The Week in Breach News: 08/18/21 – 08/24/21
Fact or Fiction: AT&T had a massive data breach? We’ll bring you the latest in the blog. Plus, a crypto incident raises eyebrows, Tokio Marine runs aground in a data breach, ransomware is in fashion in Brazil and why credential compromise is something everyone needs to take seriously right now.
Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>
AT&T
https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/
Exploit: Hacking
AT&T: Communications Conglomerate
Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.
Individual Impact: ShinyHunters provided what looks like customer information in the sample posted to their announcement, but the full spectrum of the leaked data is unclear.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.
ID Agent to the Rescue: Build a strong defensive bulwark for every client with the information gained from the webinar How to Build Your Cybersecurity Fortress. WATCH NOW>>
ID Agent to the Rescue: As companies become more connected in today’s business landscape, third-party risk is escalating and every business must be ready. Download our ebook on third-party risk. GET THE EBOOK>>
Indiana Department of Health
https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/
Exploit: Misconfiguration
Indiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
Customers Impacted: 750,000
How It Could Affect Your Customers’ Business Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
ID Agent to the Rescue: Developing safe security practices is essential in today’s volatile threat atmosphere. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>
St. Joseph’s/Candler Health System
Exploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
Customers Impacted: 100 million
How It Could Affect Your Customers’ Business It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
ID Agent to the Rescue: What happens when you pay a ransom? Nothing good. See how the cash shakes down and how gangs make their money in Ransomware Exposed!. DOWNLOAD IT>>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
Japan – Liquid
Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Crypto is the currency of cybercrime, so it’s no surprise that cybercriminals would decide to try to strike it rick by robbing what is essentially a crypto bank.
ID Agent to the Rescue: Organizations are safer when everyone is on the cybersecurity team. Let us show you how to expand your menu into security awareness training in just 15 minutes! WATCH NOW>>
Japan – Tokio Marine Holdings
https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/
Exploit: Ransomware
Tokio Marine Holdings: Insurer
Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms
ID Agent to the Rescue Building cyber resilience helps insulate companies from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
Learn to defend castles from cybercriminal invaders in our How to Build Your Cybersecurity Fortress webinar! WATCH NOW>>
Brazil – Lojas Renner
https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/
Exploit: Ransomware
Lojas Renner: Fashion Retailer
Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
ID Agent to the Rescue: Ransomware was the story of the year in 2020, and it’s still the top story in 2021. See how its impact has shaped the future of cybercrime in The Global Year in Breach 2021. READ IT>>
Brazil – National Treasury (Tesouro Nacional Brasil)
https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/
Exploit: Hacking
National Treasury (Tesouro Nacional Brasil): National Government Agency
Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.
ID Agent to the Rescue: Make sure that your clients are crossing the “Ts” and dotting the “Is” to reduce vulnerabilities with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Security Awareness Training Answers the Cost-Cutting Call
- Phishing Has Doubled US & UK Data Breaches (Plus Cyber Insurance Rates)
- Why Are Cloud Breaches Up by More Than a Third?
- Phishing Awareness Training Neglect Comes Back to Haunt Businesses
- The Week in Breach: 08/04/21-08/10/21
Kaseya Patch Tuesday: – Patch notes & bug fixes for August 2021: SEE PATCH INFO>>
Resource Spotlight: Go Inside the Dark Web to Get the Real Story
The dark web is a mysterious place for most people, and that creates inaccurate perceptions of just how much danger a business is in from the dark web every day. These webinars will help you learn more about the dark web and explain the truth about dark web risks to your clients.
Hacker Hotbeds & Malicious Marketplaces Step inside the shady dark web data markets where your client’s data is currency. WATCH THIS WEBINAR
How to Build Your Cyber Security Fortress Mini Guide Are all of your clients’ defenses ready for incursions from the dark web? WATCH THE WEBINAR
Dark Web Credential Compromise Danger is Growing Daily Protect your clients from the consequences of a credential compromised on the dark web WATCH IT NOW>>
Did You Miss…? 4 things that can protect your clients from ransomware disasters. WATCH NOW>
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
Are Your Clients Headed for a Password Disaster?
