The Week in Breach News: 02/23/22 – 03/01/22
A wild tale of dueling cyberattacks at Nvidia, production hiccups for Toyota, two legal professional bodies are hit by cybercrime and 8 key takeaways from IBM’s X-Force Threat Intelligence Index 2022.
Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>
State Bar of California
Exploit: Hacking
State Bar of California: Legal Professional & Regulatory Body
Risk to Business: 2.177= Severe
The State Bar of California is investigating a data breach after learning that a third-party website had published confidential information about 260,000 attorney discipline cases in California and other jurisdictions. The exposed data included case numbers, file dates, information about the types of cases and their statuses, respondent and complaining witness names.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: Sensitive data of this sort is a valuable commodity. This information could be used for blackmail, fraud, spear phishing, BEC and so much more nastiness.
ID Agent to the Rescue: Learn more about how high cyber resilience helps prevent trouble like this, why it is the ticket to a safer future for your clients and how to build it. GET THIS EBOOK>>
New York State Ethics Commission
https://www.insurancejournal.com/news/east/2022/02/28/655883.htm
Exploit: Hacking
New York State Ethics Commission: Regulatory Authority
Risk to Business: 2.807=Moderate
New York’s ethics commission has shut down its online filing system after a cyberattack. The attack impacted several functions including a web server for the agency’s lobbying application and financial disclosure filing systems as well as other functions. The systems were taken offline late last week and will remain offline for the foreseeable future.
How It Could Affect Your Customers’ Business Losing the ability to process online applications, sales or requests could be a death knell for some businesses.
ID Agent to the Rescue: Share The Computer Security To-Do List with your clients to help them find vulnerabilities and you’ll start profitable conversations! DOWNLOAD IT>>
Nvidia
Exploit: Ransomware
Nvidia: Graphics Processing Units (GPU) Manufacturer
Risk to Business: 1.616 = Severe
Legendary graphics chipmaker Nvidia has been hit with ransomware that took several of the company’s functions down for days, including internal email and developer tools. Ransomware group Lapsus$ is claiming responsibility. The group claims to have some 1TB of Nvidia threatening to leak it if Nvidia doesn’t pay an unspecified sum. In a highly unusual turn of events, a few days later, Lapsus$ took to the web to indignantly complain that Nvidia had hacked them in return, encrypting the data that Lapsus$ had snatched. The group says they have backups, and they’ll start publishing Nvidia’s data soon.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: Cybercriminals are having a field day attacking supply chain targets in the hope of scoring a big payday fast from an organization with no time to lose.
ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
Bridgestone Americas
Exploit: Hacking
Bridgestone Americas: Tire Manufacturer
Risk to Business: 1.414 = Extreme
Bridgestone is shutting down production at its factories around the US as the company deals with an unspecified cybersecurity incident. The company released a statement saying that it was immediately disconnecting and pausing production at factories in the US and Latin America, with no projected timeline for reopening provided to employees.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Supply chain disruption has been the name of the game for cybercriminals and tires are an important part of most supply chains.
ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>
Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>
France – Melijoe
https://www.safetydetectives.com/news/melijoe-leak-report/
Exploit: Misconfiguration
Melijoe: Luxury Children’s Clothier
Risk to Business: 2.771=Moderate
An Amazon S3 bucket that belonged to French kids’ fashion retailer Melijoe was left accessible on the web with no authentication controls in place, exposing the sensitive and personal data of potentially hundreds of thousands of customers. The bucket has exposed almost 2 million files, totaling around 200 GB of data, including wish lists, purchases, preferences and other customer data.
Risk to Individual: 2.822=Moderate
The Preferences dataset exposed forms of customer PII and sensitive customer data, including email addresses, names of children, genders, dates of birth, preferences of brands. Other datasets included SKUs of purchased items, payment type (but not payment card or bank information), order dates and delivery preferences.
How it Could Affect Your Customers’ Business Cybercriminals are always hunting for personal data, and Retail has been one of the hardest-hit sectors in terms of data breaches.
