Wednesday, December 2, 2020

Week in Breach

This Week in Breach News: Baltimore County Public Schools learn a lesson about ransomware, healthcare targets worldwide take security hits, learn to spot and stop phishing with intel from our cybercriminal secret files, see how business email compromise scams are taking a new turn, and show your customers the importance of cyber risk literacy.

The Week in Breach News – United States 

United States – Baltimore County Public Schools

Exploit: Ransomware

Baltimore County Public Schools: School System 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.222 = Extreme 

Ransomware attacks on school systems around the country have grown exponentially, and that lesson was driven home for Baltimore County Public Schools last week. A ransomware attack forced the system to shut down completely for three days, disrupting online learning for K – 12 students. The district has 115,000 students.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Approximately 115,000 students and 7,300 teachers

How it Could Affect Your Customers’ Business: Ransomware can unleash extreme devastation, going beyond stealing data to shutting down an organization’s operations completely. 

ID Agent to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal.  LEARN MORE>>

United States – Belden

Exploit: Unauthorized Database Access

Belden: Signal Transmission Solutions Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.992 = Severe

An unauthorized user gained access to at least one database full of employee and client information. The company noted in a statement that attackers apparently accessed a “limited number” of Belden’s file servers, but the firm said the breach did not have any impact on production in manufacturing plants, quality control, or shipping.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.990 = Severe

The company went on to state that filched employee information may have included names, birthdates, government-issued identification numbers (for example, social security / national insurance), bank account information of North American employees on the Belden payroll, home addresses, and email addresses. potentially compromised information for business partners includes bank account data and tax ID numbers.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Password compromise is often the culprit behind an intrusion like this, and that’s a matter that needs to be taken seriously in order to prevent this kind of drama.

ID Agent to the Rescue:  Passly adds essential security tools like multifactor authentication to throw up roadblocks between unauthorized users and your sensitive employee and client data. LEARN MORE>>

United States – Spotify

Exploit: Credential Stuffing

Spotify: Digital Music Streaming Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.992 = Severe 

Spotify ended up with egg on its face last week after security researchers uncovered an unsecured Elasticsearch database containing more than 380 million records. The exposed data contained login credentials and other information belonging to Spotify users. The researchers in concert with Spotify investigators determined that whoever owned the database had probably obtained the login credentials from an external site and used them on Spotify accounts in a credential stuffing operation.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.801 = Moderate 

The data that was exposed includes customers’ usernames and passwords for Spotify, as well as email addresses and countries of residence. Information like this could be used to fuel spear phishing attempts. Spotify users should reset their passwords.

Customers Impacted: 80,000

How it Could Affect Your Customers’ Business: Credential stuffing is a threat that becomes more serious every day as new dumps of passwords hit the Dark Web. If you’re not watching for potential trouble, you’re leaving your business open to disaster.

ID Agent to the Rescue: Millions of passwords are available in Dark Web dumps just waiting for cybercriminals to use for password-based cyberattacks like credential stuffing. With Dark Web ID, you’re alerted if your protected passwords show up in Dark Web dumps. BOOK A DEMO>>

United States – LSU Health New Orleans

Exploit: Unauthorized Systems Access

LSU Health New Orleans: Medical System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

A major attack on another healthcare target, LSU Health New Orleans disclosed that an unauthorized intrusion into an employee email inbox occurred on September 15, 2020. The mailbox access was discovered and disabled on September 18, 2020, but not before sensitive information was potentially snatched about patients who received care at Lallie Kemp Regional Medical Center in Independence; Leonard J. Chabert Medical Center in Houma; W. O. Moss Regional Medical Center in Lake Charles; the former Earl K. Long Medical Center in Baton Rouge; Bogalusa Medical Center in Bogalusa; University Medical Center in Lafayette; and Interim LSU Hospital in New Orleans.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.616 = Severe

Data exposed in the attack may have included patients’ names, medical record numbers, account numbers, dates of birth, Social Security numbers, dates of service, types of services received, phone numbers and/or addresses, and insurance identification numbers. The type and amount of patient information compromised in the incident varied and a limited number of exposed emails may have contained a patient’s bank account number and health information including a diagnosis. Patients treated by LSU health New Orleans should be alert to potential identity theft and spear phishing risks. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Controlling access to your company’s systems and data is even more important when the data that you’re storing is especially sensitive and its exposure could incur major penalties.

ID Agent to the Rescue: Control your access points effectively with Passly to ensure that the right people have access to the right things at the right times – and only the right people. SEE HOW IT WORKS>>

United States – Sophos

Exploit: Misconfiguration

Sophos: Cybersecurity Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.336 = Severe

A misconfigured database with access permission issues is to blame for the exposure of client data at Sophos. The company stated that the exposed database was used to store information on customers who have contacted Sophos Support. This is the second major security incident Sophos has dealt with this year.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.772 = Moderate

The database did not contain any sensitive information. Sophos disclosed that the exposed information included details such as customer first and last names, email addresses, and phone numbers. Clients should be alert to potential spear phishing risk using this data. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nocomany can avoid occasional problems like this, whether they’re caused by malfunctioning software or an employee misclick. Putting extra layers of security in place helps mitigate the damage of these troublesome security incidents.

