Wednesday, May 27, 2020

Week In Breach

This week, phishing scams compromise patient data, ransomware disrupts remote work, the sale of the world’s largest whiskey collection is thwarted, and employees struggle to deter cybersecurity threats while working from home.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1-10

United States – Ambry Genetics 

Exploit: Phishing scam   
Ambry Genetics: Genetic testing laboratory  
gauge indicating extreme risk
Risk to Small Business: 1.373 = Extreme
An employee failed to identify a phishing scam, interacting with the message and giving hackers access to patient data between January 22, 2020, and January 24, 2020. However, the incident wasn’t reported until March 22nd, as the company struggled to dedicate resources to cybersecurity while it transitioned to remote work. In total, the breach is the second largest healthcare breach of the year, and, although the company is updating its cybersecurity practices in response to the incident, they will need to navigate a challenging recovery process during a pandemic.
gauge indicating extreme risk
Individual Risk: 1.290 = Extreme 
Hackers had access to patient data, including names, medical information, genetic-specific information, and a limited amount of Social Security numbers. This information has a strong market on the Dark Web, and those impacted by the breach should take steps to guard themselves against medical or identity theft. To support victims, Ambry Genetics is offering free identity monitoring services for a year. Also, those impacted by the breach should monitor their digital communications for potential spear-phishing messages that could compromise additional data.     
Customers Impacted: 233,000
How it Could Affect Your Customers’ Business: Healthcare services collect and store peoples’ most sensitive personal information, and they are a top target for cybercriminals during the COVID-19 pandemic. Rather than reacting to a cybersecurity incident, companies should take a proactive stance to protect PII. The incredible rise in phishing scams targeting healthcare facilities during this time should make employee awareness training a top priority.  
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Click the link to get started: 

United States – CivicSmart   

Exploit: Ransomware 
CivicSmart: Smart parking meter technology producer 
gauge showing severe risk
Risk to Small Business: 2.130 = Severe
A ransomware attack encrypted CivicSmart’s network and exfiltrated company and customer data. The attack, which took place in March, was identified when hackers threatened to publish 159 gigabytes of sensitive data online. To prevent publication, the company paid an undisclosed ransom, and the files were brought offline. However, CivicSmart can’t rest easy. Despite promises to delete the information, it’s unlikely that cybercriminals will destroy valuable resources, which means that the stolen data could come back to haunt the company or its customers.  
gauge showing severe risk
Individual Risk: 2.671 = Severe
Although the details are unclear, CivicSmart’s platform collects peoples’ personal and payment information as part of its smart parking meter service. What’s more, it partners with a variety of mobile apps and parking-garage vendors that could also be compromised in the breach. As a precaution, those impacted by the breach should notify their financial institutions of the incident, while carefully scrutinizing incoming messages for signs of a spear phishing scam.     
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even before bad actors began exfiltrating data, ransomware attacks were uniquely costly and incredibly destructive. Today, companies can expect that a ransomware attack will double as a data breach, giving every organization millions of reasons to ensure that their networks are guarded against this especially problematic malware. 
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here:  

United States – Saint Francis Ministries 

Exploit: Phishing scam 
Saint Francis Ministries: Non-profit organization  
gauge showing severe risk
Risk to Small Business: 1.583 = Severe
An employee interacted with a phishing scam that provided hackers with access to company IT. The breach, which was first identified on December 19, 2019, gave hackers access to user data between December 13, 2019, and December 20, 2019. However, it would be another two months before the organization understood the full scope of the breach. What’s more, it took until March 24, 2020, to determine that the breach included peoples’ personal data, and Saint Francis Ministries is just now notifying the public of the incident.  
gauge showing severe risk
Individual Risk: 1.677 = Severe
The impacted email account contained peoples’ personally identifiable information, including names, Social Security numbers, dates of birth, driver’s license numbers, state ID information, bank account details, treatment and diagnosis information, account credentials, and other healthcare data. This comprehensive breach could have far-reaching ramifications for victims, who will need to protect themselves against future data misuse. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Whether hackers extract account credentials through phishing scams, purchase them on the Dark Web, or otherwise acquire this valuable data, organizations need to be prepared to protect accounts even when account information is compromised. Enabling easy-to-use tools like two-factor authentication is a natural first step.
ID Agent to the Rescue: With Passly, you can protect your employees’ digital identities, data, and business continuity. We offer integrated multi-factor authentication, single sign-on, and password management solutions to protect your credentials and your data. Find out more at