ID Agent to the Rescue Help your clients stay safe from dangerous phishing messages with our Can You Spot the Phishing Email? infographic! DOWNLOAD IT>>
Sweden – Axis
https://www.zdnet.com/article/swedish-camera-giant-axis-still-recovering-from-cyberattack/
Exploit: Hacking
Axis: Camera Manufacturer
Risk to Business: 1.719 = Severe
Axis has shut down all of its public-facing services in response to alerts from its cybersecurity and intrusion detection system on Sunday, the company said in a statement. Axis said that its Case Insight tool in the US and the Camera Station License System were dealing with partial outages as well as Device Manager Extend Device upgrades for OS and apps. The incident is under investigation and services are expected to be restored quickly.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Cloud-hosted services and data have become very attractive for hackers, with cloud data breaches up by 30% in 2021.
ID Agent to the Rescue Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>>
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
Taiwan – Asustor NAS
Exploit: Ransomware
Asustor NAS: Computer Hardware Developer
Risk to Business: 1.231 = Extreme
Owners of Asustor NAS drives have discovered that their devices have been hit by DeadBolt ransomware. Users were greeted with a message from the DeadBolt ransomware attempting to extort 0.03 bitcoins (approximately US $1140 at current exchange rates) for the promised release of a decryption key that would allow users to access their data. Asustor is investigating the matter and in the meantime, the company has disabled functionality which can allow remote access to its NAS drives: ASUSTOR EZ-Connect, ASUSTOR EZ Sync, and ezconnect.to
How it Could Affect Your Customers’ Business There’s a creepy ransomware trend brewing in which cybercriminals approach the people whose records they stole or encrypted, not the business that had the records.
ID Agent to the Rescue Help your clients reduce their ransomware risk by building a security culture that helps spot and stop threats like phishing with the Building a Strong Security Culture Checklist. GET IT>>
Japan – Toyota
Exploit: Third-Party Risk
Toyota: Automobile Manufacturer
Risk to Business: 1.892 = Severe
Toyota announced that it is shutting down its domestic factory operations briefly after a cyberattack at a supplier. The supplier, Kojima Industries Corp, has admitted to being attacked but offered no further information. It was not made clear how long Toyota’s Japanese factories, which total one-third of its production yearly, will be closed.
No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business This is the exact scenario cybercriminals want to make quick moneywhen they attack small suppliers of large corporations and shut down production lines.
ID Agent to the Rescue Ransomware 101, our most popular eBook, is full of tips and expert advice to guide you through securing your clients effectively from today’s scariest risk. READ IT>>
Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.
- Is Paying the Ransom a Smart Choice? Many Businesses Think So
- Russia-Ukraine Cyberattacks Put Businesses Worldwide in Danger
- Leaky COVID-19 Portals Add Complexity to a Record Data Breach Landscape
- Ransomware Isn’t the Only Malware Threat Companies Face
- The Week in Breach News: 02/16/22 – 02/22/22
See how security awareness training grows your MRR + get tips for selling it! WATCH NOW>>
These Resources Will Help You Start Your Spring Off Strong!
Are Your Users Trained to Handle These Risks? Give this checklist to your clients to help them determine if their security awareness training program is getting the job done or not (and discover that they might need a new one). GET THE CHECKLIST>>
5 Thorny Remote and Hybrid Security Problems Solved – Remote security poses its own set of challenges. This infographic will give you solutions for 5 vexing remote security problems. DOWNLOAD IT>>
MSP Think Tank – See what Ian Luckett, of IT Experts, thinks will be the big hitters for MSPs to boost their operations this year and increase their MRR. WATCH NOW>>
Did you miss this? Protect your clients from today’s nastiest cybersecurity ghouls with the Cybersecurity Monster Hunter’s Checklist! GET IT>>
See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>
Key Takeaways from IBM’s X-Force Threat Index 2022
Phishing, Ransomware and BEC Trends You Need to Know About
Every year IBM releases a flood of extremely useful data from its in-house team of cybersecurity experts and remediators. The data provided gives an excellent snapshot of what’s influencing current cybercrime trends, how new cybercrime trends are forming and what might be next. The X-Force Threat Intelligence Index 2022 was recently released, and we combed through it to find the most interesting and informative takeaways for MSPs and their clients.
