The Week in Breach News: 07/14/21 – 07/20/21
Guess which ransomware gang is back in the spotlight? Plus two telecom hacks, ransomware derails a UK railway ticketing platform and why you should be worried about increasingly nasty brand impersonation scams.
We know that you’re interested in news about the Kaseya VSA security incident. Please refer to the official Kaseya information page for updates. https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Campbell Conroy & O’Neil, P.C. (Campbell)
Exploit: Ransomware
Campbell Conroy & O’Neil, P.C. (Campbell): Law Firm
Risk to Business: 1.201= Extreme
Campbell Conroy & O’Neil, P.C. (Campbell), a law firm that counts dozens of Fortune 500 and Global 500 companies among its clientele, has disclosed a data breach following a February 2021 ransomware attack. The firm’s client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation. At the time, it was unclear if client data had been stolen, but the investigation has since determined that client data was stolen.
Individual Risk: 1.963= Severe
The crooks made off with data about clients including names, dates of birth, driver’s license numbers, state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data. Usernames and passwords were also snatched. and/or online account credentials (i.e. usernames and passwords).” The firm24 months of free access to credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: This data abiut major companies and powerful business executives is cybercriminal gold and quickly saleable in the busy dark web data markets.
ID Agent to the Rescue: Building a zero-trust framework is a popular and successful planning choice for a reason. Learn more about how it helps mitigate risks like stolen PII. SEE NOW>>
Forefront Dermatology S.C.
https://www.databreachtoday.com/dermatology-clinic-chain-breach-affects-24-million-a-17074
Exploit: Ransomware
Forefront Dermatology S.C.: Medical Network
Risk to Business: 2.216 = Severe
Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a ransomware incident it recently experienced. Cuba ransomware is believed to be the culprit. The incident is the third-largest healthcare breach of 2021 so far. Xperts who spotted the data dump on a darknet site said that it was approximately 47 MB, including more than 130 files with information on the entity’s system and network, with security and backup details, and all their logins for vendor sites.
Risk to Individual: 2.462 = Severe
The company has announced that potentially compromised patient, clinician and employee information includes name, address, date of birth, patient account number, health insurance plan member ID number, medical record number, dates of service, provider names, and/or medical and clinical treatment information.
Customers Impacted: 2.4 million
How it Could Affect Your Customers’ Business Medical data is some of the hottest product to sell in dark web markets, earning cybercriminals a substantial profit and this company a substatial HIPAA fine.
ID Agent to the Rescue: Are you selling and delivering security awareness training to all of your clients? If not, let us show you how to get started in only 15 minutes! WATCH NOW>>
Guess
Exploit: Ransomware
Guess: Fashion Brand
Risk to Business: 2.223=Severe
Fashion brand Guess, known for their salacious 90’s advertising campaigns, was hit with a ransomware attack from an unexpected source: Darkside. Sources are mixed as to whether this is a new operation or an old one just coming to light. Guess would not confirm that the incident occurred, but dark web researchers uncovered 200 GB of data from the fashion brand on a leak site. No consumer financial information was reported as stolen.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Proproetary data about businesses and their products is a hot seller on the dark web, especially if blueprints, formulas or similar information is included.
ID Agent to the Rescue: Learn more about the factors that make it easy for employees to make mistakes and how you can mitigate them for a better staff. SEE THIS WEBINAR>>
Mint Mobile
Exploit: Hacking
Mint Mobile: Mobile Network Carrier
Risk to Business: 1.575 = Severe
California-based Mint Mobile has disclosed a data breach. The company says that an unauthorized person gained access to their data including subscribers’ account information. The miscreants also ported phone numbers to another carrier.
Individual Risk: 1.502 = Severe
Exposed client data may include name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number and subscription features.
Customers Impacted: 40,000
How it Could Affect Your Customers’ Business Hackers are always in the market for fresh data, and this kind of prorietary information is a goldmine for them.
ID Agent to the Rescue: Building a strong security culture is essential. Learn more about how to do it in a webinar full of tips from team-building experts! WATCH WEBINAR>>
Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>
United Kingdom – Northern Railway
Exploit: Ransomware
Northern Trains: Government-Run Transportation Authority
Risk to Business: 1.302 = Extreme
Railway passengers in Northern England got an unpleasant surprise when they discovered that ticket machines on Northern Trains’ network were knocked offline following a ransomware attack. Run by the British government, Northern Trains said no customer or payment data had been compromised, and that customers could still buy tickets online.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cyberattacks againts utilities and quasi-utility infrastructure have been steadily increasing, and businesses in those sectors need to step up their protection to stay safe.
