The Week in Breach News: 05/04/22 – 05/10/22
Ransomware sprouts up at a major U.S. agricultural company, insider risk strikes home at IKEA, more trouble for government agencies and what you need to know about the state of phishing right now.
Considering a new dark web monitoring solution? This eBook helps you find the right one for your organization. GET EBOOK>>
AGCO
Exploit: Ransomware
AGCO: Agricultural Machinery Manufacturer
Risk to Business: 1.471 = Extreme
Major U.S. agricultural machinery manufacturer AGCO announced that they have suffered a ransomware attack that is impacting some of the company’s production facilities. A statement from the company provided few details but specified that its operations including production “Will likely be adversely affected for several days and potentially longer.” No group has claimed responsibility or publicized a ransom demand.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
EXTRA: The FBI recently released an alert about elevated ransomware risk in the Food & Agriculture sector.
How It Could Affect Your Customers’ Business: Ransomware gangs love to pounce on industries at critical times. This is a massive problem at the height of spring planting season in the US.
ID Agent to the Rescue: Learn to mitigate your clients’ ransomware risk and protect them from trouble with the resources in our Deep Dive Into Ransomware bundle! GET BUNDLE>>
The State Bar of Georgia
https://therecord.media/state-bar-of-georgia-cyberattack/
Exploit: Hacking
State Bar of Georgia: Professional Organization
Risk to Business: 2.804 = Moderate
The State Bar of Georgia has experienced a cyberattack that crippled the organization’s network, website and email system. Officials say that the attack began last Monday when an unauthorized user was discovered and that the organization’s IT team swung into action quickly to secure the network from further trouble. There was a continued impact on the Bar’s website throughout the week. The incident is under investigation.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business Professional organizations have been on cybercriminal hit lists thanks to the abundant personal and sometimes financial data they tend to hold.
ID Agent to the Rescue: Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>>
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
IKEA
https://dailyhive.com/vancouver/ikea-data-breach
Exploit: Insider Threat
IKEA: Home Goods Retailer
Risk to Business: 2.711 = Moderate
Furniture and home goods giant IKEA announced that it had experienced a data breach in its Canadian operations that impacted an estimated 95,000 customers. The company said that sensitive customer information was mistakenly provided to an employee in an internal search between March 1 and March 3, 2022. No specifics about the compromise data were offered beyond confirmation that no financial or banking information was accessed. IKEA says that it has notified any customers that were impacted by the breach and the Office of the Privacy Commissioner of Canada.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: Internal information security foul-ups by employees like this are embarrassing and potentially expensive mistakes that no company wants to handle.
ID Agent to the Rescue: Help your clients spot and stop internal security threats and sniff out malicious insiders with The Guide to Reducing Insider Risks. GET EBOOK>>
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
Peru – Dirección General de Inteligencia (DIGIMIN)
Exploit: Ransomware
Dirección General de Inteligencia (DIGIMIN): National Government Agency
Risk to Business: 1.316 = Extreme
Conti ransomware is to blame for continued trouble in Peru’s public sector. After crippling several federal departments last week, the group has not snarled operations at Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), electricity manager for the city of Cartago, population 160,000. Officials said that the attack has encrypted the servers used to manage the organization’s website, e-mail, administrative collection systems and more, rendering customers unable to pay for electricity and internet bills.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business An attack of this nature is a major national security threat to Peru with the potential to expose a great deal of sensitive foreign and domestic intelligence data.
ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>
Bulgaria – The Bulgarian State Agency for Refugees Under the Council of Ministers
https://www.itsecuritynews.info/russian-group-attack-on-bulgarian-refugee-agency/
Exploit: Ransomware (Nation-State)
The Bulgarian State Agency for Refugees Under the Council of Ministers: National Government Agency
Risk to Business: 1.811 = Severe
LockBit 2.0, a cybercrime gang known to have strong ties to Russia, announced that it intends to publish data it claims to have stolen in an attack on The Bulgarian State Agency for Refugees Under the Council of Ministers. That agency is experiencing extra stress right now as it oversees the flow of Ukrainian refugees in Bulgaria. The agency’s website is up but warns that some email addresses may not be working. An estimated 230,000 refugees have fled to Bulgaria in the wake of Russia’s invasion of Ukraine.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Although this is not confirmed as a nation-state incident, both “official” and nation-state adjacent threat actors on both sides of this conflict have been active in a flood of invasion-related cyberattacks.
