Please fill in the form below to subscribe to our blog

The Week in Breach News: 02/16/22 – 02/22/22

February 23, 2022

OpenSea’s phishing flood just keeps getting worse, Britain’s NHS is ensnared in a new data exposure drama thanks to a supply chain snafu and Baltimore officials fall for a BEC trap plus how nation-state cybercrime is threatening your clients right now.  


Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>



Meyer Manufacturing Co. Ltd.

https://www.securityweek.com/cookware-distribution-giant-meyer-discloses-data-breach

Exploit: Ransomware

Meyer Manufacturing Co. Ltd.: Cookware Manufacturing & Distribution

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.177= Severe

Meyer Manufacturing Co. Ltd recently filed a data breach notification disclosing a ransomware attack that impacted employees of its distribution arm. Bleeping Computer reports that this attack is the work of the Conti ransomware group. In its disclosure, Meyer said the initial incident occurred in October 2021 but was not discovered until December 2021. The attack affected Meyer and its subsidiaries, including Hestan Commercial Corp., Hestan Smart Cooking, Hestan Vineyards and Blue Mountain Enterprises LLC.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919= Severe

Employee personal information was snatched in this incident including their first and last name, address, date of birth, gender, race or ethnicity, Social Security number, health insurance information, medical information, driver’s license, passport or government-issued identification number, and Permanent Resident Card and information regarding immigration status. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Data that can be used to falsify identities is a valuable commodity on the dark web and cybercriminals never stop looking for soft targets that enable them to steal it.

ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware ExposedGET THIS EBOOK>>  


The City of Baltimore

https://www.infosecurity-magazine.com/news/baltimore-conned-out-of-375k/

Exploit: Business Email Compromise

The City of Baltimore: Municipality

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.251=Extreme

Buckle up because this is a saga. A report just released by the Office of the Inspector General (OIG) details a business email compromise disaster that ended up costing the city of Baltimore more than $375,000. In this incident, bad actors managed to change the bank details kept on file for a vendor who had an agreement with Baltimore’s Mayor’s Office of Children and Family Success (MOCFS). The cybercriminals contacted both MOCFS and Baltimore’s Bureau of Accounting and Payroll Services (BAPS) asking to have the vendor’s banking information updated to send payments to a different bank account at another financial institution. BAPS ultimately complied with the fraudster’s change request, then began sending electronic payments to the new address. You know how this one ends up. Ultimately, cybercriminals made off with $376,213.10. The vendor was not named, but the report noted that cybercriminals had gained access to the vendor’s email accounts through a phishing attack. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Business email compromise is the most dangerous cybercrime according to FBI IC3, 64x worse than ransomware. This is why.

ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>> 


The Internet Society (ISOC)

https://thecyberwire.com/newsletters/privacy-briefing/4/33

Exploit: Misconfiguration

The Internet Society (ISOC): Non-Profit

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

Cybersecurity researchers recently announced the discovery of a trove of information belonging to ISOC in an unsecured Microsoft Azure blob. The blob was reported to contain contained millions of files with personal and login details belonging to ISOC members. ISOC has secured the blob but there’s no telling how long that data was exposed for or who may have seen it.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.282= Moderate

The member data exposed includes members’ full names, preferred language, the account ID, donation history, login credentials, social media tokens, email and street addresses, genders and similar personal information.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Human error aka employee negligence is the biggest cause of a data breach because it’s what makes things like this happen.

ID Agent to the Rescue: Share The Computer Security To-Do List with your clients to help them find vulnerabilities and you’ll start profitable conversations! DOWNLOAD IT>> 


Expeditors International

https://www.bleepingcomputer.com/news/security/expeditors-shuts-down-global-operations-after-likely-ransomware-attack/ 

Exploit: Ransomware

Expeditors International: Logistics & Freight Forwarding

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.364 = Extreme

Expeditors International was hit by a ransomware attack over the President’s Day holiday weekend that has resulted in the company being forced to shut down most of its operations worldwide. First announced by the company on Sunday night, Expeditors International warned that services and systems may be offline until they can restore them from backups. The incident could snarl supply chains globally. Expeditors International handles warehousing and distribution, transportation, customs and compliance at 350 locations worldwide.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Supply chain disruption has been the name of the game for cybercriminals and freight forwarders on land and on the sea have been constantly targetted lately

ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>


OpenSea

 https://www.cnbc.com/2022/02/20/nft-marketplace-opensea-is-investigating-a-phishing-hack.html

