Wednesday, July 8, 2020

Week In Breach

by ID Agent
This Week in Cybersecurity News: Healthcare data breaches keep climbing, Twitter apologizes for its breach, and Australian cyberattacks illustrate the importance of basic training. 

Cybersecurity News: Dark Web ID’s Top Threats 

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1-10

Cybersecurity News: United States 

United States – Twitter 

Exploit: Accidental Data Sharing
Twitter: Social Media Platform 
cybersecurity news represented by a gauge indicating moderate risk
Risk to Small Business: 2.602 = Moderate
Twitter sent a notification to business clients last week acknowledging a data breach that exposed the personal and billing information of some users. The breach occurred due to an issue that led to some users’ sensitive information being stored in the browser’s cache. Twitter explained that it recently became aware of this issue. Business users were warned that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter your account’s billing information may be at risk.
cybersecurity news represented by a gauge indicating moderate risk
Individual Risk: 2.602 = Moderate
Twitter did not release an estimate of the accounts affected, but it did specify that only business customers were at risk, and only a percentage of business customers had any details exposed. The leaked information potentially included email addresses, users’ contact numbers, and the last four digits of credit card numbers used for Ads accounts. Twitter business customers should monitor potentially affected payment accounts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Information like this quickly makes its way to the Dark Web, setting businesses up for cyberattacks including spear phishing attempts. In addition, failing to guard a business customer’s recurring payment information can negatively impact their relationship with that service provider.  
ID Agent to the Rescue: Dark Web ID enables companies to keep an eye on potentially compromised credentials and contact information for privileged accounts, like executives and administrators who have access to major corporate vendor accounts and credit cards. LEARN MORE >> 

United States – AMT Healthcare

Exploit: Internal Email Account Compromise 
AMT Healthcare: Medical Care Solutions Provider 
cybersecurity & breach news represented by agauge showing severe risk
Risk to Small Business: 1.662 = Severe
AMT Healthcare revealed this week that it had experienced a data breach affecting a large pool of customers in December 2019 that was discovered through suspicious activity on an employee email account. The California-based company recently completed an investigation into the incident and contacted those who were affected. Potentially compromised data includes patient names, Social Security numbers, medical record numbers, diagnosis information, health insurance policy information, medical history information, and driver’s license/state identification numbers. 
cybersecurity & breach news represented by a gauge showing severe risk
Individual Risk: 1.899 = Severe
Anyone that may be at risk of compromise was informed this week. Extremely sensitive data was compromised in this breach, and those affected should beware of the potential for fraud, identity theft, and spear phishing attempts that this stolen data creates. A filing of the account posted to the breach portal at the U.S. Department of Health and Human Services noted that potentially affected patients are being offered free credit monitoring services. 
Customers Impacted: 47,767 
How it Could Affect Your Customers’ Business: When clients choose to do sensitive business with a company, they’re also trusting that company to guard their information. This imperative is even stronger for companies that collect health information. Not only does a data breach cost healthcare organizations patient confidence, but it also costs a fortune in HIPPA-related fines. 
ID Agent to the Rescue: Insider threats like a compromised email account can result from the actions of malicious insiders or careless staffers. Learn to spot and stop insider threats in our “Combatting Insider Threats” resource package, including a free eBook.  GET IT NOW>>

United States – CentralSquare Technologies

Exploit: Malware 
CentralSquare Technologies: Public Sector Services Provider
cybersecurity & breach news represented by a gauge showing severe risk
Risk to Small Business: 1.977 = Severe
Eight cities in three U.S. states that use CentralSquare’s Click2Gov payment systems for municipal transactions were recently affected by a payment card skimming attack that exploited a software vulnerability in the Click2Gov platform. Using Magecart-style malware designed specifically to work on Click2Gov payment sites, cybercriminals were able to capture payment card information from people using the affected Click2Gov sites to make municipal services transactions like paying bills or fines. The attacks began in April 2020 and are ongoing. Reports note that 5 of the 8 cities affected were also targeted in attacks in 2019. The names of the affected cities were not released.  
cybersecurity & breach news represented by a gauge showing severe risk
Individual Risk: 2.378 = Severe
Financial data was directly compromised in this attack, including payment card numbers, expiration dates, and CVV. Similar information from previous attacks against Click2Gov in 2019 and 2018 was made available on the Dark Web quickly. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Payment skimming malware is an increasing threat for any business that processes online payments. Compromised financial and identity information can also hang around in Dark Web markets for a long time, creating continued risk.  
ID Agent to the Rescue: Dark Web ID monitors the Dark Web 24/7/265 using human and machine intelligence to uncover potential threats, like stolen data and compromised credentials, and alert you to danger so that you can take action. SEE HOW IT WORKS>> 

