The Week in Breach News: 12/08/21 – 12/14/21
Cox Communications gets caught by phishing, Atalanta imports some ransomware, another crypto exchange gets hacked for millions, a shocking ransomware attack on the Virginia Legislature, the benefits of incident response planning and our new Guide to Reducing Insider Risk is available now!
Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>
Atalanta
https://portswigger.net/daily-swig/us-food-importer-atalanta-admits-ransomware-attack
Exploit: Ransomware
Atalanta: Food Importer
Risk to Business: 1.616= Severe
Imported foods outfit Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack in July 2021. An investigation concluded that information related to Atalanta’s current and former employees and some visitors was accessed and acquired by an unauthorized party. Atalanta is North America’s largest privately-held specialty food importer. No details were offered by the company about how many records were exposed and what personal information they contained.
Individual Impact: No details were offered by the company about how many records were exposed and what personal information they contained.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Data breach risk has become especially nasty as cybercriminals look to distributors and service providers who may maintain large stores of data for a quick score.
ID Agent to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>>
Cox Communications
Exploit: Phishing (Vishing)
Cox Communications: Digital Cable Provider
Risk to Business: 1.773=Severe
Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The story goes that on October 11th, 2021, a bad actor impersonated a Cox support agent by phone to gain access to customer information. Cox is the third-largest cable television provider in the US with around 3 million customers.
Individual Risk: 1.813=Severe
Customers may have had information material to their Cox account exposed including name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that they receive from Cox.
Customers Impacted: 3 million
How It Could Affect Your Customers’ Business Vishing has been gaining popularity as employees handle fewer phone calls, making them more likely to take the ones they do get seriously. This is the same method of attack that was used in the 2020 Twitter hack.
ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>
The Virginia Division of Legislative Automated Systems (DLAS)
Exploit: Ransomware
The Virginia Division of Legislative Automated Systems (DLAS): Government Technology Services
Risk to Business: 1.318=Extreme
A ransomware attack has hit the division of Virginia’s state government that handles IT for agencies and commissions within the Virginia legislature. Hackers accessed the agency’s system late Friday, then deployed ransomware. A ransom demand was received on Monday. A Virginia state official told CNN that DLAS was shutting down many of its computer servers in an attempt to stop the spread of ransomware. No information was available at press time about the amount of the ransom demand or what if any data was stolen. AP reports that this attack is the first recorded on a state legislature.
Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business In an ultra-competitive sector like crypto, customers will be watching every move a company makes, especially if it could potentially cost them money.
ID Agent to the Rescue: Make sure that your clients are doing everything right to stop system and data security threats with the Computer Security To-Do List checklist, available now! GET THIS CHECKLIST>>
Kronos Ultimate Group
Exploit: Ransomware
Kronos Ultimate Group: Payroll Services
Risk to Business: 1.619= Severe
HR management company Ultimate Kronos Group has been hit by a ransomware attack that could have devastating ongoing repercussions. The company’s Kronos Workforce Central was paralyzed in the attack. That prevents its clients, including heavyweights like Tesla and Puma, from processing payroll, handling timesheets and managing their workforce. Kronos first became aware of unusual activity on Kronos Private Cloud on Saturday evening. The company’s blog says that it is likely the issue may require several weeks to resolve.
Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted:
How it Could Affect Your Customers’ Business Once again, cybercriminals choose a target that offers them a huge stash of data, especially valuable personal and financial information.
ID Agent to the Rescue: The majority of ransomware arrives at businesses as the rotten cargo of a phishing attack. Our eBook The Phish Files can help you gain a strategic edge against phishing. GET THE BOOK>>
Can you spot a phishing email? This infographic shows you how to detect one! DOWNLOAD IT>>
United Kingdom – SPAR Convenience Stores
https://www.infosecurity-magazine.com/news/cyberattack-closes-uk-convenience/
Exploit: Ransomware
SPAR Convenience Stores: Convenience Store Chain
Risk to Business: 1.412= Extreme
UK convenience store chain SPAR fell victim to a cyberattack that impacted operations at a store level. SPAR has around 2600 stores located across the UK. The suspected ransomware attack impacted 330 SPAR locations primarily located in the north of England. Those stores were left unable to process payments made using credit or debit cards for a time. The attack also prevented the stores from using their accounting or stock control systems. Some of the affected shops remain closed in the wake of the attack, but some have reopened accepting only cash payments. An investigation is ongoing.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business
ID Agent to the Rescue Every client is at risk of ransomware trouble. Learn to mitigate the risk of a ransomware attack and build strong defenses in Ransomware 101. DOWNLOAD FREE EBOOK>>
Sweden – Volvo Cars
https://www.securityweek.com/hackers-steal-research-data-swedens-volvo-cars
Exploit: Hacking
Volvo Cars: Automotive Manufacturer
Risk to Business: 2.112 = Severe
Swedish automotive company Volvo announced that hackers had violated its network and made off with valuable research and development data in a cyberattack. The company went on to say that its investigation confirmed that a limited amount of the company’s R&D property was stolen during the intrusion, but no other data was accessed. The company was quick to assure Volvo owners that there would be no impact on the safety or security of their cars or their personal data.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Research and development data is a niche market on the dark web that can be very profitable for the bad guys.