Exploit: Phishing

OpenSea: NFT Trading Marketplace

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.282=Extreme

Online NFT marketplace OpenSea has been embroiled in controversy after a cyberattack cost investors their NFT. There’s been a lot of back-and-forth on this one. A phishing attack perpetrated on the platform’s users is purportedly to blame for the incident that has so far left more than 30 of its users unable to access their NFTs, although some claims have been made on Twitter pointing to a flaw in the platform’s code. Reports say that the attacker has made somewhere between $1.7 – 2 million in Ethereum from selling some of the stolen NFTs. An estimated 254 tokens were stolen over three hours.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Phishing is a danger to any business in any industry, and it can do massive damage as well as cost a fortune.

ID Agent to the Rescue Help your clients stay safe from dangerous phishing messages with our Can You Spot the Phishing Email? infographic! DOWNLOAD IT>>  


Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>



United Kingdom – National Health Service (NHS)

https://www.dailymail.co.uk/news/article-10531637/Tens-thousands-NHS-patients-private-medical-information-leaked-shocking-data-breach.html 

Exploit: Third-Party Data Breach

National Health Service (NHS): National Healthcare Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.919 = Moderate

A shocking report from the Daily Mail details the exposure of all sorts of sensitive data for thousands of patients served by the NHS. The information was exposed by an NHS service provider, PSL Print Management. Reports say that the exposed confidential files include hospital appointment letters for women’s health emergencies, test results of cervical screening and letters to parents of children needing urgent surgery. The information dates back as far as 2015, a huge no-no under data protection rules. The incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Third-party risk is a problem that will only continue growing worse for organizations as they increasingly farm out work to smaller specialty service providers.

ID Agent to the Rescue Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>> 


Switzerland – The University of Neuchâtel

https://www.swissinfo.ch/eng/university-of-neuch%C3%A2tel-hit-by-cyberattack/47360432

Exploit: Ransomware

The University of Neuchâtel: Institution of Higher Learning 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate

Swiss college The University of Neuchâtel is back online after a cyberattack that is likely ransomware knocked its systems out last week. The attack encrypted some systems making it impossible for students or employees to access materials and systems related to classwork. The university is unable to confirm if any data was stolen. Operations have since been restored.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Schools at every level have been battered by cybercrime since the start of the global pandemic.

ID Agent to the Rescue Help your clients reduce their ransomware risk by building a security culture that helps spot and stop threats like phishing with the Building a Strong Security Culture Checklist. GET IT>>


Show your clients how to spot and stop malicious insiders with this infographic that’s perfect for social media! GET IT>>



Japan – Mizuno

https://www.bleepingcomputer.com/news/security/sports-brand-mizuno-hit-with-ransomware-attack-delaying-orders/

Exploit: Ransomware

Mizuno: Sports Equipment and Sportswear Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe

Japanese brand Mizuno has experienced some business disruption after a ransomware attack on its US-based operations corporate network. The incident left the company facing phone outages and order delays as systems are restored. Customers have been left unable to place new orders or track orders in progress as well. No word on an expected timeline for restoration.  

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Retailers have been experiencing a serious increase in ransomware attacks in the last 12 months.

ID Agent to the Rescue Ransomware 101, our most popular eBook, is full of tips and expert advice to guide you through securing your clients effectively from today’s scariest risk. READ IT>>


Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.



Don’t let roadblocks trap you in the slow lane. Learn to overcome obstacles and put your MSP on the road to prosperity fast. SEE HOW>>



Boost Your MRR This Spring

These webinars will help you juice up your MRR and enjoy more revenue in a flash!

Close More Deals: The MSP Recipe for Success – Explore how providing hard data + immediate proof of value = sales wins. WATCH IT>>

MSP Think Tank – Hear expert predictions about the things that MSPs can do to boost their MRR this year. WATCH IT>>

How Security Awareness Training Protects Your Clients & Grows Your MRR – Quickly benefit from selling your clients security awareness training. WATCH IT>>

Did you miss this? Learn to take advantage of resources that will make you a sales superhero! DOWNLOAD IT>>


See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>



2 Ways Nation State Cybercrime is a Threat to Your Customers


More Businesses Are at Risk Than You May Think


As tensions rise in Eastern Europe, nation-state cybercrime has become an area of focus in recent weeks. Media outlets reporting on the situation may not agree on much, but they do agree on one thing: cyberattacks have clearly become a part of modern warfare. But nation-state cyberattacks are no longer something that is just the government or military’s problem. The bad guys are branching out, and that puts many more businesses at risk of trouble. Manufacturers, freight companies, industrial suppliers, business services companies, accounting firms – the list of potential targets for these cybercriminals is growing constantly. The bottom line: Nation-state cybercrime is a danger to businesses in every sector, and your customers may very well be in the line of fire. 


