The Week in Breach News: 08/04/21 – 08/10/21
Ransomware ventures into capital as a funding firm gets hit in California, a penetration test discovers that hackers have already been there at the University of Kentucky, two huge PII exposures and a snapshot of the 3 threats that are topping the charts so far in 2021.
Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT
Advanced Technology Ventures
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Exploit: Ransomware
Electronic Arts (EA): Video Game Maker
Risk to Business: 1.207 = Extreme
Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, has disclosed that it was hit by a ransomware attack. The cybercriminals were able to steal personal information about the company’s private investors. ATV said it became aware of the attack on July 9 after its servers storing financial information were encrypted by ransomware. By July 26, the company learned that its investor data had been stolen from the servers before the files were encrypted, a hallmark of the “double extortion” tactic used by ransomware groups.
Individual Risk: 1.326 = Extreme
Investor data was accessed by cybercriminals. ATV believes the names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack. Some 300 individuals were affected by the incident
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Ransomware tactics like double and triple extortion allow cybercriminals to score even bigger paydays, making them very popular techniques.
ID Agent to the Rescue: What happens when you pay a ransom? Nothing good. See how the cash shakes down and how gangs make their money in Ransomware Exposed!. DOWNLOAD IT>>
SeniorAdvisor
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/
Exploit: Misconfiguration
SeniorAdvisor: Senior Care Review Site
Risk to Business: 1.663 = Severe
Researchers have discovered a misconfigured Amazon S3 bucket owned by SeniorAdvisor, a site that provides ratings and information for senior care facilities. The bucket in question contained the personal data of more than three million people categorized as “leads”. The team found around 2000 “scrubbed” reviews in the misconfigured bucket, in which the user’s sensitive information was wiped or redacted. In total, it contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.
Risk to Individual: 1.271 = Severe
This exposed bucket was full of data including names, emails, phone numbers and dates contacted for every person designated as a lead, comprising an estimated 3 million consumers.
Customers Impacted: 3 million
How it Could Affect Your Customers’ Business Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
ID Agent to the Rescue: Developing a strong security culture that is savvy about phishing is essential for maintaining security in today’s volatile threat atmosphere. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>
University of Kentucky
https://therecord.media/university-of-kentucky-discovers-data-breach-during-scheduled-pen-test/
Exploit: Hacking
University of Kentucky: Institution of Higher Learning
Risk to Business: 2.223=Severe
In a head-shaking turn of irony, officials at the University of Kentucky discovered that they’d already been breached while conducting a penetration test. The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed as a component of its Open-Source Tools for Instructional Support (OTIS) framework. That program provides free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. University officials said that their investigation discovered that an unknown threat actor accessed the system between January 8, 2021, and February 6, 2021, to gain access to the DDL platform and acquire a copy of its internal database.
Risk to Business: 2.223=Severe
The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals. The university was careful to note that the stolen information included only emails and passwords and no SSNs or financial details were included.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cybercriminals have been increasingly setting their sights on education targets since the onset of the global pandemic, and that trend is not stopping in 2021.
ID Agent to the Rescue: Organizations are safer when everyone is on the cybersecurity team. Let us show you how to expand your menu into security awareness training in just 15 minutes! WATCH NOW>>
Reindeer
Exploit: Misconfiguration
Reindeer: Digital Marketing Firm
Risk to Business: 1.705 = Severe
New York-based digital media advertising and marketing company Reindeer left an unpleasant surprise behind when it closed its doors: an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files for a total of 32 GB of exposed data. The information exposed included about 1,400 profile photos and the details of approximately 306,000 customers in total. Users in 35 countries were represented with the US, Canada, and Great Britain accounting for almost 280,000 of those users. Nothing can be done to secure this data now.
Individual Risk: 1.622 = Severe
PII exposed includes customer names, surnames, email addresses, dates of birth, physical addresses, hashed passwords, and Facebook IDs for an estimated 306,000 customers.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Unexpected risks from sources like zombie accounts are around every corner, so taking that possibility seriously and mitigating risk from nasty surprises is critical.
ID Agent to the Rescue: Help your clients build their cyber resilience to insulate them from these pitfalls. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>
School District No. 73 (SD73, Kamloops-Thompson)
Exploit: Nation-State Hacking
School District No. 73 (SD73, Kamloops-Thompson): Education Provider
Risk to Business: 2.911 = Moderate
School District No. 73 (SD73, Kamloops-Thompson) said it was notified that third-party service provider that it uses for travel and medical insurance provider for its international student program, guard.me, experienced a data breach that potentially exposed student information. Guard.me released a statement about the data security incident that spawned this data exposure, noting that the incident occurred during June 2021.