ID Agent to the Rescue Employees are the most likely cause of a cybersecurity incident in any business. See how to spot and stop insider risks in our new Guide to Reducing Insider Risk. DOWNLOAD IT NOW>>
Germany – Hellmann Worldwide Logistics
https://www.zdnet.com/article/german-logistics-giant-hellmann-reports-cyberattack/
Exploit: Ransomware
Hellmann Worldwide Logistics: Transportation Logistics Firm
Risk to Business: 1.7684 = Severe
Hellmann Worldwide Logistics reported a cyberattack this week that packed a punch. The company said that a cyberattack, suspected to be ransomware, caused them to have to temporarily remove all connections to their central data center. Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response. The company serves clients in 173 countries, running logistics for a range of air, sea, rail and road freight services.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Transportation companies have been squarely in cybercriminals’ sights since the start of the global pandemic, upping risk for businesses in that sector.
ID Agent to the Rescue Learn 4 highly effective ways to protect your clients from ransomware now and set them up for future defensive success in one fun, educational webinar! WATCH NOW>>
France – Régie Autonome des Transports Parisiens (RATP)
https://www.infosecurity-magazine.com/news/french-transport-giant-exposes/
Exploit: Misconfiguration
Régie Autonome des Transports Parisiens (RATP): Transportation Authority
Risk to Business: 1.723 = Severe
A state-owned French transportation giant is in hot water after exposing personal information for nearly 60,000 employees via an unsecured HTTP server. Researchers discovered the server on October 13 left open and accessible to anyone. It contained an SQL database backup dating back to 2018 with over three million records. This featured the details of 57,000 RATP employees — including senior executives and the cybersecurity team. Source code related to RATP’s employee benefits web portal was also exposed with API keys that enabled access to the sensitive info about the website’s backend and RATP’s GitHub account.
Individual Risk: 1.723 = Severe
The exposed employee data includes full names, email addresses, logins for their RATP employee accounts and MD5-hashed passwords.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business This error could have been prevented and the resulting incident will not be cheap to fix after GDPR regulators get finished slapping down penalties.
ID Agent to the Rescue The Security Awareness Champion’s Guide gamifies risks to make them memorable to encourage employee caution around security risks. GET THIS BOOK>>
Go deep into the cybercrime underworld in “Hacker Hotbeds and Malicious Marketplaces” WATCH THIS WEBINAR>>
Singapore – AscendEX
Exploit: Hacking
AscendEX: Cryptocurrency Trading Platform
Risk to Business: 1.223 = Extreme
Cryptocurrency exchange AscendEX suffered a hack for an estimated $77 million following a breach of one its hot wallets. The company announced the hack on Twitter, saying that it had identified a number of unauthorized transactions from one of its hot wallets on Saturday. Blockchain analytics firm PeckShield estimated that the stolen funds amounted to $77 million spread across three chains: Ethereum ($60 million), Binance Smart Chain ($9.2 million) and Polygon ($8.5 million). The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million. The Singapore-based exchange, which was formerly known as BitMax, claims to serve one million institutional and retail clients.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Crypto and DeFi platforms have been getting hit right and left by bad actors looking for a quick payday, with major attacks every week for the last month.
ID Agent to the Rescue Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work. DOWNLOAD IT>>
Australia – Frontier Software
Exploit: Ransomware
Frontier Software: Payroll Services Technology Provider
Risk to Business: 2.323 = Severe
South Australia’s state government announced that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software. The company has informed the government that at least up to 80,000 government employees and 38,000 employees of other businesses may have had their data snatched by bad actors in the November 13 incident.
Individual Risk: 2.401 = Severe
The stolen employee data contained names, dates of birth, tax file numbers, home addresses, bank account details, employment start dates, payroll period, remuneration, and other payroll-related information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business The second appearance of a payrolls services firm this week is a reminder that these companies store exactly the kind of data that is cybercriminals catnip.
