The Week in Breach News: 09/08/21 – 09/14/21
Hackers snatched the PII of over 7 million people in the biggest breach in Israeli history, a UN credential compromise incident leads to more trouble & just when you thought COVID-19 threats were gone, they’re back.
Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>
United Nations
https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/
Exploit: Credential Compromise
United Nations: Global Intergovernmental Organization
Risk to Business: 1.623 = Severe
Hackers have broken into the computer network of the United Nations and made off with data. The unidentified cybercriminals responsible for the hit appear to have gained access using employee login credentials stolen from a UN employee. Reports say that the bad actors logged into the employee’s Umoja account, the enterprise resource planning system implemented by the UN in 2015. This intrusion took place over an extended period of time. Investigators determined that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.
Individual Impact: No information was available at press time to clarify what type of data was stolen.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: This is a big target that regularly handles and sensitive data. The fact that it took several months to detect an intrusion is worrying.
ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
Texas Right to Life
https://techcrunch.com/2021/09/07/texas-right-to-life-website-exposed-job-applicants-resumes/
Exploit: Misconfiguration
DuPage Medical Group: Healthcare Practice
Risk to Business: 2.636 = Moderate
Anti-choice political action group Texas Right to Life is in hot water after it exposed the personal information of hundreds of job applicants on its website. Investigators have blamed a configuration error that allowed anyone to access all applicants’ resumes, which were stored in an unprotected directory. No additional information appears to have been exposed.
Individual Risk: 2.712 = Moderate
Job applicants had names, phone numbers, addresses and details of their employment history exposed, as the data included complete resumes for approximately 300 people..
Customers Impacted: 300 job applicants
How It Could Affect Your Customers’ Business Sloppy setups are responsible for too any data breaches. Establishing a strong cybersecurity culture combats this problem.
ID Agent to the Rescue: Gamify cybersecurity and information safety to make it interesting. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>
Dotty’s
Exploit: Ransomware
Dotty’s: Fast Food Restaurant and Gambling Parlor Chain
Risk to Business: 1.673=Severe
Dotty’s, a fast food chain that offers gambling services across 175 locations, has experienced a cyberattack that severely impacted operations. The chain, owned and operated by Nevada Restaurant Services, announced that malware was discovered on some computer systems that allowed cybercriminals to access and copy customer data including some highly sensitive material.
Individual Risk: 1.673=Severe
The data snatched includes customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates. Impacted customers are being informed by mail.
Customers Impacted:
How It Could Affect Your Customers’ Business Whe a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause.
ID Agent to the Rescue: What happens when you pay a ransom? Nothing good. See how the cash shakes down and how gangs make their money in Ransomware Exposed!. DOWNLOAD IT>>
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
United Kingdom – McDonald’s
Exploit: Misconfiguration
McDonald’s: Fast Food Chain
Risk to Business: 1.917 = Severe
The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.
Individual Impact: The company contends that no customer inforation was compromised.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Human error will always be the biggest enemy of cybersecurity. Ensure that mistakes like this don’t happen by making sure everone knows that they’re responsible for security and not just the IT team.
ID Agent to the Rescue: See how to transform employees into security assets to become the real secret weapon that successful organizations deploy to fight cybercrime! WATCH NOW>>
Israel – City4U
Exploit: Hacking
City4U: Municipal Services Platform
Risk to Business: 1.721 = Severe
Cybercriminals are claiming to have committed an audacious hack that scored them the personal information of around seven million Israelis, approximately 80% of Israel’s population, by hacking into City4U. The website is used by municipalities to allow residents to conduct business like paying utility bills, taxes and fines. The hackers made the claim through a telegram posting, providing samples of the stolen data as proof that included photos of identity cards and financial data.
Customers Impacted: 700,000
How it Could Affect Your Customers’ Business Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
ID Agent to the Rescue Security awareness training doesn’t just boost phishing resistance. It also teaches employees to be mindful of other security blunders with passwords, compliance and more. SEE WHY YOU NEED TO SELL IT>>
France – France-Visas
Exploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Individual Impact: No clear reporting on the data stolen was available at press time, but users can safely assume that nay data they’ve entered on the platform is compromised.
