The Week in Breach News: 04/06/22 – 04/12/22
A former employee spawns a security nightmare at CashApp Investing, Conti scores ransomware hits in two industrial attacks, our new eBook about nation-state cybercrime threats and five tips to keep your clients safe from nation-state trouble.
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
Block Inc.
Exploit: Insider Risk
Block Inc: Financial Services Platforms
Risk to Business: 1.706 = Severe
More than 8 million customers of Cash App Investing may have had their personal information exposed thanks to an incident involving an ex-employee of the app’s parent company Block Inc. In an SEC filing, the company disclosed that a former employee had downloaded reports that contained customer data. This breach does not impact customers using this app’s sister product, CashApp.
Risk to Individual: 1.663 = Severe
The pilfered reports included customers’ full names and brokerage account numbers. For some customers, the data accessed also included the value and holdings of the brokerage portfolio, as well as some trading activity.
How It Could Affect Your Customers’ Business: Companies that are sloppy about removing past users’ access are likely to find themselves in this position.
ID Agent to the Rescue: Help your customers reduce their insider risk and close security gaps with the tips and tricks you’ll find in The Guide to Reducing Insider Risk. GET EBOOK>>
Snap-on
Exploit: Ransomware
Snap-on: Tool Manufacturer
Risk to Business: 1.976 = Severe
Major tool manufacturer Snap-on has disclosed that it has been the victim of a ransomware attack. The Conti ransomware group has claimed responsibility. The group has already begun leaking Snap-on’s data online. Snap-on reported that the breach was discovered when it detected suspicious network activity, which led to them shutting down company systems. Employee and franchisee data was compromised.
Risk to Individual: 1.899 = Severe
Snap-on told the California Attorney General’s Office in a filing that the exposed data included associate and franchisee names, Social Security Numbers, dates of birth and employee identification numbers.
How It Could Affect Your Customers’ Business Attacks against industrial and manufacturing targets have been accelerating as bad actors look for fast ransoms from time-sensitive businesses.
ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
Fox News
https://www.infosecurity-magazine.com/news/employee-info-13-million-records/
Exploit: Misconfiguration
Fox News: Television Network
Risk to Business: 2.722 = Moderate
Researchers at Website Planet have announced that they discovered a trove of information about employees of Fox News exposed in a misconfigured database. The 58GB of exposed data includes almost 13 million records of content management data, employee details, internal Fox emails, usernames, employee ID numbers, affiliate station information and more. 65,000 names of celebrities, cast and production crew members and their internal Fox ID reference numbers were also in the mix. No further specifics about exposed employee data were available at press time.
How It Could Affect Your Customers’ Business: Personal data is a hot ticket item, and big companies often have a storehouse of it in their employee records.
ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>
Parker Hannifin
https://www.securityweek.com/ransomware-gang-leaks-files-stolen-industrial-giant-parker-hannifin
Exploit: Ransomware
Parker Hannifin: Industrial Components Manufacturer
Risk to Business: 1.969 = Severe
Conti ransomware is to blame for an attack on major industrial supplier Parker Hannifin, a manufacturer of specialized in motion and control technologies used by aerospace, defense and industrial manufacturers. Conti has already published more than 5 GB of the company’s stolen data but stated that is only a small fraction of the total data they snatched.
How it Could Affect Your Customers’ Business Cybercriminals aren’t just after personal data, they’ll gladly take proprietary technical data like spec sheets, blueprints and formulas too.
ID Agent to the Rescue: Security awareness training reduces the chance of an incident by 70%. Learn to build a program with the How to Build a Security Awareness Training Program eBook. GET IT>>
See five things that you can do to reduce nation-state cyber threat risk for your clients fast. GET CHECKLIST>>
United Kingdom – The Works
Exploit: Ransomware
The Works: Discount Retailer
Risk to Business: 1.227 = Extreme
Discount stationers and craft store The Works had to shut down several stores temporarily after a cyberattack crippled payment systems, identified as ransomware by media outlets. Reports also say that the attack was precipitated by an employee falling for a phishing email. The incident is under investigation and has been reported to the UK Commissioner’s Office. No word on what if any data was stolen
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Cybercriminals know that hitting businesses like this will often result in a quick ransom payment to avoid business interruption.