Passwords are serious business. How serious? The Verizon Data Breach Investigations Report 2021 declares that 80% of data breaches are caused by shared, recycled, insecure, compromised or just plain bad passwords. Plus, a plethora of new online accounts opened by locked-down consumers has brought password reuse into focus. Mix that up with a veritable inundation of new records to the dark web in the last 12 months, and you’ve got the perfect recipe for password calamity – and it’s unfolding all over the cybersecurity landscape.
See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>
Data is Driving the Reason for the Problem in More Ways Than One
Data is currency on the dark web and credentials are solid gold. Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and bad actors didn’t hesitate to grab batches of credentials from all over the world. Cybercriminals snatched them up in about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every IT professional chills.
An abundance of records on the dark web has spawned an abundance of passwords for cybercriminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. This new cache of data is estimated to contain 8.4 billion passwords. In an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cybercriminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.
Dive into a stream of new revenue with The Tools and Techniques for MSPs to Close More New Clients. WATCH NOW>>
More Passwords Means More Password Problems for Everyone
Passwords are becoming increasingly important in all walks of life, creating more risk for businesses as recycling runs rampant. About 300 billion passwords are currently in use by humans and machines worldwide. Of those 300 billion, an estimated 15 billion logins are circulating on the dark web and more are constantly arriving. In just 2020, security professionals have had to contend with the complication of a 429% increase in the number of corporate login details with plaintext passwords that have been exposed on the dark web. In fact, that explosive increase in the rate of credential exposure means that the average organization is now likely to have about 17 sets of login details available on the dark web for malicious actors to enjoy.
Fortune 1000 companies are no better at protecting logins than mom-and-pop shops. Researchers recently discovered a trove of exposed data on the dark web that included passwords for 25.9 million Fortune 1000 business accounts. But the exposure didn’t stop there. They also uncovered an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Altogether, those researchers found 25,927,476 passwords that belong to employees at Fortune 1000 companies hanging out on the dark web. That translates into an estimated 25,927 exposed passwords per company, marking a 12% increase in password leaks from 2020 – and showing very little growth in building better password habits by any company.
No industry is immune to the powerful lure of terrible password habits, especially that perennial favorite password recycling and iteration. In a study of password proclivities, the telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%). Media professionals also frequently used explicit phrases as passwords. Security firms stacked with IT professionals don’t get off the hook any more easily than any other business – a staggering 97% of cybersecurity companies have had their passwords leaked on the dark web.
Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>
Prevent Credential Compromise Disasters Efficiently
It’s absolutely essential that your clients understand the importance of preventing credential compromise and using secure identity and access management in order to keep their systems and data safe. These three easily digested statistics have direct correlations to safety improvements that your clients can make immediately, providing them with a solid, starting point to feel confident about taking decisive action right now.
Multifactor Authentication (MFA) stops 99.9% of password-based cyberattacks
This is by far the most important statistic for customers to remember. MFA stops cybercriminals from using a stolen password, trying credential stuffing, performing an account takeover and myriad other cybersecurity nightmares. Unfortunately, only about 55% of businesses use it.
Passly makes it easy for them to hop right on the train, with deployment in days, not weeks and seamless integration with thousands of business apps. Plus, multiple options for authenticator delivery make it easy for every employee to use anytime, anywhere.
An estimated 60% of passwords that caused a data breach in 2020 were recycled or reused
Recycling, reusing or iterating passwords is almost as bad as making your password “password”. With everyone maintaining an abundance of online accounts these days, chances are high that an employees’ frequently reused password is already available on the dark web.
Dark Web ID keeps watch on the dark web to help businesses avoid credential compromise trouble. That’s especially relevant today, with everyone maintaining more passwords than ever before – an average of 100 per person. Put a guardian that’s on duty 24/7/365 on the job to spot dark web danger before it becomes a disaster.
