The Week in Breach News – United States
United States – SolarWinds
https://www.newsweek.com/solarwinds-hack-customer-list-suspected-russian-cyberattack-1554467
Exploit: Hacking (Nation-State)
SolarWinds: Cybersecurity Software Developer
Risk to Business: 1.122 = Extreme
An incursion by suspected Russian nation-state hackers at this major cybersecurity solutions provider was the suspected starting point of a massive hacking incident impacting a number of federal agencies and defense assets. The hackers were able to obtain authentic credentials that enabled them to inject code into a routine software patch, opening backdoors into client files and systems. SEE MORE ABOUT THIS STORY>>
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: 3,000
How it Could Affect Your Customers’ Business: Nation-state hacking is a growing problem that can lead to damaging, nightmarish consequences. One tool that was used in this hack was that old favorite – phishing.
ID Agent to the Rescue: Phishing resistance training is a must-have for every company in 2021. BullPhish ID is an affordable, effective training solution that fits every business. SEE BULLPHISH ID IN ACTION>>
United States – FireEye
https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
Exploit: Hacking (Nation-State)
FireEye: Cybersecurity Solutions Development and Testing
Risk to Business: 1.411 = Severe
FireEye was also impacted in this week’s suspected Russian hacking operation. Hackers were able to penetrate FireEye’s systems security to obtain several of their vaunted Red Team tools. FireEye immediately detected the hack and released a statement exposing it. That was the first domino in the cybersecurity disaster cascade. SEE MORE ABOUT THIS STORY>>
Customers Impacted: Unknown
Individual Risk: No personal or consumer information was reported as impacted in this incident.
How it Could Affect Your Customers’ Business Even the biggest kids on the block can be taken down by determined hackers. Reviewing and updating cybersecurity and incident response plans has to be a top priority in 2020.
ID Agent to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>
United States – Netgain
Exploit: Ransomware
Netgain: Data Hosting Provider
Risk to Business: 2.127 = Severe
A ransomware incident led to shutdowns and slowdowns across Netgain’s data hosting environment. The company was forced to completely shut down all systems on 12/4 for containment and remediation. Service has been restored to customers but they may still experience performance issues.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can have damaging consequences for businesses that go beyond the initial hit causing huge operational headaches and long recovery operations.
ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>
United States – Dental Care Alliance
https://www.infosecurity-magazine.com/news/1m-us-dental-patients-impacted-by/
Exploit: Hacking
Dental Care Alliance: Dental Practice Support Organization
Risk to Business: 2.336 = Severe
Dental Care Alliance, a professional support organization that includes more than 320 dentists in 20 states, has discovered that it experienced a data breach. The incident began on 09/18/20 and was ameliorated on 10/13/20. No cause has yet been specified and the incident is still under investigation.
Individual Risk: 2.114 = Severe
The stolen information included patient names, addresses, dental diagnosis and treatment information, patient account numbers, billing information, bank account numbers, the name of the patient’s dentist, and health insurance information. potentially 10% of patients also had bank account information exposed. Impacted patients are being notified by mail and should be wary of spear phishing attempts using this information.
Customers Impacted: 1 million patients
How it Could Affect Your Customers’ Business: When protecting sensitive information like medical data, it’s essential to maintain strong access point protection to avoid expensive breaches and expensive fines.
ID Agent to the Rescue: Protecting your data and systems with more than one layer of security keeps hackers out no matter where they’re from. Passly provides that extra protection immediately at an excellent price. LEARN MORE>>
Our partners typically realize ROI in 30 days or less. See why 3,000+ MSPs in 30 countries choose to grow with ID AGENT solutions and support and join them. BECOME A PARTNER>>
The Week in Breach News – Canada
Canada – Parkland Corp.
https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack
Exploit: Ransomware
Parkland Corp.: Motor Fuel Distributor
Risk to Business: 2.229 = Severe
Trucking fuel services company Parkland is investigating a cybersecurity incident that has resulted in the Clop ransomware gang claiming responsibility for an attack on the company. Parkland disclosed that it suffered some loss of functionality in an incident that impacted its IT infrastructure in mid-November that affected “a subset of its Canadian network”. Freight transporters and associated services have experienced an unusual spate of cyberattacks in recent months.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a huge threat to infrastructure targets right now, and it has been especially impactful in the transportation sector. Agencies need to be using their resources wisely to combat it.
