Please fill in the form below to subscribe to our blog

The Week in Breach News: 02/02/22 – 02/08/22

February 09, 2022

Cybercriminals take a bite out of a UK snack company, a massive ransomware attack hampers fuel operations at EU ports, more De Fi hacks and why you should be worried about cryptocurrency risk.  

Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>

Morley Companies Inc.

Exploit: Ransomware

Morley Companies Inc.: Business Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.507= Severe

Morley Companies, a business service provider to several Fortune 500 companies, announced that it had been hit with a ransomware attack that may have exposed sensitive information for more than 500,000 people.  In a statement, the company said that “a ransomware-type malware had prevented access to some data files on our system beginning August 1, 2021, and there was an unauthorized access to some files that contained personal information.”, chalking up the delay in notifying possible victims of this exposure to the complexities of the incident investigation.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.663= Severe

Morley Companies said the attack affected the information of “current employees, former employees and various clients.” The potentially compromised information leaked includes names, addresses, Social Security numbers, dates of birth, client identification numbers, medical diagnostic and treatment information and health insurance information. The company is offering credit monitoring and identity theft protection for victims.  

Customers Impacted: 500,000

How It Could Affect Your Customers’ Business: Companies that store large quantities of personal or medical information are prime targets for the bad guys.

ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>

Civicom, Inc.

Exploit: Misconfiguration

Civicom Inc.: Business Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 =Severe

Civicom is in hot water after leaving 8 TB of data exposed in an unsecured AWS S3 bucket. The New York-based company specializes in virtual conferencing facilitation, transcription and research services. With offices in the United States, the Philippines and the United Kingdom. Ultimately, Civicom exposed records containing more than 100,000 files including thousands of hours of audio and video recordings containing private conversations as well as written transcripts of meetings and calls by the company’s clients.

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business This is not an uncommon mistake, but it’s always a problem and could be an expensive regulatory disaster in some industries

ID Agent to the Rescue: Share The Computer Security To-Do List with your clients to help them find vulnerabilities and you’ll start profitable conversations! DOWNLOAD IT>>


Exploit: Hacking

Wormhole: De Fi Platform 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227= Extreme

Hackers swooped in and snatched up more than $320 million from De Fi platform wormhole this week. The DeFi platform, a bridge between cryptocurrency Solana (SOL) and other blockchains, was exploited for approximately 120,000 wrapped Ethereum in what is thought to be the second-largest cryptocurrency hack to date. Wormhole’s parent company Jump Crypto pledged to replace the 120,000 ether Wormhole lost. The company was quick to note that the crypto was stolen through exploiting a vulnerability in the platform, not taken from an Ethereum address and it was taken in 3 separate transactions.  

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business De Fi has been a hotbed of having activity as cybercriminals seek quick scores of cryptocurrency, and there’s no end to the danger in sight.

ID Agent to the Rescue:  Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>  

News Corp. 

Exploit: Nation-State Cybercrime

News Corp.: Media & Publishing Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.071 = Severe

Major media company News Corp. has disclosed that it was the target of a cyberattack by suspected Chinese nation-state hackers. The attack came to light in late January and affected News Corp. business units, including The Wall Street Journal and its parent company Dow Jones, the New York Post, News U.K. and News Corp. Headquarters. The hack affected emails and documents of what it described as a limited number of employees, including journalists. The incident is under investigation.

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Organizations should keep in mind the fact that the preferred weapon of nation-state cybercriminals is ransomware.

ID Agent to the Rescue: Help your clients stay safe from the most common delivery system for ransomware, a phishing message, with our Can You Spot the Phishing Email? infographic! DOWNLOAD IT>>

dark web danger represented by a shadowy hacker using a hook to steal a password from a square flating over a laptop with other warnings in an animated style

Spark profitable security training conversations with clients & prospects by giving them this list of risks. DOWNLOAD IT>>

United Kingdom – KP Snacks 

Exploit: Ransomware

KP Snacks: Food Manufacturer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.321= Extreme

Food company KP snacks, manufacturer of beloved British snacks like Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks, was hit with a ransomware attack in late January that may impact its production. Conti ransomware operators have claimed responsibility. The company informed retailers in early February that the attack had impacted its manufacturing and distribution, and that product shortages may continue into March.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.304= Extreme

Researchers discovered samples of some of the data it had infiltrated on its dark web leak page, including confidential employee data such as home addresses and phone numbers, employment contracts, credit card statements and even birth certificates.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware attacks against manufacturing targets have become increasingly prominent as cybercriminals look for a quick payday from businesses that they shut down.

