Please fill in the form below to subscribe to our blog

The Week in Breach News: 11/24/21 – 11/30/21

December 01, 2021

Cybercriminals haven’t had any trouble assembling a phishing campaign at IKEA, the NCSC sounds the alarm about escalating ransomware danger, wild accusations of treachery and sabotage add a whole new twist to a ransomware attack at BTC Alpha plus two new (and profitable) MSP webinars.

Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>


Exploit: Misconfiguration

Cronin: Digital Marketing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917= Severe

Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords and some unspecified PII and financial data were also exposed.

Individual Impact: Reports of this breach include mention of exposed employee financial data and PIIbut no details were available as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Information security is challenging enough without the complications of sloppy and dangerous mistakes like this.

ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>> 

Supernus Pharmaceuticals

Exploit: Ransomware

Supernus Pharmaceuticals: Pharmaceutical Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702=Severe

Maryland-based Supernus Pharmaceuticals fell prey to a ransomware attack that resulted in a large amount of data being exfiltrated from its networks in mid-November. The Hive ransomware group claimed responsibility for the attack over the Thanksgiving holiday weekend. The group claims to have breached Supernus Pharmaceuticals’ network on November 14 and exfiltrated a total of 1,268,906 files, totaling 1.5 terabytes of data. Supernus Pharmaceuticals says it did not plan to pay a ransom. In a statement, Supernus Pharmaceuticals also disclosed that it did not experience a significant impact on its business, they were quickly able to restore lost data and the company has enacted stronger security measures.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Companies in the healthcare and pharma sectors have been the favorite targets of ransomware gangs since the start of the global pandemic.

ID Agent to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware ExposedGET THIS EBOOK>>   

Butler County Community College

Exploit: Ransomware

Butler County Community College: Institution of Higher Learning

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.728=Moderate

Butler County Community College in Pennsylvania was forced to suspend classes for at least two days in the wake of a ransomware attack that has crippled the college’s systems. The college says it is working to restore databases, hard drives, servers and other devices. In a release, the college also announced the cancellation of all remote and online credit classes as it works to restore data, servers and other systems affected by the attack. Noncredit courses are canceled as well for November 29 and 30. The college will not provide services on its main campus or at its additional locations on those days. The incident is under investigation and the college is being assisted in recovery by a local cybersecurity firm.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Ransomware gangs have been taking aim at schools, colleges, school districts and similar education sector targets thanks to the it historically poor security and profit opportunities created by the adoption of widespread distance learning.

ID Agent to the Rescue:  Make sure that your clients are doing everything right to stop system and data security threats with the Computer Security To-Do List checklist, available now! GET THIS CHECKLIST>> 

Zero Trust security is the key to keeping your clients safe – and the cornerstone is access management. We can help. LEARN MORE>>

Brazil – WSpot

Exploit: Misconfiguration

WSpot: WiFi Security Software Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.109= Severe

Researchers uncovered a misconfigured Amazon Web Services S3 bucket containing 10 GB worth of data that belonged to Wi-Fi software services company WSpot. The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The company stated that they are in the process of notifying legal authorities including the National Data Protection Authority regarding the incident. WSpot, estimated that 5% of its customer base was impacted by this leak. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk 2.811= Severe

 An estimated 226,000 files were exposed including the personal details of at least 2.5 million users who connected to WSpot’s client’s public Wi-Fi networks. 

Customers Impacted: 2.5 million users

How it Could Affect Your Customers’ Business These days consumers and businesses are paying attention to who has data security in mind when choosing business partners and service providers.

ID Agent to the Rescue: The Security Awareness Champion’s Guide makes today’s risks memorable to encourage caution and reduce employee errors like this. GET THIS BOOK>>

Can you spot a phishing email? This infographic shows you how to detect one! DOWNLOAD IT>>

United Kingdom – BTC-Alpha

Exploit: Ransomware

BTC-Alpha: Cryptocurrency Exchange

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

This week’s most bizarre breach saga belongs to BTC-Alpha. The UK-based cryptocurrency exchange was hit with a ransomware attack in early November. The Lockbit ransomware group claimed responsibility and posted a threat to its leak site to expose BTC-Alpha’s data if a ransom was not paid by December 1. Here’s where it gets strange. Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm in a press release on the same day that Lockbit’s announcement was made. The release goes on to state that a rival was launching a cryptocurrency exchange on the same day as the attack and may be involved in the incident. The full text of the release is available here: The company disclosed that although hashed passwords were compromised, users’ balances were not impacted, and the company and its users lost no money. The company also advised users to avoid password reuse, update or reinstall their apps, and employ MFA. The odd incident is under investigation.  

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Companies that provide financial services need to provide and enforce strong security measures like the universal adoption of MFA.