United States – University of California San Francisco 

Exploit: Ransomware 
University of California San Francisco: Education and Research Institution 
cybersecurity news gauge indicating extreme risk
Risk to Small Business: 1.275 = Extreme
The University of California San Francisco (UCSF) confirmed this week that it paid cybercriminals $1.14 million to decrypt data following a ransomware attack. Although UCSF was able to detect the incident quickly, it was not fast enough to allow cybersecurity teams to quarantine the affected servers, and a significant portion of its medical school and research data was encrypted. The ransom was demanded to free essential COVID-19 research data that was captured in an intrusion on June 1. Reports indicate that UCSF was one of four academic institutions targeted in a single week by the Netwalker ransomware group.  
Individual Risk: No patient or personal data was reported as compromised at this time. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  Ransomware is a growing menace to every organization, and it’s not just sensitive business or financial data that Dark Web criminals are after. Research data has become an increasingly hot commodity. Paying ransoms to cybercriminals to decrypt research data sets a dangerous precedent. Collecting large sums will embolden other groups that can take down big fish to score big paydays.  
ID Agent to the Rescue: The most common way that a system becomes infected with ransomware is through phishing. Don’t allow staff training updates to lag as you wait for things to slow down. BullPhish ID includes phishing resistance training kits that are perfect for training in office and remote staffers featuring video content and online testing to judge user competence in 8 languages. LEARN MORE>> 

Cybersecurity News: Canada

Canada – OneClass

Exploit: Unsecured Database Access 
OneClass: E-learning Platform 
cybersecurity news gauge indicating extreme risk
Risk to Small Business: 1.407 = Extreme
An unsecured Amazon Secure Storage Services bucket is the culprit for a data breach at North American education services provider OneClass. The Canadian company was informed of the breach on May 25 by cybersecurity researchers and the database was secured within 24 hours. However, personally identifiable information for more than 1 million students, some as young as 13, had already been extracted.  The compromised 27GB database includes 8.9 million records.  
cybersecurity news represented by agauge showing severe risk
Individual Risk: 1.719 = Severe
Students, teachers, and other users of the platform had personally identifiable data including full names, email addresses (some masked), schools and universities attended, phone numbers, course enrollment data, textbooks, testing results, faculty data, and other OneClass account details compromised. No payment information or financial data is believed to have been affected.  
Customers Impacted: 1 million
How it Could Affect Your Customers’ Business:  Failure to secure the personally identifiable data of users, especially children, is distasteful to both potential and current clients. Students, teachers, and schools may look at other education platforms to find a more secure alternative. Information compromised in this incident could haunt those affected for years to come as it lingers on the Dark Web. 
ID Agent to the Rescue: Dark Web ID provides 24/7/365 human and machine powered monitoring and analysis to alert businesses quickly if their credentials or data appear in Dark Web markets, giving them a chance to prevent a cybersecurity incident from snowballing into a cybersecurity disaster. LEARN MORE>>

Cybersecurity News: United Kingdom

United Kingdom – Babylon Health

Exploit: Accidental Data Sharing  
Babylon Health: Telemedicine Technology Developer 
cybersecurity news represented by agauge showing severe risk
Risk to Small Business: 2.207 = Severe
A recently completed investigation revealed that a flaw in the software created by Babylon Health to enable telemedicine appointments also allowed users to see the consultations of other patients after they finished their own telemedicine visits. The app is used by about 2.3 million UK users. It allows members to book medical appointments, access a triage chatbot, and have consultations with NHS doctors via smartphone video or audio-only call. Apparently, when users switched from video to audio-only during their call, they also gained access to the audio recordings of the medical consultations of other users.
cybersecurity news represented by a  gauge indicating moderate risk
Individual Risk: 2.919 = Moderate
Babylon Health reports that the issue was discovered in early June and repaired rapidly, with a “very small” unspecified number of users affected. 
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  More and more interactions are taking place over video these days, especially in the wake of the global pandemic. Many video conferencing service providers have had issues with intrusions and software glitches that put the private conversations and meetings of users at risk, creating doubt in the security of this type of communication. Because of this, data that is shared during a video conference through display, audio, or screen sharing may be in danger of compromise.
ID Agent to the Rescue: In an era when more business is being done remotely, it’s essential that businesses have appropriate security solutions in place to mitigate these risks – but that can be a hard sell in a challenging economy. With Goal Assist, our Partners can tag in extra help when they need it to reinforce the value that they’re offering to clients and score a sales win. FIND OUT MORE>>

Cybersecurity News: Australia & New Zealand      

Australia – Chem Pack

Exploit: Ransomware
Chem Pack: Liquid Chemical Formulation Manufacturer 
cybersecurity news represented by agauge showing severe risk
Risk to Small Business: 1.779 = Severe
As a barrage of cyberattacks continues to affect companies in Australia, Chem Pack has been caught in a ransomware attack. Cybercriminals using REvil ransomware have compromised and encrypted data at the Melbourne-based manufacturer. REvil ransomware exploits a known 2018 Windows vulnerability to elevate account privileges, enabling these bad actors to strike. The attackers claim to have exfiltrated financial information, personal information, and other essential business data, and recently posted a screenshot of a sample of the data on a Dark Web forum. Typically, this group posts a screenshot as proof that they’ve encrypted the affected data and asks the victim to contact them to negotiate a ransom for the key to unlock it. 
Individual Risk: No individual data was reported as compromised.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a scourge that doesn’t just hold a company’s operations hostage, it also creates extended cybersecurity risks as data that has been obtained in attacks is copied and shared on the Dark Web. Even when a ransom is paid, victims have no guarantee that the captured data is returned without being replicated or sold to others first.  
ID Agent to the Rescue: Dark Web ID alerts companies immediately when their protected data hits Dark Web markets, giving IT security teams actionable intelligence about potential threats and vulnerabilities that allows them to act fast to throw a roadblock up against attackers and mitigate potential damage. SEE IT IN ACTION>> 

The Week in Breach’s Cybersecurity News Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

No comments:

Post a Comment