The Week in Breach News: 08/11/21 – 08/17/21
Get the details of the Accenture breach, the story behind the T-Mobile data being shopped on the dark web, ransomware at Chanel & 3 new dangerous, under-the-radar ransomware risks to secure your clients against.
Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>
Accenture
https://threatpost.com/accenture-lockbit-ransomware-attack/168594/
Exploit: Ransomware
Accenture: Consulting Firm
Risk to Business: 1.437 = Extreme
The LockBit ransomware gang has hit consulting giant Accenture. In a post on its dark web announcement site, the gang is offering multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company. The LockBit ransomware gang reports theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. News outlets are reporting that the hack was the result of an insider job.
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Ransomware hits against big service providers are attractive for cybercriminals because they often open up fresh avenues of attack, creating third-party risk.
ID Agent to the Rescue: As companies become more connected in today’s business landscape, third-party risk is escalating and every business must be ready. Download our ebook on third-party risk. GET THE EBOOK>>
Ford Motor Company
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/
Exploit: Misconfiguration
Ford Motor Company: Automobile Manufacturer
Risk to Business: 2.033 = Severe
A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.
Risk to Individual: 2.371 = Severe
The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history and other details.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
ID Agent to the Rescue: Developing a strong security culture that is savvy about phishing is essential for maintaining security in today’s volatile threat atmosphere. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>
T- Mobile
https://gizmodo.com/hacker-claims-to-have-data-on-more-than-100-million-t-m-1847491056
Exploit: Hacking
T-Mobile: Mobile Phone Company
Risk to Business: 1.673=Severe
Hackers are claiming that they’ve obtained data related to more than 100 million US T-Mobile customers in a post on a popular dark web forum. They’re selling access to part of the information for 6 Bitcoin which translates into roughly $277,000. T-Mobile has confirmed the incident after some back-and-forth.
Risk to Business: 1.737=Severe
The data purportedly stolen is records and information for consumers including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.
Customers Impacted: 100 million
How It Could Affect Your Customers’ Business Cybercriminals love personal data, the number one type of data stolen in 2020. Protecting customer data is critical to maintaining good customer relationships.
ID Agent to the Rescue: Organizations are safer when everyone is on the cybersecurity team. Let us show you how to expand your menu into security awareness training in just 15 minutes! WATCH NOW>>
Maine Department of Environmental Protection
Exploit: Ransomware
Maine Department of Environmental Protection: State Government Agency
Risk to Business: 1.825 = Severe
Ransomware attacks endangered operations at two Maine wastewater treatment facilities this week. The attacks occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. Officials were quick to note that the attacks presented no threat to public health and safety, characterizing them as minor. Operations have been restored.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
ID Agent to the Rescue: What happens when you pay a ransom? Nothing good. See how the cash shakes down and how gangs make their money in Ransomware Exposed!. DOWNLOAD IT>>
ID Agent to the Rescue: Help your clients build their cyber resilience to insulate them from these pitfalls. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
France – Chanel
https://www.infosecurity-magazine.com/news/chanel-apologizes-for-data-breach/
Exploit: Ransomware
Chanel: Fashion House
Risk to Business: 2.721 = Moderate
French luxury brand Chanel has issued an apology after personal data belonging to its customers was exposed in an incident that impacted customers in Korea. A database belonging to the famed perfume and fashion brand is believed to have been compromised by hackers in a cyberattack at an unnamed cloud-based data storage firm.
Risk to Business: 2.326 = Moderate
The stolen data includes birth dates, customer names, gender details, passwords, phone numbers and shopping or payment history. The incident is still under investigation and complete details have not been released.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
ID Agent to the Rescue Building cyber resilience helps insulate companies from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
Germany – Crytek Studios
Exploit: Ransomware
Crytek Games: Game Studio
Risk to Business: 1.612 = Severe
German game developer Crytek has just disclosed that the Egregor ransomware gang breached its network in late 2020 obtaining client information, stealing proprietary data and encrypting systems. Files related to online FPS hit WarFace, development data on Crytek’s canceled Arena of Fate MOBA game, and documents with information on their network operations. The company downplayed the impact in a letter to potentially impacted individuals.
Risk to Business: 1.669 = Severe
The customer information exposed included players’ first and last name, job title, company name, email, business address, phone number and country. Impacted players have been sent a notification by mail.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
ID Agent to the Rescue: Ransomware was the story of the year in 2020, and it’s still the top story in 2021. See how its impact has shaped the future of cybercrime in The Global Year in Breach 2021. READ IT>>
Don’t let cybercriminals put the brakes on your client’s race to success. Boost your cyber resilience to keep your engine running in any conditions. LEARN MORE>>
Israel – Bar Ilan University
Exploit: Nation-State Hacking
Bar Ilan University: Institution of Higher Learning
Risk to Business: 1.111 = Severe
A cyberattack that targeted Israel’s Bar Ilan University over the weekend was likely launched by Chinese threat actors as part of a massive attack against Israeli targets in varied sectors. In a report released by FireEye, the incident is categorized as part of a large-scale Chinese attack on Israel, in itself part of a broader campaign that targeted Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Nation-state threat actors frequently use ransomware to strike at their targets because it is cheap and effective.