ID Agent to the Rescue Help your clients make sure that their employees are savvy to ransomware risks with security awareness training – and we’ll help you learn to sell it faster in under 15 minutes. WATCH NOW>> 

Sweden – IKEA 

Exploit: Phishing

IKEA:  Furniture & Home Goods Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.595 = Extreme

IKEA is battling a nasty phishing attack on its employee email accounts that is using reply chains to try to trick employees. A reply-chain email attack is a type of spoofing in which the bad guys steal legitimate corporate email messages and send links to malicious documents to the chain as a reply. The messages seem legit and can be hard to catch. Malicious messages are being sent from inside the main IKEA organization as well as from other compromised IKEA organizations and business partners. The fight is ongoing and no direct cause has been announced, although analysts are saying that signs point to a Microsoft Exchange on-premises server compromise. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Phishing is the top risk for a data breach in organizations of any size and has been for the last 3 years.

ID Agent to the Rescue Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>

dark web danger represented by a shadowy hacker using a hook to steal a password from a square flating over a laptop with other warnings in an animated style

What risk will you face next? Get a look at what to expect in The Global Year in Breach 2021. DOWNLOAD NOW>>

Singapore – Swire Pacific Offshore

Exploit: Ransomware

Swire Pacific Offshore: Maritime Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.712 = Moderate

Singapore-based shipping firm Swire Pacific Offshore has announced a data breach after it fell victim to a possible ransomware attack. The company’s press release stated that unauthorized access had resulted in the loss of some confidential proprietary commercial information and some personal data. The statement went on to note that appropriate authorities have been notified. Singapore has mandatory data breach notification laws that require organizations to report incidents like this to the government. The company also announced that it is working with data security experts to investigate the incident and implement stricter security measures.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Shipping has been beleaguered by cybercrime since the start of the global pandemic with maritime firms especially at risk. At least four major maritime services or shipping companies have been hit by ransomware in recent months.

ID Agent to the Rescue What cyber threats are your clients facing in 2022? Learn what you should have on your radar from cybercrime expert Rachel Wilson to get the jump on the bad guys! WATCH NOW>>

Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

nation-state federal hack phishing described by a man in a hoodie sillohuettes adgains a world map with "hacked" stamped on it

Are your clients really protected from cyberattacks? Our Cybersecurity Risk Protection checklist will tell you the truth! GET IT>>

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:

Kaseya Patch Tuesday: Patch notes & bug fixes for November 2021: SEE PATCH INFO>> 

These Resources Are a Double Threat to Insider Threats!

Is everyone in an organization really on the same team? Our new infographic 5 Red Flags That Point to a Malicious Insider at Work details 5 things to watch for that can expose malicious insiders. DOWNLOAD IT NOW>>

Building a strong security culture makes companies safer. Use the new Building a Strong Security Culture Checklist to help your clients see where they have room for improvement and open profitable new security conversations! DOWNLOAD IT NOW>>

Level Up Your Security Sales with These NEW MSP Power Packs 

ID Agent + Graphus: The Ultimate MSP Sales Boost – How to Utilise Fear of the Dark Web for More MSP Sales WATCH NOW>>

ID Agent + Rapid Fire Tools: Supercharge Your Security Services – How You Can Offer Your Clients More WATCH NOW>>

The infographic Computer Security To-Do List helps your clients find areas of improvement that you can help with! DOWNLOAD IT >>

Did You Miss…? 

The infographic Can You Spot the Phishing Email? helps users spot & stop phishing fast!  DOWNLOAD IT>>

Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>

NCSC Warns Ransomware Danger is Increasing 

Experts Say Companies Aren’t Taking New Ransomware Threats Seriously 

Ransomware has been the attack that’s at the forefront of many cybersecurity discussions for the last few years, topping ENISA’s list of threats for 2021. Its specter casts a long shadow over IT departments and MSPs around the world. So, you would think that would mean that businesses understand the risk that they’re facing and are prepared to handle that risk as it evolves, or at least have a plan for it. Unfortunately, that’s not the case and businesses aren‘t even close to ready to handle a ransomware attack.   

Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>

UK Businesses Faced Major Cybercrime Pressure in 2021

In the National Cybersecurity Centre (NCSC)’s 2021 Annual Review, NCSC experts shared their analysis of the cybersecurity landscape over the past year in the UK. Their reporting includes a deep dive into the root causes and results of the plethora of cyberattacks against the National Health Service, healthcare providers, drug manufacturers, researchers and vaccine developers during the coronavirus pandemic. The report also gets into other threats that UK companies had to navigate over the last 12 months like state-sponsored cyber-espionage campaigns, phishing scams and more.    