ID Agent to the Rescue Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware ExposedGET THIS EBOOK>>    

United Kingdom – British Council

Exploit: Misconfiguration

British Council: Cultural Promotion & Language Testing

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.919 = Moderate

British Council, the global organization for promoting British culture and administrators of the International English Language Testing System (IELTS) exam, leaked over 144,000 files containing student records due to an unsecured Microsoft Azure blob. Researchers determined that the blob contained the personal information of hundreds of thousands of British Council English course learners and students from around the world. The group points to a contractor as the culprit for the leak.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.906 = Moderate

Exposed data includes a student’s full name, email address, student ID, student status, enrollment dates, duration of study and other information.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals have been having a field day going after education-related targets, a problem that is only growing worse.

ID Agent to the Rescue Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>> 

Germany – Oiltanking

Exploit: Ransomware

Oiltanking: Fuel Storage

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.313 = Extreme

A ransomware attack has impacted German fuel tanking company Oiltanking. The company was ensnared in a massive ransomware attack that has disrupted operations at 17 European oil terminals including the busy Amsterdam-Rotterdam-Antwerp refining hub starting on January 29th. Other European companies are also involved including German oil trade company Mabanaft, SEA-Invest in Belgium and Evos in the Netherlands. The attack appears to have had the most impact on the processing, loading and unloading of cargoes. BlackCat ransomware is thought to be behind the incident.  

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Infrastructure and utility attacks have become much more common – Utilities/Infrastructure was one of the top 3 industries for ransomware attacks in 2021.

ID Agent to the Rescue Ransomware 101, our most popular eBook, is full of tips and expert advice to guide you through securing your clients effectively from today’s scariest risk. READ IT>>

Sweden – Securitas

Exploit: Misconfiguration

Securitas: Security Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.2011 = Severe

Researchers have discovered an unsecured AW S3 bucket belonging to security company Securitas that left data exposed for airport employees in Colombia and Peru at four airports: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE). In addition to the exposed employee data, researchers also uncovered photographs of airline employees, planes, fuel lines, and luggage handling were in the bucket.   

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.992 = Severe

The exposed records include ID card photos, names, photos, occupations, and national ID numbers for Securitas and airport employees.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Information is a currency on the dark web and cybercriminals are always hungry for more, especially personal and financial data.

ID Agent to the Rescue Employee mistakes are a major source of security problems that lead to security disasters. The Guide to Reducing Insider Risk will help you reduce accidental insider risk for your clients! DOWNLOAD IT>>

Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.

Don’t let roadblocks trap you in the slow lane. Learn to overcome obstacles and put your MSP on the road to prosperity fast. SEE HOW>>

Grab These Winning Resource Pairs!

Are you ready to help your clients improve their overall defenses? Get these tools!

Cybersecurity New Year’s Resolutions Checklist Webinar WATCH IT>>

Reboot Your Cybersecurity Practices Checklist DOWNLOAD IT>>

How about helping your clients reduce insider risk? Get these tools!

Insider Risk: Detection and Prevention of the Largest Cyberthreat WATCH NOW>>

Guide to Reducing Insider Risk DOWNLOAD IT>>

Want to make more money? Get these tools!

How Security Awareness Training Protects Your Clients & Grows Your MRR. WATCH NOW>>

Computer Security To-Do List DOWNLOAD IT>>

Did you miss this? Help your clients spot phishing messages faster with this infographic. DOWNLOAD IT>>

See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>

Are Your Clients Ready for Crypto Threats? 

Risk Associated with Cryptocurrency Could Have a Surprising Impact on Your Clients 

How much do you know about how cryptocurrency can impact a company’s security? Cryptocurrency is all over the tech and financial news, both as a means of transacting business and a curiosity. Nearly weekly we’re hearing about massive cryptocurrency heists at De Fi platforms that trade and store it. And everyone knows that crypto has long been the preferred currency of the dark web. But have you considered the security threat that the rise of cryptocurrency could be bringing to your clients?  