Risk to Business: 2.936 = Moderate
Student personal information that may be impacted by this incident includes identity information, contact information and other information provided to support submitted claims. impacted individuals are encouraged to visit the Canadian Anti-Fraud Centre for further information about how to protect themselves.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
ID Agent to the Rescue Supply chain risk is a minefield for every business in every industry. Learn how to reduce risk for your clients in our eBook Breaking Up With Third Party and Supply Chain Risk. GET THE BOOK>>
Want to Borrow Our Sales and Marketing Teams? OK!
Get expert sales and marketing help to power up your MSP in a flash with Powered Services Pro. LEARN MORE>>
Italy – ERG
Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Italian energy company ERG reported minimal impact on infrastructure or consumer-facing services following a LockBit 2.0 ransomware incident. ERG is the leading Italian wind power operator and among the top ten onshore operators on the European market, with a growing presence in France, Germany, Poland, Romania, Bulgaria, and the United Kingdom. ERG was purchased by European power giant Enel earlier this week.
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
ID Agent to the Rescue: Ransomware was the story of the year in 2020, and it’s still the top story in 2021. See how its impact has shaped the future of cybercrime in The Global Year in Breach 2021. READ IT>>
Don’t let cybercriminals put the brakes on your client’s race to success. Boost your cyber resilience to keep your engine running in any conditions. LEARN MORE>>
Taiwan – Gigabyte
Exploit: Misconfiguration
Gigabyte: Motherboard Manufacturer
Risk to Business: 1.602 = Severe
Motherboard manufacturer Gigabyte has been hit by the RansomEXX ransomware gang. The Taiwanese company was forced to shut down systems in Taiwan as well as multiple customer and consumer-facing websites of the company, including its support site and portions of the Taiwanese website. RansomEXX threat actors claimed to have stolen 112GB of data during the attack in an announcement on their leak site.
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware operators are savvy to taking advantage of industries that are under stress as has been frequently exemplified in the last year.
ID Agent to the Rescue: Make sure that your clients are crossing the “Ts” and dotting the “Is” to reduce vulnerabilities with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>
Indonesia – OT Group
https://www.channelnewsasia.com/business/orangetee-data-security-breach-real-estate-2096391
Exploit: Hacking
OT Group: Real Estate Holding Company
Risk to Business: 1.632 = Severe
OT Group, a real estate holding company that is part of the OrangeTee & Tie and OrangeTee Advisory family, announced that it had experienced a data breach. The company said it received an email from a third party claiming to have accessed its IT network and reported the incident to the relevant authorities. The incident is under investigation.
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Financial companies, financiers and fintech have been catnip for hackers this year, and they’re seeking any available route to access information that can lead them to a healthy payday from those firms.
ID Agent to the Rescue: Learn how to spot cybersecurity trends, see what’s influencing today’s cybercrime and explore what we think the next big growth areas are for risk with our Global Year in Breach 2021 eBook. DOWNLOAD IT>>
See how to fix staffing problems, fill security gaps and make more money fast with security automation. LEARN MORE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Why Are Cloud Breaches Up by More Than a Third?
- Phishing Awareness Training Neglect Comes Back to Haunt Businesses
- US Federal Agencies Launch a New Resource in the Fight Against Cybercrime
- Account Creation Blitz Spawns Password Reuse Problems
- Widespread Credential Exposure is the Fallout of the Massive LinkedIn Data Breach
- The Week in Breach: 07/28/21-07-08/03/21
Kaseya Patch Tuesday: See the patch notes and bug fixes for July 2021: SEE PATCH INFO>>
Resource Spotlight: Load Up on Fresh Fuel for Your Revenue Engine
The Ultimate MSP Sales Process Blueprint: Automation for the Win – See how security automation will transform your MSP and your profits! WATCH NOW>>
Hacker Hotbeds and Malicious Marketplaces – Tour the dark web to see how stolen data is putting your clients’ security at risk. WATCH IT>>
4 Ways to Safeguard Your Clients from Ransomware Attacks – Learn 4 profitable ways to protect your clients from ransomware. WATCH NOW>>
What’s Going On at ID Agent?
Get the first look at what’s coming from our Q3 innovation cycle in our product update webinar. WATCH IT>>
See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>
3 Big Unexpected Factors That Are Actually Threats to Business Cybersecurity Right Now
From increases in cloud data breaches to surging ransomware risk, the business cybersecurity landscape has been growing more intense since the start of 2021. Chaos spawned by the global pandemic combined with surging nation-state cybercrime and technology evolution has spawned a fast-paced atmosphere that keeps everyone involved in defending public and private organizations from cybercrime on their toes. A new report details the factors that go into creating fresh cybersecurity challenges while shaping the way that cybercrime could progress in 2021 – a prospect that could seriously impact your customer’s business and your bottom line.
