The Week in Breach News: 06/23/21 – 06/29/21
This week the cybercrime gangs were busy! Nobelium, the gang behind the SolarWinds hack, is giving Microsoft and others a world of trouble with unexpected attacks. REvil scores medical data, a new ransomware gang debuts with a hit on Altus Group and how to defend against complex threats with simple security moves.
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
Mercedes Benz USA
Exploit: Third Party Risk
Mercedes Benz USA: Carmaker
Risk to Business: 1.611= Severe
Mercedes-Benz USA has disclosed a data breach impacting some of its US customers. The data breach exposed PII of under 1,000 Mercedes-Benz customers and potential buyers. This breach was announced after a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.
Individual Risk: 1.802= Severe
According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017. The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers and dates of birth.
Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.
Customers Impacted: 1,000
How It Could Affect Your Customers’ Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
ID Agent to the Rescue: Third-party and supply chain risk growing exponentially. Learn strategies to fight back in our eBook Breaking Up with Third-Party and Supply Chain Risk! DOWNLOAD IT>>
Washington Suburban Sanitary Commission (WSSC)
https://baltimore.cbslocal.com/2021/06/27/wssc-water-investigating-ransomware-attack/
Exploit: Ransomware
Washington Suburban Sanitary Commission (WSSC): Utility
Risk to Business: 2.116 = Severe
Washington Suburban Sanitary Commission (WSSC) has disclosed a ransomware attack that impacted some of its systems. The utility noted that the incident impacted a portion of their network that operates non-essential business systems. The company has admitted that cybercriminals were able to gain access to internal files but no more information has been provided. The incident is still under investigation. WSSC is the utility that provides water and sewer services to the Washington, DC metropolitan area.
Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware attacks against strategic targets like utilities and infrastructure targets as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.
ID Agent to the Rescue: NEW! Go behind the scenes of ransomware to see who gets attacked, who gets paid and what’s next on the hit list in Ransomware Exposed! DOWNLOAD NOW>>
DreamHost
https://www.infosecurity-magazine.com/news/cloud-database-exposes-800m/
Exploit: Unsecured Database
DreamHost: WordPress Hosting Service
Risk to Business: 1.823=Severe
A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business There’s no excuse for making basic security blunders, and clients may be less likely to want to work with those who do. A strong security culture prevents these blunders from happening.
ID Agent to the Rescue: Building a strong security culture is vital to maintaining a high level of security. The Security Awareness Champion’s Guide shows you how to make good security choices and avoid trouble. GET IT>>
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
Altus Group
Exploit: Ransomware
Altus Group: Real Estate Software
Risk to Business: 1.775 = Severe
Altus Group, a commercial real estate software solutions company, has announced that its data was breached. The company initially said that no data was stolen, a new ransomware group begs to differ. New cybercrime gang Hive has published samples of data allegedly stolen from Altus Group on its new dark website. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. No ransom amount has been confirmed and the incident is under investigation.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business In this economy, ransomware groups are only going to keep cropping up and that means your clients are facing new danger every day.
ID Agent to the Rescue: Make sure you’re protecting the access points to your clients’ assets with strong security, including strong passwords with our Build Better Passwords eBook. GET IT>>
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
United Kingdom – French Connection UK (FCUK)
Exploit: Ransomware
French Connection UK (FCUK): Clothing Brand
Risk to Business: 2.351= Severe
United Kingdom-based clothing company French Connection UK has been hit by a major cybercrime gang: REvil. The ransomware gang was able to get away with a plethora of internal company data after taking control of the company’s back-end servers. The type of data has not been specified, but both business and employee data is at risk.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware is everywhere these days and every business is at risk. Companies in every industry of every size are in cybercriminals’ sights as they hunt for big paydays.
ID Agent to the Rescue: Are you ready for the next risk? Find useful data to inform security decisions including our predictions for the biggest risks of 2021 in The Global Year in Breach 2021. READ IT NOW>>
Sweden – InfoSolutions
https://cybernews.com/news/swedish-covid-19-lab-with-millions-of-test-results-breached/
Exploit: Hacking
InfoSolutions: Medical IT Solutions
Risk to Business: 1.661 = Severe
InfoSolutions, a company that provides IT services to Swedish Public Health Agency including maintaining journals and COVID-19 databases in Sweden, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions. The company says that there is no indication that any information has been passed on and that the databases were locked quickly. The internal investigation is ongoing.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Medical data is catnip for hackers because it’s worth its weight in gold in dark web data markets, and healthcare targets worldwide have been under siege throughout the pandemic.