United States – LearnPress 

Exploit: Software vulnerability
 LearnPress: WordPress plug-in 
gauge showing severe risk
Risk to Small Business: 1.708 = Severe
Cybersecurity researchers identified flaws in the LearnPress plug-in that could allow hackers to access student information, steal money from course creators, or to alter their access privileges to become teachers. The popular WordPress plug-in is used by more than 100,000 schools, organizations, and content creators who rely on these digital services even more now that eLearning is the de-facto presentation method for nearly all students.    
Individual Risk: At this time, there is no evidence that personal information was compromised in the breach. However, users should carefully monitor their accounts and credentials for misuse or abuse.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Developers took steps to repair the vulnerability, but businesses that want to thrive in our altered digital environment will need to identify threats before their products reach the public. As other organizations have discovered, the COVID-19 pandemic can be an excellent time to demonstrate strength or expose yourself to issues that will erode your brand’s image long after the crisis abates.
ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today:  

Canada – Northwest Territories Power Corporation 

Exploit: Ransomware 
Northwest Territories Power Corporation: Electricity provider   
gauge indicating severe risk
Risk to Small Business: 1.571 = Severe
A ransomware attack disabled the power provider’s servers and email accounts. Website visitors were abruptly greeted by a message from the hackers notifying them of the attack and providing steps to purchase a decryption key to unlock the data. The event brought dismay from consumers who lamented another hurdle in an already tumultuous time. What’s more, it’s unclear if the company will be able to restore services from backup files, meaning they will likely have an expensive path to recovery.  
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks can feel random and inevitable. In reality, they always require an access point, and companies can take steps to defend their digital environment from these attacks. For instance, assessing your network for vulnerabilities and identifying compromised login credentials can go a long way toward ensuring that your company isn’t the next victim.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web IDTM is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today:

United Kingdom – Zaha Hadid Architects         

Exploit: Ransomware  
Zaha Hadid Architects: Architectural design firm
gauge showing severe risk
Risk to Small Business: 2.207 = Severe 
A ransomware attack forced Zaha Hadid Architects to bring its network offline, disrupting its remote operations as its distributed teams work from home during the COVID-19 pandemic. Fortunately, the company restored operations using backup data, but they were unable to determine the specific data sets that hackers exhilarated before encrypting the network. As a result, the consequences will likely continue, as those responsible try to extract financial value from their efforts.   
Individual Risk: At this time, it’s unclear if personal data was compromised in the breach. However, employees and customers should be especially vigilant to monitor their accounts and messages for unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: As companies battle to remain productive and profitable during the COVID-19 crisis, ransomware remains a constant threat to both priorities. Now, more than ever, every company needs to ensure that its defensive posture is ready to address this growing threat.  
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here:       

EU – Proton Technologies AG        

Exploit: Exposed database 
Proton Technologies AG: GDPR compliance advice website   
gauge showing severe risk
Risk to Small Business: 1.672 = Severe
An exposed database compromised users’ login credentials on GDPR.EU, an advice site for organizations striving to improve data privacy compliance that is partially sponsored by the Horizon 2020 Framework Programme, an EU research program. The ironic cybersecurity incident was easily-identifiable by cybersecurity researchers, who reported the vulnerability to developers. For a company that relies on institutional funding to power its platform, this incident is an embarrassing failure that could impact its long-term viability as a government partner.
gauge indicating moderate risk
Individual Risk: 2.509 = Moderate
The breach compromised usernames and passwords, and victims should immediately reset their account credentials. In addition, any accounts that use the same username and password combination could also be compromised, and users should immediately update that information. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While we rightly give a lot of attention to the financial cost of a data breach, many organizations fail to appraise the reputational damage that accompanies a cybersecurity incident. Especially for organizations predicated on their data privacy expertise, even a relatively small oversight can have significant consequences.
ID Agent to the Rescue: Passly protects employees’ digital identities, data, and business continuity through an integrated multi-factor authentication, single sign-on, and password management solution. Learn more at    

 Australia –      

Exploit: DDoS attack Online auction platform   
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.393 = Severe
A DDoS attack disrupted and ultimately forced the cancellation of an auction of the largest private whisky collection for public sale. The event was expected to net millions of dollars, and the cancellation will undoubtedly hurt the company’s bottom line. To protect critical data, the company was forced to bring its website offline, and members are encouraged to stay alert for future breach notifications. 
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even before COVID-19 forced everyone online, many people already preferred digital platforms to in-person buying experiences. Of course, the pandemic has only accelerated this trend, which means that companies looking to capitalize on digital platforms need to ensure that they are safe, secure amidst a rapidly expanding threat landscape.
ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at   

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

No comments:

Post a Comment