This Week in Cybersecurity & Breach News: Ransomware hits everywhere from small towns to multinational corporations and tech giants, how to add protection against nation state actors, a new FBI warning about ransomware targeting US companies, and new webinars with marketing tools and product-based strategies to grow your MRR.
Cybersecurity News: Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
Cybersecurity and Breach News – United States
United States – UberEats
Exploit: Unauthorized Database Access
Uber Eats: App-Based Food Delivery Service
Risk to Small Business: 2.691 = Moderate
Security analysts doing routine Dark Web and Deep Web monitoring uncovered a data dump containing details about customers, delivery drivers, and delivery partners for UberEats. The 9 TXT files leaked by the threat actor include login credentials of 579 UberEATS customers and details of 100 delivery drivers. The data includes login credentials, full name, contact number, trip details, bank card details, and, account creation dates.
Individual Risk: 2.377 = Severe
No details about how affected customers and drivers will be informed or any remediationn offered have been released. UberEats customers, drivers, and partners should reset their account credentials and be alert for credit card fraud, spear phishing, and identity theft dangers.
Customers Impacted: 679
How it Could Affect Your Customers’ Business: This breach is especially troubling because it is unacknowledged and it was discovered by Dark Web analysts instead of internal IT, putting in question the company’s transparency about security and attention to small security issues.
ID Agent to the Rescue: This breach was detected by experts doing Dark Web analysis. Put the power of Dark Web ID to work for your clients detecting and alerting when compromised credentials are discovered LEARN MORE>>
United States – Summit Medical Associates
Exploit: Ransomware
Summit Medical Associates: Healthcare Provider
Risk to Small Business: 1.979 = Severe
A data breach has come to light at Summit Health after the Tennessee-based practice group reported that it had experienced an “inability to access certain records” in early June. A tired arty investigator determined that not only was it a ransomware incident, but the cybercriminals had also been able to access to their systems for nearly six months before the breach.
Individual Risk: 2.799 = Moderate
There has been no reported no evidence that patient information was compromised, the affected server did contain patient PII including names, medical information, and Social Security numbers.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cybercriminals had access to this server for six months before anyone noticed. Security awareness, data handling, credential monitoring, and phishing resistance training keep eyes on the ball for cybersecurity, lowering the chance that something like this happens (or persists).
ID Agent to the Rescue: The security awareness and phishing resistance training that forms part of our digital risk protection platform helps stop negligence like this from starting. LEARN MORE>>
United States – The Blacklist Alliance
https://krebsonsecurity.com/2020/08/robocall-legal-advocate-leaks-customer-data/?web_view=true
Exploit: Unauthorized Database Access
The Blacklist Alliance: Robocall Legal Advocate
Risk to Small Business: 1.717 = Severe
In an ironic turn of events, The Blacklist Alliance, a company that helps telemarketers dodge lawsuits from violations of the Telephone Consumer Protection Act, has experienced a data breach that leaked the phone numbers, email addresses and passwords of all its customers, as well as mobile phone numbers and data on people who have hired lawyers to go after telemarketers. Thousands of documents, emails, spreadsheets, images, and the names tied to a huge number of mobile phone numbers were freely accessible from the domain theblacklist.click. The directory also included all 388 Blacklist customer API keys, as well as each customer’s phone number, employer, username, and password ( hashed using the MD5 algorithm).
Individual Risk: 1.912 = Severe
Individuals and companies who have done business with The Blacklist Alliance should consider their information at risk for fraud, identity theft, blackmail, or spear phishing attempts.
Customers Impacted: 388+
How it Could Affect Your Customers’ Business: A failure to secure PII and other sensitive data in an industry that handles secretive personal matters like this can be disastrous. Not only does it open the company up to legal and reputational risk, but it also risks the company’s ability to keep doing business in an industry that prizes anonymity.
ID Agent to the Rescue: Secure access points to delicate information by adding Single Sign-on with Passly. By assigning each user an individual launchpad, you’re able to control access to sensitive data more carefully – and act faster if the wrong person gets access. SEE A DEMO>>
United States – CWT
Exploit: Ransomware
CWT: Travel Management
Risk to Small Business: 1.882 = Severe
CWT reportedly paid an eye-popping $4.5 million to cybercriminals using Ragnar Locker ransomware to decrypt reams of sensitive corporate files and restore 30,000 company computers that were knocked offline. Reportedly, the hackers initially demanded $10 million. Reuters included details and screenshots of the negotiation in a story filed last week. The ransom note left by the hackers claimed to have stolen two terabytes of files, including financial reports, security documents, and employees’ personal data such as email addresses and salary information.
