The Week in Breach News: 09/01/21 – 09/07/21
Two COVID-19 contact tracing and testing platform breaches show a continuing trend in that area, Fujitsu had data debut on the dark web and a look at how ransomware targets are chosen – is your client next?
Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>
Pacific City Bank
Exploit: Ransomware
Pacific City Bank: Financial Institution
Risk to Business: 1.623 = Severe
Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.
ID Agent to the Rescue: What happens when you pay a ransom? Nothing good. See how the cash shakes down and how gangs make their money in Ransomware Exposed!. DOWNLOAD IT>>
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Practice
Risk to Business: 1.636 = Severe
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.
Individual Risk: 1.866 = Severe
The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.
Customers Impacted: 600,000 patients
How It Could Affect Your Customers’ Business Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.
ID Agent to the Rescue: Developing safe security practices is essential in today’s volatile threat atmosphere. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>
Career Group, Inc.
https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers
Exploit: Ransomware
Career Group, Inc.: Staffing Company
Risk to Business: 1.673=Severe
California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.
Individual Risk: 1.673=Severe
The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.
Customers Impacted: 49,476
How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.
ID Agent to the Rescue: Make the most of opportunities to expand your MSP into security for at-risk sectors by leveraging the four essential elements for MSP success: Great Tech Stack, Culture, People, Processes. LEARN MORE>>
Howard University
https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack
Exploit: Ransomware
Howard University: Institution of Higher Learning
Risk to Business: 1.917 = Severe
Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.
Individual Impact: No information was available at press time about the types of data that was stolen if any.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.
ID Agent to the Rescue: See how to transform employees into security assets to become the real secret weapon that successful organizations deploy to fight cybercrime! WATCH NOW>>
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
France – Francetest
Exploit: Misconfiguration
Francetest: COVID-19 Test & Trace Platform
Risk to Business: 1.721 = Severe
A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.
Individual Risk: 1.761 = Severe
Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.
Customers Impacted: 700,000
How it Could Affect Your Customers’ Business Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
ID Agent to the Rescue Security awareness training doesn’t just boost phishing resistance. It also teaches employees to be mindful of other security blunders with passwords, compliance and more. SEE WHY YOU NEED TO SELL IT>>
France – France-Visas
Exploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Customers’ Business Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.
ID Agent to the Rescue Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
Learn to defend castles from cybercriminal invaders in our How to Build Your Cybersecurity Fortress webinar! WATCH NOW>>
Japan – Fujitsu
https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/
Exploit: Hacking
Fujitsu: Information Technology
Risk to Business: 1.802 = Severe
Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
ID Agent to the Rescue: Over 80% of businesses felt the sting of cybercrime in 2020. See how its impact has shaped the future of cybercrime in The Global Year in Breach 2021. READ IT>>
Indonesia – electronic Health Alert Card
Exploit: Misconfiguration
electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform
Risk to Business: 1.802 = Severe
A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.
Individual Risk: 1.5882 = Severe
The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.
How it Could Affect Your Customers’ Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.
ID Agent to the Rescue: Are each of your customers really ready to survive in today’s volatile risk atmosphere? Find out what they need to improve with the Cybersecurity Risk Protection Checklist. DOWNLOAD IT>>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- 10 Cybersecurity Statistics That Can Help You Prevent a Data Breach
- How to Keep a Company Password Safe & Off the Dark Web
- Security Awareness Training Answers the Cost-Cutting Call
- Phishing Has Doubled US & UK Data Breaches (Plus Cyber Insurance Rates)
- The Week in Breach News: 08/25/21 – 08/31/21
Kaseya Patch Tuesday: – Patch notes & bug fixes for August 2021: SEE PATCH INFO>>
Resource Spotlight: Fight Back Against Dark Web Threats
NEW! Owning the Dark Web
Cybersecurity investigative journalist Geoff White shows you how to be prepared to fight dark web danger, how to spot threats from afar and the steps you can take to help your clients build world-class defenses against dark web threats.
How to Build Your Cybersecurity Fortress Mini Guide
Join ID Agent’s Amelia Paro to learn why dark web self-defense is a crucial skill to develop, how to protect your client’s business from nasty surprise threats and what you can do right now to bolster your client’s (and your MSP’s) protection.
Hacker Hotbeds and Malicious Marketplaces
Take a trip deep into the underbelly of the dark web to learn more about how hackers and other cybercriminals do business. Explore the marketplaces where everything from data to cybercrime-as-a-service is for sale with real dark web screenshots.
Did You Miss…? Our Q3 product update webinar gives you the details of everything going on this quarter. SEE IT>>
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
Does Your Client Check Off Everything on a Ransomware Gang’s Shopping List?
Ransomware risk has been steadily climbing for the last two years. It seems like gangs are targeting any kind of business of any size in any industry. That makes it hard for MSPs to determine which of their clients are most at risk to end up in their sights. Wouldn’t it be great to have a cheat sheet that gives you some insight into makes some businesses more appealing to ransomware gangs than others? New details about exactly what cybercriminals are looking for makes that possible right now.
Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>
Get the Lay of the Land First
First, it’s important to keep some basic facts about today’s ransomware landscape in mind.
- Ransomware attacks increased by 288% between Q1 and Q2 2021
- Year-on-year, ransomware attacks grew by 150% in 2020
- Two in five SMBs were impacted by ransomware in 2020
- Ransomware demands are up by more than 40% in a year-over-year comparison to 2020.
- 61% of organizations worldwide experienced a damaging ransomware incident in 2020.
This frames the picture of why ransomware has become such a superstar. It’s easy for cybercriminals to deploy with a low barrier to entry for cybercrime gangs that are just getting their feet wet. Holiday weekends are a particularly popular time for attacks, as the Cybersecurity & Infrastructure Support Agency (CISA) recently noted in an alert. The epic growth in ransomware attacks is affecting organizations around the world, with 49% of victims with known locations in the last three months based in the United States, followed by 7% in France and 4% in Germany.
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
Who is Behind the Crime Wave and What Are They Using to Do It?
Of course, the big dogs are responsible for most ransomware incidents. In a recently released analysis from NCC Group’s Research Intelligence and Fusion Team (RIFT), researchers noted that 22% of ransomware attacks in their samples taken between April and June 2021 could be attributed to Conti ransomware. Avaddon ransomware was linked to 17% of ransomware events, and the rest could be attributed to a host of smaller operators. Some of the biggest names in the game are also less common attackers that concentrate their might on carefully selected strategic targets, especially gangs with a nation-state bent.
The favored tool of today’s ransomware practitioner is trendy double extortion ransomware. In this style of attack, cybercriminals extort their victims to pay them twice to avoid damage from one successful attack. There are many variations on the theme. Threat actors may demand a fee for a decryption code to unlock a company’s data, then a separate fee to not have the encrypted data copied by the gang. In another variation, cybercriminals copy or steal the victim’s data and threaten to release it publicly to shame the company or damage its business. They then demand two payments from the victim, one to have the data decrypted or deleted and one to keep the attack quiet. Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020.
Are you ready to fight back against cybercrime? See where 2021’s threats are coming from and what’s next. DOWNLOAD THE REPORT>>
How Do They Choose Targets?
New research on exactly who these ransomware gangs are gunning for gives IT professionals a place to start when planning defenses. It shows that threat actors are currently favoring large US firms, but Canadian, Australian, and European targets are also considered. The US was the most popular choice, with almost half of ads looking for access to US companies. Canada (37%), Australia (37%), and European countries (31%) were also contenders. Surprisingly, roughly half of the ransomware operators analyzed were clear about their disinterest in pursuing targets in the government, healthcare or education sectors. Setting revenue thresholds at which a gang is interested in purchasing access to a company is common. A sample ad included revenue qualifications of more than $5 million for US organizations, more than $20 million for European organizations and more than $40 million USD for less developed countries.
Cybercriminals can make handsome profits selling data in the booming dark web data markets. In fact, industries may find themselves in cybercriminals’ sights because of the high desirability of their data. While organizations in every industry are at risk of data theft through ransomware, these three were a little more at risk in 2020 than the rest.
Manufacturing 25%
Professional Services 17%
Government Entities 13%
Organizations located in Asia (33%), North America (30%) and Europe (27%) were the hardest hit by ransomware attacks in 2020 and carry the most risk in 2021.
Dive into a stream of new revenue with The Tools and Techniques for MSPs to Close More New Clients. WATCH NOW>>
What Are They Looking For (and How Much Are They Paying)
Everyone likes making a job easy, even cybercriminals. Ransomware practitioners are looking for a foothold that gives them an easy way to attack. Specifically, a way to burrow into US companies with a minimum revenue of over $100 million. Cybercrime gangs prefer to streamline operations for a ransomware attack by purchasing access, including active or functional employee credentials or the knowledge of a vulnerability in a corporate system. It’s worth noting that they use the term “access” as a catchall to encompass a variety of entry points beyond credentials including SQL injection and web shells to RDP- and VPN- based access. They also have preferred methods of access. Remote Desktop Protocol (RDP) and Virtual Private Network (VPN)-based access is highly desirable, with access to products developed by companies including Citrix, Palo Alto Networks, VMWare, Cisco, and Fortinet considered ideal.
Popular dark web forums are the cybercriminal’s version of LinkedIn. Roughly 40% of listings that researchers viewed were created by players in the Ransomware-as-a-Service (RaaS) space. Gangs offered up to $100 000 for initial access services with most actors setting their top price at a little more than half of that, $56,250. In other ads posted to a popular forum, threat actors were looking for targets specifically in the USA, Canada, Australia, and Great Britain with revenue of $100 million or more. For this access, they were willing to pay $3,000 to $100,000 – and that’s enough to tempt employees, especially in difficult economic circumstances.
Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>
How Can You Protect Your Clients?
This information can give you a better idea of exactly how much danger many of your clients face from ransomware gangs that are hungry for fresh revenue in an expanding market. Protecting your clients from their depredations is critical, and ID Agent can help.
