Please fill in the form below to subscribe to our blog

The Week in Breach News: 11/25/20 – 12/01/20

December 02, 2020
the week in breach represented by the words "the week in breack" in white on a green chalkboard with figures illustrating cyberattack threats.

This Week in Breach News: Baltimore County Public Schools learn a lesson about ransomware, healthcare targets worldwide take security hits, learn to spot and stop phishing with intel from our cybercriminal secret files, see how business email compromise scams are taking a new turn, and show your customers the importance of cyber risk literacy.


The Week in Breach News – United States 


United States – Baltimore County Public Schools

https://www.bizjournals.com/baltimore/news/2020/11/25/ransomware-attack-baltimore-county-public-schools.html

Exploit: Ransomware

Baltimore County Public Schools: School System 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.222 = Extreme

Ransomware attacks on school systems around the country have grown exponentially, and that lesson was driven home for Baltimore County Public Schools last week. A ransomware attack forced the system to shut down completely for three days, disrupting online learning for K – 12 students. The district has 115,000 students.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Approximately 115,000 students and 7,300 teachers

How it Could Affect Your Customers’ Business: Ransomware can unleash extreme devastation, going beyond stealing data to shutting down an organization’s operations completely.

ID Agent to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>


United States – Belden

https://www.securityweek.com/belden-discloses-data-breach-affecting-employee-business-information

Exploit: Unauthorized Database Access

Belden: Signal Transmission Solutions Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.992 = Severe

An unauthorized user gained access to at least one database full of employee and client information. The company noted in a statement that attackers apparently accessed a “limited number” of Belden’s file servers, but the firm said the breach did not have any impact on production in manufacturing plants, quality control, or shipping.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.990 = Severe

The company went on to state that filched employee information may have included names, birthdates, government-issued identification numbers (for example, social security / national insurance), bank account information of North American employees on the Belden payroll, home addresses, and email addresses. potentially compromised information for business partners includes bank account data and tax ID numbers.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Password compromise is often the culprit behind an intrusion like this, and that’s a matter that needs to be taken seriously in order to prevent this kind of drama.

ID Agent to the Rescue: Passly adds essential security tools like multifactor authentication to throw up roadblocks between unauthorized users and your sensitive employee and client data. LEARN MORE>>


United States – Spotify

https://blog.malwarebytes.com/reports/2020/11/spotify-resets-some-user-logins-after-hacker-database-found-floating-online/

Exploit: Credential Stuffing

Spotify: Digital Music Streaming Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.992 = Severe

Spotify ended up with egg on its face last week after security researchers uncovered an unsecured Elasticsearch database containing more than 380 million records. The exposed data contained login credentials and other information belonging to Spotify users. The researchers in concert with Spotify investigators determined that whoever owned the database had probably obtained the login credentials from an external site and used them on Spotify accounts in a credential stuffing operation.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.801 = Moderate

The data that was exposed includes customers’ usernames and passwords for Spotify, as well as email addresses and countries of residence. Information like this could be used to fuel spear phishing attempts. Spotify users should reset their passwords.

Customers Impacted: 80,000

How it Could Affect Your Customers’ Business: Credential stuffing is a threat that becomes more serious every day as new dumps of passwords hit the Dark Web. If you’re not watching for potential trouble, you’re leaving your business open to disaster.

ID Agent to the Rescue: Millions of passwords are available in Dark Web dumps just waiting for cybercriminals to use for password-based cyberattacks like credential stuffing. With Dark Web ID, you’re alerted if your protected passwords show up in Dark Web dumps. BOOK A DEMO>>


United States – LSU Health New Orleans

https://www.infosecurity-magazine.com/news/louisiana-hospitals-report-data/

Exploit: Unauthorized Systems Access

LSU Health New Orleans: Medical System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