ID Agent to the Rescue: Increase the chance of speeding past pitfalls to victory when you boost cyber resilience for every customer using the tips in our eBook The Road to Cyber Resilience. DOWNLOAD IT NOW>
Third party and supply chain risk are a menace to every business. Learn how to detect and mitigate it fast. GET THIS BOOK >>
Brazil – Grupo Fleury
Exploit: Ransomware
Grupo Fleury: Medical Diagnostics Laboratory
Risk to Business: 1.702 = Severe
REvil had a busy week. They also struck medical services company Grupo Fleury, Brazil’s largest laboratory operator. The REvil gang is demanding $5 million to receive a decryptor and not leak allegedly stolen files, and it has published a sample according to its usual protocol. Grupo Fleury’s data could potentially contain enormous amounts of personal and medical data of patients, but no specifics of what was stolen have been made available.
Individual Impact: No sensitive personal or financial information has been confirmed as stolen in this incident but it is highly likely that will be the case as the incident progresses..
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing and ransomware are today’s cybercriminal’s favorite tools to get the job done, and no matter how big or small, no organization is safe.
ID Agent to the Rescue: Are all of your clients dotting all the “I”s and crossing the “T”s to avoid risk? Use our Cybersecurity Risk Protection Checklist to make sure. DOWNLOAD IT>>
Don’t let cyberattacks wreck your 2022! Start your journey on The Road to Cyber Resilience now! DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- How Often Should Businesses Run Cybersecurity Awareness Training?
- What Happens if You Pay the Ransom?
- RockYou2021 Password Leak Supercharges Dark Web Danger
- 10 More Ransomware Facts That You Need to Know
- Why Single Sign-On is the Unsung Hero of Security
- The Week in Breach: 06/09/21 – 06/15/21
Explore the dark web with experts & get a deck of screenshots in Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>
NEW! See Something Wrong, Do Something Right
In today’s world, it can seem like cybercrime threats are coming at your business from every side. But you don’t need to expand your headcount to stay secure– you need to add everyone on staff to your cybersecurity team. In the webinar See Something Wrong? Do Something Right: Make Your Employees the Frontline of Defense with BullPhish ID, you’ll learn:
- How you can reduce your risk of a cyberattack by up to 70%
- Why security awareness training is your secret weapon against cybercrime
- What you can do to increase your employees’ skill in spotting and stopping cyberattacks
Catch Our Wave of New Content This Summer!
5 Thorny Remote & Hybrid Security Problems Solved
This new infographic delivers 5 remote security challenges and 5 smart solutions DOWNLOAD IT NOW>>
Deploy Your Secret Weapon to Beat Cybercrime
Social engineering expert Lisa Forte shows you how to build a strong security culture. WATCH IT NOW>>
Get the True Story of Ransomware
See how the money flows from ransomware in our hit eBook Ransomware Exposed! DOWNLOAD IT NOW>>
Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>
Nobelium Just Keeps Coming in New Strikes Against Microsoft & Others
Cybercrime gang Nobelium, famous for previous attacks against SolarWinds and Microsoft, went back to take another strike at the software company using some unexpected tools. Microsoft said on Friday that an attacker, reported to be the Russia-aligned cybercrime group Nobelium, had slipped into its inner circle through a familiar path. The threat actors were then able to parlay the information from that success into gold, allowing them to launch hacking attempts against several Microsoft customers. On its blog, the company reported that Nobellium was using some techniques that aren’t typically on the top of the nation-state cybercriminal playbook – password spraying and brute-force attacks.
Microsoft detailed the attacks in a blog post on June 25, 2021. The tech giant reported that the nation-state threat actors targeted specific customers that Microsoft supplied with software. They delineated the victim pool for this round of nation-state threats as primarily IT companies (57%), followed by government entities (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services. The activity was largely focused on US interests, about 45%, followed by 10% in the UK and smaller numbers from Germany and Canada. In all, 36 countries were targeted and Microsoft has discovered three compromised entities that were their customers to date among the targets.
After inquiries from the press, Microsoft divulged that the Nobelium threat actors obtained entry into Microsoft’s systems through the computer of an infected customer service agent. Through that compromised computer, Nobelium was able to gain entry into important data about Microsoft customers including access to sensitive client data like billing information and the specific services that each customer was using. Other customer account data may also have been compromised. Microsoft sent out warnings to potentially impacted customers, warning them to be cautious about communications to their billing contacts that could be cybercrime-related. They also warned clients that they should consider changing the credentials, usernames and email addresses related to those accounts, as well as barring old usernames from logging in.