The recently released second half of the ISACA State of Cybersecurity 2021 Survey report brings 2021 cyberthreat landscape trends into focus through the lens of examining their impact on internal business IT divisions. The report takes a wide array of data points into account as it draws conclusions including the frequency and type of attacks that respondents faced, impediments to security awareness training initiatives, confidence in cybersecurity teams, pandemic-related damage to security development, nuances related to security operations and reporting structure and cyber resilience.
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
Big Pressures Have Stormed the Threat Landscape
While many of the conclusions that ISACA drew will be familiar to cybersecurity professionals, the behind-the-scenes factors that go into creating them can be overlooked. Industry publications often focus on the impact of outside events and sources like the dark web on boosting risk, but the biggest contributor to a company’s defensive success is rarely found in those places. Internal IT teams and IT management are the foundation of every organization’s security. Big contributors like who is on the security team, how that team works, the team’s dedication to completing regular maintenance, and the state of an organization’s readiness can impact a company’s cyber resilience and make or break a company’s cybersecurity plan quickly.
That’s proving to be a challenge for businesses around the world in every industry. In this year’s report, 35% of respondents reported that their enterprises are experiencing an increase in overall cyberattacks in 2021. That’s three percentage points higher than last year, and 2020 was a record-breaker for cybercrime across the board. No single risk stands out, with a similar number of attacks from familiar sources, however, it is important to note that the top 3 attack types are a good illustration of the rise of nation-state cybercrime.
Most Frequent Attack Types Reported by Respondents
Social Engineering – 14%
Advanced Persistent Threat (APT) – 10%
Ransomware – 9%
Denial of Service – 8%
Misconfiguration – 8%
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
Major Threats Are Coming from Inside the House
Of the five threats listed above, only one seems to come from within an organization’s IT structure. In reality, all five are in some way impacted by internal IT sources like personnel, budgets and corporate pressure. Companies that don’t take their own internal IT structure into account when considering their risk do so at their own peril. Even if a company follows all the recommended best practices for cybersecurity planning, failures to spot and deal with organizational weaknesses or operational challenges puts any defensive strategy in jeopardy. Three major risk factors top the list of concerns that will impact an organization’s ability to handle threats.
Cybersecurity Teams
Staffing troubles are a perennial theme when the conversation turns to cybersecurity teams. In the first installment of the ISACA State of Cybersecurity 2021 Survey, researchers looked at how that stressor impacts IT teams from a hiring perspective. It identified several data points about the direct impact of the hiring struggle on a company’s security. A little over 60% of the survey respondents were understaffed in IT, and 55% had open unfilled positions. Most notably, almost 70% of companies with understaffed IT teams experienced one or more cyberattacks in the last 12 months. In this installment, researchers followed up on that investigation by asking respondents about their confidence in their team.
Everything about the cybersecurity resources that a company has available in times of trouble is important. but nothing is more important than the composition, motivation and skill of a company’s IT team. Whether a business is handling IT in-house, or in a combination of both through an MSP, a dynamic, savvy, well-equipped team is vital for maintaining a strong defense against cyberattacks, especially phishing-based attacks, and stemming the tide of unavoidable risk. While companies are generally short on staff, most companies have faith that the staff that they do have is reliable and skilled. A resounding 77% of respondents were confident in their teams’ ability to detect and respond to threats.
Security Awareness Training
It can be hard to get non-security decision-makers or budget controllers to really understand the importance of security awareness and phishing resistance training. This study definitively shows that security awareness training programs have a deep and lasting impact on a company’s overall security. An astonishing 80% of IT professionals in a recent survey said that their organizations have faced an increase in the number of phishing attacks that they’re combatting in 2021. Unfortunately, more phishing attempts has translated into more phishing attack disasters for many companies. An estimated 74% of respondents in the same survey said that their companies had been successfully phished in the last year.
Many companies fail to consider proven effective strategies like security awareness training an essential countermeasure to security threats like social engineering, making it difficult for cybersecurity teams to get the support that they need and the budget to get things like security awareness training up and running. Almost 80% of the respondents reported a significant positive impact on their company’s ability to defend against cyberattacks because of security awareness training. Even when a company has an expert board member who is overseeing information technology, it still doesn’t mean that cybersecurity will be prioritized – 61% of respondents in organizations with CISOs said that they see a high level of cybersecurity prioritization, but only 47% of respondents in organizations with CIOs said the same thing.
Cyber Resilience
Determining what is important to maintain cyber resilience and explaining that to the brass can be convoluted. It can also depend on exactly who is doing the determining. Cyber risk assessments had more weight in companies with a security-focused board member – 84% of companies with CISOs placed a high value on them versus 78% for companies that had a CIO. That can also be seen in the number of respondents who indicated a noticeable alignment of cybersecurity strategy with organizational objectives, 77% under CISOs versus 68% under CIOs. These study results show that understanding the value of cybersecurity preparation and strategy development, particularly around newer concepts like malicious insider threats from remote workers, can be a tricky proposition even when you’re explaining it to someone tech-savvy.
