Please fill in the form below to subscribe to our blog

The Week in Breach News: 12/16/20 – 12/22/20

December 23, 2020
this week's spotify breach represented by a computer palying music with a faint image of a hacker on it.

This Week in Breach News:

The fallout of last week’s massive nation-state hacking incident continues for Microsoft, Cisco & more organizations (and it isn’t letting up), plus yet another Spotify breach, all of the details you need to know about our exciting BullPhish ID relaunch event in January, how “Work From Home culture” spawns new risks that may be here to stay and the dangers of booming Dark Web data markets for your clients. 


The Week in Breach News – United States 


United States – Microsoft

https://portswigger.net/daily-swig/microsoft-falls-prey-to-solarwinds-supply-chain-cyber-attacks

Exploit: Hacking (Nation-State)

Microsoft: Software & Technology Developer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

Another chapter in the SolarWinds Nation-State Hack opened when Microsoft disclosed that it had been hacked as well. The same suspected Russian hacking activity that rocked the world last week hit the software giant as well. This Microsoft compromise appears to have a direct path back to the infected updates to SolarWinds’ Orion. The company notes that it has “not found evidence of access to production services or customer data”, but that’s in dispute.

Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nation-state hacking is a growing problem that can lead to damaging, nightmarish consequences. Every business needs to be ready for increased pressure from nation-state hackers in the future.

ID Agent to the Rescue: Your customers need solutions that protect their data from risks today and tomorrow, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>


United States – Cisco

https://www.crn.com/news/security/cisco-hacked-through-solarwinds-as-tech-casualties-mount

Exploit: Hacking (Nation-State)

Cisco: Technology Developer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.411 = Severe

Cisco also took a hit in last week’s disaster, but it appears to have been very small. The company has so far reported that the SolarWinds Orion software update was only impacting a small number of computers in its’ test environments. Cisco says that no customer systems or data were impacted from their end.

Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident.

How it Could Affect Your Customers’ Business Nation-state hacking is a risk that can only grow, and that has to be part of every business’ risk calculus. Putting overlapping protection in place can help your clients resist these attacks.

ID Agent to the Rescue: Ensure that your clients are making smart cybersecurity decisions with our Security Awareness Champion’s Guide, featuring walkthroughs of today’s risks and how to beat them in an easy-to-understand videogame style. GET THIS BOOK>>


United States – Spotify

http://techgenix.com/spotify-data-breach/

Exploit:  Accidental Data Exposure

Spotify: Music Streaming Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223 = Severe

In their 3rd breach of the year, Spotify has announced that starting in April 2020, some user information was inadvertently exposed to third-party partners that shouldn’t have been able to access it. The leak was discovered and closed in November 2020.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.212 = Severe

The leaked information may have included email address, display name, password, gender, and date of birth for users. Customers should be alert for spear phishing and credential stuffing attempts made using this information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This kind of data inevitably makes its way to the Dark Web, providing fodder for cybercriminals to exploit to fuel future cyberattacks.

ID Agent to the Rescue: Dark Web ID helps protect businesses from Dark Web danger by watching for protected credentials to appear in Dark Web markets 24/7/365 and alerting your IT team if they appear. SEE DARK WEB ID IN ACTION>>


United States – City of Independence, MO.

https://fox4kc.com/news/customers-frustrated-after-independence-utility-payment-system-goes-offline-following-cyber-attack/

Exploit: Ransomware

City of Independence, MO: Municipal Government 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

Energy customers in the city of Independence, Missouri were unable to pay their utility bills after a ransomware attack spurred the city’s IT team to take all city systems offline in response to a ransomware incident. The municipal government is still conducting investigation and remediation. Citizens can currently only pay utility bills in person.

Customers Impacted: 54,000

How it Could Affect Your Customers’ Business: More municipalities are finding themselves in the crosshairs of cybercriminals looking to make a quick profit than ever.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>


United States – Sonoma Valley Hospital

https://www.infosecurity-magazine.com/news/svh-notifies-67k-patients-of-data/

Exploit: Hacking (Nation-State)

Sonoma Valley Hospital: Medical Center

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.809 = Severe

Nation-state hackers are reportedly behind a data breach at a major California hospital. Sonoma Valley Hospital announced that it had been hit with a hacking incident involving a ransomware component as part of a wider hack by suspected Russian hackers. Ongoing forensic analysis since the October incident has revealed that patient data may have been compromised in the incident.