Individual Risk: No personally identifiable information or financial information was reported as stolen/
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.
ID Agent to the Rescue: BullPhish ID offers training in 8 languages to get staffers up to speed on today’s phishing threats fast, including video lessons and online testing. Learn more>>
United States – Boyce Technologies
Exploit: Ransomware
Boyce Technologies: Medical Equipment Manufacturer
Risk to Small Business: 1.407 = Extreme
Essential medical equipment producer Boyce Technologies was attacked with DoppelPaymer ransomware. The company produces about 300 low-cost ventilators per day using human and robotic labor. Microsoft noted that this type of ransomware uses “brute force” against a target company’s systems management server. It has extensively targeted the healthcare sector since the start of the COVID-19 crisis.
Individual Risk: No personal or financial information was reported as compromised.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks have grown more sophisticated and more dangerous in 2020, and corporate-level espionage that impacts production has become more prevalent – meaning that companies have to be more cautious about closing security loopholes.
ID Agent to the Rescue: In a challenging economy, it can be difficult to convince customers that they need to increase security to avoid these potentially devastating attacks. That’s why our Partners love the extra help that they can call on through Goal Assist to help seal a tricky deal. Learn More >>
United States – City of Lafayette, Colorado
https://www.securityweek.com/colorado-city-pays-45000-ransom-after-cyber-attack?&web_view=true
Exploit: Ransomware
City of Lafayette, CO: Municipal Government
Risk to Small Business: 2.101 = Severe
The City of Lafayette, CO paid $45k to cybercriminals to restore access to municipal computers after a successful ransomware attack shut municipal networks down including city emails, phones, online payments, and reservation systems. The cost of restoration and the impact of the shutdown on city services impacted the city’s calculations when choosing to pay the ransom or restore from backups.
Individual Risk: 2.801 = Moderate
City officials say that credit card information was not compromised, and there was no evidence that personal data was stolen either, residents should monitor their accounts for suspicious activity as a precaution.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can be so damaging that paying the ransom is less than the cost of recovery. Without adequate protections in place including updates security awareness training and access controls, organizations (and their budgets) can take a big hit from ransomware.
ID Agent to the Rescue: Over 3,000 MSPs in 30 countries trust our solutions to help protect their customers from threats like ransomware. Our new Partners typically realize ROI in 30 days or less, and we’ve always got room for more. Contact us to learn more about the benefits of Partnership. Learn more>>
Cybersecurity and Breach News – Canada
Canada – Nova Scotia Health Authority
Exploit: Unauthorized Database Access
Nova Scotia Health Authority: Healthcare System
Risk to Small Business: 2.662 = Moderate
Not one but two security breaches at the Nova Scotia Health Authority have been reported as patient data was accessed by unauthorized individuals. The information was reported as “viewed”, but no details were given on how or by whom. The Nova Scotia Health Authority said it had notified the province’s Office of the Information and Privacy Commissioner.
Individual Risk: 2.874 = Moderate
The Authority said that it has notified the small number of patients affected, and did nor report ant financial information as stolen in either incident.
Customers Impacted: 211
How it Could Affect Your Customers’ Business: Sensitive information, especially medical data, requires an extra level of care for protection – or the company that mishandles it will find themselves paying large fines in addition to other remediation costs.
ID Agent to the Rescue: Passly secures sensitive data with multifactor authentication, ensuring that a second form of identification is required for anyone to access protected systems and data. Learn more>>
Cybersecurity and Breach News – United Kingdom & European Union
United Kingdom – British Dental Association
https://www.bbc.com/news/technology-53652254?&web_view=true
Exploit: Unauthorized Database Access
British Dental Association: Trade Union
Risk to Small Business: 1.866 = Severe
The British Dental Association informed its members that data on a “small fraction” of its membership was exfiltrated in late July. The statement was vague about the cause or impact, and the organization’s website has been down since the attack was reported on 7/30/20. The association is still working to restore its web, telephone, and internal networks following the security breach, and has notified the Information Commissioner’s Office.