Wherever you have ransomware you almost inevitably have phishing, and phishing was rampant in 2020. The NCSC report detailed the surge in phishing schemes that it has had to deal with in the past 12 months. The NCSC’s Suspicious Email Reporting Services received more than 5,427,000 reports in the 12 months up to September 2021 resulting in the removal of more than 50,500 scams and 90,100 malicious URLs. The NCSC Takedown Service also did away with a swathe of phishing threats, removing a total of 2.3 million cyber-enabled commodity campaigns, including: 

  •  13,000 phishing campaigns disguised as coming from the UK Government 
  • 442 phishing campaigns that used NHS branding (there were 105 in the same period in last year’s report) 
  • 80 instances of knock off NHS apps hosted and available for download on Apple and Google app stores. 

Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>

Ransomware is at the Top of the Threat Leaderboard 

The NCSC also named the most significant threat that UK organizations, institutions and services face, and to no one’s surprise, its ransomware. Experts cited ransomware as the most dangerous threat particularly due to its potential for damage, citing the extreme damage that a successful attack could have on essential services or critical national infrastructure as a prime point of consideration. But experts cautioned that taking the right steps to prepare for ransomware attacks and prevent them is challenging for many organizations. That challenge can be seriously complicated by the fact that many companies don’t take the evolution of ransomware threats seriously.  

Cyberattacks on UK targets have steadily increased. In total, the NCSC has helped handle 777 incidents during the past year, up from 723 in the previous year. NCSC analysts concluded that the agency has handled an average of 643 cyberattacks per year since its debut in 2016. The report states that around 20% of the organizations that it has supported through a cyberattack in the last year were linked to the health sector including vaccine research and production. Staffers in the health sector and vaccine production also received additional protection to prevent them from unintentionally accessing malicious domains by The Protective Domain Name System service. That service blocked 4.4 billion potentially harmful interactions between healthcare workers and bad actors in 2020. 

phishing email imitating famous brands dangers represented by a cartoon hacker in a hoodie at a laptop with an eye mask on done in shades of blue, Batman style.

Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>

Bad Actors Are Refining Their Techniques 

An increasingly worrisome number of those attacks have been ransomware attacks, and that number just keeps climbing. Ransomware has grown tremendously in volume all over the world, creating more expenses for businesses trying to fight back as well as more pressure for already stressed IT departments and MSPs. The NCSC report noted that they handled the same number of ransomware incidents in just the first four months of 2021 as it did in the entire year of 2020 – and the number of threats that it handled in 2020 was more than three times greater than in 2019. That’s a huge increase that demonstrates the power that ransomware has come to wield over the cybersecurity landscape and the importance of high cyber resilience.  

Ransomware operations are always evolving. Researchers noted observed the changes that they’ve seen in the sophistication of ransomware operations in just the last 12 months. Ransomware gangs have evolved into faux-corporate juggernauts, especially as cybercriminals continue to flock to the Ransomware-as-a-Service model that is steadily gaining popularity. The NCSC report noted that when presented with a ransom demand, some organizations are offering their victims have been offered the services of a 24/7 help center to enable them to quickly pay the ransom and get back online. It’s important to remember that less than 60% of companies that pay the ransom recover even a portion of their data, and 39% of companies that pay a ransom never see any of their data again.   

90% of MSPs have had clients hit with a ransomware attack in the last 12 months. Help your clients build stronger defenses with the insight in Ransomware Exposed! DOWNLOAD NOW>>

Ransoms Are Up & They’ll Keep Climbing 

Even with such big numbers, businesses in the UK and Europe don’t make the top three when considering regions that are most likely to experience a ransomware attack. Security simulation company Cymulate recently released a report detailing an analysis of ransomware response around the world. Its researchers found that the highest number of ransomware attacks that it recorded were in the APAC region, followed by Latin America, Africa and North America. According to their analysts, all companies, regardless of size or region have a 1 in 4 chance of being hit by a ransomware attack today. 

The price of a defensive failure is also rising. For companies that choose to pay the ransom, even though paying ransoms can be illegal. According to Europol, they saw a 300% increase in the number of ransom payments made by organizations that had been victims of ransomware between 2019 and 2020 – and that doesn’t account for 2021. The average demand is now a record £414,000 ($570,000), compared with just £123,000 ($170,000) in 2020. In the US, payments also rose, with companies paying $140,000 in ransom on average to resolve an incident.  

In a more granular breakdown, IBM’s Cyber Resilient Organizations Study analyzed ransom payments around the world and determined that the 46% were looking at ransom demands of $2 – 10 million, 35% of the impacted organizations faced a ransom demand of less than $2 million and 19% reported a ransom demand of $10 million to more than $50 million. Don’t expect ransomware extortion demands to go down anytime soon either. IBM experts expect that ransoms could cost victims a collective total of $265 billion by 2031, estimating that the average cost of a ransom payment will increase by 30% every year over the next 10 years. 

