Wednesday, December 30, 2020

2021 Trend Watch: Ransomware Never Goes Out of Style



Ransomware is the monster under the bed that every company should be worried about these days. From stealing data to disrupting operations and even nation-state hacking, ransomware was a favored tool of cybercriminals worldwide in 2020 – and that looks set to continue in 2021.

Ransomware surged at the start of the pandemic, with an incredible 148% increase in attacks in March 2020alone. In Q3 2020, researchers estimate that cybercriminals successfully completed at least 1 new ransomware attack every day. That’s not a trend that your business wants to get in on.

Protecting your business from cybercrime like ransomware starts with building a strong cybersecurity culture. It’s important to make sure that every one of your staffers is up to date on the latest threats and following cybersecurity best practices – after all, they’re part of your security team too.

Using a solution like BullPhish ID to help employees learn to spot and stop phishing attempts is essential these days- phishing messages are the number one delivery system for ransomware. Plus, adding a secure identity and access management solution like Passly adds powerful protection against cyberattacks including ransomware by adding multifactor authentication, a recommended risk mitigation by CISA and other experts. 

Take smart precautions now to ensure that your business isn’t a trendsetter because no company can afford to be a part of the expected wave of continued growth in ransomware attacks in 2021.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Week In Breach


This Week in Breach News: 

Ransomware was an unwelcome holiday gift for a plastic surgery group, a trucking company, and other organizations, kick 2021 off right with our Cybersecurity New Year’s Resolutions infographic, and get our Build Better Passwords eBook!


The Week in Breach News – United States 


United States – Forward Air 

https://www.bleepingcomputer.com/news/security/trucking-giant-forward-air-hit-by-new-hades-ransomware-gang/ 

Exploit: Ransomware

Forward Air: Trucking & Logistics Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.113 = Severe 

Another trucking company gotbhit with ransomware this week, as attacks on shipping and logistcs targets continue to surge. Forward Air toook the hit this time from a ransomware gang that’s just coming on the scene, Hades. Operations and we services were disrupted, and recovery is ongoing. 

Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is increasingly being used to disrupt business operations instead of just snatch business data, and that’s equally bad news for every company. 

ID Agent to the Rescue: Don’t just hope that you’re not a target – get your business ready to fight back against ransomware threats with our eBook “Ransomware 101”. GET THE BOOK>>


United States – TennCare 

https://www.wkrn.com/news/tenncare-announces-privacy-breach-impacting-3300-members/

Exploit: Insider Incident (Accidental) 

TennCare: Medicaid Services Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.602 = Moderate

A blunder at TennCare has led to the exposure of personally identifiable information for about 3,300 Medicaid patients in Tennesee. Employees at an information processing vendor mistakenly sent out misaddressed mailers that may have contained protected health information to the wrong recipients. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.771 = Moderate

The state has set up a hotline for members to find out if they’re at risk by calling (833) 754-1793. The state will also be providing free credit monitoring for breach victims. TennCare users should be wary of potential spear phishing and financial scams using this information.

Customers Impacted: 3.300

How it Could Affect Your Customers’ Business To err is human…unfortunately. But increased security awareness training can help reduce a company’s chance of experiencing a damaging security incident by up to 70%.

ID Agent to the Rescue:  Don’t make rookie mistakes. Our Security Awareness Champion’s Guide features detailed walkthroughs of today’s risks and how to beat them. GET THIS BOOK>>


United States – TaskRabbit

https://latesthackingnews.com/2020/12/26/taskrabbit-reset-passwords-after-credential-stuffing-attack/

Exploit:  Credential Stuffing

TaskRabbit: Microlabor Marketplace

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.803 = Moderate 

Users of the Boston-based gig work platform TaskRabbit were surprised to get forced password reset notices when they logged in over the weekend. The company says it stopped a credential stuffing attack and did not suffer a breach or intrusion, but is having users reset their passwords “out of an abundance of caution”. The incident is still under investigation.

Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Credential stuffing attacks can be devastating. In this case, TaskRabbit got lucky, but they may not be as fortunate next time. 

