Please fill in the form below to subscribe to our blog

The Week in Breach News: 11/18/20 – 11/24/20

November 25, 2020
the week in breach represented by a soccer ball heading for a goal.

This Week in Breach News: Ransomware scores at Manchester United and chills Americold, Managed.com gets rocked by REvil, Luxottica’s data breach nightmare continues, how social engineering sneaks up on remote workers, and TWO new eBooks on security awareness training and phishing (and they’re really cool!).


The Week in Breach News: Dark Web ID’s Top Threats This Week


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

The Week in Breach News – United States 


United States – Managed.com

https://securityaffairs.co/wordpress/111154/cyber-crime/managed-com-revil-ransomware.html

Exploit: Ransomware

Managed.com: Web Hosting Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

REvil has had a nasty impact at this web hosting provider, causing a complete shutdown of company systems. The company says that a “limited number” of customer sites have been affected. Impacted functions included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers.

Individual Risk: Managed.com has not released any information about potential client impact, although the company did note that they’d taken measures to secure client data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third party risk is a growing problem for every business, especially as cybercriminals target more centralized service and infrastructure companies.

ID Agent to the Rescue: Your customers need solutions that protect their data from risks like this. Our solutions can help in two ways: securing their data and securing your MRR with Goal Assist to close more deals! LEARN MORE>>


United States – Mercy Iowa City

https://www.kcrg.com/2020/11/18/mercy-iowa-city-reports-data-breach-over-60000-iowans-affected/

Exploit: Unauthorized Access

 Mercy Iowa City: Medical Center

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.631 = Moderate

An unauthorized user gained access to an employee email account at this Iowa hospital, leading to the potential exposure of sensitive data for thousands of patients. There’s no confirmation that data was stolen, but the hospital is warning patients of the possibility The incident was discovered after the compromised account began sending out spam and phishing messages.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.502 = Moderate

The hospital has not yet confirmed that any data was actually accessed or stolen, but they sent out a letter warning patients of the potential breach. Information that may have been compromised includes patient names, Social Security numbers, driver’s license numbers, dates of birth, medical treatment information and health insurance information.

Customers Impacted: 60,000

How it Could Affect Your Customers’ Business Password compromise leads to major trouble. Even small incidents like this can quickly turn into huge problems if access to sensitive data isn’t carefully controlled.

ID Agent to the Rescue: Passly gives you more control over access points to systems and data with Single Sign-on and individual user LaunchPads that enable IT staff to quickly add and remove access. BOOK A DEMO>>


United States – TronicsXchange

https://www.infosecurity-magazine.com/news/80000-id-cards-fingerprint-exposed/

Exploit: Misconfiguration

TronicsXchange = Used Electronics Dealer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.992 = Severe

A big error at TronicsXchange has led to a big problem, as sensitive customer data was exposed on a misconfigured database. Over 2.6 million files, including ID cards and biometric images, were left open and leaking in a misconfigured AWS S3 bucket. The data appears to be older and is primarily comprised of California residents.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.222 = Extreme

The data that was exposed was seriously sensitive and has the potential for massive troublemaking. Millions of files were leaked including extremely sensitive information like approximately 80,000 images of personal identification cards such as driver’s licenses, and 10,000 fingerprint scans. The leaked driver’s license photos expose even more information about that individual, including license number, full name, birthdate, home address, gender, hair and eye color, height and weight, and a photo of the individual, among other things.

Customers Impacted: 80,000

How it Could Affect Your Customers’ Business: Leaving a database unsecured or misconfigured is a symptom of a lax cybersecurity culture. Leaving a database unsecured that has this kind of incredibly sensitive data inside is a disaster that will send customers running for the exits.