Security awareness training reducing a company’s chance of a data breach by up to 70%
The improvement starts right away and just keeps building. In a yearlong phishing simulation study, UK researchers discovered that at the beginning of the study, 50% of subjects gave up their password to a phishing message, but after 6 months it dropped to less than 25% and after a year of training, that number was closer to 10%.
BullPhish ID makes it easy for an organization to train everyone using fresh content about the risks that employees face right now delivered in bite-sized pieces with no geek speak. Plus, online quizzes make it a snap for everyone to see the value of training through improved awareness of risks.
Contact the solutions experts at ID Agent today to learn more about how the ID Agent digital risk protection platform can enable you to secure your business and your customers against credential compromise threats.
Explore the dark web with experts & get a deck of screenshots in Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>
Who’s Ready for a Connect IT Sneak Peek?
This year we have an amazing lineup of industry experts who are ready to share their hard-won knowledge with you in transformative workshops that will teach you how to build cyber resilience and keep moving forward to a bright future in any conditions.
Kaseya Security First Workshop Series: In 3 sessions, hone your incident response skills with experts who will walk you through what to do before, during and after a cyberattack occurs – and you’ll walk out of the sessions with a fully-formed incident response strategy.
FIU Cybersecurity Leadership & Strategy (CLS) Workshop: This workshop includes 3 sessions on geopolitics and conflict in cyberspace, threats against global supply chains, ransomware resilience and incident response. Attendees will receive a certificate of completion from Florida International University at no extra charge.
Cybersecurity Management Certification: In this 3-session workshop, Michael Steep, Executive Director, Stanford Engineering Center for Disruptive Technology and Digital Cities, will discuss the current state of cybersecurity, understanding the S.O.A.R. model and its application in cybersecurity.
Connect IT in Las Vegas will be an awesome 3 days of networking, learning, and fun while you get the first look at the innovation you can expect from Kaseya with our CEO Fred Voccola. LEARN MORE AND REGISTER NOW>>
Is your email domain protected against phishing? Are your customers? Find out now with the Graphus Domain Checker. CHECK NOW>>
Aug 26 Phish & Chips: BullPhish ID Demo (EMEA Special) REGISTER NOW>>
Sep 02 Owning the Dark Web: How You Can Take Back Control REGISTER NOW>>
Sep 08: 5 Key Skills to Master When Selling Cybersecurity REGISTER NOW>>
Oct 19 – 22: Connect IT in Las Vegas! REGISTER NOW>>
Are you ready to fight back against cybercrime? See where 2021’s threats are coming from and what’s next. DOWNLOAD THE REPORT>>
Password Danger is No Joke
One of the fastest and easiest ways for cybercriminals to gain access to your business systems and data is to obtain the keys to your kingdom: one of your employees’ passwords. Unfortunately, that’s a circumstance that’s becoming more common than ever before, but not for the reason that you would expect.
Phishing isn’t the culprit here. The Verizon Data Breach Investigations Report 2021 declares that 80% of data breaches are caused by shared, recycled, insecure, compromised or just plain bad passwords. That’s a danger that you can’t overlook, and it’s powered by dark web data.
Billions of passwords are available to cybercriminals on the dark web from all sorts of places. If your employee is using the same password for work as they use for shopping somewhere, there’s a high chance for that password to be floating around on the dark web, waiting to strike at your business when you least expect it.
Making new, complex passwords for every account every time everywhere (preferably protected through password managers and multifactor authentication) is essential for maintaining strong password security. But 82% of workers admitted sometimes reusing the same passwords and credentials, and that puts businesses in danger.
Be proactive about finding and fixing your company’s password problems before they become disasters. Have a dark web search run to find your compromised credentials in minutes with a solution like Dark Web ID to uncover all of your trouble spots. Then keep an eye on future problems with an eye on stolen data that includes even more passwords making its way to the dark web every day.
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.