ID Agent to the Rescue Learn 4 highly effective ways to protect your clients from ransomware now and set them up for future defensive success in one fun, educational webinar! WATCH NOW>>
We’re invested in your success! Learn about best-in-class marketing & sales support from Kaseya Powered Services. WATCH NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Non-Malicious Insiders Are Security Risks Too
- What Will Nation-State Threat Actors Be Doing in 2022?
- Cyberattacks on Healthcare Targets Create a Public Health Risk
- Do a Security Checkup for National Computer Security Day!
- The Week in Breach News: 12/01/21 – 12/07/21
Kaseya Patch Tuesday: Patch notes & bug fixes for November 2021: SEE PATCH INFO>>
See how to fix staffing problems, fill security gaps and make more money fast with security automation. LEARN MORE>>
Insider Risk Is Swamping Businesses. Here’s How to Keep Your Clients Safe.
Insider risk is a problem for every organization – and 60% of organizations say insider incidents have become more frequent in 2021. In our new eBook the Guide to Reducing Insider Risk you’ll find what you need to take a deep dive into insider risk and explore ways to combat it.
- What the biggest factors are that influence insider risk
- How to spot a malicious insider before they strike
- Smart strategies to build a strong security culture
These companion resources can help you spark conversations about insider risk with your clients:
The infographic 5 Red Flags That Point to a Malicious Insider at Work DOWNLOAD IT NOW>>
The Building a Strong Security Culture Checklist DOWNLOAD IT NOW>>
Did You Miss… Take the plunge into studying today’s nastiest risk with our Deep Dive Into Ransomware Bundle. GET YOURS>>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
Incident Response Planning Benefits You and Your Clients
Find Gaps That Help You Strengthen Your Client’s Security Before the Worst Happens
In today’s volatile cybersecurity world, it can often seem like there is a cyberattack waiting for your clients around every corner. Complicating the situation, each client’s risk for threats like ransomware, spear phishing, business email compromise and other dangerous cyberattacks is different. With cybercrime consistently on the rise, it’s just a matter of time before your client’s business is in a cybercriminal’s sights. That’s why it’s critical for their business and yours that every one of your clients has an incident response plan in place before tragedy strikes.
See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>
Cybercrime Threat is Growing for Every Organization
Cybercrime numbers are soaring and staying a step ahead of the bad guys is growing more challenging for IT professionals as they navigate the stormy seas of risk. An estimated 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months and phishing is up by almost 300% over 2020’s record-breaking numbers. We’ve all seen the endless parade of headlines screaming about ransomware this year, and incidents like the Colonial Pipeline attack have given way to new calls for stricter cybersecurity regulation.
Even with skyrocketing data breach increases, a stunning 56% of SMB owners said they are “not very concerned” about being the victim of a cyberattack in the next 12 months, and among those, 24% said they were “not concerned at all.” Many also dismissed the seriousness of today’s biggest risks. The same survey discovered some even more disturbing findings. The SMB owners were generally quite confident (59%) that even if they were hit with a cyberattack, they’d quickly resolve it. Only 37% were “not very confident” and only 11% were “not confident at all.”
Unfortunately, far too many business owners believe the common myth that cybercriminals only target large businesses and mega-corporations. But over 50% of ransomware attacks in 2021 targeted SMBs with 100 or fewer employees. No business is too small to be a target, and no industry is safe from the laser eye of greedy cybercriminals. In fact, two in five small and medium businesses faced complex responses and recoveries from incidents like ransomware and business email compromise in 2021 and most of them weren’t ready to handle the fight.
Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>
An Incident Response Plan Makes a World of Difference
The fact that incidents are more common makes the need for a strong, smooth incident response vital in times of trouble. Companies that are prepared for trouble often find out that they experience less of it as well because when everyone is on the same page for safety and security, employees are much more likely to notice problems before they grow into disasters. Companies with incident response plans also have a better eye on compliance and data handling practices which enables them to spot and fix vulnerabilities efficiently. How much of a difference can it make? An enormous difference.
In the 2021 Cyber Resilient Organization Study, IBM researchers announced that companies with formal security response plans applied across the business were significantly less likely to experience significant disruption as the result of a cyberattack. Analysts concluded that over the past two years, only 39% of companies with a formal, tested incident response plan experienced a disruptive security incident, compared to 62% of companies with less formal or consistent plans. But there’s still room for improvement for many companies with an incident response plan in place. Even if a company did have a formal security response plan, only 17% of total respondents had also developed specific playbooks for common attack types — and plans for constantly evolving attacks like ransomware were even rarer.
