The Week in Breach News: 06/02/21 – 06/08/21
This week we’re exploring why Cox TV & radio stations went dark because of cybercrime, how third-party danger ensnared New South Wales Health, what happened when nation-state cybercriminals visited New York and how you can notch quick wins by using specialized location and industry data to sell security.
Give your clients the cold, hard facts that tell the tale of exactly how much danger their business is in. GET THIS FREE BOOK>>
United States iConstituent
Exploit: Ransomware
IConstituent: Communications Services
Risk to Business: 1.655= Severe
A major service provider to members of the US House of Representatives is recovering from a ransomware incident that has left Members scrambling. iConstituent provides constituent communications services for House offices including facilitating Member emails and newsletters. The House Chief Administrative Officer (CAO) is coordinating a response with iConstituent, and the CAO has announced that no other House data or systems have been compromised.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Ransomware against service providers has been a hot profit center for cybercriminals and they’re not letting up on potentially vulnerable targets.
ID Agent to the Rescue: Third-party and supply chain risks are growing exponentially. Learn strategies to fight back in our eBook Breaking Up with Third Party and Supply Chain Risk! DOWNLOAD IT>>
United States – Cox Media Group
Exploit: Ransomware
Cox Media Group: TV & Radio Station Operator
Risk to Business: 1.227= Extreme
A number of TV and radio stations around the US went dark briefly after a suspected ransomware attack on parent company Cox Media Group. Stations impacted included News9, WSOC, WSB, WPXI, KOKI, and almost all Cox radio stations. The Cox Media Group owns 57 radio and TV stations across 20 US markets. Internal networks and live streaming capabilities for other Cox media properties, such as web streams and mobile apps, were also impacted in the June 35r event. Service was quickly restored and the event is under investigation.
Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware attacks against strategic targets like this are becoming all too common as ransomware gangs seek to cause maximum buzz for maximum profit.
ID Agent to the Rescue: Find useful data to inform security decisions including our predictions for the biggest risks of 2021 in The Global Year in Breach 2021. READ IT NOW>>
United States – Navistar International Corporation
https://www.reuters.com/technology/us-truck-maker-navistar-says-aware-it-breach-2021-06-07/
Exploit: Ransomware
Navistar International Corporation: Specialty Vehicle Manufacturer
Risk to Business: 2.812= Moderate
Truck manufacturer Navistar International has notified the Securities and Exchange Commission (SEC) that they’ve fallen prey to a ransomware attack. Navistar makes trucks, buses and diesel engines, while its Navistar Defense subsidiary produces several US military vehicles. The company confirmed that there was data exfiltration in the suspected ransomware attack, but no details have been made available regarding the nature of that data.
Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
ID Agent to the Rescue: Secure your data and systems against today’s nastiest threat with Ransomware 101, our most popular eBook, to guide you through how to secure your clients effectively. READ IT>>
United States – New York Metropolitan Transit Authority (M.T.A.)
https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html
Exploit: Nation-State hacking
New York Metropolitan Transit Authority (M.T.A.): Regional Transport Operator
Risk to Business: 2.812= Moderate
Officials at NY M.T.A released information that their system had been the target of a cyberattack by a hacking group believed to have links to the Chinese government. According to the report, nation-state actors penetrated the Metropolitan Transportation Authority’s computer systems in April. The investigation has concluded and NY M.T.A. was able to confirm that no sensitive data or rider data was impacted.
Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
ID Agent to the Rescue: Secure your data and systems against today’s nastiest threat with Ransomware 101, our most popular eBook, to guide you through how to secure your clients effectively. READ IT>>
United States – LineStar Integrity Services
https://www.wired.com/story/linestar-pipeline-ransomware-leak/
Exploit: Ransomware
LineStar Integrity Services: Pipeline Technology Services
Risk to Business: 2.522= Severe
Cybersecurity researchers discovered that pipeline technology provider LineStar Integrity was hit in a ransomware incident at approximately the same time as Colonial Pipeline resulting in 70+GB of company data finding a new home on the dark web. LineStar Integrity Services sells auditing, compliance, maintenance, and technology services to pipeline customers and is based in Houston, TX.
Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident although some sources are reporting that human resources data is in the mix.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Increasing frequency off cyberattacks on service providers show that cybercriminals are taking every chance to strike against linchpins of business services.
ID Agent to the Rescue: Increase the chance of speeding past pitfalls to victory when you boost cyber resilience for every customer using the tips in our eBook The Road to Cyber Resilience. DOWNLOAD IT NOW>
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
United Kingdom – Furniture Village
https://www.theregister.com/2021/06/04/furniture_village_confirms_cyberattack/
Exploit: Hacking
Furniture Village: Home Goods Retailer
Risk to Business: 1.115 = Extreme
UK home goods giant Furniture Village has confirmed that it has been suffering the impact of an unnamed cyberattack. For the past week, the company’s internal systems, as well as some customer-facing systems, have been experiencing outages. The company stated that no data appears to have been stolen. Impacted systems include included delivery systems, phone systems, and payment mechanisms.
Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.
ID Agent to the Rescue: Make sure you’re protecting aging assets with strong security, including strong passwords with our Build Better Passwords eBook. GET IT>>
Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>
Australia – New South Wales Health (NSW Health)
https://www.zdnet.com/article/nsw-health-confirms-data-breached-due-to-accellion-vulnerability/
Exploit: Third-Party Data Breach
New South Wales Health (NSW Health): Regional Healthcare Agency
Risk to Business: 1.616 = Severe
New South Wales Health has confirmed that it is the latest organization impacted by the major cyberattack on the file transfer system owned by medical data services provider Accellion last month. The state entity said that no medical records maintained in public hospitals were affected. The agency has begun notifying people whose data may have been accessed. NSW Health has upgraded its technology to avoid future problems.
Individual Risk: 1.616 = Severe
New South Wales Health disclosed that identity information and health-related personal information were exposed for some patients. The agency is in the process of contacting people who have been impacted.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Attacks on major data processors like this puts many businesses at risk. Cybercriminals are hungry for saleable information and these places are treasure troves.
ID Agent to the Rescue: Are your clients maintaining strong security? The Security Awareness Champion’s Guide shows you how to close vulnerabilities fast! GET IT>>
Don’t let cybercriminals steal your profits! Learn to spot and stop ransomware fast in Ransomware 101. GET IT>>
Japan – Fulifilm
Exploit: Ransomware
Fujifilm: Film & Photo Technology Developer
Risk to Business: 1.922 = Severe
Legendary Japanese film technology company Fujifilm announced that it has been the victim of a ransomware attack that has impacted its operations. The purported ransomware attack led to a network outage that impacted access to email for employees, billings system and a problem reporting system. Experts believe that this attack was carried out with REvil technology. Investigation and recovery have begun and many systems have been fully restored.
Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Business disruptions from ransomware attacks can be costly even if no business or customer data is stolen, and extra costs for recovery can add up.
ID Agent to the Rescue: Fight back against the primary delivery system for ransomware: phishing email. Improved security awareness training can reduce the chance of a cybersecurity incident like this up to 70%! SEE HOW>>
Are you in a bad relationship third-party & supply chain risk? Our eBook can help you break free and live your best life! GET IT NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- 10 More Ransomware Facts That You Need to Know
- Why Single Sign-On is the Unsung Hero of Security
- Are You Safe from Malicious Insider Threats by Remote Workers?
- Phishing with Government Bait Hooks Unwary Employees
- The Week in Breach: 05/19/21 – 05/25/21
Explore the dark web with experts & get a deck of screenshots in Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>
What’s So Special About Zero Trust? Find Out Now!
