Thursday, November 12, 2020

The Week in Breach News

The Week in Breach News – United States 


United States –  Steelcase

https://www.fox17online.com/news/steelcase-experiences-cyberattack

Exploit: Ransomware

Steelcase: Furniture Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.311 = Severe 

Furniture manufacturing giant Steelcase was hit with a nasty ransomware attack that forced a brief shutdown of all systems. The company was able to quickly contain the suspected Ryuk ransomware incident and says that no data was stolen. Recovery operations were fast and everything is back online. 

Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident. 

How it Could Affect Your Customers’ Business: These days, ransomware attacks aren’t just a threat to data – they’re being used to shut down production lines, impact infrastructure, and cause havoc.

ID Agent to the Rescue: Ransomware is generally the poisoned fruit of a phishing email. Protect your business from ransomware with BullPhish ID, phishing resistance training that’s both effective and cost-effective.  LEARN MORE>>


United States – Wisconsin Republican Party

https://apnews.com/article/wisconsin-republican-party-hackers-stole-641a8174e51077703888e2fa89070e12

Exploit: Phishing

Wisconsin Republican Party: Political Organization 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.337 = Extreme

The Wisconsin Republican Party had a suspected phishing incident that couldn’t have come at a worse time. An estimated $2.3 million was stolen by cybercriminals from the party’s reelection fund after at least one staffer interacted with a phishing email, impacting operations just as the races were coming down to the wire. The FBI and local officials are investigating the incident. 

Individual Risk: No personal or consumer information was reported as impacted in this incident. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Phishing is about more than just credential compromise. Today’s most dangerous attack is used to do everything from steal money to deploy malware. 

ID Agent to the Rescue:  BullPhish ID has simple remote management tools and preloaded plug-and-play phishing simulation kits that make conducting phishing resistance training a snap anytime, anywhere. LEARN MORE>>


United States – Ledger 

https://cryptobriefing.com/bitcoin-wallet-provider-ledger-compromised-again-malicious-phishing-attack/

Exploit: Unsecured Database

Ledger: Cryptocurrency Storage Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.667 = Severe 

Once again, Ledger is hot water for a cyberattack. This time, Ledger users received a phishing email that directed them to log in at a new address, allowing cybercriminals to steal both the victim’s login credentials and cryptocurrency. This is the company’s second incident this year, and information from that July 2020 incident is suspected to have played a part in this attack. 

Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident. 

How it Could Affect Your Customers’ Business: Cyberattacks can have cascading consequences, with information stolen in cyberattacks coming back to haunt businesses months or years later. Data like login credentials can live on in Dark Web data dumps to haunt you later.

ID Agent to the Rescue: Dark Web ID helps keep credentials safe with 24/7/365 human and machine monitoring using real-time data analysis. to find compromised credentials and alert you fast.  LEARN MORE>>


United States – Fragomen, Del Rey, Bernsen & Loewy 

https://techcrunch.com/2020/10/26/fragomen-data-breach-google-employees/

Exploit: Unauthorized Database Access

Fragomen, Del Rey, Bernsen & Loewy: Law Firm

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.801 = Moderate

Data theft at a top law firm that provides employment verification screening services for companies like Google exposed a small amount of sensitive data. An unauthorized intrusion into a database exposed the employment verification information for some current and past Google employees. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk 2.992 = Moderate

The firm has not disclosed exactly what data was stolen although an employment verification or I-9 file can contain very sensitive information. The firm has also not indicated how many employees were affected although they’ve stated that it is a “limited number”

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: When you’re storing sensitive data, that information needs extra protection in order to really serve your clients.

ID Agent to the Rescue: Secure identity and access management with Passly helps prevent intrusions by requiring multifactor authentication to let anyone access information. LEARN MORE>> 


United States – Nitro Software Inc.

https://securityaffairs.co/wordpress/110025/data-breach/nitro-pdf-data-breach.html

Exploit: Unauthorized Database Access

Nitro Software Inc.: Software Developer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.071 = Severe

A massive data breach at Nitro, home of Nitro PDF, may have an impact on some major players. Nito serves clients including Google, Apple, Microsoft, Chase, and Citibank. The software maker announced that an unauthorized third party gained limited access to a company database. The stolen information has already made its debut on the Dark Web, including about 1TB of documents.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: A data breach at a third-party service provider for your business is just as dangerous as a data breach at your company and smart companies take precautions against supply chain risk.

ID Agent to the Rescue: Stolen data damage businesses by giving cybercriminals huge troves of passwords to mine. Keep your company’s credentials secure with Dark Web ID’s Channel-leading credential monitoring. LEARN MORE>> 


United States – Gaming Partners International

https://www.forbes.com/sites/leemathews/2020/10/31/ransomware-gang-claims-international-casino-equipment–supplier-as-latest-victim/?sh=7529ed2c68b2

Exploit: Ransomware

Gaming Partners International: Casino Equipment Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe

REvil ransomware caused havoc at one of the world’s leading casino suppliers, shutting down systems for several days. The hackers also extracted more than 500 gigabytes of data during the breach. Among the files were casino contracts, banking information and technical documents. The company was quickly able to restore operations.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Every time your employees interact with a phishing email, your business is at risk for ransomware. Security awareness training prevents up to 70% of cybersecurity incidents.