Customers Impacted: 8,700
How it Could Affect Your Customers’ Business Huge data hauls like this are goldmines for cybercriminals, who can make plenty of cash by selling 2020’s number one desirable resource on the dark web: personal data.
ID Agent to the Rescue Over 80% of organizations felt the sting of cybercrime in 2020. See what cybercriminals are shopping for to better predictwhat will happen next in The Global Year in Breach 2021. READ IT>>
Learn to defend castles from cybercriminal invaders in our How to Build Your Cybersecurity Fortress webinar! WATCH NOW>>
Singapore – MyRepublic
https://www.zdnet.com/article/myrepublic-customers-compromised-in-third-party-data-breach/
Exploit: Third Party Breach
MyRepublic: Mobile Carrier
Risk to Business: 1.802 = Severe
Mobile Carrier MyRepublic has announced that 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The company disclosed that the incident was uncovered on August 29 and the relevant authorities had been informed of the breach, including industry regulator Infocomm Media Development Authority (IMDA) and the country’s Personal Data Protection Commission, which oversees Singapore’s Personal Data Protection Act (PDPA).
Individual Risk: 1.802 = Severe
Cybercriminals were able to access customer records containing PII like the identity verification documents that customers had provided for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.
Customers Impacted: 80,000 mobile subscribers
How it Could Affect Your Customers’ Business: Third party risk is escalating as business operations become less centralized and more businesses rely on specialty services providers for day-to-day chores.
ID Agent to the Rescue: Learn how to secure your clients against third party and supply chain risk in a guide full of useful tips and practical solutions to boost data protection. READ THE BOOK>>
South Africa – Department of Justice and Constitutional Development
Exploit: Ransomware
Department of Justice and Constitutional Development: Government Agency
Risk to Business: 1.802 = Severe
A ransomware attack struck the Department of Justice and Constitutional Development of South Africa. According to a department statement, many departments have been impacted, including the issuing of letters of authority, bail services, departmental email and the departmental website. Some services are available through old-fashioned pen and paper and child support payments won’t be delayed. The department announced that its team is working to restore operations. The incident is under investigation, and no word was available at press time on who was responsible for the attack.
Individual Risk: The department claims that no data has been exfiltrated by the ransomware operators
How it Could Affect Your Customers’ Business: Ransomware doesn’t always go after data. Sometimes cybercriminals want to hold the whole business to ransom, impeding operations and notching up embarrassment.
ID Agent to the Rescue: Are each of your customers really ready to survive in today’s volatile risk atmosphere? Find out what they need to improve with the Cybersecurity Risk Protection Checklist. DOWNLOAD IT>>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Leveling Up Your Cyber Resilience is a Game-Changer
- 10 Cybersecurity Statistics That Can Help You Prevent a Data Breach
- How to Keep a Company Password Safe & Off the Dark Web
- Security Awareness Training Answers the Cost-Cutting Call
- Phishing Has Doubled US & UK Data Breaches (Plus Cyber Insurance Rates)
- The Week in Breach News: 09/01/21 – 09/07/21
Kaseya Patch Tuesday: Patch notes & bug fixes for August 2021 are up: SEE PATCH INFO>>
New Website Features
Pricing Calculator
Get a quote fast with our NEW simple pricing calculator! TRY IT NOW>>
Connect IT Community
Make connections with MSPs and IT pros worldwide to find support and new perspectives on IT when you join the Connect IT Community! JOIN NOW>>
Resource Spotlight: School is in Session for MSPs Too!
Ready to further your education? These webinars can help you profit by expanding your knowledge to wow clients and prospects.
5 Key Skills to Master When Selling Cybersecurity Brush up on some often-overlooked but crucial selling skills to juice up your revenue! WATCH NOW>>
Marketopia and ID Agent: The Tools and Techniques to Close More New Clients Learn how to maximize your opportunities and close more deals. WATCH NOW>>
4 Ways to Safeguard Your Clients from Ransomware Attacks Ransomware risk continues to grow – are you ready to help your clients stay safe? WATCH NOW>>
Did You Miss…? Go deep into the dark web with an investigative journalist. WATCH THIS>>
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
Just When You Thought COVID-19 Threats Were Over…
Guess what is back on the scene? In 2020, MSPs and other IT professionals were faced with a series of challenges that turned cybersecurity into an extreme sport due to threats presented by the complexities of an escalating global pandemic. As that situation got a little more under control, it seemed like we might be putting some of those difficulties in the rearview mirror. But the advent of the Delta variant has also led to a new wave of COVID-19 threats that are bringing fresh danger to businesses worldwide and testing their cyber resilience.
Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>
Get the Lay of the Land First
Researchers have been sounding the alarm about rising risk for a variety of cyberattacks leveraging COVID-19. As usual, phishing leads the pack with a 33% increase in June 2021. Both search volume around the Delta variant and scams related to it started climbing in that month and have continued to surge. An estimated 80% of companies have faced an increase in the number of phishing attacks they’re facing in 2021, bringing even more danger from a risk that has plagued every business. These high-volume COVID-19 themed phishing campaigns have been instrumental to the efforts of bad actors who have been distributing RustyBuer, Formbook, and Ave Maria malware. Cyberattacks disguised as software updates for things like contract tracing apps have also been making the rounds.
Phishing isn’t the only cyberattack risk that is on the rise, but it is a precursor for other unpleasant things. The US is the current leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020. There’s also been a noticeable increase in business email compromise threats (BEC) leveraging COVID-19 themes in this timeframe. That’s extremely dangerous. Although they don’t get as much press as the flashier attacks like ransomware, BEC attacks are the most potentially expensive threat that any organization faces. The US Federal Bureau of Investigation (FBI) IC3 Internet Crime Report released just a few months ago named BEC schemes the costliest cybercrime reported to IC3 again in 2020, clocking in with 19,369 complaints that produced an adjusted loss of approximately $1.8 billion.
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
Who is Behind the Crime Wave and What Are They Using to Do It?
Cybercriminals are using a host of pandemic and Delta variant themes in their spear phishing, smishing and spoofing efforts. This is a major hazard for businesses considering the fact that 90% of incidents that end in a data breach start with a phishing email. Scams around vaccination and proof of vaccination status are a hot trend. In one major phishing campaign, bad actors spoof or falsify messages from corporate human resource departments. In these fraudulent messages, they ask their mark to submit information about their vaccination status, often promising dire consequences if the proof is not submitted by a certain deadline. But the links in these emails typically lead to fake Microsoft sign-in pages designed to snatch employees’ log-in credentials in order to facilitate a data breach.
Another popular Delta-fueled phishing attack variation casts a wider net. In this scam, cybercriminals pose as staffers from local or national health organizations or non-profits. They claim to be verifying proof of vaccination status on behalf of local or state governments and request that the victim “confirm” a panoply of personally identifying information (PII). Unwitting victims provide “corrections” to the data presented (usually obtained from the dark web) or even supply additional information like Social Security numbers, medical data or copies of family vaccination cards. PII is the second most sought-after data type in dark web markets after credentials.
Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>
The economic fallout of the newly resurgent pandemic is also being used by cybercriminals to steal credentials, PII and financial data through cruel phishing scams that inform employees that they are being laid off or let go. These schemes can be extremely sophisticated and are carefully engineered to lull employees into trusting them. Phishing attacks in this vein are often used to spread malware like ransomware via fake spreadsheets with titles like “companywide salaries” or an attachment that purports to be the victim’s severance package. Malicious Office documents have been a plague on businesses in 2021. This vector represented nearly half of all malware downloads (43%) in the second quarter of this year, up from 34% in both the first quarter of this year and the fourth quarter of 2020.
In the same vein, unemployment-related phishing scams, a go-to in the early pandemic phishing playbook for cybercriminals, have once again begun dropping into inboxes. In an August 2021 blog post, the Federal Trade Commission alerted the public to a new notice by the Department of Justice’s National Unemployment Insurance Fraud Task Force outlining a fresh round of pandemic-related unemployment scams. Using messages designed to mimic or outright spoof a state workforce agency, victims are directed to enter sensitive personal information on a sham webpage, giving bad actors their PII to use for the information for identity theft. This scheme can also be turned around on SMBs by asking for confirmation of employee information. All of this data can be sold for a quick profit on the dark web.
