The Week in Breach News: 07/22/21 – 07/27/21
Of course the Tokyo 2020 Games have already been hacked, ransomware at a South African port snarls maritime traffic, local governments feel the cyberattack squeeze and MIST joins the movement to adopt zero-trust security.
We know that you’re interested in news about the Kaseya VSA security incident. Please refer to the official Kaseya information page for updates. https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Florida Department for Economic Opportunity (DEO)
Exploit: Hacking
Florida Department for Economic Opportunity (DEO): State Government Agency
Risk to Business: 2.550 = Severe
Records from more than 58,000 Florida unemployment accounts have been stolen in a data breach. The information was stolen in a suspected malicious insider incident, although details are sketchy. The stolen information was contained in the DEO’s online unemployment benefit system, called CONNECT, and the records stolen fall between April 27 and July 16, 2021. The incident is still under investigation.
Individual Risk: 1.663= Severe
Exposed information includes social security numbers, bank account information and other personal details that users may have stored in CONNECT. The DEO purchased a year’s subscription of LifeLock Identify protector services for all those affected.
Customers Impacted: 58,000
How It Could Affect Your Customers’ Business: Personal data is the cybercriminal’s bread and butter, especially when financial information is involved because it is quickly saleable in the busy dark web data markets.
ID Agent to the Rescue: Building a zero-trust framework is a popular and successful planning choice for a reason. Learn more about how it helps mitigate risks like stolen PII. SEE NOW>>
Yale New Haven Health
Exploit: Third-Party Data Breach
Yale New Haven Health: Medical System
Risk to Business: 1.716 = Severe
Patients at Yale New Haven Health are being warned that their information has been stolen in an incident at a third-party vendor, Elekta. That company facilitates cancer treatments and was the victim of a ransomware attack just a few weeks ago that is rippling out to catch many medical institutions. Yale New Haven Health contends that hackers had no access to patient medical records, and a very small number of customers had financial information stolen.
Risk to Individual: 2.601 = Severe
Officials said that certain demographic information such as names, addresses, phone numbers, emails, Social Security numbers, treatment locations and preferred languages were included in the Elekta databases impacted by the breach. A small group of people may have had their financial information exposed. Anyone with information that could have been exposed will be notified by mail and people who may have had their financial information exposed will be offered complimentary credit monitoring service.
Customers Impacted: 55,000
How it Could Affect Your Customers’ Business Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this company a substantial HIPAA fine.
ID Agent to the Rescue: Are you selling and delivering security awareness training to all of your clients? If not, let us show you how to get started in only 15 minutes! WATCH NOW>>
Mobile County, Alabama
https://www.wkrg.com/news/mobile-county-commission-notifies-employees-of-data-breach/
Exploit: Hacking
Mobile County, Alabama: Local Government
Risk to Business: 2.223=Severe
The Mobile County Commission has officially notified county employees of a computer system breach where employee data and sensitive information were at risk the county has announced that certain computer systems were subject to unauthorized access on May 24, 2021, culminating in employee information at risk. This is a developing situation as the investigation winds down. The county had initially stated that no sensitive information was exposed.
Individual Risk: 2.223=Severe
Mobile County alerted all employees, more than 1,600 people, that their information may have been exposed including Social Security numbers, dates of birth and other sensitive information. Also at risk, health insurance contract numbers for employees subscribed to receive health coverage and routing numbers for employees enrolled in direct deposit with the county.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Even a small amount of data is attractive to data thieves who especially love vital information and financial data.
ID Agent to the Rescue: Learn more about the factors that make it easy for employees to make mistakes and how you can mitigate them for a better staff. SEE THIS WEBINAR>>
Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>
United Kingdom – Guntrader
https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/
Exploit: Hacking
Guntrader: Gun Ownership Management System
Risk to Business: 1.705 = Severe
Hackers hit a website used for buying and selling firearms in the UK making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The SQL database powered both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The Information Commissioner’s Office was informed and an investigation is underway.
Individual Risk: 1.622 = Severe
The database that the hackers scored provided a wealth of information about firearms enthusiasts in the UK including names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords.
Customers Impacted: 111,000
How it Could Affect Your Customers’ Business Hackers are always in the market for fresh data, and this kind of information will net them a hefty profit fast.