ID Agent to the Rescue Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>
Germany – Sixt
https://www.digit.fyi/sixt-cyber-attack-what-you-need-to-know/
Exploit: Hacking
Sixt: Car Rental Company
Risk to Business: 1.909-Severe
Major car rental company Sixt has suffered IT disruptions at some locations in the wake of a cyberattack. The company says that the attack on April 29 forced them to restrict access to all their internal IT systems, snarling operations for clients and agents. The nature of the attack was not disclosed, and the incident remains under investigation. Sixt rents out cars from over two thousand locations in more than 100 countries.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Incidents like this can spawn customer headaches that do damage to a company’s reputation.
ID Agent to the Rescue Security awareness training reduces the chance of an incident by 70%. Learn to build a program with the How to Build a Security Awareness Training Program eBook. GET IT>>
Russia – Qiwi
https://www.hackread.com/anonymous-nb65-hacki-russia-payment-processor-qiwi/
Exploit: Nation-State (Hacktivism)
Qiwi: Payment Processor
Risk to Business: 2.096 = Severe
Anonymous and its associates continue a cyberattack offensive against Russian businesses and agencies in the wake of Russia’s invasion of Ukraine. This time, Anonymous affiliate Network Battalion (NB65) group claims that it has hacked and deployed ransomware against the Russian payment processing platform Qiwi. NB65 says that it managed to extract 10.5TB of data from Qiwi, including 30 million payment records and the data from 12.5 million credit cards of Qiwi customers. The group has posted a host of examples of the stolen data as proof of the hack, threatening to release 1 million cards worth of data daily. Qiwi denies the event.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business This is the latest in a long string of strikes by Anonymous against Russian and Russia-aligned businesses that shows no signs of stopping.
ID Agent to the Rescue Nation-state cybercrime risk is escalating for businesses in every sector. Learn the basics of nation-state cybercrime and how to protect your clients. GET EBOOK>>
Get a step-by-step guide to building an effective security and phishing awareness training program. GET GUIDE>>
Australia – Naru Police Force
https://www.hackread.com/anonymous-leak-police-emails-australia-offshore-detention/
Exploit: Hacking
Naru Police Force: Law Enforcement Agency
Risk to Business: 2.776 = Moderate
The Anonymous collective released 82GB worth of emails apparently belonging to the Nauru Police Force on May 2 as a protest against the alleged ill-treatment of asylum seekers and refugees carried out by the Naru Police Force on behalf of the Australian government. The total number of leaked emails is reported to be 285,635 and the data is available for direct and torrent download. Anonymous claims that the stolen emails contain details of a cover-up of abuses against prisoners in refugee camps on the island by the Nauru Police Force and the Australian government.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Hacktivisim isn’t only a factor in nation-state cybercrime and could impact all kinds of businesses and institutions.
ID Agent to the Rescue Choose the right dark web monitoring solution for your clients and your MSP with The Dark Web Monitoring Buyer’s Guide for MSPs.
Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.
- 6 Ways Insecure Passwords Can Damage Your Organization
- Training Employees to Resist Ransomware Traps Works
- The Nuts and Bolts of Dark Web Monitoring + How It Stops Insider Threats
- 10 Facts About Nation-State Cybercrime That Impact Businesses
- The Week in Breach News: 04/27/22 – 05/03/22
Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>
Fresh Resources
Check Out These Handy Infographics & Checklists!
Tips for Implementing Zero Trust Security GET IT>>
Are You Doing These 5 Things to Protect Your Clients from Nation-State Cybercrime? GET IT>>
10 Things to Look for As You Shop for a Dark Web Monitoring Solution GET IT>>
6 Tips For Creating A Security Awareness Training Policy GET IT>>
The Computer Security To-Do List GET IT>>
Did you miss… The essential eBook How to Build a Security Awareness Training Program? DOWNLOAD IT>>
Learn to unleash the power of checklists and other downloads in your marketing efforts! WATCH WEBINAR>>
The right dark web monitoring could be the difference between security success or failure. This checklist helps you find it GET IT>>
The State of Phishing in 2022
Help Your Clients Steer Clear of Trouble That Spawns from Today’s Most Prolific Threat
What’s today’s most dangerous and prolific email security threat? If you said phishing, you hit the nail on the head. Phishing is a gateway to many other damaging cyberattacks like ransomware, business email compromise and more, and that risk is growing steadily. A combination of factors from increased email volume to increasing sophistication in threats has made phishing a growing email security nightmare. Through reporting we’ve gathered from phishing simulations as well as security and compliance awareness training using the award-winning BullPhish ID, MSPs can get a look at the lay of the land in email security today as well as what might impact their clients in the future.
Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>
Snapshots of Today’s Email Security Landscape
Phishing has been the reigning champion of data breach risks for three consecutive years, because it’s versatile, cheap for cybercriminals to run and highly effective – CISCO’s 2021 Cybersecurity threat trends report shows that at least one person clicked a phishing link in around 86% of the organizations that they studied. These 2021 trends underpin the business email security picture right now and lay the foundation for the next generation of challenges that organizations will face.
- Business email compromise losses increased 28%
- Ransomware attacks and losses grew over 50%
- Social media-related phishing attacks grew more than 80%
- Brand impersonation and spoofing was 15 times higher in 2021 than in 2020
- Total cybercrime losses increased by almost 50%
High Email and Phishing Volume Have Created More Security Stress
Unfortunately, an increase in email volume is also an increase in the volume of phishing messages that an organization’s email security system has to handle. In 2021, 319.6 billion email messages were sent — up from 306.4 in 2020 — and email volume is expected to jump to 376.4 billion messages in 2022. The snowballing risk and ever-growing challenges that IT teams face when it comes to phishing are clearly reflected in reporting from the U.K. Information Commissioner’s Office (ICO). The agency recorded 150,317 phishing attacks in January 2021. By December 2021, that number had exploded, surging to 4,135,075 — a massive increase of 2,650%.
Insider risk is swamping your clients. Learn to mitigate it quickly & profitably. WATCH WEBINAR>>
The Year in Phishing Simulations with BullPhish ID
By analyzing the results of thousands of phishing resistance training sessions and phishing simulations with BullPhish ID, it’s easy to see that employees are likely to fall for many common phishing tricks, making training to avoid them paramount for a successful defense against phishing.
2021 BullPhish ID Phishing Resistance Training Totals
- Total number of training campaigns created – 81,484
- Total number of phishing simulation emails sent – 2,424,762
- Total number of clicks on phishing simulation emails – 106,670
Top 3 Security Awareness Training Courses of 2021
- Phishing: Introduction to Phishing – 150,163 created trainings
- How to Avoid Phishing Scams – 129,666 created trainings
- Phishing: The Dangers of Malicious Attachments – 100,265 created trainings
Top Phishing Simulation Campaigns That Successfully Drew Employee Interaction
- Office 365 – Suspicious Login – 10879 clicked
- FedEx – Package Delivery – 6535 clicked
- Google Docs – Invitation to Edit – 4492 clicked
Top Phishing Simulation Campaigns That Captured Credentials & Data
- FedEx – Package Delivery – 2056 captures
- Office 365 – Suspicious Login – 1736 captures
- COVID-19: Sharepoint Webinar – 1440 captures
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
Credentials Submitted by Industry
Aerospace & Defense – 105
Business & Professional Services – 1144
Education & Research – 1522
Energy & transportation – 624
US Federal Government – 77
Finance & Insurance – 1239
High-Tech & IT – 3755
Legal – 704
Manufacturing – 1801
Medical & Healthcare – 3504
Media & Entertainment – 172
Hospitality – 341
Non-Profit Organization – 1758
Pharmaceutical – 108
Retail & eCommerce – 1046
Service Provider – 533
State/Local government – 345
Systems Integrator – 36
Wireless & Telecom – 8
Other – 2298
Total Number of Credentials Submitted in Simulations in 2021: 23,353
Learn the secret to making compromised credentials your biggest money maker! WATCH WEBINAR>>
Two Trends to Watch
The only constant in the phishing landscape is just how quickly it can change. Many factors like geopolitical tension, societal trends, world challenges like the global pandemic and more go into brewing up a phishing threat. However, these email security trends point to a few factors that may influence the business security proposition moving forward.