Don’t let roadblocks trap you in the slow lane. Learn to overcome obstacles and put your MSP on the road to prosperity fast. SEE HOW>>
Phishing Still Wins
Phishing is still the most likely way for cybercriminals to penetrate security at organizations. It actually became more prominent in 2021, with just over 40% of intrusions facilitated through phishing. Vulnerabilities came in second, with little change from 2020. The drop from there is steep though. The real surprise is the decline of stolen credentials, the culprit in half as many attacks in 2021 as the year before. The report speculates that this could be the result of a more widespread adoption of identity and access management.
The Top Intrusion Vectors of 2021
| Industry | 2021 | 2020 |
|---|---|---|
| Phishing | 41% | 33% |
| Vulnerability exploitation | 34% | 35% |
| Stolen credentials | 9% | 18% |
| Brute force | 6% | 4% |
| Remote desktop | 6% | 4% |
| Removable media | 0% | 1% |
| Password spraying | 1% | 0% |
Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>
Spoofing Surged
If you thought phishing seemed unusually heavy last year, you were right. In fact, the Anti Phishing Work Group (APWG) noted that June 2021 set an all-time record high with 222,127 phishing attacks that month alone. Brand fraud/spoofing was 15 times higher in 2021 than in 2020. However, cybercriminals didn’t really vary their playbook. Catching unsuspecting users in a phishing trap using a spoofed message is always a winner for them, and they did plenty of that in 2021. The top 3 brands that X-Force saw spoofed in 2021 were Microsoft, Apple and Google.
Top 11 Most Spoofed Brands of 2021
1. Microsoft
2. Apple
3. Google
4. BMO Harris Bank (BMO)
5. Chase
6. Amazon
7. Dropbox
8. DHL
9. CNN
10. Hotmail
11. Facebook
Use this checklist to be sure that you’ve found and mitigated every cyberattack risk that your client faces! DOWNLOAD IT>>
Two More Interesting Phishing Observations
Phishing + Phone Calls = Winning
In an unexpected twist, combining modern phishing techniques with an old-school tool was a shockingly effective ploy, garnering cybercriminals impressive results (and making it clear that businesses need to be alert to this trend. When conducting social engineering penetration testing attacks through phishing emails, one little addition made them three times more effective: a phone call. That’s right. The click rate for the average targeted phishing campaign that IBM’s testers ran in 2021 clocked in at 17.8%, but targeted phishing campaigns that added phone calls (vishing or voice phishing) snagged that all-important click from a whopping 53.2% of victims.
Phishers Always Want Passwords
Of course, what the bad guys want the most when they’re phishing hasn’t changed. Universally, they want passwords. In phishing kits IBM analysts observed from a variety of sources, user credentials (email/ID/password combinations) were the most commonly requested information, appearing in 100% of kits. That’s followed by credit card information (61%), mailing addresses (40%), phone numbers (22%), date of birth data (17%), identity card numbers (15%), security questions (14%) and ATM PINs (3%).
Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>
Ransomware Still Rules the Roost
Sometimes the more things change, the more they stay the same. For the third year running, ransomware is still the king of cyberattacks. It’s the top attack type that businesses faced in 2021. The bright spot? The percentage of ransomware attacks that were remediated was down 9% from 2020. About one-fifth (21%) of all cyberattacks X-Force saw were ransomware attacks, just slightly down from 2020’s 23%. However, the report cautions that the volume of ransomware attacks has remained steady year over year.
But It Has an Off-Season
This isn’t much of a surprise to anyone. In a recent survey, 90% of IT pros had seen an uptick in ransomware attacks on companies that they’re responsible for. What is interesting is observing the pattern of ransomware attacks through a seasonal lens. Ransomware practitioners seem to prefer Q2 for their operations, but they’re not shy about doing some early holiday shopping in October; 25% of last year’s attacks happened then. Perhaps they vacation in August and just like everyone else, cybercriminals are sluggish in January – January and August were attack-free.