Are your systems and data really safe? Our Cybersecurity Risk Protection Checklist will help you find & fix vulnerabilities. GET IT>>
Eliminate Sticker Shock
Another thing that many businesses are not prepared for is the high cost of falling victim to a cyberattack. If your clients haven’t considered how they’ll handle an incident, it’s likely that they also haven’t handled planning for the cost. Businesses often have no idea that a cyberattack will do massive financial damage at all; 25% of small business owners in a recent cybersecurity awareness survey didn’t even realize cyberattacks would cost them money. They also may not have made any preparations for the initial cash outlay of incident response; 83% of small businesses haven’t put cash aside for dealing with a cyberattack.
Business executives may not realize that they can’t count on insurance to foot the bill in the event of a cyberattack on their company. Most major insurers have limited coverage for events like a ransomware attack, even as premiums rise. But having a tested incident response plan in place not only ensures that they’re not compounding their nasty surprises in the case of a cyberattack, but it also ensures that they’ll save money during their response – like an estimated 35% of the cost of an incident.
You can help your clients develop effective incident response plans fairly painlessly. The US National Institute of Standards and Technology (NIST) has a series of free publications available with incident response recommendations complete with an industry-standard incident response framework and implementation guide. Every one of their guidelines won’t apply to every one of your clients, but they will give you an easy starting point that will enable you to help your clients craft the right plan for them. These resources may also help.
Useful Incident Response Plans, Templates and Guides
Carnegie-Mellon University Incident Response Framework
The State of California Template
CISA Example Incident Response Template
NIST Computer Security Incident Handling Guide
Zero Trust security is the key to keeping your clients safe – and the cornerstone is access management. We can help. LEARN MORE>>
ID Agent Solutions Can Help You Keep Your Clients Out of Trouble
How do you benefit from helping your clients craft an incident response plan? Several ways. Most importantly, you and your clients will be starting from the same place if the worst does happen. The process of assessing risk and creating an incident response plan can also expose security vulnerabilities, starting new profitable conversations about security solutions. Helping each of your clients create an incident response plan doesn’t just protect your client’s business during an incident, it also empowers that business to thrive now, come out of an incident with more cash and prevent another incident in the future. It also ensures that you are the first person that your client turns to when they need security expertise, raising their confidence that your MSP has their best interests at heart.
Step Up Security Awareness Training
In a UK study on companies running phishing simulations, researchers discovered that 40 – 60% of employees are likely to open malicious links or attachments. However, after about 6 months of training, the percentage of employees who took the bait dropped 20% to 25% – and after 6 months more training, the percentage of employees who opened phishing messages dropped to only 10% to 18%. A solution like BullPhish ID empowers companies to choose either expert-crafted plug-and-play security awareness training campaigns or fully customized lessons to fit their unique industry needs.
Watch for Compromised Credentials
Over five billion sets of credentials and stolen bits of personally identifiable information are available on the Dark Web right now, creating extensive credential compromise risk for businesses. Dark Web ID enables you to get a clear picture of your company’s credential compromise threats from dark web sources. Our 24/7/365 always-on monitoring alerts businesses to credentials appearing on the dark web that may have been stolen or phished to mitigate the risk of bad actors using a stolen password to gain access to your systems and data. Automated alerts and reporting means that your team doesn’t need to spend time staring at a dashboard or pulling reports.
Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>
Dec 16: Christmas Phish and Chips (EMEA Edition) REGISTER NOW>>
Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>
Are You Ready for a Cyberattack?
Does your business have a cybersecurity incident response plan? If you don’t, now is the perfect time to make one. Not only will having a formal plan enable your business to mount a strong, smooth response if you have an adverse cybersecurity incident, but it also has benefits for your business even if you never have to put it into action.
IBM analysts concluded that over the past two years, only 39% of companies with a formal, tested incident response plan experienced a disruptive security incident, compared to 62% of companies with less formal or consistent plans.
Maintaining an incident response plan also helps you find security vulnerabilities, protect your systems and data better, foster a stronger cybersecurity culture and even maintain compliance more easily. Plus, if you do have an incident, having a formal incident response plan saves you an estimated 35% of the cost of an incident.
Start 2022 off right by making sure that you’re ready for anything cybercriminals right throw at you in today’s rapidly shifting risk landscape by working with your MSP to develop a smart incident response plan.
Do you have comments? Requests? News tips? Compliments? Complaints 9or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!