Cybercrime-as-a-Service Makes Phishing and Ransomware Attacks Easy and Cheap
The booming Cybercrime-as-a-Service economy offers cybercriminals a bounty of free or cheap resources on the dark web. As detailed by Microsoft, spear-phishing-for-hire can cost $100 to $1,000 per successful account takeover, and phishing kits sell for as little as $25. Even ransomware kits cost as little as $66 upfront. However, the bad guys can also choose to subcontract cybercrime operations to Ransomware-as-a-Service (RaaS) and Phishing-as-a-Service (PhaaS) specialist groups. This makes it easy for cybercrime gangs to perpetrate more attacks than they could before, ratcheting up risk for businesses.
Record Rates of Discovery for Zero-Day Phishing Attacks
Phishing attacks that have never been seen before are called zero-day attacks. In this scenario, phishing is used by threat actors to exploit undiscovered vulnerabilities in software and applications that are unpatched before the developers have the opportunity to come up with a fix for it (or even know it’s there in some cases). This brings an added complication: once the hacker infiltrates a network this stealthily, they can either attack immediately or wait for the right time to launch an attack. An exploit can remain undiscovered for months and sometimes even years if the hacker discovers it first. Google estimates that 68% of phishing attacks can be classified as zero-day attacks.
Spark profitable security training conversations with clients & prospects by giving them this list of risks. DOWNLOAD IT>>
Train Users to Avoid Phishing with the Top Solution in the Channel
BullPhish ID is the Channel leading phishing simulation for a reason. These features make Bullhish ID the ideal phishing simulator as well as security and compliance awareness training solution for your MSP and your clients.
Customizable: Utilize our plug-and-play kits or customize everything from phishing emails to attachments to videos to reflect industry- or customer-specific threats.
Always Up to Date: New phishing kits and fresh training content are added monthly, ensuring that the user education is always up to date with the latest threats.
Start Generating ROI Fast: Get phishing and training campaigns up and running in minutes and serve more customers with ease with our automated platform and pre-made kits and courses.
Branded For Your Business: White-label every aspect of the end users’ training experience and keep your MSP’s brand front and center with custom URLs and your/your client’s logo in the training portal and emails.
Broad Security & Compliance Course Selection: Conduct effective user training programs with an extensive lineup of engaging, animated training videos available in eight languages and quizzes to measure retention.
See it in action: Charge Into Profit With BullPhish ID Security Awareness Training for MSPs
Join the over 4,000 MSPs who are prospering as an ID Agent partner and you’ll gain access to the best sales enablement program in the business through Kaseya Powered Services.
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
See how security awareness training grows your MRR + get tips for selling it! WATCH NOW>>
May 17: WEBINAR: Cyber Attacks on Small Business: The Good News and the Bad News w/ Dark Cubed REGISTER NOW>>
May 17: WEBINAR: Get #CyberSmart with 5 Simple Steps REGISTER NOW>>
May 19: Channel-Sec: The Security Event for the European IT Channel REGISTER NOW>>
May 24-25: ASCII MSP Success Summit – Boston REGISTER NOW>>
Jun 6-7: ChannelPro SMB Forum 2022 – Southwest REGISTER NOW>>
Jun 6-8: IT Nation Secure 2022 REGISTER NOW>>
Jun 20-23: Connect IT Global in Las Vegas REGISTER NOW>>
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
Are You Ready to Handle a Tidal Wave of Phishing?
Phishing has never been a bigger threat to businesses. It is the gateway by which ransomware, business email compromise, account takeover and other dangerous threats get to organizations in every sector, and that gateway is growing every year.
The amount of phishing that businesses face is astonishing. The U.K. Information Commissioner’s Office (ICO) recorded 150,317 phishing attacks in January 2021. By December 2021, that number had exploded, surging to 4,135,075 — a massive increase of 2,650%.
Protecting your organization from cyberattacks starts with protecting it from phishing. Automated email security is an excellent and affordable choice to get the job done. You’ll also reduce your organization’s chance of falling victim to a phishing attack significantly with the winning combination of security awareness training and phishing simulations you’ll find in a solution like BullPhish ID.
Take action to stop phishing now and protect your organization from trouble today and tomorrow.
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!