Passly packs essential protection that protects your systems and data from intrusion by cybercriminals with a stolen or phished password including single sign-on (SSO), multifactor authentication (MFA), automated password resets and simple remote management at an affordable price.
BullPhish ID delivers a smooth, painless training experience for trainers and trainees alike. Trainers can run premade simulations or customize their content to reflect their unique industry threats, including video lessons. Then deliver it all through a personalized portal that makes it easy for everyone.
Dark Web ID can help your clients discover employees who may be tempted to sell their access credentials on the dark web to get all that cash. Monitoring 24/7/365 and fast alerts help companies stay a step ahead of malicious insiders.
Contact the solutions experts at ID Agent today to learn more about how the ID Agent digital risk protection platform can enable you to secure your business and your customers against ransomware threats.
Who’s Ready for a Connect IT Sneak Peek?
This year we have an amazing lineup of industry experts who are ready to share their hard-won knowledge with you in transformative workshops that will teach you how to build cyber resilience and keep moving forward to a bright future in any conditions.
Kaseya Security First Workshop Series: In 3 sessions, hone your incident response skills with experts who will walk you through what to do before, during and after a cyberattack occurs – and you’ll walk out of the sessions with a fully-formed incident response strategy.
FIU Cybersecurity Leadership & Strategy (CLS) Workshop: This workshop includes 3 sessions on geopolitics and conflict in cyberspace, threats against global supply chains, ransomware resilience and incident response. Attendees will receive a certificate of completion from Florida International University at no extra charge.
Cybersecurity Management Certification: In this 3-session workshop, Michael Steep, Executive Director, Stanford Engineering Center for Disruptive Technology and Digital Cities, will discuss the current state of cybersecurity, understanding the S.O.A.R. model and its application in cybersecurity.
Connect IT in Las Vegas will be an awesome 3 days of networking, learning, and fun while you get the first look at the innovation you can expect from Kaseya with our CEO Fred Voccola. LEARN MORE AND REGISTER NOW>>
Want to Borrow Our Sales and Marketing Teams? OK!
Get expert sales and marketing help to power up your MSP in a flash with Powered Services Pro. LEARN MORE>>
Sep 08: 5 Key Skills to Master When Selling Cybersecurity REGISTER NOW>>
Sep 09: Connect IT Local: Chicago REGISTER NOW>>
Sep 20: The BLT Cyber Sandwich (EMEA) REGISTER NOW>>
Sep 21: Connect IT Local: Denver REGISTER NOW>>
Sep 21-22: Robin Robins Roadshow: Washington DC REGISTER NOW>>
Sep 22-23: ASCII Success Summit REGISTER NOW>>
Sep 28-29: Robin Robins Road Show: Dallas REGISTER NOW>>
Oct 05: Connect IT Local: San Francisco REGISTER NOW>>
Oct 07: Connect IT Local: Seattle REGISTER NOW>>
Oct 19-22: Connect IT in Las Vegas! REGISTER NOW>>
Oct 21-22 Robin Robins Roadshow Newark REGISTER NOW>>
Oct 27-28: ASCII Success Summit Orlando REGISTER NOW>>
Oct 28-29: Robin Robins Road Show Chicago REGISTER NOW>>
Nov 02-03:Robin Robins Road Show Las Vegas REGISTER NOW>>
Nov 02-03: ASCII Success Summit Washington DC REGISTER NOW>>
Dec 07: Connect IT Local: Atlanta REGISTER NOW>>
Dec 08-09: ASCII Success Summit Anaheim REGISTER NOW>>
Dec 09: Connect IT M&A Symposium Miami REGISTER NOW>>
Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>
How Attractive is Your Business to Ransomware Gangs?
It seems like every other cybersecurity story that you come across these days is talking about another audacious ransomware attack. Ransomware attacks increased by 288% between Q1 and Q2 2021 across the board. But while it may seem like cybercriminals are just targeting everyone, there’s actually a method to the madness, and knowing a little more about that can help you keep your business safe.
Geography matters. Businesses in the US are the most popular choice for cybercriminals, with almost half of ads measured in a popular dark web cybercrime forum looking for access to US companies. Canada (37%), Australia (37%), and European countries (31%) were also contenders. To compare, organizations located in Asia (33%), North America (30%) and Europe (27%) were the hardest hit by ransomware attacks in 2020.
Industry is also an important factor in a company’s likelihood of a ransomware attack. Manufacturers, suppliers and business services companies are hot targets. Cybercriminals love a 2 for 2 bargain, like a successful attack on a small company that can give them an access point that enables them to attack a larger, wealthier corporation.
No matter what industry you’re in, making sure that your business is ready to fight back against a ransomware attack is critical to your future success – 60% of companies that fall victim to a cyberattack go out of business within a year.
The most common delivery system for ransomware is a phishing email. But security awareness training can reduce your company’s chance of experiencing a successful phishing attack by up to 70%.
Choose a solution like BullPhish ID that offers you a wide variety of content options from customized training materials to plug and play phishing campaign kits to make sure you’re getting exactly what you need, and start training your staff to spot and stop threats in order to effectively protect your business from ransomware and other damaging threats. .
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.