Everyone’s talking about the benefits of adopting a zero-trust security strategy in today’s volatile cybercrime landscape. How can you capitalize on this opportunity? In this webinar, Amelia Paro of ID Agent and Danny Jenkins of ThreatLocker give you an introduction to zero trust security and show you how to capitalize on the trend. You’ll learn:
- Why zero trust is the big buzzword right now
- The advantages that zero trust brings to the table
- How to use this concept to secure your clients effectively
Listen to the webinar “Zero Trust Exposed” now>>
No Time? No Problem. Build Your Business in 15 Minutes With Our Nano Sessions
Discover new revenue streams and build your business in the time it takes you to have a cup of coffee with the insight you’ll gain from our 15-minute Nano Sessions!
- Show Clients Compromised Employee Credentials – See how to use powerful prospecting tools to quickly impress clients and prospects by producing their compromised credentials in minutes! WATCH IT>>
- Sell and Deliver Security Awareness Training – Notch your next sales win and protect your clients more effectively with essential security awareness training that features phishing resistance! WATCH IT>>
Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>
Are Your Clients Prepared for Unexpected Risk Modifiers?
Cybersecurity isn’t a one size fits all proposition. Every organization has unique needs based on the way that they do business. In addition, those needs can be impacted by the prospect of third party and supply chain risk creating complications that must be addressed. Plus regulations regarding compliance, industry standards, legal requirements, general threat intelligence, workforce makeup and a host of other issues can impact the security calculus for companies. Not to mention the value of your data or potential profitability as a ransomware target. But are you certain that you’re taking every risk factor into account when determining the right way forward? There are also a few unexpected variables that add risk modifiers, presenting security obstacles that businesses need to overcome – and they can with a little expert help.
Is your email domain protected against phishing? Are your customers? Find out now with the Graphus Domain Checker. CHECK NOW>>
INDUSTRY VARIABLES
Every industry is at risk for cybercrime, but some are just a little bit more imperiled than others. A special focus or added stressor on an industry can cause threat to surge and recede fast as cybercriminals look for ways to maximize their profits. For example, risk increased dramatically for drug companies, laboratories, hospitals and other medical targets in turn during the initial COVID-19 pandemic and race for the vaccine. By the end of that road, even cold storage and transport companies had a turn in the spotlight. some industries are simply more likely targets for cybercrime, and that’s something that needs to be a focus for security planning.
Using the Verizon Data Breach Investigations Report, we gathered data on the 10 most common industries to experience a data breach in 2020 and then broke that down by company size to illustrate how industry variables can impact an organization’s cybersecurity needs.
| Industry | Total breaches | 1 – 1000 | 1000+ | unknown |
| Public | 885 | 13 | 30 | 842 |
| Professional | 630 | 76 | 121 | 433 |
| Healthcare | 472 | 32 | 19 | 421 |
| Finance | 467 | 26 | 14 | 427 |
| Information | 381 | 35 | 21 | 325 |
| Education | 344 | 17 | 13 | 314 |
| Mining | 335 | 2 | 3 | 330 |
| Manufacturing | 270 | 13 | 27 | 230 |
| Retail | 165 | 10 | 19 | 136 |
| Entertainment | 109 | 6 | 1 | 102 |
Are you in a bad relationship third-party & supply chain risk? Our eBook can help you break free and live your best life! GET IT NOW>>
LOCATION VARIABLES
Can a company’s geographic location impact its threat landscape? Yes. Geography is especially likely to impact the motivations of potential threat actors whether they’re internal or external. In these scenarios, we focused on malicious threats to organizations (the top non-malicious threat to cybersecurity is eternally human error). Using data drawn from the Verizon Data Breach Investigations Report, we plotted out the variables that can impact cybersecurity for companies including what types of data attackers want the most in three major regions.