ID Agent to the Rescue: Passly adds essential security tools like multifactor authentication and simple remote management to ensure that only the right people have access to your sensitive client data. LEARN MORE>>


United States – American Bank Systems

https://securityreport.com/american-bank-systems-hit-by-ransomware-attack-full-53-gb-data-dump-leaked/

Exploit: Ransomware

American Bank Systems: Software Services Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.864 = Severe

Avaddon ransomware made an unwelcome deposit at American Bank Systems, unleashing a ransomware attack that led to the capture and partial publishing of 53 GB of all sorts of highly confidential data. The banking software services company had data snatched from banks around the world including banking names and mortgage companies, such First Federal Community Bank, Rio Bank, Citizens Bank of Swainsboro, First Bank & Trust, and many more. The leaked data in the dump includes files such as loan documents, business contracts, private emails, invoices, credentials for network shares, and other confidential information.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.516 = Severe

Many of the stolen banking records also contain information about the clients of affected banks including, personally identifying information, loan amounts, and Tax ID or Social Security numbers. Some data on employees of banks was also exposed. Clients of impacted backs should be alert to identity theft and fraud possibilities.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third-party service providers may not have the same commitment to data security as you do. It pays to do your homework to avoid these problems whenever possible.

ID Agent to the Rescue: Information like this can hang around for years after it hits the Dark Web. Make sure your staff’s credentials haven’t been exposed with Dark Web ID 24/7/365 monitoring. SEE HOW IT WORKS>>


United States – Americold

https://www.bleepingcomputer.com/news/security/cold-storage-giant-americold-hit-by-cyberattack-services-impacted/

Exploit: Ransomware

Americold: Cold Storage and Logistics 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.236 = Severe

Ransomware definitely chilled business at Americold, causing major disruptions to operations. The cyberattack impacted their operations across the board, causing partial or complete shutdowns in phone systems, email, inventory management, and order fulfillment. This attack may be related to a recent spate of attacks against healthcare targets. Cold storage and temperature-controlled transportation will be a huge component in the distribution of any COVID-19 vaccine.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware isn’t just stealing data anymore. Its also being used as a tool to disrupt infrastructure and logistics to devastating effect.

ID Agent to the Rescue: Protect your systems and data from ransomware with BullPhish ID. Consistent phishing resistance and security awareness training can reduce cybersecurity incidents by up to 70%. LEARN MORE>>


United States – Port of Kennewick

https://www.nbcrightnow.com/news/port-of-kennewick-now-victim-of-cyber-attack/article_2da5b29c-2936-11eb-a2e4-0f3e16c73589.html

Exploit: Ransomware

Port of Kennewick: Municipal Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.322 = Severe

Ransomware severely impacted operations at this inland port in Washington. Cybercriminals encrypted the port’s systems and demanded $200,000 in ransom to restore access to the port’s servers and files. The port authority, FBI, and an outside contractor have been working to restore full operations.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a huge threat to infrastructure targets as well as businesses, and nation-state actors are most likely to use ransomware in their attacks.

ID Agent to the Rescue: Don’t let phishing shut your operations down. Train staffers to spot and stop phishing before an attack becomes a disaster. LEARN MORE>>


United States – Kenneth Copeland Ministries 

https://www.dailymail.co.uk/news/article-8966623/Russian-hacker-group-REvil-claims-massive-attack-televangelist-Kenneth-Copeland.html

Exploit: Ransomware

Kenneth Copeland Ministries: Televangelism

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.306 = Severe

The REvil ransomware gang strikes again, this time at televangelist Kenneth Copeland’s operations. The gang is threatening to release 1.2 terrabytes of sensitive data if he fails to pay their unspecified ransom demands. Evidence of the hack has been displayed on REvil’s information website.

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware gangs like REvil can see juicy paydays in targeting prominent people in any industry – or releasing potentially embarrassing stolen data if those people decide not o pay the ransom.

ID Agent to the Rescue: Phishing resistance training is one of the most important ways that any organization can protect their systems and data from ransomware. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. LEARN MORE>>



The Week in Breach News – United Kingdom & European Union


United Kingdom – Manchester United

https://securityaffairs.co/wordpress/111231/hacking/manchester-united-cyber-attack.html

Exploit: Ransomware

Manchester United: Football (Soccer) Club

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.122 = Severe

A ransomware attack briefly shut down business operations at Manchester United. The team reports “Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers.” The cyberattack is not expected to impact play and matches will remain ongoing as scheduled.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware and phishing go hand in hand and as social engineering tactics improve it’s always going to be the fastest, easiest way for cybercriminals to strike.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>