Take a deep dive into ransomware and learn to protect your clients affordably with this resource bundle! GET IT>>

Why Should You and Your Clients Care About Cryptocurrency? 

You and your clients should be concerned about security risks presented by the growth of cryptocurrency. One major aspect of the cryptocurrency revolution is cryptomining, and it’s an enormous red flag for bigger cybersecurity trouble. It often serves as a gateway into more serious forms of cybercrime by enabling cybercriminals to quickly bypass security, opening companies up to dangerous cyberattacks through a kind of back door that they may not be guarding. Through cryptomining, bad actors gain entry to a company’s environment, creating an opportunity for them to launch more attacks. Those bad actors can set up a miner to make passive income while they conduct lateral moves to exfiltrate data or do something else malicious, damaging and expensive. Cisco experts have cautioned that any cryptomining traffic in a company’s environment should be taken seriously as an indicator of compromise

5 Essential Things to Know About Cryptocurrency  

  • There are over 5,000 different currencies. 
  • Bitcoin is the most common, but not the only, digital currency used in ransomware attacks. 
  • Ransomware groups snatched at least $81 million in crypto from victims by May 2021. 
  • The U.S. Federal Bureau of Investigation managed to recoup 63.7 of the 75 Bitcoins paid by Colonial Pipeline after their ransomware attack. 
  • Almost 80% of Americans polled in a recent survey were aware of Bitcoin and 32% were aware of Ethereum, two of the biggest brands in the cryptocurrency world.   

Use this checklist to be sure that you’ve found and mitigated every cyberattack risk that your client faces! DOWNLOAD IT>>

Cryptojacking is How it Starts 

How do those cryptominers get into your clients’ environment? Through cryptojacking which is ultimately done using that cybercriminal favorite method, phishing. In a cryptojacking scenario, bad actors typically choose one of two phishing methods to exploit their victim’s network to mine cryptocurrency. They’ll probably sound very familiar.  

  • Enticing the victim to click on a malicious link in an email that results in infecting the computer with cryptomining software. 
  • Infecting a website or online ad with malicious code that auto-executes once loaded in the victim’s browser. 

It’s really not that far from how a company would be infected with ransomware, except in this case, instead of locking down systems, the cybercriminals want to keep a company’s environment up and running in order to make money off of the cryptominers that they have deployed through their phishing campaign.  

Cryptojacking has been a major growth area in cybercrime. Although it may fly under the radar as splashy threats like ransomware consume the tech and business media, cryptojacking is a massive and growing threat to every environment. Experts point to a 300% increase in cryptomining malware last year. It’s a fairly low-risk cybercrime operation that can still be very profitable. Unlike ransomware, the nature of cryptomining makes cryptominers hard to detect and also makes it hard to trace the origin point back to the bad guys, making them less likely to get caught. 

Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>

Cryptomining Sneaks in Through the Back Door 

In the 2021 Cyber security threat tends report, Cisco’s analysts disclosed that almost 70% of organizations experienced some kind of cryptomining threat in 2021. That’s a huge and complex problem for IT professionals to face. It’s a slippery threat. Plus, once cybercriminals get everything going, cryptominers can be very hard to spot. They don’t do any obvious, immediate harm to the victim’s computing environment like other kinds of malware. A common thing for victims to notice when cryptomining is present in an environment is computers slowing down as cryptominers consume resources and computing power. Cryptomining is also a massive energy drain, leaving companies with cryptomining problems with high energy bills.  

Cybercriminals are pulling out all of the stops to get as many cryptominers going as they possibly can, and they’re not going to stop doing it. After all, who doesn’t love free money? Plus, there’s only ever going to be so much cryptocurrency available, and that means that people who deal in it will want to snatch up as much as they can while there’s still time. Cryptomining has been raging on cloud-hosted instances. A November 2021 report from Google Cloud found that 86% of compromised instances on their public cloud platform were involved in some kind of cryptomining activities. Most of those companies had no idea that they were facilitating a moneymaking scheme for cybercriminals.  