A major attack on another healthcare target, LSU Health New Orleans disclosed that an unauthorized intrusion into an employee email inbox occurred on September 15, 2020. The mailbox access was discovered and disabled on September 18, 2020, but not before sensitive information was potentially snatched about patients who received care at Lallie Kemp Regional Medical Center in Independence; Leonard J. Chabert Medical Center in Houma; W. O. Moss Regional Medical Center in Lake Charles; the former Earl K. Long Medical Center in Baton Rouge; Bogalusa Medical Center in Bogalusa; University Medical Center in Lafayette; and Interim LSU Hospital in New Orleans.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.616 = Severe

Data exposed in the attack may have included patients’ names, medical record numbers, account numbers, dates of birth, Social Security numbers, dates of service, types of services received, phone numbers and/or addresses, and insurance identification numbers. The type and amount of patient information compromised in the incident varied and a limited number of exposed emails may have contained a patient’s bank account number and health information including a diagnosis. Patients treated by LSU health New Orleans should be alert to potential identity theft and spear phishing risks.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Controlling access to your company’s systems and data is even more important when the data that you’re storing is especially sensitive and its exposure could incur major penalties.

ID Agent to the Rescue: Control your access points effectively with Passly to ensure that the right people have access to the right things at the right times – and only the right people. SEE HOW IT WORKS>>


United States – Sophos

https://www.zdnet.com/article/sophos-notifies-customers-of-data-exposure-after-database-misconfiguration/

Exploit: Misconfiguration

Sophos: Cybersecurity Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.336 = Severe

A misconfigured database with access permission issues is to blame for the exposure of client data at Sophos. The company stated that the exposed database was used to store information on customers who have contacted Sophos Support. This is the second major security incident Sophos has dealt with this year.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.772 = Moderate

The database did not contain any sensitive information. Sophos disclosed that the exposed information included details such as customer first and last names, email addresses, and phone numbers. Clients should be alert to potential spear phishing risk using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nocomany can avoid occasional problems like this, whether they’re caused by malfunctioning software or an employee misclick. Putting extra layers of security in place helps mitigate the damage of these troublesome security incidents.

ID Agent to the Rescue: Protecting your data and systems with more than one layer of security helps blunt the blow of inevitable mistakes and malfunctions. Passly provides that extra protection immediately at an excellent price. LEARN MORE>>


United States – US Fertility

https://securityaffairs.co/wordpress/111513/data-breach/ransomware-hits-us-fertility.html

Exploit: Ransomware

US Fertility: Specialty Medical Clinic Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.229 = Severe

Ransomware disrupted operations at the largest provider of fertility services in the US after a number of servers and workstations became encrypted by ransomware. While US Fertility was able to restore operations quickly, the healthcare company determined that some patient data had been exfiltrated in the incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.312 = Severe

Cybercriminals were able to steal an indeterminate number of files containing patient information including names, addresses, dates of birth, MPI numbers, and for some individuals Social Security numbers. Clients should be alert to the possibility of spear phishing and identity theft using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a huge threat to healthcare targets right now, as was disclosed in a recent CISA alert. Healthcare sector businesses need to be alert to the danger and using their resources wisely to combat it.

ID Agent to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>




The Week in Breach News – United Kingdom & European Union


United Kingdom – National Health Service

https://www.infosecurity-magazine.com/news/nhs-error-exposes-data-hundreds/

Exploit: Insider Threat (Employee Error)

National Health Service: National Healthcare System 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.706 = Severe

An employee error at NHS Highland earlier this month led to the personal information of 284 patients with diabetes becoming exposed after a spreadsheet was accidentally shared via email with 31 NHS staffers who weren’t authorized to access it.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.812 = Severe

The spreadsheet of data was limited to just patients treated at the affected location. Information on the spreadsheet included names, dates of births, contact information, and hospital identification numbers for the 284 patients.

Customers Impacted: 284

How it Could Affect Your Customers’ Business: Human error will always be a factor in cybersecurity. But adding extra locks on sensitive information can prevent incidents like this one.