ID Agent to the Rescue: Building a strong security culture is essential. Learn more about how to do it in a webinar full of tips from team-building experts! WATCH WEBINAR>>
Greece – Government of Thessaloniki
Exploit: Ransomware
Government of Thessaloniki: Municipal Government
Risk to Business: 1.302 = Extreme
Late last week, cybercriminals struck the government of Thessaloniki, Greece’s second-largest city. The government was forced to shut down online applications and access at all municipal agencies. agencies were shut down over an electronic intrusion. Local officials confirmed that this was indeed a ransomware attack but did not specify the price. The incident is under investigation and services are in the process of being restored.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cyberattacks against municipal governments, infrastructure and utilities have been steadily increasing, and organizations in those sectors need to step up their protection to stay safe.
ID Agent to the Rescue Learn more about the economics of an incident like this and how the dollars and cents can rapidly shift to gain perspective on the complexity involved. LEARN MORE>>
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
South Africa – Transnet
Exploit: Hacking
Transnet: Port Authority
Risk to Business: 1.919 = Severe
A cyberattack at South Africa’s biggest port operator, Transnet, has snarled maritime traffic around the world and left companies waiting for raw materials. The state-owned freight enterprise, comprised of shipping, railways and other logistics, has been forced to halt operations at container terminals in Durban, Ngqura, Port Elizabeth and Cape Town. The company has also placed many employees on leave. Transnet’s Durban port handles 60% of the nation’s shipments, including freight for other African nations. Officials said in a statement: “Transnet, including Transnet Port Terminals, experienced an act of cyberattack, security intrusion and sabotage, which resulted in the disruption of TPT normal processes and functions or the destruction or damage of equipment or information.” some services are back up and running using limited, manual means. This incident remains under investigation.
Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This disruption is a massive blow to industries in Africa and around the world who need the raw materials and freight that Transnet handles.
ID Agent to the Rescue: Enlist your staff into the fight to spot cybercrime before it starts. Encouraging a participatory security culture makes everyone feel like part of the IT team. Learn how to do it. WATCH WEBINAR>>
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
Japan – Tokyo 2020 Olympics
https://www.computerweekly.com/news/252504456/Tokyo-2020-hit-by-data-breach
Exploit: Hacking
Tokyo 2020 Olympics: Sporting Event
Risk to Business: 2.719 = Moderate
Just as the games were kicking off, officials disclosed that the usernames and passwords of Tokyo 2020 Olympic Games ticket holders and event volunteers were leaked online. The stolen credentials could be used to log on to websites for volunteers and ticket holders, compromising personal data such as names, addresses and bank account numbers.
Individual Risk: 2.416 = Moderate
Officials are warning users of the Tokyo 2020 Games website for ticketing to change their usernames and passwords. No total numbers have been given on accounts exposed.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This is hardly a surprise. Cybercriminals will nail every major event, and companies that work with event hosts need to be ready for trouble.
ID Agent to the Rescue: Compromised credentials can come from unexpected places to hurt businesses. Learn how to show your clients their real-time risk in minutes to open doors and close sales. LEARN MORE>>
Go deep into the cybercrime underworld in “Hacker Hotbeds and Malicious Marketplaces” WATCH THIS WEBINAR>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- US Federal Agencies Launch a New Resource in the Fight Against Cybercrime
- Account Creation Blitz Spawns Password Reuse Problems
- 10 More Facts About Passwords That You’ll Want to See
- Companies Are Missing a Piece of the Security Puzzle
- Widespread Credential Exposure is the Fallout of the Massive LinkedIn Data Breach
- The Week in Breach: 06/23/21 – 06/29/21
Kaseya Patch Tuesday, July 2021: Did you remember to patch? See the patch notes and bug fixes for this month: SEE PATCH INFO>>
See Three Infographics Packed with Useful Tips!