2.5 – 3 = Moderate Risk

Risk to Business: 2.667 = Moderate

It’s unclear to what extent customer data was impacted, but it is possible that some personally identifying information and treatment data was accessed or copied by the intruders. The investigation is ongoing, but people who have been treated at this facility should be alert for spearphishing attempts.

Customers Impacted: 67,000

How it Could Affect Your Customers’ Business: Ransomware is a huge threat to every organization right now, and it has been so widely deployed in the healthcare sector that CISA released guidance on risk avoidance.

ID Agent to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>



The Week in Breach News – United Kingdom & European Union


United Kingdom – People’s Energy

https://www.bbc.com/news/technology-55350995

Exploit: Hacking

People’s Energy: Sustainable Energy Utility 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616 = Severe

Sustainable energy utility People’s Energy was breached by hackers, leading to the theft of its entire database. Both personal information of clients throughout Scotland, England, and Wales was taken as well as details about some business clients and general business information. People’s Energy has contacted the Information Commissioner’s Office, the National Centre for Cyber-Security, the energy regulator Ofgem and the police.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.712 = Severe

Data stolen included names, addresses, dates of birth, phone numbers, tariff, and energy meter IDs for private customers and those details plus bank account information from 15 business clients. Customers of the Edinburgh based utility should be alert to phishing and fraud attempts.

Customers Impacted: 270,000

How it Could Affect Your Customers’ Business: Hacking incidents against infrastructure targets have been increasing, especially from nation-state hackers. Adding access point protection can help ameliorate those risks.

ID Agent to the Rescue: Secure identity and access management is a top CISO priority in 2020 because it’s effective against many types of threats, from credential stuffing to direct hacking attempts. Passly is the perfect tool for the job, with multifactor authentication and single sign-on built right in. SEE PASSLY AT WORK>>


United Kingdom – Probase

https://www.theregister.com/2020/12/18/probase_unsecured_azure_blob/

Exploit: Unsecured Database

Probase: CRM App Developer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.235 = Extreme

The CRM developer made a big mistake this week when it came to light that an unsecured Microsoft Azure blob had left more than half a million sensitive business and client documents exposed. An estimated 587,000 files were involved in the incident: FedEx records, occupational health assessments, insurance claim documents from US firms underwritten by Lloyds of London, senior barristers’ private correspondence, and even internal complaints.

Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Sloppy mistakes can lead to disaster, as is illustrated in this example. By promoting a strong cybersecurity culture and taking basic precautions, companies can prevent these accidents from happening.

ID Agent to the Rescue: Encourage your clients to develop a strong cybersecurity culture to increase their cyber resilience, starting with phishing resistance training using BullPhishID – because regular security awareness training reduces a company’s risk of a damaging cybersecurity incident by up to 70%. LEARN MORE>>


Germany – Symrise

https://www.bleepingcomputer.com/news/security/flavors-designer-symrise-halts-production-after-clop-ransomware-attack/

Exploit: Ransomware

Symrise: Flavor and Fragrance Producer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.107 = Severe

Clop ransomware disrupted operations at one of the world’s largest manufacturers of flavors and scents. Allegedly, bad actors breached security through ransomware, stole 500 GB of unencrypted files, and encrypted close to 1,000 devices. Production was temporarily shut down but most systems have been restored.

Individual Impact: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can do more than just steal your data – it can shut your business down cold, resulting in even larger losses than you’re anticipating.

ID Agent to the Rescue: Transform your staff from your largest attack surface into your biggest security asset with easy-to-manage phishing resistance training using BullPhish ID. SEE BULLPHISH ID AT WORK>>



The Week in Breach News – Asia-Pacific


India – State of Telangana

https://gadgets.ndtv.com/internet/news/telangana-government-data-leak-breach-employees-pensioners-privacy-2340513

Exploit: Misconfiguration

State of Telangana: Regional Government 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.611 = Severe

A server misconfiguration led to more than 130,000 highly sensitive files being exposed for more than three months. The data exposed belonged to both state employees and pensioners. The breach included thousands of government employee payslips, income tax details, and pension documents that had information including full names, addresses, bank account numbers along with IFSC codes, phone numbers, and salaries drawn, among other data. Some of the exposed files also included photos and thumb impressions of various state government employees and pensioners.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.602 = Severe

Employees and retirees of the State of Telangana should be alert to the potential for identity theft, fraud, spear phishing, and impersonation that this information causes.