faint images of US dollars in a pile shaded in rainbow prismatics

Find out exactly how security awareness training makes your client’s business safer & saves them money. WATCH NOW>>


The Bad Guys Are Looking at Everybody Now


Right now, the nation-state cybercrime lens is focused on Russia in light of the current conflict over Ukraine. The Security Service of Ukraine (SSU) pointed the finger firmly at Russia as the culprit for a series of cyberattacks on Tuesday, February 14 that knocked the websites of the Ukrainian army, the defense ministry and major banks offline. Russia denies the charges. While Russia is the dominant force in the arena, nation-state cybercrime threats also come from cybercrime groups that are either known to be state-sponsored or have done state-sponsored work. China, Iran, North Korea and other nations also have players in game. 

A study by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and sponsored by HP, Nation States, Cyberconflict and the Web of Profit shows that nation-state cybercrime risk is growing fast. The report highlights a 100% rise in significant nation-state incidents between 2017-2020. The researchers’ analysis of over 200 cybersecurity incidents associated with nation-state threat actors since 2009 also shows the shift in their targeting to become a serious threat to businesses. Enterprises are now the most common targets of state-sponsored cybercriminals, beating out government-associated targets by a substantial margin.  

Targets of Nation-State Cyberattacks  % of Total
Enterprises 35% 
Cyber Defense Assets 25%  
Media & Communications 14%
Government Bodies 12% 
Critical Infrastructure 10%  

nation-state federal hack phishing described by a man in a hoodie sillohuettes adgains a world map with "hacked" stamped on it

Are your clients really protected from cyberattacks? Our Cybersecurity Risk Protection checklist will tell you the truth! GET IT>>


CISA Advisory Details Danger


A “Shields Up” advisory was issued from the US Cybersecurity & Infrastructure Security Agency (CISA) last week. In the advisory, CISA warned that “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.” This advisory was followed up with another one issued jointly with the US Federal Bureau of Investigation (FBI), and the US National Security Agency (NSA) that also pointed to Russia as a potential source of cyberattacks, this time against US cleared defense contractors (CDCs). The advisory specifically noted a high level of danger to CDCs that support contracts for the U.S. Department of Defense (DoD) and Intelligence Community in these fields from Russian state-sponsored cyber actors: 

  • Command, control, communications, and combat systems 
  • Intelligence, surveillance, reconnaissance, and targeting  
  • Weapons and missile development 
  • Vehicle and aircraft design
  • Software development, data analytics, computers, and logistics 

Take a deep dive into ransomware and learn to protect your clients affordably with this resource bundle! GET IT>>


How Nation-State Cybercrime Could Impact Your Customers 


An estimated 90% of Advanced Persistent Threat Groups (APTs) regularly attack organizations outside of the government or critical infrastructure sectors. Nation-state threat actors use a few common and dangerous methods to do their dirty work that your clients should protect their organizations against, and they don’t need fancy cybersecurity tools to do it. You can help your clients ensure that they’ve built strong defenses even if they don’t have a big budget by taking sensible precautions against a few common avenues of cybercrime like these.

Supply Chain Risk 

Supply chain risk can manifest in many ways. Your client’s business isn’t just at risk from cybercriminals who gain information about it as a result of attacks on an organization in their supply chain. Your client’s business is at risk if it’s part of the supply chain for organizations that nation-state cybercriminals are interested in, like critical infrastructure, DIB companies and government agencies. A 2021 HP Study declared that supply chain attacks by nation-state threat actors against businesses have skyrocketed, increasing by a shocking 78%.

In this case, supply chain risk is generated for your clients because APTs are looking for information about (or back doors into) strategic targets. The SolarWinds attack is an example of this type of activity, but it happens on a much smaller scale regularly as well. Nation-state threat actors have been zeroing in on organizations that retain large amounts of data, provide services or form linchpins in the global supply chain. 60% of nation-state activity is directed at IT companies, commercial facilities, manufacturing facilities and financial services firms. 