APAC
- Incidents Examined: 5,255 incidents, 1,495 with confirmed data disclosure
- Top Threats: Social Engineering, Basic Web Application Attacks and Miscellaneous Errors represent 98% of breaches
- Types of Threat Actors: External (95%), Internal (6%)
- Threat Actor Motives: Financial (96%), Espionage (3%), Fun/Personal (1%)
- Most Commonly Stolen Data: Credentials (96%), Personal (3%), Other (2%), Corporate Secrets (1%)
EMEA
- Incidents Examined: 5,379 incidents, 293 with confirmed data disclosure
- Top Threats: Basic Web Application Attacks, System Intrusion and Social Engineering patterns represent 83% of breaches
- Types of Threat Actors: External (83%), Internal (18%)
- Threat Actor Motives: Financial (89%), Espionage (8%), Fun/Personal (1%), Grudge (1%)
- Most Commonly Stolen Data: Credentials (70%), Corporate/Business Internal (52%), Personal (22%), Other (16%)
North America (US & Canada)
- Incidents Examined: 13,256 incidents, 1,080 with confirmed data disclosure
- Top Threats: Social Engineering, System Intrusion and Basic Web Application Attacks represent 92% of breaches
- Types of Threat Actors: External (82%), Internal (19%), Multiple (2%), Partner (1%)
- Threat Actor Motives: Financial (96%), Espionage (3%), Grudge (2%), Fun/Personal (1%)
- Most Commonly Stolen Data: Credentials (58%), Personal (34%), Other (27%), Internal (11%)
Regional differences have a noticeable impact on the threat landscape in different parts of the world. Social engineering continues to be a leader, emerging as the top general threat category faced by companies in North America, Asia and Australia, but for European firms, social engineering clocks in third and the top threat type is actually web application attacks. In North America and the Asia Pacific region including Australia, 96% of the bad actors involved in data breach incidents are looking for just one thing: money. While that is still the largest motivator for bad actors in Europe, that figure drops to 89%. Interestingly, a grudge against the company is the motive behind 2% of the actions of threat actors in data breaches in North America and Europe, but it doesn’t even make the list in Asia.
As an added bonus, We thought you’d enjoy seeing what the top actions were in all the threats that were in the pool for consideration. It’s not a list that packs great surprises. Every one of these actions packs a punch that can send businesses reeling. There may be more than one action that leads to a breach, a fact reflected in the percentages quoted here. This information is also culled from the Verizon Data Breach Investigations Report.
Top Action Types
- Phishing (social engineering) 40%
- Use of stolen credentials (hacking) 30%
- Ransomware (malware) 30%
- Misconfiguration (error) 20%
- Brute force (hacking) >10%
Want to Borrow Our Sales and Marketing Teams? OK!
Get expert sales and marketing help to power up your MSP in a flash with Powered Services Pro. LEARN MORE>>
Cybercriminals Are Subject to Location Variables Too
Regional threat probabilities aren’t a one-way street. The industry that a business is in can dramatically impact its risk for phishing. In a recent study on the geographic factors in phishing-based cybercrime conducted by Columbia University, researchers were able to pinpoint the most likely locales in which phishing emails originate. The countries that generate a higher volume of phishing emails (more than 1,000 emails in the dataset) are clustered in just a few regions.
However, some countries had a much higher probability of being the birthplace of a phishing message. Email that had a higher probability of phishing originated from these locales (in descending order):
- Lithuania
- Latvia
- Serbia
- Ukraine
- Russia
- Bahamas
- Puerto Rico
- Colombia
- Iran
- Palestine
- Kazakhstan
Very few of the emails that the researchers studied originated in the United States or Canada. The study cited an example that showed that even though 129,369 phishing emails in the dataset were sent from the US, there’s still only a 0.02% probability of receiving a phishing email sent from the US or Canada. The researchers also noted that Great Britain and most of the EU were also unlikely points of origin for phishing messages. Worldwide, most countries had a phishing origin probability of 10% or less. Further illustrating the necessity of security awareness training that emphasizes phishing resistance, an estimated 1 in 99 emails that a business receives are phishing messages.
Learn the Secret of How Cybercriminals Trick Users Into Falling for Phishing Messages! GET EBOOK>>
How Can You Use This Data to Sell More Security?
