Monday, December 27, 2021

Security is a Top Priority for Businesses of Every Size





Did you know that a cyberattack is attempted every 39 seconds? The constant barrage of cyberattacks and never-ending escalation in cybersecurity risk ahs brough home an importantfact for businesses of every size: cybersecurity has to be a top priority in 2022. 

All companies, regardless of size or region have a 1 in 4 chance of being hit by a ransomware attack today. We’ve all seen theimpact that one ransomware attac can have in the last two years. Evn one vent is expensive, s=disruptive and potentially ruinous for businesses. 60% of businesses that are hit by a successful cyberattack shutter wuthin 6 months.

That’s why it is essential to take the tme to review your orb=ganization’s cyber defenses and cybersecurity policies to ensure that you’re taking every possible precautin against ending up on a cybercrminal’s hit list. No business is too small for trouble. More than 50% of ransomware attacks last year struck SMBs with less than 100 employees.  

Set up a meeting now to talk to the experts you trust with your company’s IT to make sure that your company’s cybersecurity solutions are really meeting your needs and look at ways to boost your cyber resilence before you have to navigate a new round of cyberattack threats in 2022.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

The Week in Breach News: 12/15/21 – 12/21/21

Cryptocurrency handlers continue to get pounded as cybercriminals steal an estimated $135 million from a blockchain game developer, Brazil’s Ministry of Health was creamed by ransomware two times in one week, new sales and marketing focused assets for MSPs and must-see buyer sentiment data in our deluxe top 10 list: 10 Things MSPs Need to Know About SMB IT Priorities in 2022.  





Virginia Museum of Fine Arts

https://www.securityweek.com/virginia-museum-shuts-down-website-amid-it-breach

Exploit: Ransomware

Virginia Museum of Fine Arts: Art Museum 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.822=Moderate

A system security breach prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation in late November 2021. The museum, an independent agency of the state, said the Virginia Information Technologies Agency detected an intrusion by an unauthorized third party to the museum’s environment in late November. An investigation is underway, and a temporary website has been established.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time. 

Customers Impacted: Unknown

Ransomware risk is rising for organizations in every sector including non-profits and cultural institutions. 

   


McMenamins

https://www.kgw.com/article/news/local/mcmenamins-ransomware-attack/283-dc039d56-cf82-4f06-8862-c2f6223e3893

Exploit: Ransomware 

McMenamins: Hotel and Restaurant Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612=Severe

Family-owned hotel and restaurant chain McMenamins received an unwelcome holiday gift: ransomware. The company says that it has had to shut down credit card point-of-sale systems and corporate email but can still serve customers. The Conti ransomware group is thought to be responsible but the group has not claimed responsibility. The popular chain of restaurants, pubs, breweries and hotels is located in the Pacific Northwest: specifically, Washington and Oregon. The company has announced that it is working with the FBI and a third-party cybersecurity firm to investigate the attack. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time. 

Customers Impacted: Unknown

Companies that may be holding financial data and PII for clients will be attractive targets for ransomware groups.



The Oregon Anesthesiology Group (OAG)

https://www.zdnet.com/article/oregon-medical-group-notifies-patients-of-cybersecurity-breach-says-fbi-seized-hellokitty-accounts/

Exploit: Ransomware

The Oregon Anesthesiology Group (OAG): Medical Care Provider  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

 The Oregon Anesthesiology Group (OAG) disclosed that a ransomware attack in July led to the breach of sensitive employee and patient information. The company said it was contacted by the FBI on October 21 and informed that the Bureau had seized an account that contained OAG patient and employee files from Ukrainian ransomware group HelloKitty. The FBI also told OAG that the Bureau believes the group exploited a vulnerability in OAG’s third-party firewall to gain entry to its network.   

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802=Severe

The information of 750,000 patients and 522 current and former OAG employees was impacted in this incident. Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms. OAG will provide victims of the incident 12 months of Experian identity protection services and credit monitoring.  

Customers Impacted: Unknown

 Medical centers and providers can have big scores of data that are attractive to cybercriminals. 

 





Superior Plus

https://www.darkreading.com/attacks-breaches/propane-distributor-hit-with-ransomware

Exploit: Ransomware

Superior Plus: Propane Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.229 = Severe

Canadian propane distributor Superior Plus has fallen victim to a ransomware attack. The company announced that it was subject to a ransomware incident on Sunday, December 12, 2021, which impacted its computer system, resulting in the company temporarily disabling some computer systems and applications as it investigates this incident. The company is in the process of bringing these systems back online. The statement goes on to say that it has no evidence that the safety or security of any customer or other personal data has been compromised. Superior Plus supplies propane gas to more than 780,000 customers in the US and Canada, a hot commodity during the winter season. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time. 

Customers Impacted:

Infrastructure targets have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.