ID Agent to the Rescue: Passly provides the extra security that businesses need to guard against accidental unauthorized access incidents with single sign-on LaunchPads that make it easy to control who has access to what. LEARN MORE>>


Holland – Endemol Shine Group

https://www.forbes.com/sites/leemathews/2020/11/28/notorious-ransomware-gang-hits-producers-of-big-brother-master-chef-and-the-voice/?sh=1b017a2773bb

Exploit: Ransomware

Endemol Shine Group: Television Production & Distribution 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.662 = Severe

DoppelPaymer came calling at the Amsterdam-based production and distribution giant behind hits like Big Brother, Master Chef, and The Voice. The gang added sample data to its leak site last week, but no determination has been made about the scope or variety of information stolen. Investigation and recovery are ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware and phishing go hand in hand and as social engineering tactics improve it’s always going to be the fastest, easiest way for cybercriminals to strike.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>


Denmark – Ritzau

https://au.news.yahoo.com/ritzau-news-agency-hit-cyber-attack-150448121–spt.html

Exploit: Hacking

Ritzau: News Wire Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.237 = Severe

An unspecified hacking attack knocked out the email and telephone capabilities at Ritzau. The bureau was forced to resort to sending out news updates via an emergency email system. Sevice remains impacted with no timeline for recovery.

Individual Impact: No personal data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks like this one are typically caused by ransomware. It has been an increasingly popular tool for nation-state hackers and other bad actors looking to disrupt infrastructure and official service targets.

ID Agent to the Rescue: Don’t wait until ransomware creates a massive disruption in your organization’s ability to fulfill critical roles. Update phishing resistance and security awareness training for every staffer BullPhish ID. SEE BULLPHISH ID IN ACTION>>



The Week in Breach News – Asia Pacific


India – IIAM Jobs

https://inc42.com/buzz/data-of-1-4-mn-users-on-iimjobs-allegedly-leaked-on-dark-web/

Exploit: Data Theft

IIAM Jobs: Job Search & Listing Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.569 = Severe

A security researcher uncovered a huge trove of information likely stolen from Indian jobs service IAM Jobs on the Dark Web. The data of more than 1 million users was exposed including passwords, names, phone numbers, email addresses, the location of users, their industry, and links to their LinkedIn profiles. The data appears to be about a year old.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.779 = Severe

Users of IIAM should be alert to the potential of identity theft or spear phishing created by this exposed information.

Customers Impacted: 1.4 million

How it Could Affect Your Customers’ Business: Data theft is even more problematic when it’s not noticed until far afterward by someone else. It shows your customers that you don’t take cybersecurity seriously and can make them take their business elsewhere in a hurry.

ID Agent to the Rescue: Remember, employees routinely recycle passwords between work and personal applications. Don’t miss the memo when your employee passwords are exposed on the Dark Web through incidents like this. LEARN MORE>>



The Week in Breach News – Australia & New Zealand


Australia – Law In Order

https://www.itnews.com.au/news/law-in-order-hit-by-ransomware-attack-558197

Exploit: Ransomware

Law In Order: Legal Document Services Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.770 = Severe

Netwalker ransomware is the culprit of a cyberattack at Law In Order, a leading processor of legal services documents. The company is still determining the scope of the attack. While originally claiming that no data was exfiltrated, Law In Order backtracked to say that it was determining exactly what data has been stolen after the cybercrime gang posted samples of the purloined information on its leak site. Recovery is ongoing and operations are experiencing a lasting impact.

Individual Risk: The company is unable to provide information about what data was stolen and to whom that data pertains.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Putting extra security between your client records and hackers is a smart move to avoid having your data become a new asset in the booming Dark Web data economy.

ID Agent to the Rescue: Information from attacks like this inevitably makes its way to Dark Web data markets. Make sure your employee credentials are protected from Dark Web data risk when you have them monitored with Dark Web ID. SEE DARK WEB ID AT WORK>>



The Week in Breach News Guide to Our Risk Scores



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!