Italy – Luxottica

https://healthitsecurity.com/news/luxottica-data-leaked-by-hackers-after-ransomware-attack-breach

Exploit: Ransomware

Luxottica: Eyewear Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.237 = Severe

After suffering a nasty cyberattack a few months ago that severely impacted operations, eyewear giant Luxottica is in hot water again. Newly uncovered data from Dark Web sources that protected health information and PII for thousands of consumers who patronize common eyewear retailers. Sensitive company data was also stolen including contract information, financial information, and human resource documents. hackers have already begun releasing this data.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.379 = Severe

The leaked data contained customer contact details, health insurance policy numbers, and appointment notes related to treatment, such as health conditions, procedures, and prescriptions, as well as other sensitive data, including the credit card information and Social Security information of some patients that patronize major eyewear retailers including LensCrafters, Sunglass Hut, and Pearle Vision, along with users of the EyeMed vision care plan. Consumers stay alert to identity theft and spear phishing possibilities.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Failure to adequately protect medical data is an expensive proposition and will undoubtedly draw the wrath of regulators in the US and EU. It pays to remember that one employee interacting with one phishing email can always be a recipe for disaster.

ID Agent to the Rescue: Don’t wait until ransomware creates an expensive compliance nightmare to update phishing resistance and security awareness training for every staffer BullPhish ID. SEE BULLPHISH ID IN ACTION>>



The Week in Breach News – Asia Pacific


South Korea – E-Land

https://www.koreatimes.co.kr/www/tech/2020/11/694_299692.html

Exploit: Ransomware

Press Trust of India: News Reporting Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.169 = Severe

A cyberattack walloped Korean retail giant E-Land, forcing it to suspend operations at 23 of its 50 branches of NC Department Store and NewCore Outlet stores. Some stores have reopened, but they’re still facing significant operational delays Investigation and recovery is ongoing.

Individual Impact: No personal data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Operational impacts from ransomware can be devastating even if bad actors don’t steal your data, especially for daily goods and services businesses like retail stores.

ID Agent to the Rescue: Don’t let ransomware shut you down. Phishing resistance training with BullPhish ID transforms your staffers from your largest attack surface to your largest defensive asset. LEARN MORE>>


Japan – Mitsubishi Electric

http://www.asahi.com/ajw/articles/13948123

Exploit: Hacking

Mitsubishi Electric: Electrical Equipment Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.470 = Severe

Security improvements at Mitsubishi Electric didn’t go far enough, because bad actors have penetrated security again. This time, instead of machine and operations data, client data impacting more than 8,500 corporate accounts was stolen. This is the second successful attack on Mitsubishi in the last 6 months.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.474 = Severe

Information for 8,653 business accounts has been exposed. The company is working to determine if information related to bank accounts of the other parties as well as other information leaked. No personal or consumer data has been reported as affected in this incident.

Customers Impacted: 8,653

How it Could Affect Your Customers’ Business: Putting extra security between your client records and hackers is a smart move to avoid having your data become a new asset in the booming Dark Web data economy.

ID Agent to the Rescue: Information from attacks like this inevitably makes its way to Dark Web data markets. Make sure your employee credentials are protected from Dark Web data risk when you have them monitored with Dark Web ID. SEE DARK WEB ID AT WORK>>



The Week in Breach News Guide to Our Risk Scores



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!


The Week in Breach: Resource Spotlight


NEW EBOOK RELEASES!



Phishing is the undisputed champion of cybersecurity threats in 2020. With a more than 600% increase in phishing attacks just in the first 6 months of the year, every business is at risk of damage from the consequences of one fatal click on a phishing email – and those risks are only climbing.

That’s why we’ve created this new eBook to help you navigate today’s most dangerous threat. Filled with the latest statistics about phishing in 2020, data about attacks, and strategies to protect your business, this is a must-read for every IT professional!

You’ll learn:

  • The inside story of how many popular phishing attacks function including examples that help you learn to spot potential attacks.
  • The most recent information and analysis about the danger of phishing attacks in 2020
  • How Dark Web data helps drive phishing-related cybercrime

Get up-to-speed on the latest data about phishing and discover winning strategies to protect systems and data fast! GET THE BOOK>>


Cybersecurity might not be a game, but it is an adventure. Instead of wasting time figuring everything out yourself, get the cheat codes that help you become a Security Awareness Champion fast. We’ll show you how you can secure your clients and use your weapons most effectively to beat today’s nastiest cybersecurity monsters.