Brazil – Ministry of Health (MoH)

https://www.zdnet.com/article/brazilian-ministry-of-health-hit-by-second-cyberattack-in-less-than-a-week/ 

Exploit: Ransomware

Ministry of Health (MoH) – National Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.107= Extreme

Brazil’s Ministry of Health (MoH) suffered not one but two ransomware attacks in the last week, seriously impacting its operations. The agency was still in the process of recovering from a ransomware attack on 12/10 when they were hit again on 12/13. In the initial attack, all of MoH’s websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app. The Lapsus$ Group has claimed responsibility for the first attack, claiming that it has stolen some 50TB worth of data. The department was quick to assure the public that it has the relevant data backed up. The second attack set recovery back, preventing Brazil’s platform that issues COVID-19 vaccine certificates, ConecteSUS , from coming back online as scheduled. Ministry officials said that the second attack had been unsuccessful and that no data had been compromised in that incident, but it had affected that timeline for recovery. The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations.    

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Getting hit with multiple attacks in a short period of time could be a death blow to many organizations. 






Ireland – Coombe Hospital

Exploit: Hacking

Coombe Hospital: Medical Center 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.711 = Moderate

The Coombe Hospital announced that it has been hit by a ransomware attack that has impacted its IT systems. The hospital stated that it had isolated and locked down its IT services on a precautionary basis.  The maternity and infants’ hospital said that services are continuing as normal and no disruptions to patient care are expected. The HSE is assessing whether this will have a broader impact on the health service. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time. 

Customers Impacted: Unknown

Targets in the medical sector have been getting absolutely pounded by ransomware since the start of the global pandemic.



Greece – VulcanForged

https://www.vice.com/en/article/4awxep/hackers-steal-dollar140-million-from-users-of-crypto-gaming-company

Exploit: Ransomware 

VulcanForged: Cryptocurrency Gaming Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.7684 = Severe

Hackers stole around $135 million from users of the blockchain gaming company VulcanForge. Blockchain games appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. VulcanForge creates games such as VulcanVerse, which it describes as an MMORPG and an online card game called Berserk. Hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, VulcanForge’s token that can be used across its ecosystem, with an estimate $135 million in value.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time. 

Customers Impacted: Unknown

Any operation that handles or stores cryptocurrency is at a very high risk for trouble. This is the third cryptocurrency outfit to be hit by hackers this month






Australia – Finite Recruitment

https://www.zdnet.com/article/nsw-government-casual-recruiter-suffers-ransomware-hit/ 

Exploit: Ransomware

Finite Recruitment: Staffing Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223 = Severe

IT recruitment firm Finite Recruitment has confirmed it experienced a cyberattack in October 2021 that resulted in some of the company’s data getting stolen and published on the dark web. The Conti ransomware group listed Finite Recruitment as a victim on its dark web leak site, claiming to have acquired 300GB of the company’s data. Finite Recruitment services several NSW government agencies as well as private clients.  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.015 = Severe

An estimated 38,000 employees and up to 80,000 government employees may have had their data exposed and that data may include financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information. 

Customers Impacted: Unknown

Cybercriminals are always on the hunt for big troves of personal and financial information and companes that store it are at a high risk for ransomware.






1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.





Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Saturday, November 13, 2021

Why You Should Build Your Cyber Resilience

 


Cyberattack threats are headed for your business. In the recent IBM Cyber Resilient Organizations Study 2021, researchers reported that 67% of respondents said that the volume and severity of cybersecurity incidents that they’re facing has increased in the past 12 months. With the pace so high, you can’t afford to put your business operations on hold while you pivot to incident response. That’s why you need to make sure that you’re building a cyber resilient organization that can keep on chugging in adverse conditions.  

One of the most impactful ways that you can build your cyber resilience is by choosing a zero-trust approach to your company’s security. When researchers asked the leading businesses in the survey about the benefits of zero-trust security, 65% said that zero-trust security has fundamentally strengthened their cyber resilience.  

Zero-trust security architecture is also the model that the US federal government is moving toward, and elements of that strategy will be required for federal contractors in the near future. Start your journey to a cyber-resilient zero-trust security model by implementing identity and access management (IAM) with s a solution like Passly. Multifactor authentication, a feature of IAM solutions, is a foundational element of zero-trust security as well as a smart choice to immediately improve your company’s cyber resilience.  


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Adopting Zero-Trust Security

Adopting Zero-Trust Security 


Zero-trust security has been a hot topic, especially in light of rulemaking by the US federal government to move agencies and government contractors into a zero-trust framework in response to a spate of damaging high-profile infrastructure and supply chain attacks that sometimes included nation-state threat actors in 2021. The Colonial Pipeline incident and the subsequent outcry was a major catalyst for action at both the federal and state level. Cybersecurity legislation is on the agenda in every state legislature and congress, and many of those proposals include zero-trust elements. 