5 Thorny Remote & Hybrid Security Problems Solved
Don’t miss this explainer that demystifies 5 complex remote and hybrid security problems with sensible advice. GET IT>>
Cybersecurity Risk Protection Checklist
Are your clients covering all of the bases to stay secure? Find potential vulnerabilities with this checklist. GET IT>>
Special Guest: 3 Reasons Why Graphus Guarantees You A Great Vacation
Don’t worry about phishing attacks while you’re on vacation. See how Graphus has got you covered! GET IT>>
See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>
NIST Joins the Zero-Trust Security Revolution with a New Advisory & Exploratory Panel
They say you can’t trust anyone these days, and they’re right. Zero trust security is in the spotlight after a flurry of federal activity around cybersecurity emerged in the wake of the Colonial Pipeline incident. Federal rules, regulations and advisories are making their way to businesses in diverse industries, and soon to every company that does busienss with teh federal government. It’s importyant to learn more about zero trust security and why it’s the expert choice for mitigating many of today’s security dilemmas. WATCH OUR ZERO TRUST & PII WEBINAR>>
Explore the dark web with experts & get a deck of screenshots in Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>
Why Zero Trust?
Zero trust is a security concept that adds layers of complexity yet creates a stronger overall security framework. The model’s central principle is just like that motto from the X-Files: trust no one. In a zero-trust framework, an organization does not automatically trust or grant blanket permissions to anything inside or outside its perimeters, no matter who the user is, not even an executive’s password. Instead, everyone from the CEO to the marketing intern must verify their identity every time they try to connect anything to their organization’s network or systems before granting access. This extra step is crucial for covering unexpected security gaps.
Many companies have still been using the old castle-and-moat architecture to secure their systems and data, and that’s a fast path to trouble these days. Previously, organizations focused on defending their perimeters while assuming every user and device that already had access didn’t pose a cybercrime threat – automatically clearing those users for access at whatever their set permissions level was with no further confirmation of identity required. This leaves organizations dangerously vulnerable to an array of nasty cyberattacks from credential stuffing to malware if anyone manages to get their hands on a legitimate password.
These days, that’s an incredibly dangerous proposition. An abundance of records on the dark web just keeps growing, adding more passwords and bigger stores of information to the pot that cybercriminals can use to mount credential stuffing attacks and other password-based cyberattacks. Just this year, a massive 100GB text file dubbed RockYou2021 was leaked by an anonymous user on a popular hacker forum. This new cache of data is estimated to contain 8.4 billion passwords, ready to use in cybercrime operations. That’s in addition to the massive quantity already available. Experts estimate that 60% of the data that was already on the dark web at the start of 2020 could harm businesses and approximately 22 billion new records landed in dark web data markets and dumps in 2020, providing further fuel for cybercrime.
The Federal Government is All-In on Zero Trust
As public and congressional pressure mounted to do something about a spate of ransomware attacks against major targets, the federal apparatus started spinning up to enter the fray. President Joseph R. Biden signed a new cybersecurity executive order on May 12, 2021, that calls for the federal government to adopt a zero-trust architecture. The executive order directs the Commerce Department to create cybersecurity standards for companies that sell software services to the federal government, a powerful motivator in the marketplace.
The 34-page document contained many instructions to agencies and contractors, but one stands out: the requirement to adopt multifactor authentication. Under this order, agencies are directed to take a zero-trust approach to user identity and permissions, authenticating users based on behavior rather than just a password or their location. The order also advises agencies to use multiple ways to confirm a user’s identity when they log on or connect to federal agency systems. The goal is to enable federal IT personnel to identify and detect threats in today’s challenging atmosphere through user behavior instead of relying on firewalls to keep hackers out.
The Zero Trust Project
Federal agencies of every stripe have begun implementing cybersecurity projects. The Transportation Security Administration (TSA) under the Department of Homeland Security (DHS) issued a security directive that requires pipeline companies to report cybersecurity incidents to federal authorities quickly. A joint action by the Department of Justice (DOJ) and DHS launched a new One-Stop website designed to help businesses reduce their ransomware risk and report suspected cybercrime to the appropriate authorities at StopRansomware.gov The US Secret Service has even published a Most Wanted Fugitives list featuring 10 suspects wanted in connection with financial cybercrimes.
Now The National Institute of Standards and Technology (NIST) is launching a new initiative, dubbed The Zero Trust Project, to explore how zero trust security functions in different business environments. NIST is partnering with 18 technology companies to demonstrate “zero trust” security architectures as it prepares to draft guidance for how zero trust is to be implemented at federal agencies. The initiative is being led by NIST’s National Cybersecurity Center of Excellence.