ID Agent to the Rescue: Protecting your data and systems with more than one layer of security helps blunt the blow of inevitable mistakes and malfunctions. Passly provides that extra protection immediately at an excellent price.  LEARN MORE>> 

United States – US Fertility

Exploit: Ransomware

US Fertility: Specialty Medical Clinic Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.229 = Severe

Ransomware disrupted operations at the largest provider of fertility services in the US after a number of servers and workstations became encrypted by ransomware. While US Fertility was able to restore operations quickly, the healthcare company determined that some patient data had been exfiltrated in the incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.312 = Severe

Cybercriminals were able to steal an indeterminate number of files containing patient information including names, addresses, dates of birth, MPI numbers, and for some individuals Social Security numbers. Clients should be alert to the possibility of spear phishing and identity theft using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a huge threat to healthcare targets right now, as was disclosed in a recent CISA alert. Healthcare sector businesses need to be alert to the danger and using their resources wisely to combat it.

ID Agent to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID.  LEARN MORE>> 

The Week in Breach News – United Kingdom & European Union

United Kingdom – National Health Service

Exploit: Insider Threat (Employee Error)

National Health Service: National Healthcare System 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.706 = Severe

An employee error at NHS Highland earlier this month led to the personal information of 284 patients with diabetes becoming exposed after a spreadsheet was accidentally shared via email with 31 NHS staffers who weren’t authorized to access it. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.812 = Severe

The spreadsheet of data was limited to just patients treated at the affected location. Information on the spreadsheet included names, dates of births, contact information, and hospital identification numbers for the 284 patients.

Customers Impacted: 284

How it Could Affect Your Customers’ Business: Human error will always be a factor in cybersecurity. But adding extra locks on sensitive information can prevent incidents like this one. 

ID Agent to the Rescue: Passly provides the extra security that businesses need to guard against accidental unauthorized access incidents with single sign-on LaunchPads that make it easy to control who has access to what. LEARN MORE>> 

Holland – Endemol Shine Group

Exploit: Ransomware

Endemol Shine Group: Television Production & Distribution 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.662 = Severe 

DoppelPaymer came calling at the Amsterdam-based production and distribution giant behind hits like Big Brother, Master Chef, and The Voice. The gang added sample data to its leak site last week, but no determination has been made about the scope or variety of information stolen. Investigation and recovery are ongoing.

Customers Impacted: Unknown 

How it Could Affect Your Customers’ Business: Ransomware and phishing go hand in hand and as social engineering tactics improve it’s always going to be the fastest, easiest way for cybercriminals to strike.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>

Denmark – Ritzau–spt.html

Exploit: Hacking

Ritzau: News Wire Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.237 = Severe 

An unspecified hacking attack knocked out the email and telephone capabilities at Ritzau. The bureau was forced to resort to sending out news updates via an emergency email system. Sevice remains impacted with no timeline for recovery. 

Individual Impact: No personal data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks like this one are typically caused by ransomware. It has been an increasingly popular tool for nation-state hackers and other bad actors looking to disrupt infrastructure and official service targets.

ID Agent to the Rescue:  Don’t wait until ransomware creates a massive disruption in your organization’s ability to fulfill critical roles. Update phishing resistance and security awareness training for every staffer BullPhish ID.  SEE BULLPHISH ID IN ACTION>>

The Week in Breach News – Asia Pacific

India – IIAM Jobs

Exploit: Data Theft

IIAM Jobs: Job Search & Listing Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.569 = Severe 

A security researcher uncovered a huge trove of information likely stolen from Indian jobs service IAM Jobs on the Dark Web. The data of more than 1 million users was exposed including passwords, names, phone numbers, email addresses, the location of users, their industry, and links to their LinkedIn profiles. The data appears to be about a year old.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.779 = Severe 

Users of IIAM should be alert to the potential of identity theft or spear phishing created by this exposed information.

Customers Impacted: 1.4 million

How it Could Affect Your Customers’ Business: Data theft is even more problematic when it’s not noticed until far afterward by someone else. It shows your customers that you don’t take cybersecurity seriously and can make them take their business elsewhere in a hurry. 

ID Agent to the Rescue: Remember, employees routinely recycle passwords between work and personal applications. Don’t miss the memo when your employee passwords are exposed on the Dark Web through incidents like this. LEARN MORE>>

The Week in Breach News – Australia & New Zealand

Australia – Law In Order

Exploit: Ransomware

Law In Order: Legal Document Services Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.770 = Severe 

Netwalker ransomware is the culprit of a cyberattack at Law In Order, a leading processor of legal services documents. The company is still determining the scope of the attack. While originally claiming that no data was exfiltrated, Law In Order backtracked to say that it was determining exactly what data has been stolen after the cybercrime gang posted samples of the purloined information on its leak site. Recovery is ongoing and operations are experiencing a lasting impact.

Individual Risk: The company is unable to provide information about what data was stolen and to whom that data pertains.

Customers Impacted: Unknown

Bit by bit helps client networks run smooth and secure.. visit our website at 877.860.5863

No comments:

Post a Comment