ID Agent to the Rescue: Dark Web ID helps protect businesses from Dark Web danger by watching for protected credentials to appear in Dark Web markets 24/7/365 and alerting your IT team if they appear. SEE DARK WEB ID IN ACTION>>


The Week in Breach News – Canada


Canada – Sangoma Technologies

https://www.bleepingcomputer.com/news/security/freepbx-developer-sangoma-hit-with-conti-ransomware-attack/

Exploit: Ransomware

Sangoma Technologies: VoIP Technology Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.317 = Severe

FreePBX developer Sangoma Technologies received an unpleasant gift this holiday season – Conti ransomware. The gang published over 26 GB of Sangoma’s stolen data on their ransomware data leak site includes files containing information on accounting, financials, acquisitions, employee benefits and salary, and legal documents. The incident did not impact products or client data. 

Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: More municipalities are finding themselves in the crosshairs of cybercriminals looking to make a quick profit than ever. Your customers need solutions that protect their data from risks today and tomorrow, but tough times and tight budgets may be standing in the way of closing that sale. 

The Week in Breach News – United Kingdom & European Union


United Kingdom – The Hospital Group 

https://securityaffairs.co/wordpress/112637/cyber-crime/the-hospital-group-revil.html

Exploit: Ransomware

The Hospital Group: Private Cosmetic Surgery Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe 

The REvil ransomware gang is claiming responsibility for a data breach at celebrity plastic surgery clinic chain The Hospital Group. The ransomware operators say that they’ve hacked essential data storage systems and have threatened to release before-and-after pictures of celebrity clients from their stash of more than 600 GB of data if the ransom is not paid, but no word on how much they’re asking for. 

Individual Impact: No individual or personal data has yet been exposed, but that may change as events progress.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is no joke, and gangs can damage your business quickly by selectively stealing especially sensitive information about your clients. 

ID Agent to the Rescue: Phishing is still the #1 delivery system for ransomware, and that won’t be changing anytime soon. Improve phishing resistance training with BullPhish ID to improve any company’s defense against ransomware. SEE BULLPHISH ID AT WORK>>


United Kingdom – NOW: Pensions

https://www.theregister.com/2020/12/22/data_breach_now_pensions/

Exploit: Insider Incident (Accidental) 

NOW:Pensions : Workplace Pension Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.667 = Severe 

NOW: Pensions recently informed clients of a contractor error that led to information exposure. The company explained that user data was “unintentionally” posted on an unnamed public forum, with data exposed between 12/11/20 and 12/14/20, and reportedly accessed by “a small number of third parties. Appropriate authorities have been informed and the incident is under investigation. 

cybersecurity news represented by agauge showing severe risk

Individual Impact: 1.701 = Severe 

The exposed records include biographical data for pensioners (names, email addresses, and dates of birth) as well as National Insurance numbers. The company is offering impacted clients credit and identity theft monitoring. Clients should be aware of phishing and fraud attempts mounted using this data.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This complex incident will be a nightmare to unravel, even if it was actually an accident. By allowing the wrong person access to client data, that data was compromised and this company faces big bills ahead.

ID Agent to the Rescue:  Make sure that only the right people have access to sensitive information with a secure identity and access management solution like Passly to prevent an expensive disaster. LEARN MORE>>


Scotland – Scottish Environmental Protection Agency 

https://news.stv.tv/scotland/scottish-environment-protection-agency-targeted-in-cyberattack?top

Exploit: Hacking

Scottish Environmental Protection Agency (SEPA) – National Environmental Regulatory Authority 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.107 = Severe

A hacking incident at SEPA has left some services offline but not severely impacted important data or functions. The Christamas Eve attack knocked communication into and across the organization offline, but core regulatory, monitoring, flood forecasting, and warning services continued unimpeded. The incident is under investigation, and complete restoration is anticipated quickly.

Individual Impact: No personal data was reported as exposed in this incident

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybersecurity incidents can come in all shapes and sizes, and may even only impact part of your business as cybercriminals refine their attacks to continue the trend of becoming more precise in the future.