See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>

More Difficulty Lies Ahead 

Another year of major security challenges is ahead, and it could spell trouble for many businesses that just aren’t ready to handle it. The NCSC cautions that businesses need to be more prepared for ransomware, including understanding that it is an ever-evolving threat that will keep costing unwary or unlucky businesses a fortune. IBM reported that the average cost of remediating a ransomware attack more than doubled from $761,106 in 2020 to $1.85 million in 2021. They recommend training staffers in order to familiarize them with ransomware threats like phishing attacks, exploit kits and other common delivery vectors for ransomware. They also urge companies to implement multi-factor authentication and other technical controls to reduce ransomware risk.  

All in all, it’s clear that UK businesses faced a difficult year in security. The NCSC Reported cited the Department for Digital Culture, Media and Sport (DCMS) Cyber Security Breaches Survey‘s total as an indicator of that challenge. According to DCMS, 39% of all UK businesses (or 2.39 million) reported a cybersecurity breach or cyberattack in the 2020-2021 reporting window. The report raised particular concern over the future of ransomware response as they work to help businesses fight back against the 2021 tidal wave of cybercrime and prepare for tomorrow’s inundation. One thing is clear: today’s ransomware defense just isn’t going to work against the next generation of sophisticated ransomware threats. 

Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work.  DOWNLOAD IT>>

Secure Your Clients Against the Next Ransomware Threat 

It’s a dangerous world out there for businesses. Ransomware gangs are hungry for fresh revenue in an expanding market. Boosting cyber resilience as part of building a strong defense against ransomware is critical for every organization, and ID Agent can help.   

Passly packs essential protection that protects your systems and data from intrusion by cybercriminals with a stolen or phished password including single sign-on (SSO), multifactor authentication (MFA), automated password resets and simple remote management at an affordable price.    

BullPhish ID delivers a smooth, painless training experience for trainers and trainees alike. Trainers can run premade simulations or customize their content to reflect their unique industry threats, including video lessons. Then deliver it all through a personalized portal that makes it easy for everyone.     

Dark Web ID can help your clients discover employees who may be tempted to sell their access credentials on the dark web to get all that cash. Monitoring 24/7/365 and fast alerts help companies stay a step ahead of malicious insiders.    

Contact the solutions experts at ID Agent today to learn more about how the ID Agent digital risk protection platform can enable you to secure your business and your customers against ransomware threats.     

We’re invested in your success! Learn about best-in-class marketing & sales support from Kaseya Powered Services. WATCH NOW>>

Dec 07: How Security Awareness Training Protects Your Clients & Grows Your MRR REGISTER NOW>>

Dec 07: Connect IT Local: Atlanta REGISTER NOW>>

Dec 09: How Security Awareness Training Protects Your Employees & Hardens Your Cyber Defenses REGISTER NOW>>

Dec 09: Nano Session #3: How to Sell More Security Solutions to Your Clients (EMEA) REGISTER NOW>>

Dec 08-09: ASCII Success Summit: Anaheim REGISTER NOW>>

Dec 09: Connect IT M&A Symposium: Miami REGISTER NOW>>

Dec 14: The Road to Prosperity: Strategies to Help Drive to Success in 2022 REGISTER NOW>>

Join us on December 14th at 2pm ET, as our expert panel, as well as our featured speaker, David Rendall, help you gain the skills, insights and inspiration to ensure you’re set up to take advantage of all the opportunities 2022 will present. REGISTER NOW>>

dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>

Can You Afford to Pay a Ransom? 

Ransomware is the star of the show in today’s cybersecurity landscape. Messy, ever-evolving and seemingly everywhere, ransomware attack numbers just keep climbing, and so is the price of failure when it comes to repelling a ransomware attack.  

In the National Cybersecurity Centre (NCSC)’s 2021 Annual Review, analysts noted that they handled the same number of ransomware incidents in just the first four months of 2021 as it did in the entire year of 2020 – and the number of threats that it handled in 2020 was more than three times greater than in 2019.   

Those attacks included higher ransom demands and incident recovery costs than ever before. An estimated 46% of companies that fell prey to ransomware last year faced ransom demands of $2 – 10 million, and that cost is expected to rise by 20% per year over the next 10 years. 

You can’t afford to become the victim of a ransomware attack. One way to prevent that is through increased security awareness training, as recommended by IBM researchers. An automated security awareness training solution like BullPhish ID makes it easy for you to take that advice, lowering your risk of having an expensive and damaging cybersecurity incident. 

Do you have comments? Requests? News tips? Compliments? Complaints 9or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!