ID Agent to the Rescue Security and compliance training is a cost-effective defense against all types of cybercrime. Show your clients why with Security Awareness Training: Your Best Investment. GET EBOOK>>
Russia – Gazprom Neft
https://www.infosecurity-magazine.com/news/russian-oil-gazprom-neft-hack/
Exploit: Nation-State (Hacktivism)
Gazprom Neft: Oil Company
Risk to Business: 2.017 – Severe
Russian oil heavyweight Gazprom Neft had its website, resulting in an outage. The hackers reportedly hijacked the company’s site on April 6 displaying imagery and messaging that depicted the company’s president speaking out against the Russian invasion of Ukraine. Gazprom Neft is the oil handling subsidiary of Russia’s major-league state-owned gas company Gazprom.
How it Could Affect Your Customers’ Business Hacktivists have been working to damage Russian infrastructure and assets since the invasion of Ukraine.
ID Agent to the Rescue Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>>
Learn the secret to making compromised credentials your biggest money maker! WATCH WEBINAR>>
Nigeria – Bet9ja
Exploit: Ransomware
Bet9ja: Gambling Platform
Risk to Business: 2.176 = Severe
Popular Nigerian betting platform Bet9ja disclosed that it has been hit by a ransomware attack perpetrated by BlackCat. The company said in a statement that they had received an unspecified ransomware demand but did not plan to pay. The CEO was quick to assure users in another statement that their funds and data were secure. The company says that it is working to resolve the matter.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Ransomware is the most versatile weapon in the cybercriminal arsenal and building a strong defense is essential.
ID Agent to the Rescue See the mechanics of ransomware, plus get tips and expert advice to guide you through securing your clients effectively in Ransomware 101. READ IT>>
A good security and compliance training program pays amazing dividends. Learn how to run one with our how-to guide! GET GUIDE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.
- Why Security Awareness Training is Clearly a Smart Financial Decision
- 10 Phishing Facts: Employee Behavior & Insider Risk
- 3 Times Security Awareness Training Would Have Saved the Day
- Cybercrime Losses Explode, Up 48%
- The Week in Breach News: 03/30/22 – 04/05/22
Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>
Fresh Resources
Help Your Clients Be Ready for Elevated Nation-State Cybercrime Risk
It’s a dangerous world for organizations in every industry as nation-state cyberattacks reach farther than ever. Use these resources to ensure that your clients are prepared to withstand the storm.
For Your Clients
How Nation-State Cybercrime Affects Your Business – Give this fact-filled new eBook to your clients to help them understand the risk that their organization faces from nation-state cyberattack activity today, including up-to-date data on the major players in nation-state cybercrime and how to stay safe from trouble. DOWNLOAD IT>>
Share the “Top 5 Nation-State Cybercrime Risks for Businesses” infographic on your social media channels to start a conversation with your clients about how you can help them protect their organizations from nation-state cybercrime. GET INFOGRAPHIC>>
For You
Download the “Are You Doing These 5 Things to Protect Your Clients from Nation-State Cybercrime?” checklist to make sure that you’ve got the bases covered for all of your clients. GET CHECKLIST>>
Did you miss this? The “10 Things to Look for As You Shop for a Dark Web Monitoring Solution” checklist helps you eliminate contenders to find the winning dark web monitoring solution to grow your MSP. DOWNLOAD IT NOW>>
The right dark web monitoring could be the difference between security success or failure. This checklist helps you find it GET IT>>
5 Tips for Protecting Your Clients from Nation-State Cybercrime Risk
Nation-State Cyberattacks Threaten Every Business
Nation-state cybercrime is a growing threat to businesses in every sector. Today’s nation-state threat actor isn’t just concentrating their fire on government and military targets. Instead, they’re coming for private enterprises of all sizes. An estimated 90% of nation-state cybercriminal groups, also known as Advanced Persistent Threat groups (APTs), regularly conduct operations against enterprises. While these groups tend to perpetrate attacks that are on the sophisticated end of the spectrum, they still use many of the same techniques as traditional cybercrime groups. In fact, sometimes they are the same groups that conduct other, non-nation-state aligned attacks, making security improvements a powerful way to protect your clients from danger. These tips can help you guide your clients into making the right moves to protect themselves from the potential trouble that comes with elevated nation-state cybercrime risk.