The Week in Breach: Resource Spotlight


Our Power Pairs Give You a Refresher Course in Cybersecurity Threats Fast


Pair One: Stay One Step Ahead of Cybercrime When You Brush Up on Phishing Threats

Phishing threats are a menace that every business is combatting these days. Wouldn’t it be great to know how cybercriminals create and launch phishing campaigns in order to predict what threats you’ll face next? We’re here to help with this power pair that delivers the goods to help you understand and defeat phishing threats in a flash!

Read: Phish Files

We’ve gathered all of our best intel about phishing-related cybercrime into this NEW eBook. Learn how phishing threats are born, why cybercriminals are so enthusiastic about phishing, and what you can do to secure your clients against today’s nastiest threats!  GET THE BOOK>>

Watch: Phishing Confidential: Offensive and Defensive Playbooks of a Phishing Attack Revealed

Learn about phishing from both sides as you see attackers and defenders in action in this webinar that demonstrates how hackers launch phishing attacks and how cybersecurity experts defend against them with real-time, step-by-step examples! WATCH THE WEBINAR>>

Pair Two: See Why Security Awareness Training is Your Real Defensive Secret Weapon

Read: Security Awareness Champion’s Guide 

Become a cybersecurity hero with the tips, tricks, and clear walkthroughs of cybersecurity threats in this fantastic new eBook. Learn step-by-step strategies to defeat ransomware, business email compromise, phishing, and more on your journey to becoming a Security Awareness Champion! GET THE BOOK>>

Watch: How Phishing and Security Awareness Training Will Reduce Your Largest Attack Surface: Your Employees

Why not use every arrow in your quiver to fight cybersecurity threats? learn how to protect your systems and data effectively and cost-effectively by taking advantage of the defensive possibilities of one of your company’s most powerful resources – your staff. WATCH THE WEBINAR>>



The Week in Breach: Featured Briefing



Business Email Compromise Scams Are Evolving to Pose a Nastier Threat Than Ever Before


Business email compromise (BEC) scams have been around for years. While they take more time and effort than other cybercrimes like ransomware or credential stuffing, BEC scams make up for it with a handsome payoff – and in a challenging economy, even cybercriminals are looking for new ways to turn a quick profit.

That’s why BEC has become both more favored and more dangerous. Bad actors are using the opportunities created by chaotic world conditions and an increased amount of information about businesses that’s readily available on the Dark Web to evolve their attacks, creating scams that are harder to spot and more efficient.

One unexpected facet of this uptick in BEC is that the operators of these scams aren’t based in some of the most expected locations for cybercrime gangs. Five US states are the home of more than 50% of BEC scammers: California, Florida, Georgia, New York, and Texas. Researchers note that BEC scams have launched in 45 states across the US in the last 12 months.

BEC scams have also been increasing is profitability for scammers. Analysts have determined that more than $64 million in stolen funds from BEC victims was transferred through 2,900 “money mule” accounts (a common tool of money laundering) in 39 countries. More than 900 US-based money mules were used in BEC scams between May 2019 and July 2020, with at least one mule spotted in every state.



After a booming spring and summer for cybercrime, BEC scams show no signs of slowing down. In Q3 2020 the median number of BEC attacks received per company each week rose by 15% over Q2 2020. Attacks that perpetrated invoice or payment fraud jumped by 155% as well, with COVID-19 themed scams up by 81% during the quarter. A huge increase in Dark Web activity and large quantities of fresh data hitting Dark Web markets and dumps helped fuel the trend.

With this increased activity in BEC scams, your clients need to have their security ducks in a row to avoid potential disasters, and no business is too small to be at risk. By adding a few simple solutions to their cybersecurity mix, your clients can put the extra protection that they need to fight back against BEC in place at an excellent price, boosting their security and your MRR.

First things first: If your clients aren’t already using multifactor authentication with a tool like Passly, they need to add it immediately. One of the most widely recommended mitigations for all types of cybercrime, multifactor authentication as part of a secure identity and access management solution is a vital defensive tool for every business of every size. Passly combines the protection of MFA with other security essentials like single sign-on and secure shared password vaults to maximize protection at a minimum price.