See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>
Everyone Faces the Same Hazards
That’s familiar-sounding advice. No matter how big or small a company is, the same little things can create big problems. Like compromised credentials. An estimated 60% of the information that was on the pre-pandemic dark web could be damaging to businesses and 22 billion new records were added in 2020. That stock of stolen credentials just received a big boost from what experts are calling the largest credential file to ever hit the dark web at once in the RockYou2021 password leak. This is one major reason why old usernames and passwords are bound to be problematic, and zombie accounts are a risk to every business. If companies aren’t using dark web monitoring, they may not know about the danger that they’re in from these ghosts of the past.
Another pitfall that businesses may not be considering is the danger that they face from the less glamorous types of cyberattacks like password spraying and brute-force attacks. While those threats aren’t likely to make headlines, they aren’t as uncommon a major factor in data breaches as they may think. In the 2021 Verizon Data Breach Investigations Report, researchers estimated that 60% of data breaches involve stolen or lost credentials and employ brute force attacks. Almost a quarter of breaches last year were done through credential stuffing- with 95% of them getting hit with between 637 and 3.3 billion credentials in order to force entry. Password-based attacks can be nearly eliminated through the addition of multifactor authentication to a company’s security toolbox – yet more than 50% of companies aren’t using it.
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
Add the Right Protections to Keep Your Clients Safe from Unexpected Trouble
Passly gives you the robust functionality of multiple solution in one affordable package including:
- Multifactor Authentication – Your secret weapon against credential compromise, MFA prevents 99% of password-related cybercrime without IT teams having to lift a finger.
- Single Sign-On – The unsung hero of security gives IT teams an edge when securing access points as well as a powerful tool against intrusion by allowing them to isolate compromised user accounts fast.
- Automated Password Resets – Why waste time on a sea of password reset requests? Everyone benefits by eliminating that chore with automated password resetting that’s always on the job.
- Fast, Seamless Integration and Management – Get everything protected immediately with deployment in days, not weeks, and seamless integration with over 1,000 apps that can be easily managed remotely.
Dark Web ID is essential for spotting and stopping dark web threats.
- Live Data Search and Company Profile enables you to wow customers by finding every one of their compromised credentials in minutes
- Deliver peace of mind with 24/7/365 human and machine-powered monitoring with fast alerts
- Choose from SaaS or API options and enjoy seamless out-of-the-box integrations with PSA platforms, including Kaseya BMS, Autotask, ConnectWise and more.
It pays to put strong protections in place immediately before an expensive cybercrime disaster comes knocking on your door like it did for 80% of other businesses in 2020 – especially one that can be easily prevented. Contact our solutions experts today for a customized demo of our digital risk protection platform and the benefits that a partnership with ID Agent offers for your MSP.
July 2: Martial Art of Dark Web Self Defence – The Basics REGISTER NOW>>
July 7: Owning the Dark Web: How You Can Take Back Control REGISTER NOW>>
July 13: Right People. Right Tools. Right Levels: A Passly Demo REGISTER NOW>>
July 14: Now or Never! Why 2021 Is the Last Chance to Shift to MRR REGISTER NOW>>
Simple Protection Can Defeat Complex Cyberattacks
You may think that stopping complex cyberattacks by sophisticated gangs requires deploying complicated (and expensive) solutions. But that’s not always the case. It’s totally possible to protect your business from some of today’s most devastating cyberattacks without breaking the bank. In fact, you only need to use one resource to do it – yet an estimated 50% of businesses aren’t using it.
That magic tool is multifactor authentication (MFA). Microsoft has noted that multifactor authentication alone can stop up to 99% of password-based cyberattacks cold. That includes potentially damaging attacks like password-spraying, brute force hacking, systems intrusion and more – even malware like ransomware. MFA can also give you an edge against the impact of a phishing incident by making that phished password useless automatically.
MFA is an important part of secure identity and access management, a security category that empowers businesses to control who has access to what quickly and easily. It makes it simple for comianies to make sure that the right people have access to the right things – and only the right people. Keeping your data in and cybercriminals out.
Talk to your MSP about adding MFA to your security plan with an affordable, dynamic secure identity and access management solution like Passly and deploy this powerful weapon to secure your business.
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.