The report also highlights potential changes that companies have made in the last year in order to shore up their defenses and build their cyber resilience to protect themselves from rising threats like malicious inside actors and surging phishing risk. More than one in three enterprises reported adopting and implementing a new security approach because of unexpected remote work risk and other pressures brought to the forefront by the global pandemic, with 23% opting for a Zero Trust security strategy and 12% choosing a Secure Access Service Edge (SASE) model. Experts are increasingly encouraging companies to move to Zero Trust security as an effective safeguard against future challenges as hybrid and remote security both look like they’re here to stay long-term.
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
There’s Opportunity for MSPs with the Right Solutions
AI, a big contributor to cyber resilience, is also growing in popularity, with one-third of security operations respondents in this survey saying that their organizations have fully deployed AI, a 4% increase over 2020. That leaves a wealth of opportunity for MSPs. By guiding businesses to solutions that offer automation, MSPs can enable businesses with internal IT departments to free the precious few IT security staffers that they do have to do critical work in other areas. Here’s how ID Agent solutions equip MSPs to leverage the power of security automation profitably.
Passly
Automated password resets are a huge quality of life improvement for employees and IT departments alike. Up to 50% of all IT help desk tickets are for password resets, costing large organizations more than $1million every year. An average MSP that serves 1300 users wastes around $9350 each year just managing password reset tickets!
BullPhish ID
Training has immense value, and automation makes it painless. Using plug and play kits, clients can automate their entire security awareness training programs including delivery through a user-friendly portal and online testing t0 measure retention, making it easy to get to the recommended 11 rounds per year that produce optimal security benefits.
DarkWeb ID
Understaffed IT departments do not have time to monitor anything, especially something as vast and complex as the dark web. Unfortunately, that sets businesses up for unwelcome surprises, like a data breach caused by credential compromise, an unfortunate reality for 42% of businesses in 2020. 24/7/365 dark web monitoring with fast alerting and automated reporting eliminates that problem.
Other solutions in the Kaseya family also offer automated features that will help alleviate the burden of IT understaffing and increased risk for your clients while offering you new opportunities for profit. Check out Graphus to see the advantages of automated phishing protection that catches 40% more threats than conventional security or a SEG. Plus, the power and security of truly automated backup for everything from Unitrends can’t be overstated.
The solutions experts at ID Agent are ready to help you choose the right solutions for your MSP and your customers, with smart security automation baked right in. Set up a meeting today and let’s get started.
Explore the dark web with experts & get a deck of screenshots in Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>
Aug 12 How to Build Your Cybersecurity Fortress Mini Guide (EMEA) REGISTER NOW>>
Aug 15-17 XChange+ August 2021(San Antonio, TX) REGISTER NOW>>
Aug 17 Right People. Right Tools. Right Levels: Passly Demonstration REGISTER NOW>>
Aug 18-19 ASCII Success Summit (Raleigh, NC) REGISTER NOW>>
Aug 18-20 Robin Robins Rapid Implementation REGISTER NOW>>
Aug 26 Phish & Chips (EMEA Special) REGISTER NOW>>
Sep 02 Owning the Dark Web: How You Can Take Back Control REGISTER NOW>>
Are you ready to fight back against cybercrime? See where 2021’s threats are coming from and what’s next. DOWNLOAD THE REPORT>>
Businesses Report Increasing Cyberattacks in 2021
2020 was a banner year for cybercrime, and that trend isn’t slowing down in 2021. In a recent survey, more than 35% of businesses reported double-digit increases in cyberattack threats including ransomware and nation-state threats. At the same rate, hiring people with security experience for in-house security is extremely difficult and risks are changing constantly. How can you defend your business effectively?
By turning to the same thing that the big players are using: security automation. Today’s smart tools enable companies to make a lean team more effective in spotting and stopping security threats. In fact, more than 40% of the organizations in IBM’s most recent cyber resilience survey cited security automation as a major factor in their success at improving their cybersecurity posture.
Strengthening your security without a big spend is especially important in an era of burgeoning risk and shrinking budgets. In the same survey, researchers reported that choosing solutions that employ security automation can save more than 80% of the cost of solutions that rely on manual security, welcome news after a year of pandemic-related expense.
Most solutions that include security automation also include other powerful protections against cybercrime. From automated password resets that accompany multifactor authentication and single sign-on in a solution like Passly to automatically delivered security awareness training from a solution like BullPhish ID, today’s strong solutions pack a punch that knocks out cybercrime making security automation a smart choice for every business.
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.