The second component of a strategy to mitigate BEC danger is increased security awareness and phishing resistance training. Almost all BEC scams start with a phishing message. Some deploy malware, some steal passwords, but they’re all intended to do the same thing: give cybercriminals access to company systems and data.

Increasing security awareness and phishing resistance training with a solution like BullPhish ID is ideal for guarding against phishing-based cybercrime like BEC scams. Regularly updated training (at least every 4 months) transforms a company’s staff from its largest attack surface into its largest defense asset. As an added benefit, phishing resistance training also helps mitigate ransomware and credential compromise danger.

With such a handsome payoff for their work in a difficult economy, cybercriminals aren’t going to be giving up on BEC scams anytime soon. It’s time to make sure that your clients understand the danger that they face from this growing threat – and we’re here to help. Contact the experts at ID Agent to learn more about protecting your clients and your business from BEC risks.



The Week in Breach: A Note for Your Customers


Cyber Risk Literacy is Critical for a Strong Defense 


Business cyberattack threats have never been higher. Massive increases in phishing (more than 600%), ransomware (more than 150%) and other cybercrime might keep you up at night, but are your staffers aware of exactly how important cybersecurity really is to your business? Your employees might not be on the same page as you are about cybersecurity risks – and that’s a problem that could end up costing you a fortune.

For most people outside of directly technology-related positions, a cyberattack is a vague, hard to understand threat. It just doesn’t seem possible that one misclick on an email could cost a company millions. That’s why making risk literacy a top priority for every employee is crucial to maintaining a strong defense against cybercrime.

One effective way to increase your employees’ risk literacy is with regular, engaging security awareness training that includes phishing threats since phishing is by far the most common delivery system for cyberattacks. Over 90% of incidents that end in a data breach start with a phishing email and no company can afford that right now.



BullPhish ID is the ideal choice to increase your staff’s risk literacy with memorable, easy-to-understand security awareness and phishing resistance training in 8 languages. Using engaging video lessons, risk information is served to your employees in bite-sized pieces for easy comprehension no matter how tech-savvy they may be.

Online testing measures their retention of the lessons, giving you the information that you need to see who has a handle on security awareness and who needs more help. More than 80 training campaigns are available for you to use right now, and 4 more are added every month, including content about the latest threats like COVID-19 scams.

Training your staff to be aware of potential threats pays handsome dividends for your business – companies that engage in regular security awareness training have up to 70% fewer damaging cybersecurity incidents. By establishing a strong culture of cybersecurity awareness and giving everyone the help that they need to be part of the team, your company gets a huge overall cybersecurity boost that can make the difference between success and failure for cyberattacks now and in the future.


how to define insider threats represented by two men shaking hands, but one has the shadow of the a devil behind him.

Insider threats are today’s scariest business cybersecurity risk. Learn to spot and stop them with the eBook and other tools in this resource package!

Get “Stop Insider Threats” now>>


Catch Up With Us at These Virtual Events


Have you reserved your seat for ‘Twas the Night Before Krampus? Join Krampus and the ID Agent elves on December 15 from 3 pm ET – 5:30 pm ET featuring plenty of sugar and spice including a keynote by a former cybercrime king Brett Johnson, The Original Internet Godfather, tales of amazing sales secrets from Channel leaders, and OVER $5K in cash and prizes like a celebrity Zoom, an Apple gadget, a VR headset, or a grand prize of $1,000 cash REGISTER NOW>>

  • DEC 1 – DEC 25: EverythingMSP Presents “A Very Merry MSP Christmas” Giveaway REGISTER>>
  • DEC 9: Phish and Chips (EMEA Edition) REGISTER >>
  • DEC 7-11: The TruMethods MSP Success Summit REGISTER>>
  • DEC 15: ‘Twas the Night Before Krampus REGISTER>>

Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!