The companies that will be working with NIST through the National Cybersecurity Center of Excellence to demonstrate the ways that they have implemented zero trust security include Amazon Web Services, Apple, Cisco Systems, F5 Networks, FireEye, Forescout Technologies, IBM, McAfee, Microsoft, MobileIron, Okta, Palo Alto Networks, PC Matic, Radiant Logic, SailPoint Technologies, Symantec, Tenable and Zscaler. These companies responded to a notice in the Federal Register to signify their interest.
NIST is operating under pressure, faced with a time crunch created by the directive in President Biden’s executive order that federal agencies to develop a plan for zero trust implementation within an aggressive 60-day timeline. The rush is partly spawned by increasing pressure on the federal government to handle nation-state cybercrime threats more aggressively. The agency has said that the 18 companies participating in the zero trust project will provide examples of integrating commercial and open-source products that leverage cybersecurity standards and recommended practices. The goal is for NIST to develop a new publication that outlines the requirements that federal agencies must meet, in a proposed publication, The Cybersecurity Practice Guide, that also meshes with the concepts and tenets documented in NIST SP 800-207, Zero Trust Architecture.
How Can You Start Your Clients (Or Push Them Farther) on the Road to Zero Trust?
Put your clients on the road to zero trust compliance with powerful, affordable secure identity and access management using Passly. The number one thing on the zero-trust list is included with Passly: multifactor authentication. Your clients will also gain a host of other protections that keep intruders away from systems and data.
- Multifactor Authentication (MFA)
- Single Sign On (SSO)
- Secure shared password vaults
- Automated password resets
- An amazing value
- And so much more!
We’re ready to help you shepherd your clients into the zero trust world with Passly, one essential building block in the ID Agent Digital Risk Protection Platform. Don’t roll the dice with password security for another day. Contact our solutions experts and let’s get started!
Is your email domain protected against phishing? Are your customers? Find out now with the Graphus Domain Checker. CHECK NOW>>
July 27 Quarterly Product Update Webinar REGISTER NOW>>
July 29 4 Ways to Safeguard Your Clients from Ransomware Attacks REGISTER NOW>>
Aug 04 4 Ways to Safeguard Your Organization from Dreaded Ransomware Attacks REGISTER NOW>>
Aug 05 The Ultimate MSP Sales Process Blueprint: Automation for the Win REGISTER NOW>>
Aug 17 Right People. Right Tools. Right Levels: Passly Demonstration REGISTER NOW>>
Aug 31 Stuck in a Break-Fix Rut? Overcome the Hurdles of Moving to MRR! REGISTER NOW>>
You Can’t Trust Anyone These Days
Zero trust security has been buzzing around technology news sites as the US government begins an aggressive plan of interventions to counter the danger that today’s cybercrime threats bring to businesses. From White House directives to agency guidance, federal entities are increasingly adopting a zero trust framework. What does that mean for your business?
To start off, if your business does business with the US federal government or a government contractor, you should start moving to a zero trust framework immediately. The executive order in place also directs cybersecurity standards to be applied to service providers and contractors that are in line with zero trust principles. Even if you don’t do business with the federal government, becoming compliant in cybersecurity now will show your clients and partners that you take cybercrime seriously.
The central tenet of the zero trust philosophy is that everyone has o have their identity and permissions vetted every time they connect to an organization’s networks. From the CEO to the marketing intern, no exceptions. This prevents a cybercriminal from phishing or stealing a password that unlocks the doors to your data and systems with no questions asked. especially a highly privileged credential like an administrator password.
The prescription for keeping cybercriminals with stolen credentials out in a zero trust framework is multifactor authentication – and it will soon be a requirement for companies that handle federal business if it already is not. When you choose a secure identity and access management solution for multifactor authentication (MFA), be sure you’re getting the most out of your money by choosing a solution like Passly that offers other essential functions like single sign on, easy remote management and seamless integrations.
By taking your first steps down the road to zero trust security now, you can feel confident that you’re making smart decisions that will protect your business from cybercrime today and tomorrow.
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.