Friday, August 30, 2019

Ransomware Gets a New Lease on Life



Ransomware attacks have made a precipitous return to public life, making them one of the most potent threats in today’s digital landscape. 

Once targeting individual computer systems, ransomware fell out of favor with cybercriminals as it failed to net significant returns. That changed when cybercriminals began targeting local governments and small and medium-sized businesses where they can earn thousands of dollars from the relatively inexpensive attack method. 

Many attribute this shift in approach to the WannaCry ransomware virus, which captured national headlines and set a new direction for future cybercriminals.

As municipalities and organizations grapple with the best response plan, it’s clear that bad actors will continue to wreak havoc with new iterations of ransomware. A strong defense is the most affordable and advantageous approach to these attacks and getting expert eyes (like ours!) on your cybersecurity landscape can ensure that your vulnerabilities are accounted for. 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Thursday, August 29, 2019

Breached

United States - New Haven Public Schoolshttps://www.nhregister.com/news/article/New-Haven-Public-Schools-hit-by-ransomware-attack-14119810.php

Exploit: RansomwareNew Haven Public Schools: Public school district serving students in New Haven, Connecticut
twib-severeRisk to Small Business: 2.333 = Severe: A network vulnerability allowed hackers to install ransomware on the district’s servers, prohibiting access to many of their critical digital assets. Fortunately, New Haven Public Schools maintained comprehensive backups, allowing them to restore functionality without paying the ransom. Many attacks in this realm are self-initiated, with an employee accidentally clicking into a phishing email that installs malware into a system. However, in this case, the district insists that technical vulnerabilities were the culprit.
whitebox
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A holistic ransomware response plan is a mission-critical component of any organization. This plan, which must include everything from attaining the right insurance policy to determining a philosophical position on paying ransom demands, can mitigate the consequences of an attack. In this case, New Haven Public Schools had the backups in place to avoid paying a ransom and to quickly restore operations. Of course, securing IT infrastructure is a complicated process, and partnering with third-party experts can help spot vulnerabilities before the lead to a data breach.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United States - iNSYNQ https://z6mag.com/2019/07/23/insynq-ceo-asked-clients-for-patience-following-ransomware-attack/

Exploit: Ransomware
iNSYNQ: Cloud hosting platform providing virtual desktops for enterprise clients
twib-severeRisk to Small Business: 2.111 = Severe: A ransomware attack on July 16th crippled the cloud hosting platform’s services. The attack had cascading consequences, impacting both iNSYNQ and companies that use its products. In response, iNSYNQ was forced to take down their entire network, which instigated a lengthy recovery process that encouraged significant criticism on social media. Therefore, iNSYNQ’s ransomware battle is playing out on two fronts. Their IT team is struggling to restore its comprehensive digital infrastructure even as the company is navigating a PR disaster that could have grave financial implications down the road.
twib-severeIndividual Risk: 2.428 = Severe: While no personal information was compromised in the event, the unique nature of iNSYNQ’s product offering means that many users may have lost access to their data without a clear path to restoration. The company is encouraging all users to back up their data for thirty days to hedge against the threat of data loss from this ransomware attack.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks have become so prominent that they can feel like an inevitability, and companies should treat them as such. Losing access to company data is devastating, but when client services are implicated, the consequences are magnified. As a result, supportive services like identity or credit monitoring can offer customers the peace-of-mind necessary to begin restoring the company’s badly damaged reputation.

ID Agent to the Rescue: SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

United States - Park DuValle Health Center https://www.wdrb.com/in-depth/park-duvalle-health-center-pays-ransom-for-patient-records-in/article_68416546-af0b-11e9-ba4d-0bd49b023c3e.html

Exploit: Ransomware
Park DuValle Health Center: Non-profit medical center serving patients in Louisville, KY
extreme gaugeRisk to Small Business:  1.777 = Severe: After successfully restoring their network following a ransomware attack in April, Park DuValle Health Center was attacked again in June, ultimately choosing to pay $70,000 to restore access to their network. The most recent ransomware attack encrypted medical records, contact information, insurance information, and all other patient-related data for past and present patients. The healthcare provider has been without this information since June 7th, and they’ve been unable to schedule new patients during that time. Consequently, the clinic is relying on patients’ memories about treatment and medications, a troubling reality for any healthcare provider.
whiteboxIndividual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A ransomware attack is a costly ordeal with broad consequences that extend beyond the immediate expense of restoring system access. In this case, Park DuValle’s entire business was crippled, making the $70,000 ransom payment the least of their financial worries. It’s a reminder that having the tools necessary to respond to a ransomware attack is part of the cost of doing business in today’s digital environment.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

United States - Cancer Treatment Centers of Americahttps://www.beckershospitalreview.com/cybersecurity/cancer-treatment-centers-of-america-alerts-3-900-patients-of-data-breach.html

Exploit: Phishing attackCancer Treatment Centers of America: National, for-profit network of cancer care, research, and outpatient care centers
twib-severeRisk to Small Business: 1.888 = Severe: On June 6th, the Cancer Treatment Centers of America detected unauthorized email account access at its Philadelphia-based medical center. The account was compromised when an employee fell for a phishing scam in early May, meaning that intruders had access to patient data for more than a month before it was detected. As a result, the company will face enhanced regulatory scrutiny even as they grapple with the technological and public relations implications associated with a data breach.
twib-severeIndividual Risk: 2.142 = Severe: A single phishing scam compromised the personally identifiable information for thousands of patients. This includes their names, addresses, phone numbers, dates of birth, medical record numbers, and other patient-related information. Those impacted by the breach should monitor their accounts for unauthorized access, and they should consider identity or credit monitoring services to help ensure the long-term integrity of their data.
Customers Impacted: 3,904
How it Could Affect Your Customers’ Business: Personally identifiable information can quickly make its way to the Dark Web, and every organization needs a plan for protecting that information in the event of a data breach. At the same time, providing supportive services, like credit or identity monitoring, is a good first step toward repairing the damage and restoring customer confidence in your organization.


ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn morehttps://www.idagent.com/identity-monitoring-programs.

Canada - Eastern Ontario Municipality 
https://www.spamfighter.com/News-22325-Eastern-Ontario-municipality-suffered-from-a-ransomware-attack.htm

Exploit: Ransomware
Eastern Ontario Municipality: Local government serving residents in Eastern Ontario, Canada
twib-severeRisk to Small Business: 2.111 = Severe Risk: On June 30th, hackers exploited a network vulnerability to access the government’s system, inflecting it with ransomware that cut off access to vital services. While many services were restored within days, government employees still cannot access their email accounts. Officials are refusing to pay the $7,000 to $10,000 ransom payment, and they are attempting to restore services using other measures. Even so, recovering from the attack won’t come cheap as the cost of restoring infrastructure is often more expensive than paying a ransom.
whiteboxIndividual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: There are no ideal solutions for combating a ransomware attack once it takes hold. Therefore, every organization should make defense a top priority. While this includes many elements, advanced knowledge of compromised credentials can give organizations the opportunity to make adjustments before an attack, saving time, money, and customer data all at once.


ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

United Kingdom - Lancaster University https://www.theregister.co.uk/2019/07/23/lancaster_university_data_breach/

Exploit: Phishing attack
Lancaster University: Public research university in Lancaster, Lancashire, England
twib-severeRisk to Small Business: 1.888 = Severe Risk: A phishing attack compromised the personal information for thousands of students. Described as a “sophisticated and malicious phishing attack,” the scam thwarted the university’s cybersecurity initiatives by tricking employees into disclosing credentials or data. Now the university, which offers an advanced degree in cybersecurity, will have to provide support services for thousands of students while managing the reputational damage that always accompanies a data breach and can negatively impact future enrollment.
twib-severeIndividual Risk: 2.428 = Severe Risk: The phishing scam compromised student data related to undergraduate applications for the 2019-2020 school year as well as a limited amount of information related to current students. This includes student names, addresses, phone numbers, and email addresses. Furthermore, some undergraduate applicants received fraudulent invoices, which indicates one use-case for the stolen information. Therefore, those impacted by the breach need to carefully monitor their credentials for additional misuse, and they need to thoroughly vet any correspondence purporting to originate from the university.
Customers Impacted: 12,500
How it Could Affect Your Customers’ BusinessEspecially for organizations handling minors’ personally identifiable information, data security must be a top priority. Phishing scams, which rely on employees’ ignorance or indifference to compromise information, are defensible through employee awareness training, effectively rendering this cyberthreat useless. These attacks are easy and affordable to implement, and every organization should prepare for the inevitability that phishing emails will make their way to their employees’ inboxes.


ID Agent to the RescueBullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United Kingdom - Sky UK https://www.zdnet.com/article/credentials-stuffing-attack-prompts-password-resets-for-sky-customers/

Exploit: Credential stuffing attack
Sky UK: British telecommunications company

twib-severeRisk to Small Business: 2.333 = Severe Risk: Following a credential stuffing attack detected in June that provided hackers with access to several Sky.com email accounts, the company is resetting all user passwords and locking their accounts. To regain access to their information, Sky customers have to call the company, and an automated system walks them through the unlocking process. While this may prevent these credentials from being used in an attack, the process is very inconvenient for customers, and it can have long-term consequences for the brand’s reputation.
correct severe gaugeIndividual Risk: 2.571 = Moderate Risk: Although some Sky.com accounts were accessed, the company does not believe that personal information was viewed or downloaded, and their recent actions are precautionary rather than reactionary. However, anyone with a Sky account should carefully monitor their credentials for possible signs of unauthorized access.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessCredential stuffing attacks are becoming more prominent, having impacted several high-profile companies in the past year. The tactic relies on user credentials attained on the Dark Web, and it can be especially successful when employees don’t actively update their passwords. Knowing if login credentials are compromised can give companies the edge, prompting employees to reset their passwords before an attack occurs.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

South Africa - City Power https://www.zdnet.com/article/ransomware-incident-leaves-some-johannesburg-residents-without-electricity/

Exploit: Ransomware
City Power: Provider of prepaid electric power for Johannesburg, South Africa

twib-severe
Risk to Small Business: 2 = Severe: A ransomware attack disabled many critical functions for the city’s primary electricity provider, including the company’s database, internet network, web apps, and websites. Consequently, customers are unable to buy electrical power units or to sell electricity back to the grid. The attack, which took root on July 25th, occurred on a standard payday for the city, and many residents use their funds to secure electricity for the next month. Meanwhile, the company’s limited network access is making it more difficult to address blackouts and other technological concerns.
 whiteboxIndividual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The repair costs of a ransomware attack are well documented, but the reputational and opportunity costs, while more difficult to quantify, can be even more devastating. In this case, City Power is missing a primary sales opportunity, while the reputational damage that accompanies their inability to serve customers, especially those without power, can have significant long-term consequences. Therefore, protecting IT infrastructure before an attack is a necessity in today’s digital environment.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com