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
1. Protection from Phishing is the Cornerstone of a Strong Nation-State Cybercrime Defense
Nation-state cybercriminals may have lofty goals, but they’ve got something in common with other cybercriminals. They’re more than happy to embrace the easiest, cheapest method of attacking businesses: phishing. Forbes detailed the fact that spear phishing is the go-to first strike for nation-state cyberattacks against industrial targets. That’s because no matter what their end goal is or who they’re working for, cybercriminals of every stripe know that phishing is devastatingly effective, and employees are highly likely to fall for it. Untrained employees are notoriously bad at spotting phishing – 1 in 3 employees are likely to click the links in phishing emails, and 1 in 8 employees are likely to share information requested in a phishing email.
Private companies are also working to reduce the risk of a phishing attack by nation-state threat actors ending in disaster for businesses, but it’s like playing whack-a-mole; as soon as one is extinguished, another pops up. Microsoft recently announced that it had obtained a court order enabling it to take control of seven domains used by Strontium, a nation-state group that has been identified as an operation controlled by Russia’s GRU. By taking control of the domains, Microsoft was able to harmlessly redirect the traffic sent to them by Strontium activities including phishing attacks.
Insider risk is swamping your clients. Learn to mitigate it quickly & profitably. WATCH WEBINAR>>
2. Nation-State Threat Actors Also Want to Make Money
Ransomware and malware are the go-to moves of nation-state cybercriminals. They’re incredibly versatile attacks that can be used to accomplish many goals. Recently, this was illustrated by data wipers targeting Ukrainian computers as a component of Russia’s invasion as well as a flurry of ransomware attacks against utilities like internet providers in Ukraine. But another big reason why nation-state cybercriminals love ransomware is that ransomware can serve as a revenue generator for isolated or “rogue” states. Experts expect that as Russia’s isolation grows, the government will lean hard on cybercrime to make up lost revenue, conscripting powerful Russia-based cybercrime syndicates to hlp pay the bills as they look for ways to make up the $30 billion erased from Russia’s gross domestic product. An estimated three quarters of global ransomware revenue went to Russia-aligned cybercrime groups in 2021, raking in $400 million in cryptocurrency. Cybercrime has long been a major industry for rogue states like North Korea who generated an estimated $1 billion in revenue from nation-state cybercrime in 2021.
Spark profitable security training conversations with clients & prospects by giving them this list of risks. DOWNLOAD IT>>
3. Digital Infrastructure & Operational Technology Are Especially at Risk for Ransomware & Nation-State Attacks
It’s no secret that infrastructure targets are high on the nation-state cybercriminal hitlist. It’s a fast way for them to do big damage, and IT organizations are fair game. Recently, nation-state threat actors knocked out internet services in Ukraine as part of Russia’s initial invasion. The escalation of threats against digital infrastructure targets is continuing with no end in sight. Within the critical infrastructure arena, 60% of nation-state activity zeroed in on IT organizations, followed by commercial facilities, critical manufacturing, financial services, and the defense industrial base.
Of course, nation-state cybercriminals are most likely to make their moves using ransomware or malware, presenting a serious threat to operational technology (OT). IBM’s X-Force Threat Intelligence Index 2021 reported that more than 60% of incidents at OT-connected organizations last year were in the manufacturing industry. In addition, 36% of attacks on OT-connected organizations were ransomware. Overall, analysts determined that for all industries with OT networks that they’d observed in 2021 including operations in engineering, mining, utilities, oil and gas, transportation and manufacturing, ransomware was the primary attack type they faced by a large margin, the vehicle for 36% of all attacks on the sector. The manufacturing sector replaced financial services as the top attacked industry in 2021, recipient of 23.2% of the attacks X-Force remediated last year, with ransomware was the top attack type, accounting for 23% of attacks on manufacturing companies.
Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>
4. No Industry or Location is Immune
According to the Digital Defense Report recently released by Microsoft, nation-state attacks have moved far beyond critical infrastructure, with more than 90% of security alerts originating from outside that sphere. Nation-state threat actors have grown increasingly less picky about their targets as they seek leverage and cash through supply chain attacks and ransomware against companies that provide services. An estimated 90% of Advanced Persistent Threat Groups (APTs) regularly attack organizations outside of the government or critical infrastructure framework. Researchers noted that in attacks measured between July 2020 and June 2021, 79% of them targeted enterprises. Organizations in the U.S. Suffered the bulk of the attacks, but other regions also took some hits.
Country | % of Total Recorded Attacks |
United States | 46% |
Ukraine | 19% |
Other | 10% |
United Kingdom | 9% |
Belgium, Japan, Germany | 3% |
Israel, Moldova | 2% |
Saudi Arabia, Portugal | 1% |
Source: Microsoft 2021 Digital Defense Report
Officials are also sounding the alarm. Just a few weeks ago, the US Cybersecurity & Infrastructure Security Agency (CISA) released a “Shields Up” advisory with the aim of warning U.S. businesses of cyberattack danger presented by Russian and Russia-aligned nation-state threat actors stating, “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.” Russia is generally the most likely origin point for nation-state activity. 58% of all nation-state attacks in the last year were launched by Russian nation-state actors. They’ve become increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021.
Learn why secure access management is the key to a stronger defense on a budget. WATCH NOW>>
5. Supply Chain Compromises by Nation-State Groups Are Escalating
The 9th edition of the ENISA Threat Landscape (ETL) report lays out the findings of their experts and observers after analyzing what they saw in 2021 ENISA observers also reported that supply chain compromises by state-backed threat actors reached new levels of sophistication and impact. Based on ENISA’s analysis, supply chain attacks were conducted by state-sponsored cybercriminals, also referred to as Advanced Persistent Threat (APT) groups, on at least 17 occasions between 2020 and 2021. That’s more than 50% of the attributed supply chain attacks during the reporting period. Companies are getting hammered by supply chain attacks in general – an estimated 93% of organizations in the world have suffered a direct cybersecurity breach because of weaknesses in their supply chains, with the average number of breaches increasing 37% year-over-year.
Executives are taking notice of the danger presented by supply chain attacks as well. More than 70% of the executives polled in a nation-state cyberattack concerns survey fear their organizations could be negatively impacted by nation-state cyberattacks fueled by data and tools that APTs obtain on the dark web, like the data that’s regularly stolen and published from ransomware incidents at service providers and suppliers. They’re also worried that their companies could suffer in a larger nation-state incident. Almost three–quarters of the execs polled said that they fear that their organizations could be collateral damage in a nation-state cyber war.
10 ENISA Predictions for Nation-State Activity in 2022
- State-backed threat actors will continue conducting supply chain attacks (especially targeting software, cloud, and managed service providers) as an initial access tactic.
- Cloud-hosted development environments will be under fire as enablers for supply chain attacks.
- State-backed actors will continue conducting revenue-generating cyber intrusions (in pursuit of strategic objectives or personal gain) with varying levels of national responsibility.
- State-backed groups will leverage offensive security tools, living-off-the-land techniques, published PoCs, false flags, criminal contract hackers and crimeware-as-a-service, while also exhibiting high levels of operational security when conducting cyber operations
- Interest in targeting ICS networks will grow in the near future.
- State-backed actors will continue pursuing cyber operations for intelligence gathering as strategic objectives for advantages in decision-making, to steal intellectual property, and to discover pre-positioning of military and critical infrastructure assets for future conflicts.