The old pandemic safety protocols trick is back in play as well. In this well-worn phishing scheme, an extremely popular lure at the start of the COVID-19 pandemic, cybercriminals are using the fact that many companies, schools and localities have changed their COVID-19 safety protocols as the Delta variant has spread to entice employees to download dangerous PDFs or log into information pages that enable the bad guys to steal passwords. Recent reporting in The Washington Post cautions that in some versions of the scam, enterprising cybercriminals upped the believability factor of their phishing messages by including figures about coronavirus infections and deaths in the body of each email, adding another compelling reason for the unlucky recipients to open the malware-laden attachment and more danger for companies to navigate. Altogether, phishing is on track to continue its pattern of experiencing triple-digit growth in 2021.
Are you ready to fight back against cybercrime? See where 2021’s threats are coming from and what’s next. DOWNLOAD THE REPORT>>
How Do They Choose Targets?
Ransomware isn’t becoming any less of a problem either, especially for healthcare targets. Ransomware attacks against healthcare targets were an absolute plague at the beginning of the pandemic and they’re back for another run. While major ransomware groups often claim to avoid hitting hospitals, they’re not quite so reticent to nail doctor’s offices, clinics, specialty practices and regional healthcare organizations. Just this week, two large healthcare organizations sent out breach notification letters to thousands of people in California and Arizona to let them know that their PII revealed that sensitive information was accessed during recent cyberattacks. In a recent survey, 36% of organizations surveyed suffered a serious data security incident in the past 12 months.
But hospitals aren’t off the table for everyone. New ransomware groups pop up all the time, and a splashy strike against a big hospital can be a quick way to make their bones. For example, recent reports highlighted a newer ransomware group going by the name Vice Society, made its debut in June and immediately set out to make a name for itself by attacking multiple hospitals and leaking patient info. As with most active ransomware groups, Vice Society uses multiple methods of attack including exploiting software vulnerabilities and phishing to snatch data that they then advertise on their dark web leak site as proof of success.
Dive into a stream of new revenue with The Tools and Techniques for MSPs to Close More New Clients. WATCH NOW>>
How Can You Protect Your Clients?
The Delta variant has just given bad actors fresh fuel to use to power a continuing cybercrime wave that hasn’t stopped swelling. In the first wave of threats back in 2020, 41% of business owners reported that their SMB had experienced a cybersecurity mishap related to COVID-19. Complications from continued uncertainty, rapidly changing world events, the protracted global pandemic and ongoing remote and hybrid business operations have all blended together into a lethal mix when it comes to cyberattack risk for businesses in this round of threats, especially phishing. Overall, researchers studying phishing found that 80% of IT professionals that they spoke to worldwide said that their organizations have faced an increase in the number of phishing attacks they’ve dealt with in 2021.
ID Agent can help you boost your customers’ chances of keeping their data and systems safe in an increasingly volatile risk landscape. Our digital risk protection platform offers you the tools that you need to secure your customers efficiently and effectively using cutting-edge technologies like security automation to provide powerful protection against cybercrime without breaking the bank.
- Dark Web ID – Give your clients an edge of cybercriminals that traffic in compromised credentials. Set up a guardian that protects them from the hazards of dark web credential exposure with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
- Passly – Secure identity and access management is a cornerstone of Zero-Trust security and the fastest way to up your client’s defense. Multifactor authentication alone adds a massive layer of protection against many cyberattacks by stopping 99% of password-based cybercrime. Passly seamlessly integrates with over 1,000 business applications for no-fuss configuration – and automated password resets make everyone’s life a little bit better.
- BullPhish ID – Protecting businesses from many of the nastiest threats that they face cybercrime starts with protecting it from phishing. Use premade kits or customize your training materials in 8 languages to teach employees to spot and stop phishing. Plus, easily go beyond just phishing resistance training to cover areas like compliance, password safety, security hygiene and ransomware to make training even more attractive.
It’s a dangerous world out there for all of your clients and your MSP. Connect with one of our solutions experts to see how the ID Agent digital risk protection platform will benefit you and your customers.
Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>
Who’s Ready for a Connect IT Sneak Peek?