Individual Risk: 2.219 = Severe
The organization does not store members’ card details but does hold account numbers and sort codes to collect direct debit payments. The BDA has urged its members to remain vigilant against identity theft or spear phishing attempts.
Customers Impacted: 22,000
How it Could Affect Your Customers’ Business: When an organization stores the financial information of its members in any capacity, that information needs to be protected – and members need to have confidence in the security of their personal and financial data on file, especially in professional groups or trade unions.
ID Agent to the Rescue: Passly’s cutting-edge features make it the best cost-effective secure identity and access management solution to add to your security stack to guard against unwelcome visitors to your clients’ systems and data. SEE PASSLY’S FEATURES >>
France – Forsee Power
Exploit: Ransomware
Forsee Power: Electromobility Battery Manufacturer
Risk to Small Business: 1.113 = Severe
Netwalker ransomware is to blame for the leak of extensive business data at the Paris-based battery manufacturer, a world leader in electric mobility device power. Cybercriminals exposed a directory containing folders such as Accounts Receivable, Finance, Collection Letters, Expenses, and Employees in an image posted to the Netwalker group blog.
Individual Risk: No personal or financial information was reported as stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Sensitive business data is valuable – and it sells for a pretty penny on the Dark Web. Smart companies use Dark Web monitoring to stay on guard against the exposure of sensitive credentials and information on the Dark Web.
ID Agent to the Rescue: Today’s Dark Web is a very different place than it was before COVID-19. Don’t overlook the danger to your clients and your MSP that is ramping up from the thriving Dark Web data markets. Go inside these markets with experts to see the real Dark Web in our newest webinar, featuring an MSP perspective and real Dark Web screenshots. Get the Webinar>>
Cybersecurity and Breach News – Asia
Japan – Canon
https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/
Exploit: Ransomware
Canon: Optical and Imaging Products Manufacturer
Risk to Small Business: 2.231 = Severe
International equipment behemoth Canon reported in a letter to staffers that it had been the victim of a ransomware attack that Canon impacted numerous services, including Canon’s internal email, Microsoft Teams, USA website, and other essential business applications. The Maze ransomware group has claimed credit for the successful attack and disruption of Canon’s business systems. Maze operators stated that they extracted 10 terabytes of data on private databases in the attack. Canon notes that some users’ still image and video image data stored in its image.canon cloud photo platform involving the 10GB long-term storage option was missing but offered no details as to the type of images that were taken.
Individual Risk: At this time, there is no available information about the nature or provenance of the stolen data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Maze ransomware attacks typically start with gaining access to an average employee account and using that to gain access to accounts with greater privilege – and the vast majority of ransomware attacks start off as phishing.
ID Agent to the Rescue: Strengthen phishing resistance at every level with BullPhish ID. Easy management and deployment tools make it simple to create customized groups of users for testing. Learn more>>
Cybersecurity and Breach News – Australia & New Zealand
Australia – ProctorU
Exploit: Unauthorized Database Access
ProctorU: Online Test Monitoring Service
Risk to Small Business: 1.667 = Severe
A number of Australian universities have been affected by a breach at testing services provider ProctorU. Hackers from the Shiny Hunters group published the stolen database from ProctorU online. The affected universities include the Group of Eight’s University of Sydney, University of NSW, University of Queensland, University of Melbourne, University of Western Australia, and the University of Adelaide, as well as Swinburne University, James Cook University, and Curtin University. The stolen data reportedly contains The data contains usernames, unencrypted passwords, legal names, and full residential addresses of students at the impacted schools.
Individual Risk: 2.871 = Moderate
No financial information was stolen, but student PII was impacted. Students should be cautious of spear phishing attempts using the stolen data
Customers Impacted: 444,267
How it Could Affect Your Customers’ Business: Ransomware has become the bane of most cybersecurity planners’ existence. By increasing investment in essential security awareness training tools, companies can better protect their data ( and their budgets) from ransomware.
ID Agent to the Rescue: Learn expert secrets and get growth-focused sales advice from a Channel All-Star in this powerful webinar that shows you how to land and close more security business in 5 proven practical steps to success. Download the webinar >>
The Week in Breach Cybersecurity and New Breach News Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach Cybersecurity and New Breach News are calculated using a formula that considers a wide range of factors related to the assessed breach.
No comments:
Post a Comment