Data like this is valuable for several reasons. When planning a cybersecurity strategy, this data can help make sure that unique risks like an abundance of social engineering threats delivered via phishing are figured into the equation in order to tailor defensive measures appropriately and allocate funds accurately. This information is useful when considering a security overhaul, an incident response plan or changes to a security stack. It’s also a great way to start conversations around security and the need for security adjustments while making that need relatable and easy to quantify. Plus, having this knowledge at hand is a great way to boost client and prospect confidence in your expertise.
Put Protection in Place That Never Varies for a Strong Universal Defense
The powerful 1 -2 punch of BullPhish ID and Passly is the perfect combo to knock out heightened cyberattack risk and increase cyber resilience to keep systems and data secure and companies functioning in any conditions.
Passly offers the functionality of 3 solutions in one affordable package, including:
- Multifactor authentication (MFA) stops 99% of password-based cybercrime and teamed up with single sign-on (SSO), this dynamic duo provides strong access control.
- Simple remote management and secure shared password vaults make it easy for IT teams to respond quickly in an emergency to isolate a compromised account.
- Automated password resets eliminate the constant wave of reset tickets, saving time, money and stress.
BullPhish ID is the streamlined, user-friendly solution to every training challenge, including:
- A frequently updated library of plug-and-play phishing simulation kits that can be scheduled to run automatically.
- Lots of options for customization and white labeling for everything from training content to access portals.
- Simple, clear reporting that enables everyone to clearly see employee progress and measure the value of training
We’re here to help if you would like to learn more about ways that you can protect your business and your clients from today’s nastiest cybersecurity nightmares. Let’s get together and talk about it: SCHEDULE A CONSULTATION>>
June 9: Master Class: The 3 Ps of Ransomware Preparedness REGISTER NOW>>
Jun 10: Phish & Chips EMEA REGISTER NOW>>
June 10: MSP Mastered® Level 2: Service Desk Management for Continual Improvement REGISTER NOW>>
June 15: Deploy Your Secret Weapon: Security-Savvy Employees REGISTER NOW>>
Jun 16 – 17: ASCII Success Summit REGISTER NOW>>
June 22: See Something Wrong? Do Something Right! REGISTER NOW>>
Jun 22: MSP Gym (North America Edition) REGISTER NOW>>
Learn the strats to beat today’s nastiest cybersecurity mobs in the Security Awareness Champion’s Guide. GET IT>>
Industry & Regional Dangers Can Complicate Your Security
While you’re considering your security needs, are you also considering your unique threats by industry or region? Cybersecurity isn’t a one-size-fits-all proposition in any business. you may face a higher incidence of certain threats depending on your region, as some cybercrime types are more prevalent by locale. In North America, Asia and Australia, social engineering through things like phishing reign as the leading regional cause of danger, but for European firms that factor changes to web application attacks, with social engineering in third place.
The reasons why companies are attacked change by region as well. Malicious insiders and cybercriminals have different motivations for undertaking cyberattacks in different parts of the world, and that can add variables that change your risk calculation. In North America and the Asia Pacific region including Australia, over 96% of the bad actors involved in data breach incidents are in it for the dough. While that is still the largest motivator for bad actors in Europe, that figure drops to 89%.
Considering regional and industry risks is also important when you’re forming relationships with new vendors to determine what level of risk they may be bringing to the table. Unaddressed vulnerabilities in a supplier or service provider’s cybersecurity can have a negative impact n your business too. One great way to mitigate that risk is to add multifactor authentication (MFA) to your credentials to provide extra protection against intrusion with a stolen or compromised credential. An affordable secure identity and access management solution like Passly includes MFA and more tools to help you guard your systems and data from third-party risk.
To make sure that you’re protecting your organization correctly and completely, schedule a cybersecurity tuneup at least once per year. By going over your resources and determining where you may have unexpected vulnerabilities because if regional variances, you’ll increase your company’s cyber resilience making it more able to withstand a dangerous cybersecurity landscape.
Stop phishing from impacting your business by stopping 40% more email from hitting your employees’ inboxes with Graphus. LEARN MORE>>
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.