive Playbooks of a Phishing Attack Revealed” SEE THE WEBINAR>>
The Week in Breach: Featured Briefing
Just When You Thought It Was Safe – COVID-19 Phishing is Back for an Encore
COVID-19 quickly rose to the top of Google’s list of the biggest phishing topics in history in the spring of 2020. After a monster increase of more than 600% in phishing in Q2 2020, the tsunami of phishing email around the global pandemic seemed to be slowing down as the topic became less sensational.
But the fall of 2020 is shaping up to be the return of the COVID-19 phishing scam. As disease rates climb in some countries and COVID-19’s second wave starts making its way through the world, cybercriminals are looking for ways to get some replay value out of their best pandemic-themed phishing tricks.
In a study of user reactions to cybersecurity dangers like phishing lures, researchers at Verizon discovered that even with all of the hype surrounding COVID-19 scams, users are three times more likely to click on a phishing link and then enter their credentials than they were before the pandemic, and thousands of new COVID-19 scam pages are still being created every day.
Don’t let cybercriminals get their hooks in you. Learn how to spot and stop today’s biggest security threat: phishing.
Our long COVID-19 phishing nightmare isn’t even close to over. Fresh warnings about COVID-19 relief scams and pandemic-related phishing emails from entities like the FBI serve as fresh warnings that there doesn’t seem to be an end in sight for the audacity of cybercriminals in the time of COVID – 19. The UK’s National Computer Security Center (NCSC) recently announced that it had taken down about 2,000 scams in just one month.
That means it’s time to remind your clients about the value of security awareness training, especially phishing resistance training. Companies that engage in regular cybersecurity awareness training have 70% fewer cybersecurity incidents – as long as that training is regularly updated. Staffers hold on to what they learned in training for about 4 months at most, so regularly updating training is a must.
BullPhish ID provides a robust training solution that’s good for you and your clients. With 4 new plug-and-play phishing simulation kits added every month, including COVID-19 threats, your clients will have plenty of material to use for their training campaigns – and you’ll have a nice boost to your MRR when they keep using our easy, cost-effective solution.
Everyone’s trying to save money in a tight economy, but security awareness training isn’t the place to make cuts in the IT budget. A small up-front investment in training with a dynamic solution like BullPhish ID pays huge dividends in improved overall cybersecurity when a phishing email lands in an employee inbox and gets deleted instead of opened, saving a fortune.
The Week in Breach: A Note for Your Customers
Too Many Privileged Credentials Can Lead to Disaster
How many administrator or above credentials are around for your business systems? How many people have access to an administrator password who shouldn’t? Can you be sure that every former staffer’s access has been removed? How many of your staffers are reusing passwords at work and at home?
Compromised credentials cause big business problems, and privileged credentials are Golden Tickets for cybercriminals. In a recent analysis, experts determined that as many as a fifth of employees with privileged user credentials don’t need them – a third of the respondents even said that everyone at their level has the same access, whether they need it or not.
Playing fast and loose with privileged access to your systems and data is a disaster waiting to happen, as the US Government recently found out. Bad actors were able to gain access to critical data and systems with stolen access credentials for O365, including administrator credentials. The attackers were then able to conduct a complex malware attack, remotely logging into staffers’ computers.
Sometimes it’s inconvenient to have to track down someone to click a button. But giving out privileged access to everyone is no good at all, and sharing administrator passwords is not the answer. Simple secure identity and access management is the solution.
Secure identity and access management is a top CISO priority for 2021. Let us show you why with Passly. Your clients will love the price and you’ll love the MRR!
Passly combines multiple security tools into one solution, giving you more for your money including multifactor authentication and secure shared password vaults. But the most important feature that Passly provides to alleviate this headache is single sign-on. It makes everyone’s job easier.
Instead of writing down administrator passwords to access a system or giving people blanket access, single sign-on allows every staffer to have a personalized LaunchPad that signs them in to all of the apps they’ll use at work in one swoop.
It’s also a boon for IT departments. No need to go into every single application a staffer might use and grant them access permissions. No more endless password resets when somebody lost that sticky note. Every user has an individual LaunchPad that IT staff can access from anywhere, granting and removing permissions with just a few clicks.
Secure identity and access management was cited as a top priority for next year by CISOs in a recent survey, and it’s no wonder. Making it easier for IT staffers to control your access points while making it easier to make sure that the right people have access to the right things exactly when they need it just makes good sense.
Catch Up With Us at These Virtual Events
- OCT 22-23: Robin Robins Recession Rescue Road Show (Orlando, FL) REGISTER>>
- OCT 28: REBOUND 2020 REGISTER>>
- OCT 29- 30: Robin Robins Recession Rescue Road Show (Scottsdale, AZ) REGISTER>>
- NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!