ID Agent to the Rescue: Make sure that your clients are crossing the “Ts” and dotting the “Is” to reduce vulnerabilities with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Phishing Has Doubled US & UK Data Breaches (Plus Cyber Insurance Rates)
- Why Are Cloud Breaches Up by More Than a Third?
- Phishing Awareness Training Neglect Comes Back to Haunt Businesses
- US Federal Agencies Launch a New Resource in the Fight Against Cybercrime
- The Week in Breach: 08/04/21-08/10/21
NEW THIS WEEK! Kaseya Patch Tuesday: – Patch notes & bug fixes for August 2021: SEE PATCH INFO>>
Resource Spotlight: Ransomware Risk is Rising. Stem the Tide with These Tools
4 Ways to Safeguard Your Clients from Ransomware Attacks
Get the full story of 4 things that you can do now to protect your clients from ransomware disasters.
How to Build Your Cyber Security Fortress Mini Guide
Are all of your clients’ defenses in order when rampaging cybercriminals arrive at your front gate?
Ransomware Exposed!
Get the full story behind sophisticated ransomware attacks and follow the money in this stylish eBook.
Did You Miss…? This webinar featuring real cybercrime stories told by ex-hackers. WATCH IT>>
See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>
Ransomware Risk Escalates as Cybercriminal Profits Climb
Ransomware is the cybersecurity villain of most stories these days for many reasons. The rise of cybercrime as a service has enabled just about anyone to conduct a ransomware attack if they choose. Major gangs have developed sophisticated lures that are very hard for users to deflect. Plus, nation-state threat actors have seemingly declared ransomware as their weapon of choice. But one often-overlooked reason why cybercriminals choose ransomware is the real reason why it’s in fashion: money.
Are you ready to fight back against cybercrime? See where 2021’s threats are coming from and what’s next. DOWNLOAD THE REPORT>>
Ransomware Risk is Ballooning Fast
A recently released report declares that ransomware attacks increased by 64% between August 2020 and July 2021. This is a disaster for every business in every sector. Attacks are hitting major corporations and small businesses alike. Ransomware has been especially devastating in already beleaguered industries like travel and healthcare. Major corporations are definitely targets, with particular emphasis on the business and financial services sector But SMBs have almost the same chance of taking a hit as the big dogs – big business only made up an estimated 50% of all ransomware attacks between August 2020 and July 2021.
Security experts and officials in governments around the world are sounding the alarm and putting resources into play. The UK’s Cybersecurity Chief recently declared ransomware the biggest threat to online security for most people and businesses in the UK. In the US, the federal government has poured resources into the prevention, detection and mitigation of ransomware. A recent joint action by the US Department of Justice (DOJ) and the US Department of Homeland Security (DHS) launched a new One-Stop website designed to help businesses reduce their ransomware risk and report suspected cybercrime to the appropriate authorities at StopRansomware.gov
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
Money is the Biggest Root of Ransomware’s Evil
Not all cybercrime gangs are looking for cash. A percentage of cybercriminals are nation-state threat actors out to damage a rival nation instead of scoring a payday. But for the vast majority of today’s run-of-the-mill cybercriminals, ransomware is their calling card. Ransomware is cheap and easy for even novice cybercriminal gangs to employ. The number of breaches that involved ransomware doubled in 2020 according to the Verizon/Ponemon Institute 2021 Data Breach Investigations Report.
A stunning one in four attacks that IBM Security X-Force Incident Response remediated in 2020 were caused by ransomware, and the cascade of threats hasn’t slowed down in 2020. Worryingly, ransomware risk is still on an upward trajectory with no ceiling in sight. Ransomware danger skyrocketed in the first half of 2021, with an estimated 304.7 million attempted ransomware attacks. That means that every business is firmly in cybercriminals’ sights as a potential target, although some sectors like government, finance and infrastructure have been particularly tormented.
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
Money Makes the World Go Round
Cybercriminals love ransomware because it’s got a stellar risk/reward ratio, and everyone involved in the scheme gets paid handsomely – even a freelancer in a ransomware attack will profit. Major gangs like REvil actively solicit smaller gangs, referred to as affiliates, to do their dirty work. Those affiliates pay on average 20% of their take to the parent gang. They’ll be responsible for running everything about the operation from planning to execution, while the parent gang typically supplies the tech and can assist in obtaining introductions and resources if needed. The affiliates hire freelancers through dark web forums and gather resources from dark web data markets and dumps.