Customers Impacted: 130,000

How it Could Affect Your Customers’ Business: This kind of information is valuable, and cybercriminals know that they can make a pretty penny on it in the booming Dark Web data markets.

ID Agent to the Rescue: Protect your business from Dark Web danger with Dark Web ID, the always-on guardian that you can trust to alert you immediately to Dark Web credential exposure. LEARN MORE>>


India – ELCOM Innovations Private Limited 

https://ciso.economictimes.indiatimes.com/news/defence-tech-service-provider-firms-data-hacked-company-claims-rs-50-cr-loss/79736076

ELCOM Innovations Private Limited: Defense Technology Contractor

Exploit: Malicious Insider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.102 = Extreme

Defense technology contractor ELCOM got a nasty surprise when it uncovered that a malicious insider had taken part in a hacking incident that resulted in the theft of classified and sensitive information related to defense technology. India’s military branches and intelligence agencies were informed of the potential risk, as well as local, regional, and national authorities, and an investigation is underway.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Malicious insiders are a nightmare for any business, but especially one that deals in classified defense-related data and systems.

ID Agent to the Rescue: Learn to spot and stop insider threats whether they’re malicious or accidental. . Download our “Insider Threats” toolkit for an eBook and other tools to combat insider threats. GET THE FREE TOOLKIT >>



The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!



The Week in Breach: Resource Spotlight


Introducing: The NEW BullPhish ID


Phishing is today’s biggest threat. Are you on the hunt for an effective, innovative phishing resistance training solution that you can rely on to secure your customers against this risk and grow your security awareness training business? We have one we’d like to introduce to you: BullPhish ID.

We’ve listened to your feedback about what you need from BullPhish ID, and we aim to deliver it. Join us on January 19, 2021, at 11 am ET to be among the first to see that feedback at work as we unveil the freshly updated and upgraded BullPhish ID, including:

  • A tour of the exciting enhancements to BullPhish ID, including a new training portal and highly anticipated feature upgrades!
  • Insight into growing your business with security awareness training from ID Agent experts Matt Solomon, Amelia Paro, Dan Tomaszewski, Jeremy Malin, and Garrett Browne.
  • Fabulous prize giveaways throughout the event
  • A free download of our phishing explainer ebook, “Phish Files”
  • A sneak peek at what’s next for ID Agent including our Customer Community launch
  • and so much more!

Don’t Miss “Grabbing BullPhish ID By The Horns”! RESERVE YOUR SPOT>> 


New Webinar! “Twas the Night Before Krampus” Recording Available Now!


We know the holiday season is busy for everyone, so you may not have been able to join us for “Twas the Night Before Krampus”. We don’t want you to miss out on all of the inspiration and insight gained from this special event, so we recorded it for you. You’ll enjoy:

  • Tales of Cybercrime past from “The Original Internet Godfather” ex-hacker Brad Johnson
  • Amazing stories of MSP sales glory in these challenging times with Matt Solomon
  • A look forward to 2021 product enhancements that set you up for success
  • More tips & tricks for sales success

Watch the recording of “Twas the Night Before Krampus” today! WATCH NOW>>


insider threats like human error represented by the silhouette of a woman with her head in her hands in front of a laptop.

Is your company’s biggest security threat a member of your team? Learn to spot insider threats with this free resource package! GET IT>>


The Week in Breach: Featured Briefing


“Work From Home” Culture Spawns New Rewards & New Risks for Companies Making Tough Choices


As the world continues to adjust to the tremendous tumult brought on by the COVID-19 pandemic, many companies are coming to an unexpected realization – allowing their employees to work from home is actually a great idea that’s saving them time and money. Many companies are looking at either becoming fully remote full-time or allowing flexible work from home arrangements to be their new normal. But that brings new cybersecurity risks to the table that they might not be anticipating.

While some employees can’t wait to get back to their normal routines in the office, a large swathe of workers is in favor of continuing to work from home indefinitely. In a survey of 1,123 remote workers by The New York Times and Morning Consult, 86 percent of the surveyed workers said they were satisfied to very satisfied with working from home full-time. The majority of workers in the survey reported feeling less stressed, more empowered to take breaks, and that they’re able to get more exercise – all contributors to increased employee satisfaction and productivity.