Help your clients reduce employee mistakes & sniff out malicious insiders with The Guide to Reducing Insider Risk. DOWNLOAD IT>>

Cryptomining Can Uncover Another Problem 

Unfortunately, the presence of cryptomining on a company’s network could also indicate the presence of a malicious insider. It’s not very difficult to deploy cryptominers, making cryptomining an easy way for employees who are hungry for extra income to make money. An estimated 70% of malicious insider breaches are financially motivated. Employees can easily manipulate their company’s IT environment to engage in cryptomining. Even if they’re not cryptomining on their own behalf, malicious insiders can also make money in the booming cybercrime-as-a-service economy by facilitating the deployment of cryptominers for other cybercriminals. If cryptomining becomes apparent in a company’s environment, they should prioritize looking for other indicators of malicious insider trouble 

The rise in cryptojacking is a major influence on a new technology just rolled out by Google. . The cryptomining problem in its cloud instances has become so acute that Google has launched a new cryptomining-related security feature for Google Cloud. The new feature aims to detect and block cryptomining operations that may be taking place in a company’s cloud environment. It’s called Virtual Machine Threat Detection (VMTD) and it debuted yesterday. Google promises that the new feature is an agentless system that will continually scan the memory of virtual machines deployed in Google Cloud environments, hunting for common signs of trouble like increased CPU or GPU usage that could indicate cryptomining operations are taking place. Google recommends that organizations initially enable VMTD for small portions of their nodes and monitor its function as a sort of test run.  

Build a Strong Defense Against Cryptomining

You asked and we delivered: We’ve made BullPhish ID a dynamic stand-alone solution for security awareness training. BullPhish ID also boasts an array of fresh features and functions that make the training experience better for trainees and IT professionals that are tasked with running it. In fact, it’s so good that we just won a Cybersecurity Excellence Award for Breach and Attack Simulation!

You’ll love:  

 New Training Content   

  • 15 new, up-to-date training videos on a variety of security and compliance topics including passwords, ransomware HIPAA compliance and more have been recently added to the platform.    
  • 8 new phishing kits have also been added to keep up with the latest threats. The kits are customizable and can be modified by customers to suit their clients’ needs.  
  • More new training content around risks and compliance is added every month! 

New How-To Videos (Coming Soon)   

  • Brief in-product video tutorials will provide helpful instructions for commonly used product features.  
  • Several new self-help videos will come out every quarter to help you take full advantage of the BullPhish ID features. 

New Reporting Module   

  • Easily track and show progress with easy-to-read monthly and quarterly performance reports that can be accessed anytime.  
  • Choose automated reporting and have those performance reports created and delivered to designated recipients automatically. 

See how BullPhish ID can help you make more money this year with a personalized demo. BOOK IT>> 

Don’t just take our word for it, see what these MSPs have to say:

Feb 09 – Phish & Chips EMEA REGISTER NOW>>

Feb 10 – Speed Dating: Discover If It’s a Match REGISTER NOW>>

Feb 15 – Customer Spotlight with CloudTech 24 (EMEA) REGISTER NOW>>

Feb 17 – Preparing Employees for the Inevitable Attack with Security Awareness Training REGISTER NOW>>

Feb 23 – GlueTalks: How to Tackle Today’s Sophisticated Cyberthreats REGISTER NOW>>

Mar 21 – 22 – Midsize Enterprise Summit REGISTER NOW>>

Jun 20-23 – Connect IT Global in Las Vegas REGISTER NOW>>  

Are You Ready to Face Insider Threats? 

Did you know that more than 60% of cyberattacks are attributed to insiders? An organization’s employees can do as much damage as cybercriminals whether they mean to or not, and that could be a disaster for your business. 

The primary way that insiders bring you risk is through human error like sending someone the wrong file or interacting with a phishing message. Of course, there’s always the possibility that an employee is out to hurt your business intentionally. Malicious insider actions are responsible for an estimated 25% of confirmed data breaches

But you can reduce your risk of an insider security incident with security awareness training. Security-related risks are reduced by 70% when businesses invest in cybersecurity awareness training. Employees that are educated in risk with a solution like BullPhish ID make fewer mistakes and spot suspicious behavior faster. Don’t put off putting this affordable and effective tool to work for your business today.  

Do you have comments? Requests? News tips? Compliments? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!