Phishing Attacks 

Since the preferred weapon of APTs is ransomware, it’s immediately apparent that phishing is the most likely way that your clients could be approached by the bad guys. Just like other cybercriminals, threat actors in this category are attracted to phishing because it’s easy, it has a low barrier to entry and it’s frighteningly effective. APTs can either do the phishing themselves or farm it out to other cybercriminals very easily in the Cybercrime-as-a-Service economy that flourishes on the dark web. When they do it themselves, nation-state groups use everything from run-of-the-mill generic credential phishing to sophisticated spear phishing attacks to get the job done.  

Phishing is a smart choice for cybercriminals of every stripe any way you slice it. These days, an estimated 95% of attacks on business networks are the result of successful spear phishing, and much of that can be chalked up to the difficulty that employees have identifying a phishing message and avoiding the trap. Employees are being bombarded with phishing messages, giving cybercriminals a good chance of slipping past their radar, especially using sophisticated techniques like brand impersonation. Cybercriminals know that sophisticated phishing messages tend to hit their target – 97% of employees cannot detect sophisticated phishing messages. 


The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>


How Can You Protect Your Clients? 


CISA has released guidance about what businesses can do to strengthen their security against nation-state attacks. The agency recommends that organizations take these steps to reduce their risk:  

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication. 
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA. 
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes. 
  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance. 
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats. 

With the broadening of the nation-state cybercrime scope, it’s important to broaden the protection of all of your customers to account for their potential nation-state cybercrime risk. CISA recently recommended that companies step up their security awareness training programs to combat the current flood of ransomware and phishing threats. BullPhish ID is the perfect solution to use to make that happen! 

The freshly revamped BullPhish ID makes the training experience easy and painless for you and your clients, making boosting security awareness training programs and educating employees about risks and compliance – or starting a security awareness training program- a breeze. A robust library of security awareness and compliance training video lessons with built-in quizzes is available on topics like data security, regulatory requirements, ransomware, credential safety and more with at least 4 new videos coming every month! 

Recently Added:  

  • Sarbanes-Oxley Compliance 
  •  PCI-DSS Best Practices  
  • PIPEDA Overview  
  • GDPR: Rights of Data Subjects 
  • NIST-800-171: Who is Required to Comply & What Information is Protected 
  • COVID-19 Government Spoofing Awareness  
  • Ransomware: Downloads and Attachments 
  • HIPAA: Overview of the Privacy & Security Rule 
  • Zero Trust Security: Introduction 
  • NIST CSF Manager 
  • Physical Security: Shoulder Surfing 

Sneak Preview: What videos can you expect in the near future?

  • Cryptocurrency: Cryptomining Danger 
  • Nation-State Cybercrime: Phishing Risk 
  • Nation-State Cybercrime: Ransomware 
  • Intro to UK Privacy 
  • NIST Response Cycle: Introduction 
  • CMMC Compliance Levels 1 – 5  
  • Social Media Phishing 
  • and many more!  

Help your clients transform their biggest security vulnerability, employees, into their biggest security asset with security awareness, compliance and anti-phishing training using BullPhish ID. Book a demo.  

Don’t just take our word for it, see what these MSPs have to say: https://www.idagent.com/case-studies/


It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>



Mar 1 – Empower Your Employees to Be the Front Line of Cybersecurity Defense REGISTER NOW>>

Mar 21 – 22 – Midsize Enterprise Summit REGISTER NOW>>

Mar 30 – 31 Cybersecurity Expo REGISTER NOW>> 

Jun 20-23 – Connect IT Global in Las Vegas REGISTER NOW>>  



 Can a Nation-State Cyberattack Hit Your Business?


Nation-state cybercrime isn’t just a problem for government agencies and the military anymore. Threat actors have been branching out to hit companies in industries that have never been in the crosshairs before in a variety of industries, serving notice that every business is at risk of trouble.  

An estimated 90% of nation-state cybercrime groups regularly attack organizations outside of the government or critical infrastructure sectors. Sometimes they’re looking for information or back doors into high-profile targets that those organizations might serve or do business with. Sometimes they just want to make money. But they’re always out to cause problems for businesses caught up in the tide. 

Nation-state threat actors use a common technique to hit their targets: phishing. Reducing your phishing risk is a great way to reduce your company’s risk from that source. That’s why it’s essential to your company’s success that you conduct regular phishing resistance training using a comprehensive solution like BullPhish ID. Arm your employees with knowledge to reduce the chance that they’ll be tricked by the bad guys.  


Do you have comments? Requests? News tips? Compliments? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email pr@kaseya.com to let us know how our content works for you!


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>