ID Agent to the Rescue Learn more about the economics of an incident like this and how the dollars and cents can rapidly shift to gain perspective on the complexity involved. LEARN MORE>>
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
Ecuador – Corporación Nacional de Telecomunicación (CNT)
Exploit: Hacking
Corporación Nacional de Telecomunicación (CNT): State Run Telecommunications Utility
Risk to Business: 1.919 = Severe
Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal and customer support. This company provides telecommunications services including fixed-line phone service, mobile, satellite TV, and internet connectivity. The attack has shut online payment systems down. RansomEXX is suspected to be the culprit. An investigation and systems restoration is ongoing.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customer satisfaction is bound to be severely impacted by the loss of online payment systems.
ID Agent to the Rescue: Powered Services can help you remind your clients that important things like data security can’t be overlooked with high-quality plug-and-play sales and marketing tools. LEARN HOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Account Creation Blitz Spawns Password Reuse Problems
- 10 More Facts About Passwords That You’ll Want to See
- Companies Are Missing a Piece of the Security Puzzle
- 10 SMB Cybersecurity Statistics That Every Business Owner Needs to See
- Widespread Credential Exposure is the Fallout of the Massive LinkedIn Data Breach
- The Week in Breach: 06/23/21 – 06/29/21
Take a Capsule Course in Dark Web Defense!
Are you ready to take a deep dive into the dark web to gain a better understanding of how it impacts your clients and your business? Gain a large amount of dark web expertise in a small amount of time and wow clients and prospects with your new insight into the dangers that businesses face every day with this capsule course!
The Martial Art of Dark Web Defence: The Basics -This webinar gives you a solid grounding in dark web threats and how to beat them. GET IT >>
Hacker Hotbeds and Malicious Marketplaces – Now step into the shadows to see how the dirty business of cybercrime gets done. GET IT>>
The Nano Sessions: Compromised Credentials – Then finish in 15 minutes and learn one foolproof sales trick that wows clients and prospects. GET IT>>
See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>
Brand Impersonation is Growing Nastier as Cybercriminals Branch Out with New Attacks
One of the most effective and devastating ways that cybercriminals land their hooks on unsuspecting employees is through brand impersonation. It’s become easy for them to create excellent-looking branded messages that seem genuine, making email spoofing, a criticalcomponent of brand impersonation, an especially tricky foe. Businesses are also dealing with an increasing amount of specialty vendors for third party services as well as a growing number of companies in many supply chain, and the top form of B2B communications remains emaail. That leaves scores of opportunities every week for cybercriminals to slip a few lures into the sea of branded email that businesses receive.
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
More Email Gives Cybercriminals More Opportunity
Incoming business email has truly grown into a flood. A 660% increase in the volume of phishing email means that your staffers are seeing more suspicious messages and that is a disaster waiting to happen – and the number one cause of that disaster never changes: human error. Whenever a human being comes into contact with a cybersecurity risk like a suspicious email, there’s a chance that they’ll make a mistake that results in a cybersecurity incident. Unfortunately, more than 40% of office workers in a recent survey admitted that they regularly open suspicious messages to avoid missing something important.
Brand impersonation is a very convincing way to cause a worker to make a non-malicious error. An estimated 45% of companies are failing at security awareness training, leaving them open to threats. Some of the biggest brands that employees encounter in the day-to-day of their jobs are constant brand impersonation and spoofing targets. It doesn’t take much effort for a cybercriminal to clone an email from a legitimate sender and alter the details enough to garner an unsuspecting click. It also doesn’t take much for these malicious messages to make it past most organizations’ email security. In a recent study of risk reduction by Osterman Research
, an estimated 50% of organizations admit that they need to do better with their email security.The risk of an incident caused by brand impersonation phishing is very real for every business but very few have taken precautions against it. In that same survey, researchers discovered that a surprisingly high 48% of the businesses that they surveyed did not have effective security in place to ward off-brand impersonation attacks. Whether the blocker to making improvements is money or simply choosing new technology, that number is far too high. It represents a whole world of trouble for cybercriminals to exploit, and more than 50% of IT teams✎ EditSign say that they are concerned about having enough personnel or the right tools to mitigate it.
Learn the Secret of How Cybercriminals Trick Users Into Falling for Phishing Messages! GET EBOOK>>
Brand Impersonation Messages Are On Trend
Bad actors don’t spare the creativity when choosing lures either, and they’re quick to capitalize on trends if disaster strikes. Recent events like Amazon Prime Day provide cybercriminals with golden opportunities that they’re making the most of. During holiday periods, cybercriminals are quick to capitalize on their victims’ expectation that they’ll get a lot of routine email from a particular brand or vendor, and they don’t tend to read it carefully. This year for Amazon Prime Day in Q2, more than 2,300 new domains were registered about Amazon, primarily intended to serve as landing pages for phishing scams.
Certain brands are always at the top of the list as the subjects of brand impersonation operations. In research just published that quantifies brand impersonation in Q2 2021, perennial favorite Microsoft continued to remain the most imitated brand for phishing attempts in the April-June quarter. An estimated 45% of all brand impersonation phishing attempts were related to Microsoft in Q2 2021, up six points from Q1 2021. Shipping giant DHL clocked in in the number two position as cybercriminals exploit the online shopping trend that grew during the global pandemic.