ID Agent to the Rescue: Phishing resistance training is one of the most important ways that businesses can protect their systems and data, as long as it’s refreshed at least every 4 months. You’ll never run short of fresh, updated training material with BullPhish ID. LEARN MORE>> 


The Week in Breach News – Canada


Canada –  Stelco 

https://www.itworldcanada.com/article/canadian-steelmaker-stelco-hit-by-cyberattack/437503

Exploit: Hacking 

Stelco: Steel Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.332 = Severe 

Major Canadian steel manufacturer Stelco experienced a nasty ransomware attack that brought its operations to a halt. All manufacturing and business operations were briefly shut down, but the company was quickly able to restore its systems. 

Individual Risk: No personal data has been reported as impacted in this incident. 

Customers Impacted: Unknown 

How it Could Affect Your Customers’ Business: A robust cybersecurity defensive strategy adds extra protections that prevent hackers from slipping through the cracks to devastate your business. 

ID Agent to the Rescue: ID Agent’s digital risk protection platform provides multiple cost-effective solutions that add strong protection against cybercrime. SEE OUR SOLUTIONS AT WORK>>


The Week in Breach News – United Kingdom & European Union


Sweden- Gunnebo

https://portswigger.net/daily-swig/data-breach-at-swedish-security-company-leaks-38-000-sensitive-documents

Exploit: Unauthorized Database Access

Gunnebo: Security Consulting

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe 

Security system design consulting firm Gunnebo has had its own security incident, as cybercriminals were able to gain access to some of its stored data. Bad actors were able to pilfer the security system plans and blueprints for many important buildings including bank vaults and government buildings.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown 

How it Could Affect Your Customers’ Business: Protect your essential blueprints, formulas, and plans as carefully as you would protect financial data because industrial espionage is a hot category on the Dark Web.

ID Agent to the Rescue:  Passly adds extra protections between cybercriminals and your data with single sign-on launchpads for each employee, allowing security to quickly cut off access if an account is compromised. SEE PASSLY IN ACTION>>


Italy – The Enel Group 

https://securityaffairs.co/wordpress/110067/malware/enel-group-netwalker-ransomware.html

Exploit: Ransomware 

The Enel Group: Energy Manufacture & Distribution 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909 = Severe 

Multinational energy conglomerate Enel was the latest victim of Netwalker ransomware, as cybercriminals demand a $14 million ransom. The ransomware gang claims to have several terabytes of data. The company was also hit with Snake ransomware in July. Investigation and recovery are ongoing.

Individual Risk: No personal or financial data is reported as stolen or compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks on infrastructure targets have been escalating, including energy, logistics, and industrial transportation companies. While cybercriminals are still out for data, they’re also looking to disrupt essential services.

ID Agent to the Rescue: BullPhish ID enables you to transform your employees from your largest attack surface to your largest defensive asset with training delivered in bite-sized pieces that’s accessible for tech and non-tech employees alike. LEARN MORE>> 



The Week in Breach News – Asia Pacific


India – Mithaas Sweets

https://ciso.economictimes.indiatimes.com/news/after-haldirams-now-mithaas-hit-by-ransomware/78883999

Exploit: Hacking

Mithaas Sweets: Snack Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.806 = Severe 

On the heels of a cyberattack at another popular Indian snack company, Mithaas Sweets has been hit by a ransomware attack. The company reported that its file storage and many systems had been encrypted, seriously impacting business. Investigation and recovery is ongoing.

Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ensnaring critical systems and dataa

ID Agent to the Rescue: Our digital risk protection platform offers businesses multiple tools for securing their systems and data, even from unexpected dangers. LEARN MORE>>


Japan – Nuclear Regulatory Authority 

https://securityaffairs.co/wordpress/110284/hacking/nuclear-regulation-authority-cyber-attack.html

Exploit: Unauthorized Systems Access

Nuclear Regulatory Authority: Government Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.771 = Moderate 

In a small but troubling incident at NRA, an unauthorized intruder gained access to the email system and the agency was forced to shut it down. The incursion affected both internal and external communications, snarling applications for hearings and impacting other business. Communications are limited to phone calls and in-person meetings. No data was stolen and access to any operations or research systems is through a separate, more secure system.

Individual Risk: No individual information was reported as impacted in this incident. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Adding extra protections for sensitive systems and data is a smart move, especially when those systems and data can impact public welfare.

ID Agent to the Rescue: Secure yout ,most sensitive data with the award-winning secure identiity and access management tools that you get when you choose Passly.  SEE PASSLY AT WORK>>


The Week in Breach – Australia & New Zealand


Australia – Isentia

https://www.theguardian.com/technology/2020/oct/27/cyberattack-strikes-media-monitoring-company-used-by-australian-government

Exploit: Ransomware

Isentia – Media Monitoring Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.775 = Severe 

Analytics and media monitoring firm Isentia, the company that provides media services for much of the Australian government, has been hit by a cyberattack, likely ransomware. Customers lost access to the company’s service portal that connects them with media reporting on them, issues of interest to them, and journalists. The incident is under investigation, with no clear diagnosis of what if any data was stolen. Isentia holds sensitive information for powerful public figures as part of its media services operations.

Individual Risk: Isentia has not released information about potentially stolen personal information or customer data exposure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Stolen personal data including exposed credentials is readily available in Dark Web markets and data dumps, opening victims of data theft up to future cybercrime.

ID Agent to the Rescue: Dark Web ID is the perfect choice to ensure that your company’s credentials haven’t been exposed in a dark corner of the Dark Web  SEE A DEMO>>


The Week in Breach News Guide to Our  Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

No comments:

Post a Comment