You’ll find everything that you need to conquer cybercrime with security awareness training in our new eBook the Security Awareness Champion’s Guide. You’ll get fresh insight and invaluable information about how security awareness training is your secret weapon against cybercrime.

  • Get full walkthroughs of dangerous threats like ransomware and phishing, with clear examples. 
  • Look at the leaderboards to compare cyberattack threats in 2020 vs. 2019
  • See statistics to use in your marketing and sales efforts illustrating cybercrime danger
  • Learn about how security awareness and phishing resistance training can save a fortune
  • Read strategies to fight back against hackers and social engineering

Read the Security Awareness Champion’s Guide to start leveling up now! GET THE BOOK>>



RSVP now for our holiday spectacular: ‘Twas the Night Before Krampus!

Join the legendary Krampus on December 15 from 3 pm ET – 5:30 pm ET for an unforgettable holiday event: ‘Twas the Night Before Krampus! Your stocking is waiting by the fire, stuffed with goodies like:

  • A keynote presentation from a former star of the naughty list “U.S. Most Wanted”, cybercrime king Brett Johnson, The Original Internet Godfather. He’s on the nice list now as a sought-after cybersecurity consultant, sharing tales of cybercrime past to create security improvements in the future.
  • Kaseya’s Matt Solomon and Dan Tomaszewski with a game-changing roadmap on how to sell security – with real-life examples.
  • ID Agent’s Product and Development team with a recap of our hottest 2020 features and updates, plus a sneak peek into 2021!
  • Connect with our experts in a  live open forum with Q&A.
  • Win OVER $5K in cash and prizes including fabulous treats like a celebrity Zoom, an Apple gadget, a VR headset, and a grand prize of $1,000 cash.

Plus, expect some fun surprises from our partners in holiday merriment: IT Owner’s Compass, CharTec & IT/MSP Entrepreneurs. Have you reserved your seat yet? Sign up to ensure your place on the nice list and enjoy this holiday extravaganza! REGISTER NOW>>



cybercrime as a service depicted as a hand on a mouse in a shadowy stream of information

Find out why Dark Web danger is just around the corner for every business in the post-pandemic world.

READ STATE OF THE DARK WEB 2020>>


Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back.


Cybercriminals these days are a lot smarter than you might think. Just like any other business, cybercrime gangs are always looking for ways to break through with a slick new attack style that scores them a big payday before cybersecurity professionals even have it on their radar. One of the most successful areas of expansion for cybercrime in 2020 has been social engineering.

A major component of phishing-related cybercrime, the premise behind social engineering is very simple: to influence the target to take an action. Whether that action is to buy a certain brand of coffee, share a news story, or click on a link in a phishing email, social engineering is a common tactic in all sorts of business operations for one simple reason: it works.

Recent examples illustrate some of today’s craftiest social engineering tactics. For example, take a dull, routine subject like compliance. It’s both complicated and constantly changing, with huge penalties for violations. Cybercriminals know that GDPR fines are a specter that haunts most European businesses – and detailed information about many businesses is an easy score on the Dark Web.

So why not try out a cleverly disguised social engineering trick by creating an email that’s designed to look like it’s from a consultancy helpfully informing you that there are new regulations about email security that you might not be compliant with. Of course, their company can help. They may “already be working with you to resolve the problem”, and they just need a little bit more information. You know the rest of this story.


how to define insider threats represented by two men shaking hands, but one has the shadow of the a devil behind him.

Insider threats are today’s scariest business cybersecurity risk. Learn to spot and stop them with the eBook and other tools in this resource package!

Get “Stop Insider Threats” now>>


Or, at larger companies, the classic access scam. A contractor or service for your corporation contacts you, maybe even by phone. He is trying to repair something crucial that’s just broken fast. It’s a big problem, the bosses are mad, and they have a quick fix to temporarily patch it until they can fix it. They just need a password that gives them access to a certain system, and they were told that you’re the person to talk to. Password sharing is so endemic, most staffers will hand theirs right over.