This year we have an amazing lineup of industry experts who are ready to share their hard-won knowledge with you in transformative workshops that will teach you how to build cyber resilience and keep moving forward to a bright future in any conditions.
Kaseya Security First Workshop Series: In 3 sessions, hone your incident response skills with experts who will walk you through what to do before, during and after a cyberattack occurs – and you’ll walk out of the sessions with a fully-formed incident response strategy.
FIU Cybersecurity Leadership & Strategy (CLS) Workshop: This workshop includes 3 sessions on geopolitics and conflict in cyberspace, threats against global supply chains, ransomware resilience and incident response. Attendees will receive a certificate of completion from Florida International University at no extra charge.
Cybersecurity Management Certification: In this 3-session workshop, Michael Steep, Executive Director, Stanford Engineering Center for Disruptive Technology and Digital Cities, will discuss the current state of cybersecurity, understanding the S.O.A.R. model and its application in cybersecurity.
Connect IT in Las Vegas will be an awesome 3 days of networking, learning, and fun while you get the first look at the innovation you can expect from Kaseya with our CEO Fred Voccola. LEARN MORE AND REGISTER NOW>>
Want to Borrow Our Sales and Marketing Teams? OK!
Get expert sales and marketing help to power up your MSP in a flash with Powered Services Pro. LEARN MORE>>
Sep 20: The BLT Cyber Sandwich (EMEA) REGISTER NOW>>
Sep 21: Connect IT Local: Denver REGISTER NOW>>
Sep 21-22: Robin Robins Roadshow: Washington DC REGISTER NOW>>
Sep 22-23: ASCII Success Summit REGISTER NOW>>
Sep 28-29: Robin Robins Road Show: Dallas REGISTER NOW>>
Oct 05: Connect IT Local: San Francisco REGISTER NOW>>
Oct 07: Connect IT Local: Seattle REGISTER NOW>>
Oct 19-22: Connect IT in Las Vegas! REGISTER NOW>>
Oct 21-22 Robin Robins Roadshow Newark REGISTER NOW>>
Oct 27-28: ASCII Success Summit Orlando REGISTER NOW>>
Oct 28-29: Robin Robins Road Show Chicago REGISTER NOW>>
Nov 02-03:Robin Robins Road Show Las Vegas REGISTER NOW>>
Nov 02-03: ASCII Success Summit Washington DC REGISTER NOW>>
Dec 07: Connect IT Local: Atlanta REGISTER NOW>>
Dec 08-09: ASCII Success Summit Anaheim REGISTER NOW>>
Dec 09: Connect IT M&A Symposium Miami REGISTER NOW>>
Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>
They’re Back: COVID-19 Cybersecurity Threats
Remember the tidal wave of COVID-19 themed phishing scams that swamped businesses in early 2020? That eventually petered out into a trickle as everyone adjusted to the ne normal. But just like the virus, COVID-19 phishing scams have come roaring back to global attention. As the Delta variant has become a concern for people worldwide, a new wave of pandemic-themed phishing scams is bringing cybercrime danger to your employees’ inboxes.
Always a threat to your business, phishing risk is ramping up, with a 33% increase in June 2021. Both search volume around the Delta variant and scams related to it started climbing in that month and have continued to surge, showing just how influential new opportunities for phishing around Delta have been in changing the course of cybercrime for businesses.
Employees are faced with a host of tempting lures that are being sent out as part of this new crop of fraud attempts. Phishing through attachments, especially Microsoft Office documents, has become a big problem, with 44% of the malicious attachments that businesses have seen matching that description. Ransomware is also a hazard of interacting with malicious attachments.
Credential compromise is a high priority for cybercriminals and they’re using enticing bait to draw employee interest. In one prominent scam, bad actors are spoofing emails from major company HR departments and state agencies asking employees to confirm health information or provide their proof of vaccination by visiting a fake web page that enables the bad guys to steal their credentials.
With fraud like this on the rise, it’s important that you protect your business from harm by taking swift action to ensure that your employees are ready to spot and stop phishing threats. Security awareness training with BullPhish ID can help, educating them about common phishing scams including COVID-19 risks as well as ransomware, credential compromise and data handling at a price your accounting department will love. Get started today to insulate your business against phishing risk now and in the future.
ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!
We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.