- State-backed groups will possibly develop and conduct disruptive/destructive ransomware operations to weaken, demoralize and discredit adversarial governments.
- Local conflicts will likely include cyber operations paired with drone attacks and media-driven misinformation in order to amplify impact.
- Threat actors will continue pursuing their strategic objectives by conducting cyber-enabled information operations for the next decade focusing on important geopolitical issues like elections, public health, humanitarian crises, human rights, and security.
- Hack-and-leak operations by state-backed and state-affiliated groups will continue, intensifying during periods of high interest (e.g. pre-election periods). The technique will also be used to exploit political divisions or instability as was seen in the 2016 US elections.
Source: ENISA Threat Landscape (ETL) report
Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>
Offer Your Clients 3 Powerful Shields Against Nation-State Cybercrime
The ID Agent digital risk protection platform has exactly the tools that you and your clients need to mitigate nation-state cybercrime risk without breaking the bank.
Security Awareness Training Prevents Phishing
Help your clients improve (or start) a security and compliance awareness training program to create a powerful defense against cybercrime threats like ransomware. The newly revamped BullPhish ID is the ideal choice.
- Empower employees with the knowledge that they need to spot and stop the threat they see the most: phishing with premade or customizable phishing simulations from the leading solution in the channel
- Choose from a big library of video lessons covering topics like ransomware, credential compromise, spear phishing, HIPAA and PCI-DSS compliance and more with at least 4 new training videos added every month
- White label everything and deliver training and testing through personalized user portals that make automated delivery and clear reporting a snap.
Dark Web Monitoring Protects Your Clients from Nasty Surprises
Nation-state threat actors shop on the dark web too. Stop credential compromise threats before they start by ensuring that your clients aren’t going to receive a nasty surprise from the dark web with the leading dark web monitoring solution in the channel, Dark Web ID.
- 24/7/365 monitoring that you can feel confident about
- Real-time analysis alerts you to trouble fast
- Monitor business and personal credentials, domains, IP addresses and email addresses
Identity and Access Management Stops Password-Based Threats
The key to stopping most password-based threats and the foundation for zero trust security is identity and access management that makes it easy to control access points. The newly updated powerhouse Passly will get the job done effectively and efficiently.
- Get the functionality of 3 solutions for 1 low price
- Two factor authentication, single sign-on and secure shared password management create a powerful trio of barriers between your clients and the bad guys
- Simple remote management, seamless user provisioning and automated deployment through your RMM makes getting started a breeze – and everyone loves automated password resets.
Schedule your demo of Passly, Dark Web ID and BullPhish ID now.
Don’t just take our word for it, see what these MSPs have to say: https://www.idagent.com/case-studies/
See how security awareness training grows your MRR + get tips for selling it! WATCH NOW>>
Apr 19-22: Robin Robin’s Boot Camp REGISTER NOW>>
Apr 26: MSP Roundtable – Nation-State Hacking: It’s Everyone’s Problem Now REGISTER NOW>>
May 10-11: MSP Sales Revolution REGISTER NOW>>
May 24-25: ASCII MSP Success Summit – Boston REGISTER NOW>>
Jun 20-23: Connect IT Global in Las Vegas REGISTER NOW>>
Take Precautions Against Nation-State Cyberattacks Now
Nation-state cybercrime risk has been in the news as an aspect of the Russia-Ukraine conflict as Russia-aligned hackers and hacktivists take action to damage their opponents. But in today’s interconnected world, that damage isn’t limited to government and military targets anymore.
Nation-state cybercrime is everyone’s problem now. Microsoft estimates that 90% of nation-state cybercrime groups regularly attack enterprises, and your organization could easily fall within that number. takig action to ensure that your defenses are ready now will seriously pay off later if you find your organization in their sights.
The fastest and ceapest way to protect your organization is by adopting secure idetty and access management using two factor authentication. It will also add protection against other cyberattacks, giving you a welcome security boost without blowing up your budget.
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!