This may not sound like a plausible scenario to you, and you’d probably be inclined to ask for more proof – and you’d be right, it’s a scam. But many employees won’t recognize it, even at big tech companies where you’d expect them to know better. After all, this sequence of events is exactly what happened to cause the giant Twitter breach earlier this year.

Fighting back against social engineering means fighting back against cybercriminal trickery with education. Security awareness training, especially phishing resistance training, is every company’s best bet for teaching employees to spot and stop social engineering attacks. Companies that engage in regular security awareness training have up to 70% fewer cybersecurity flubs.

BullPhish ID is the answer for your clients. Not only can it be easily configured for companies and test groups of any size, but it’s also ideal for both in-office and remote workforce training. It’s easy to manage and easy to use. Plus, phishing resistance training doesn’t just help companies defend against phishing – it increases overall security awareness too.

The best training is training that people remember. BullPhish ID delivers on that front, with information presented in bite-sized pieces that are easy to understand no matter how tech-savvy your staffers are in 8 languages. Engaging video lessons make BullPhish ID the perfect tool to use when training employees and online testing enables you to quickly determine who needs extra help.

Research indicates that employees retain the skills that they gain from training for about 4 months before they disappear, but don’t lose skills if their training is regularly updated. BullPhish ID has the content you need, with over 80 complete phishing simulation kits are ready to go, with 4 new kits added every month. Plus we add training on all the latest threats, including COVID-19 lures.

Let the experts at ID Agent help you close new deals to provide security awareness training that arms your clients to fight back against social engineering with BullPhish ID. Not only are we ready to show you how BullPhish ID can boost your MRR, but we’re also ready to help you sell it when you ask us to tag in on tricky sales calls through Goal Assist. Contact us and let’s get started today!


stopmsocial engineering attacks represented by an employee being manipulated like a marionette

See BullPhish ID in action. WATCH IT>>

Book a demo with an ID Agent expert to see how BullPhish ID can grow your business! BOOK IT>>


The Week in Breach: A Note for Your Customers


To Err is Human, But Preventing Expensive Disasters is Divine.


Making mistakes is part of being human. Even your most conscientious employees are bound to screw up at some point. But employee mistakes don’t have to be a gateway to cybersecurity disaster. Putting fail safes in place between your data and cybercriminals can mitigate the risk of employee errors.

While errors like misconfiguration and failure to patch software are dangerous, one particular source of employee error definitely tops the trouble list: passwords. In a recent survey, an outrageous 91% of employees admitted to reusing nor recycling passwords at work and between their work and home accounts, and password sharing is endemic.

Password compromise is by far the fastest, easiest way for cybercriminals to gain access to your systems and data. A password alone, even if it is updated regularly, will not provide strong protection for your systems and data – over 80% of breaches can be attributed to password hacking or password compromise.

Put extra protection between your business and employee errors like poorly made passwords by adding a secure identity and access management solution like Passly to your security plan. An expert-endorsed best practice and a requirement for compliance in many industries, multifactor authentication is your strongest shield against these types of brute force hacking attacks.

Passly also includes other highly recommended security tools like simple remote access control for IT staffers, secure shared password vaults, and single sign-on LaunchPads for every user to boost your endpoint security. This multifunctional dynamo can dramatically reduce your threat risk from employee cybersecurity errors at a price that fits any budget.

Securing the access gateways to your company’s systems and data is the fastest, most effective way to prevent a small mistake from becoming an expensive cybersecurity disaster. Streamline access, improve endpoint security, and add the fail safes that you need to make sure that only the right people are accessing your systems and data in a flash with Passly.



Catch Up With Us at These Virtual Events


  • DEC 1 – DEC 25: EverythingMSP Presents “A Very Merry MSP Christmas” Giveaway REGISTER>>
  • DEC 9: Phish and Chips (EMEA Edition) REGISTER >>
  • DEC 7-11: The TruMethods MSP Success Summit REGISTER>>
  • DEC 15: ‘Twas the Night Before Krampus REGISTER>>

Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!