Ransomware Attacks by Month
| Month | 2021 | 2020 |
|---|---|---|
| January | 0% | 6% |
| February | 27% | 27% |
| March | 30% | 36% |
| April | 19% | 13% |
| May | 36% | 30% |
| June | 33% | 50% |
| July | 25% | 13% |
| August | 0% | 35% |
| September | 10% | 6% |
| October | 25% | 15% |
| November | 5% | 33% |
| December | 14% | 29% |
This report included speculation on why 2021’s pattern may have progressed in this fashion. In 2021, there were big drops in ransomware activity in July and November when compared to the previous year. Analysts theorized that the shift could have been caused by a crackdown on ransomware operations in those months in 2021. Several major groups were shut down either permanently or temporarily in May, June and October 2021: DarkSide and Babuk in May, Avaddon in June, and REvil in October.
See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>
BEC is On The Move
Although the US Federal Bureau of Investigation rated them 64X as dangerous as a ransomware attack, 2021 was not a prolific year for business email compromise (BEC) attacks. This attack type had a downturn in 2020 and continued that trend in 2021. While still hanging on to the third-place spot, BEC has been in a slide. IBM analysts suspect that is the result of more widespread adoption of 2FA or MFA. That’s bolstered by a shift in geography for BEC attacks to places where MFA is less likely to be in general use. In one cited example, zero percent of attacks against Latin American organizations were BEC in 2019, but 19% of attacks were BEC in 2020 and 20% of attacks in 2021 were BEC.
| BEC by Region | % of Total Incidents |
|---|---|
| Latin America | 20.6 |
| North America | 11.6 |
| Europe | 5.9 |
| Asia | 4.3 |
| Middle East & Africa | 0.0 |
See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>
Cybercrime Remains Relentless
It’s easy to see that businesses won’t be seeing a decrease in cybercrime anytime soon, with surging risk in several areas like cryptomining, supply chain risk, social media phishing and more up-and-coming attack vectors. That means that the pressure that organizations face on their security will just keep ratcheting up in 2022 – and you need to have the right combination of solutions to offer your clients to keep them out of trouble. ID Agent can help.
BullPhish ID – Our newly retooled solution for security awareness, phishing and compliance training features a ton of new content to make sure that you’re training around the latest risks and requirements like ransomware, CMMC, GDPR data handling and more.
Dark Web ID – Protect your clients from dark web danger with the leading solution in the channel for monitoring business and personal credentials, including domains, IP addresses and email addresses. Win more deals with immediate dark web searches to show clients and prospects their compromised credentials in minutes.
Don’t just take our word for it, see what these MSPs have to say: https://www.idagent.com/case-studies/
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
Mar 10: Top 5 Ingredients in the Recipe of MSP Success REGISTER NOW>>
Mar 10: Phish & Chips EMEA REGISTER NOW>>
Mar 21 – 22: Midsize Enterprise Summit REGISTER NOW>>
Mar 30 – 31: IoTSSA Cybersecurity Expo REGISTER NOW>>
Jun 20-23: Connect IT Global in Las Vegas REGISTER NOW>>
Are You Ready for 2022’s Biggest Threats?
The 2022 threat environment is heating up! New research by IBM shows that Q2 is the time that cybercriminals prefer to strike with devastating cyberattacks like ransomware. Is your security up to the test?
The right array of security solutions, a consistent security awareness training program and a strong security culture are three important building blocks that support every company’s defense against cybercrime. But not having one of those pillars in place can leave a dangerous vulnerability in your defenses.
To avoid trouble later now is the time to review your security plan and consult with your trusted security experts to make sure that you have everything that you need in place to keep your business safe as the high season for cybercrime begins.
Do you have comments? Requests? News tips? Compliments? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!