This list of the most imitated brands of 2020 illustrates the brands that cybercriminals love to exploit.
- Microsoft (45%)
- DHL (18%)
- LinkedIn (6%)
- Amazon (5%)
- Rakuten (4%)
- Ikea (3%)
- Google (2%)
- PayPal (2%)
- Chase (2%)
- Yahoo (1%)
Why Stop at Email?
Cybercriminals aren’t stopping at email either. Just this week, Microsoft published a new blog post on a new and dangerous type of domain spoofing. An adjunct of brand impersonation, domain spoofing is all about the link. In this scenario, the cybercriminals rely on the use of a “homoglyph” or imposter domain to steal credentials and information from the targets. According to Microsoft “These malicious homoglyphs exploit similarities of alphanumeric characters to create deceptive domains to unlawfully impersonate legitimate organizations. For example, a homoglyph domain may utilize characters with shapes that appear identical or very similar to the characters of a legitimate domain, such as the capital letter “O” and the number “0”(e.g. MICROSOFT.COM vs. MICR0S0FT.COM) or an uppercase “I” and a lowercase “l” (e.g. MICROSOFT.COM vs. MlCROSOFT.COM).”
This flavor of brand impersonation has become an increasingly dangerous business email compromise (BEC) threat. The goal of cybercriminals who are phishing with this technique is to trick their victims into handing over credentials, data and even cash. Then bad actors use these fraudulent domains, together with stolen customer credentials, to illegally access and monitor accounts, working to gain access to the target’s network. Once they were in, this attack shifted into more of a traditional BEC, a category of cybercrime that grew by more than 14% in 2020. The cybercriminals imitated employees of the business that they just broke into to start the ball rolling. Then they targeted the trusted networks, vendors, contractors and agents who had business relationships with the stolen account and use that leverage to deceive them into sending or approving fraudulent payments, netting a handsome profit.
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
Lower the Risk of Brand Impersonation Disasters with These Easy, Effective Tools.
BullPhish ID is the ideal security awareness and phishing resistance training solution for businesses of every size. We’ve just updated its features to make it even stronger, including adding new user-friendly training portals and customizable phishing simulation campaign materials to make training painless and effective. SEE THE NEW BULLPHISH ID>>
Protect your company from the dangers of credential compromise with secure identity and access management through Passly. This dynamic solution packs a punch to fight intrusions including multifactor authentication, a tool that Microsoft says stops 99% of password-based cybercrime. SEE IT IN ACTION>>
We’re ready to help you create the perfect menu of security options with the ID Agent Digital Risk Protection Platform. Let’s get started securing your customers and your profits with a 1:1 demo of our solutions.
Is your email domain protected against phishing? Are your customers? Find out now with the Graphus Domain Checker. CHECK NOW>>
July 27 Quarterly Product Update Webinar REGISTER NOW>>
July 29 4 Ways to Safeguard Your Clients from Ransomware Attacks REGISTER NOW>>
Aug 04 4 Ways to Safeguard Your Organization from Dreaded Ransomware Attacks REGISTER NOW>>
Aug 05 The Ultimate MSP Sales Process Blueprint: Automation for the Win REGISTER NOW>>
Aug 17 Right People. Right Tools. Right Levels: Passly Demonstration REGISTER NOW>>
Aug 31 Stuck in a Break-Fix Rut? Overcome the Hurdles of Moving to MRR! REGISTER NOW>>
Don’t Fall for Brand Impersonators
One of the fastest, easiest ways for cybercriminals to trick your employees into falling for their lures is to convince those employees into thinking that they’re someone else. Email is the primary form of B2B communication, opening new vistas of opportunity for bad actors to explore. That trend is sett to continue as email dependence continues to rise.
One trick that cybercriminals are using these days was recently outlined by Microsoft in a blog post. Cybercriminals who are working their fraus through domain spoofing will use homoglyphs, or imposter domains that are so close to a company’s legitimate domain as to make their messages appear authentic. Think replacing “O” with “0” or something similar to make the domain that they’re pointing folks toward seem like the real thing – but it’s a trap.
Almost every major bran has been impacted by brand imersonation. So far in 2021, an estimated 45% of all brand impersonation phishing attempts were related to Microsoft. A good choice for cybercriminals because businesses get many emails regularly from Microsoft’s brands. But it’s a bad shoice for businessessince those messages are likely to be highly believeable to employees.
A great way to reduce your company’s chance of falling viction to a brand impersonation attack is to make sure that you’re keeping security awaresnes training up to date with a solution that teaches employees to spot and stop new threats, like BullPhish ID. Afer all, security-savvy employees are your organization’s best defense against cybercime.
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.