Spain – 21 Buttons 

https://www.hackread.com/fashion-marketplace-21-buttons-expose-users-data/

Exploit: Misconfiguration

21 Buttons: Fashion Social Network 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.511 = Severe

A misconfigured AWS bucket has led to the exposure of personal data for hundreds of influencers and fashion industry fans after security researchers discovered a gaping hole in the platform. The app, which has been downloaded more than 5 million times, allows users to trade and share content as well as enabling e-commerce. This security issue wasn’t fixed for at least a month, exposing the personal and financial data of the platform’s users to anyone who cared to see it. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.762 = Severe

 Over 50 million files were available and exposed in this incident including payment data for influencers, company invoices, users’ full names and addresses, financial information such as bank account numbers, PayPal email addresses, photos, and videos.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This kind of information is valuable, and cybercriminals know that they can make a pretty penny on it in the booming Dark Web data markets. 

ID Agent to the Rescue: Protect your business from Dark Web danger with Dark Web ID, the always-on guardian that you can trust to alert you immediately to Dark Web credential exposure. LEARN MORE>>


The Week in Breach News – Asia-Pacific


Japan – Koei Tecmo 

https://securereading.com/koei-tecmo-suffers-data-breach-stolen-data-exposed/

Exploit: Spear Phishing

Koei Tecmo:  Videogame and Anime Studio

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Japanese game and media company Koei Tecmo experienced a data breach that impacted users of its European and American sites.  The company’s stable includes Hyrule Warriors, Nioh 2, Atelier Ryza, Dead or Alive, and others.  An unnamed threat actor claims to have stolen a forum database through Koei Tecmo’s European user portal with 65,000 users and implanted a web shell on the site for continuous access. The company confirmed that the breach only affected the forum and not any other parts of the site, and that no financial data was involved.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.771 = Moderate

Users of the European and American potals to the company’s forums should be aware of potential phishing attempts or fraud using information from stolen forum user accounts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: From the biggest companies to the smallest, phishing is a threat that doesn’t discriminate. It’s a beloved tool for cybercriminals because it works. 

I


The Week in Breach News Guide to Our  Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Tuesday, December 29, 2020

Millions of Stolen User Records Create Risk for Your Business

Millions of Stolen User Records Create Risk for Your Business 


It’s not just information that’s stolen from your company that puts your business in jeopardy. Your company’s security is also in danger because of information stolen in data breaches at other businesses or through breaches at hospitals, government agencies, utilities, colleges, and other organizations – and that risk is growing every day as more information makes its way to the Dark Web.

Dark Web activity has exploded in 2020. The combination of millions of people suddenly working from home, a thirst for knowledge about the pandemic, and advancements in ransomware and other cybercrime technology has made it easier than ever for cybercriminals to get their hands on the information that they need to target and attack organizations – 60% of the information on the Dark Web has the potential to harm enterprises. 

One common way that cybercriminals use this information is to gather or obtain huge lists of passwords that have been stolen in data breaches around the world. It’s a well-known fact among bad actors that people tend to recycle passwords, often using a few that they cycle through for both work and home applications. If those passwords are stolen in a data breach and hit the Dark Web, they’re added to the pool that cybercriminals draw from when gathering ammunition for attacks.

That can create severe risks for your business. For example, if one of your staffers is recycling a favorite password by using it for both their company O 365 password and their personal Spotify account, and that password gets stolen in a data breach (Spotify has had 3 data breaches in 2020 alone), then cybercriminals now have a key that unlocks the front door to your business.

That’s why you should add Dark Web monitoring with a dynamic solution like Dark Web ID to your security plan. Find out that one of your company’s credentials has been compromised before the bad guys do with 24/7/365 monitoring using human and machine analysis. Dark Web ID constantly sweeps Dark Web data markets to find your potentially compromised credentials and alert your IT team immediately when one pops up.

Don’t take chances on an unexpected credential compromise incident, because even the best-laid security plan can be undone in a second with one compromised credential that goes undetected, allowing cybercriminals to slide right in to your business. Include reliable, affordable Dark Web monitoring in your 2021 security plan and gain peace of mind against unpleasant surprises like credential compromise from the Dark Web.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

What is SOC-as-a-Service?