ID Agent to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>
The Week in Breach News – United Kingdom & European Union
United Kingdom – Marriage Tax Refund
https://www.infosecurity-magazine.com/news/tax-biz-exposed-personal-info/
Exploit: Misconfiguration
Marriage Tax Refund: Tax Relief Advisory Firm
Risk to Business: 1.662 = Severe
Human error is the culprit in a data breach at a British tax relief advisory service. The error left the personally identifiable information of 100,000 clients exposed after it misconfigured its WordPress CMS, leaving a directory listing of PDF documents available for public view, with no password protection.
Individual Risk: 1.912 = Severe
PII was definitely exposed, but there’s no telling who accessed it. Customers of the firm beginning in October 2016 should be alert to phishing and fraud attempts.
Customers Impacted: 100,000
How it Could Affect Your Customers’ Business: The number one cause of a cybersecurity incident remains human error. Added security awareness training and automation of processes can help reduce that risk.
ID Agent to the Rescue: Insider threats aren’t just malicious hackers – sometimes they’re just employees making mistakes. Download our “Insider Threats” toolkit for an eBook and other tools to combat insider threats. GET THE FREE TOOLKIT >>
The Netherlands – European Medicines Agency (EMA)
https://www.zdnet.com/article/eu-agency-in-charge-of-covid-19-vaccine-approval-says-it-was-hacked/
Exploit: Hacking (Nation-State)
EMA: International Drug Regulation Authority
Risk to Business: 1.775 = Severe
German biotech firm BioNTech announced that data related to regulation and approval for the COVID-19 vaccine it has developed with Pfizer were “unlawfully accessed” after a cyber-attack on Europe’s medicines regulator. EMA confirmed the incident and noted that it suspects that nation-state hackers are to blame.
Individual Impact: No personal data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Security awareness training is a key component of protecting businesses from nation-state hackers. Regularly updated training helps employees spot and stop suspicious activity to defend against attacks.
ID Agent to the Rescue: Don’t wait until nation-state hacking creates a massive disruption in your organization’s ability to get the job done. Update phishing resistance and security awareness training for every staffer BullPhish ID. SEE BULLPHISH ID IN ACTION>>
See how to enlist your staff in the fight against ransomware to transform them into your biggest security asset! WATCH THE WEBINAR>>
The Week in Breach News – Australia & New Zealand
Australia – Epicor Software
https://www.arnnet.com.au/article/685092/epicor-software-hit-by-cyber-attack/
Exploit: Hacking
Epicor Software: Software Developer
Risk to Business: 2.101 = Severe
Business software solutions provider Epicor Software has disclosed a breach that may have exposed business data but did not impact daily operations. The incident had been reported to relevant authorities and is currently under investigation.
Customers Impacted: Unknown
Individual Impact: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.
How it Could Affect Your Customers’ Business: Any hacking intrusion endangers your business, no matter how small or inconsequential it may seem. Don’t wait to add sensible, affordable protection to keep data in and bad actors out.
ID Agent to the Rescue: Information from incidents like this inevitably makes its way to Dark Web data markets. Make sure your employee credentials are protected from Dark Web data risk when you have them monitored with Dark Web ID. SEE DARK WEB ID AT WORK>>
The Week in Breach News – Asia-Pacific
Taiwan – Foxconn
Exploit: Ransomware
Foxconn: Electronics Manufacturer
Risk to Business: 1.802 = Severe
DoppelPaymer ransomware is to blame for an incident at electronics giant Foxconn. The gang published files belonging to Foxconn NA on their ransomware data leak site, including generic business documents and reports but no financial information or employee personal details. Their ransom demand is $34 million.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a disaster for any business, but it’s an especially dangerous situation for a company that manufacturers critically needed technology.
ID Agent to the Rescue: Ransomware almost inevitably arrives as the cargo of a phishing attack. Learn how to defend your organization against phishing with BullPhish ID in our new eBook Phish Files. READ IT>>
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
No comments:
Post a Comment