However, alongside this increase in employee happiness, there’s a commensurate increase in digital risk for businesses. In a British survey, this time of IT leaders and specialists in a variety of industries, 82% believe their organization is at greater risk of phishing attacks and 78% expect an increase in insider threats from remote workers.

Where are they drawing these conclusions from? The fact that 57% of remote employees rely on email as their primary form of communication and email is a gateway to today’s biggest cybersecurity threat: phishing. Phishing was the leading cause of cyberattacks between March and July 2020, with 30% of the surveyed IT leaders reporting a rise in ransomware attacks in that period.

BYOD (Bring Your Own Device) policies and the increasingly blurred line between work and personal devices have created additional persistent risk for many companies, especially around phishing. The survey reports that 78% of remote workers using personal devices during the period received phishing emails in their work or personal inbox, and 68% said they clicked through or opened an attachment in an unsolicited email.

The decisions that businesses make about their in-office or fully remote future impacts the choices in security offerings that you’ll be bringing to the table for them. So what can you rely on to help your clients improve their security and confidently continue to support a remote workforce?



Start with a powerhouse pair of simple, affordable solutions that address many cybersecurity issues at once: Passly and BullPhish ID.

Passly gives your clients tremendous value by combining multifactor authentication and single sign-on into one dynamic tool instead of buying a patchwork of solutions. The star of the show in this case is multifactor authentication. It’s a fast, affordable roadblock to throw up between businesses and the bad guys. It’s also a best-practice recommended by experts worldwide, and a requirement for compliance in some industries.

The simple remote management capability that comes with Passly makes it quick and easy to add or remove access from users in a flash, reducing the burden on IT teams for constant password and permission changes. Plus, single sign-on LaunchPads also make it easy to quickly quarantine and cut access off from a potentially compromised user account to prevent further damage from a nascent cybersecurity incident.

Combine this added access point security with increased security awareness and phishing resistance using BullPhish ID. This is a modern-day essential for every business as phishing risks continue to escalate. Many of today’s nastiest cyberattacks, including malware and ransomware favored by nation-state hackers, starts out as a phishing email. However, a company’s risk of experiencing a damaging cybersecurity incident decreases by up to 70% if they engage in at least quarterly training.

By dropping a 1 – 2 punch on cybercrime with secure identity and access management bolstered by phishing resistance and security awareness training, you and your clients can feel confident that you’ve got a good defensive framework in place to mitigate many of the risks that come from supporting a remote workforce indefinitely.



The Week in Breach: A Note for Your Customers


Millions of Stolen User Records Create Risk for Your Business 


It’s not just information that’s stolen from your company that puts your business in jeopardy. Your company’s security is also in danger because of information stolen in data breaches at other businesses or through breaches at hospitals, government agencies, utilities, colleges, and other organizations – and that risk is growing every day as more information makes its way to the Dark Web.

Dark Web activity has exploded in 2020. The combination of millions of people suddenly working from home, a thirst for knowledge about the pandemic, and advancements in ransomware and other cybercrime technology has made it easier than ever for cybercriminals to get their hands on the information that they need to target and attack organizations – 60% of the information on the Dark Web has the potential to harm enterprises.

One common way that cybercriminals use this information is to gather or obtain huge lists of passwords that have been stolen in data breaches around the world. It’s a well-known fact among bad actors that people tend to recycle passwords, often using a few that they cycle through for both work and home applications. If those passwords are stolen in a data breach and hit the Dark Web, they’re added to the pool that cybercriminals draw from when gathering ammunition for attacks.

That can create severe risks for your business. For example, if one of your staffers is recycling a favorite password by using it for both their company O 365 password and their personal Spotify account, and that password gets stolen in a data breach (Spotify has had 3 data breaches in 2020 alone), then cybercriminals now have a key that unlocks the front door to your business.

That’s why you should add Dark Web monitoring with a dynamic solution like Dark Web ID to your security plan. Find out that one of your company’s credentials has been compromised before the bad guys do with 24/7/365 monitoring using human and machine analysis. Dark Web ID constantly sweeps Dark Web data markets to find your potentially compromised credentials and alert your IT team immediately when one pops up.

Don’t take chances on an unexpected credential compromise incident, because even the best-laid security plan can be undone in a second with one compromised credential that goes undetected, allowing cybercriminals to slide right in to your business. Include reliable, affordable Dark Web monitoring in your 2021 security plan and gain peace of mind against unpleasant surprises like credential compromise from the Dark Web.



Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!