How Much Money Are We Talking About?
- Ransomware demands are up by more than 40% in 2021
- On average, social engineering attacks cost $130,000
- The average ransomware payment in the third quarter of 2020 was $233,817
- The cost of ransomware incidents worldwide is expected exceed $265 billion by 2031.
- Pricing for cyber insurance is up by 56% in the US and 35% in the UK.
Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>
More Money Really Does Mean More Problems
As one example of the profitability of ransomware, the Colonial Pipeline incident offers solid dollars-and-cents data. In that attack, the DarkSide ransomware gang scored a payday estimated at $5 million (A big chunk of that money was recovered by the US authorities). In addition to that incident, researchers estimate that DarkSide compromised more than 40 victim organizations and demanded between $200,000 and $2 million in ransoms between its emergence in August 2020 and purported shutdown in May of 2021. CISA contends that attacks like this have jumped more than a 300% over the previous year. Sophisticated gangs are always on the hunt for vulnerabilities or opportunities that will allow them to strike at other high-value targets.
Attackers are becoming much savvier about their targeting too, making attacks even more cost-effective. Researchers determined that precisely targeted ransomware has grown by an eye-popping 767%, easily dwarfing all other types. By seeking out easy marks, they ensure maximum profitability and get paid quickly. Many infrastructure targets have historically bad security. In fact, the wastewater treatment plant incident in Maine that we reported on this week was the result of a ransomware infection that started in a computer running Windows 7. The state authority involved noted that upgrading water treatment plant systems and security to solve that problem wasn’t within its budget, citing a cost of $100K. Similar stories abound, like a recent attack on the city government of Joplin, MI that netted cybercriminals a cool $323,00 in ransom money.
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
Help Your Customers Batten Down the Hatches Now
Experiencing a ransomware attack is no longer a distant possibility for the average SMB. Two in five SMBs found themselves on the hook in ransomware incidents in 2020, and with risk rapidly escalating that number won’t be sinking any time soon. While you cannot eliminate the chance that your clients may fall prey to a ransomware attack, the ID Agent digital risk protection platform offers solves security problems, offering you the right tools to boost security and decrease risk for every customer.
Passly packs essential protection that protects your systems and data from intrusion by cybercriminals with a stolen or phished password including single sign-on (SSO), multifactor authentication (MFA), automated password resets and simple remote management at an affordable price.
BullPhish ID delivers a smooth, painless security awareness training experience for trainers and trainees alike. Trainers can run premade simulations or customize the lessons that they choose to reflect their unique industry threats, including video lessons. Then deliver it all through a personalized portal that makes it easy for everyone.
Dark Web ID keeps a crucial eye on the backdoor to ensure that cybercriminals can’t easily slip into your client’s environment to plant ransomware using a compromised password by monitoring every nasty corner of the dark web for that company’s protected credentials 24/7/365.
Contact the solutions experts at ID Agent today to learn more about how the ID Agent digital risk protection platform can enable you to secure your business and your customers against ransomware threats.
Explore the dark web with experts & get a deck of screenshots in Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>
Aug 19: Tools and Techniques for MSPs to Close More New Clients REGISTER NOW>>
Aug 24: 4 Essential Elements for a Dominant, Security-Focused MSP REGISTER NOW>>
Aug 26 Phish & Chips: BullPhish ID Demo (EMEA Special) REGISTER NOW>>
Sep 02 Owning the Dark Web: How You Can Take Back Control REGISTER NOW>>
Are you ready to fight back against cybercrime? See where 2021’s threats are coming from and what’s next. DOWNLOAD THE REPORT>>
Ransomware Will Cost You a Fortune
Ransomware is the monster under the bed in cybersecurity today. It’s quickly become every cybercriminal’s favorite weapon from nation-state threat actors to dark web freelancers. Why? It’s very profitable. Ransomware demands are up by more than 40% in 2021 as cybercrime rates continue to climb.
In a ransomware operation, everyone gets paid. well. The major gangs that you hear about on the news outsource just like any other company, hiring freelancers known as affiliates to do the actual work while collecting on average 20% of the profits. That can be substantial. By the end of2020, the average ransomware payment in was $233,817
Every business is at risk no matter what the size or industry may be. Hospitals and medical targets were especially beleaguered in 2020 but no one was spared. Small and medium businesses have almost the same chance of taking a hit as the big dogs – big businesses only made up an estimated 50% of all ransomware attacks between August 2020 and July 2021.
There’s no ceiling in sight for this ever-growing menace. The smartest thing any business can do in this dangerous environment is to take precautions now against potential attacks. Security awareness training with a solution like BullPhish ID is a powerful weapon against cybercrime, reducing your chance of an incident by up to 70%. Get started today and start reaping the benefits immediately while strengthening your defenses for the future.
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.