The Cyber Resilient Organizations Study has previously reported on the benefits of zero-trust security. This year, researchers took another look at how using a zero-trust approach to security benefits businesses and reduces risk, specifically by boosting their cyber resilience. Those findings showed that 35% of respondent organizations said that they have already adopted a zero-trust security strategy. Of that group, 65% agreed that zero-trust security fundamentally strengthens cyber resilience. That’s a great idicator that increased cyber resilience is a useful goal when looking ant big-piture ways to avoid a costly data breach

Why Are Companies Adopting Zero-Trust? 

  • 66% said to improve operational efficiency
  • 63% to reduce security risks
  • 38% said for better IT team support
  • 34% said to reduce costs
  • 23% said for a competitive advantage
  • 4% cited other reasons like regulation



What Leaders Are Doing & How to Follow Them 


Taking a look at what the leading organizations in the survey are doing to achieve high cyber resilience is important to determine exactly what benefits businesses get from building their cyber resilience. It also opens a window into the security mindset of leading organizations. There have been a few changes from 2020’s results that are evident in the 2021 survey as businesses have grappled with the volatility of today’s threat landscape.  

What Are Leaders Considering? 

  • 66% of 2021 leaders say that security automation and AI are important, up slightly from 63% in 2020 
  • 60% recognize that cyber resilience impacts a company’s revenue, up from 56% in 2020 
  • 41% say that cyber resilience impacts brand value and reputation, down from 46% in 2020 
  • And new this year, 41% of leaders are regularly assessing third-party risk 

IBM also lays out a series of recommendations to improve cyber resilience: 

  • Create and test incident response plans: comparison research shows that regularly updating and reviewing incident response plans was a key reason why cyber resilience improved for 47% of high performers. IBM recommends developing both enterprise-wide CSIRPs and threat-specific incident response plans as well as drilling them regularly. 
  • Protect your critical databases: 52% of the survey respondents ranked leakage of high-value information assets as a key measure of severity in data breach incidents.  Developing a comprehensive data security strategy is suggested to help organizations reduce risk. 
  • Keep systems running with advanced protection from cyberthreats: 47% of the companies surveyed ranked data center downtime as a key measure of severity. The report points to proactive threat management with a zero-trust approach as a good way to avoid system downtime. 
  • Speed up analysis with AI and threat intelligence: 47% of respondents cited diminished productivity of employees as a measure of severity in security incidents. More advanced analytics and automated workflows are pointed out as processes that can give teams time back for threat investigation. 
  • Break down silos and increase visibility: High-performing organizations said that the inability to reduce silos(87%) and lack of visibility into applications and data assets (74%) were their top two blockers when it comes to improving their cyber resilience. Researchers say that an open platform that fosters integrations between technology can help unite disjointed processes and data and provide broad visibility. 
  • Implement a patch management strategy: Delay in patching vulnerabilities is always a security bugbear, and 59% of average respondents cited it as a major reason why their organization’s cyber resilience didn’t improve. IBM suggests a formal vulnerability management program to help cybersecurity teams proactively identify, prioritize and remediate the vulnerabilities that threaten critical assets. 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

The Week in Breach News: 11/03/21 – 11/09/21

Canada’s biggest cyberattack ever disrupts Newfoundland and Labrador healthcare, ransomware is the real villain at Diamond Comic Distributors, phishing wreaks havoc at a defense contractor plus a look at the big benefits of high cyber resilience from the new 2021 IBM Cyber Resilient Organizations Study.





Diamond Comic Distributors 

https://bleedingcool.com/comics/diamond-comic-distributors-targeted-by-ransomware-attack/ 

Exploit: Ransomware

Diamond Comic Distributors: Periodical Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.417= Severe

It’s a bird, it’s a plane, it’s a ransomware attack at Diamond Comic Distributors. The Baltimore-based company, the exclusive distributor of Image Comics and a publishing outlet for dozens of small-press comics publishers, suffered a ransomware attack last Friday that took down the company’s website and customer service platforms all weekend into Monday. Diamond said in a statement that it did not anticipate that any customer financial data had been impacted by this event. Investigation and recovery is underway with some functions already restored. 

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown



Electronic Warfare Associates (EWA)

https://www.msspalert.com/cybersecurity-news/electronic-warfare-associates-ewa-data-breach-email-phishing-incident-details/

Exploit: Phishing 

Electronic Warfare Associates (EWA): Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

A phishing attack that snared an employee is the suspected cause of a breach at defense contractor Electronic Warfare Associates (EWA). The company is a major provider of specialized software for the US defense establishment including the Pentagon, the Department of Defense (DoD), the Department of Justice (DoJ) and the Department of Homeland Security (DHS). EWA’s investigation determined that an attacker broke into an EWA email account in August 2021 after a phishing operation. The intrusion was uncovered when the attacker attempted a wire transfer. Employee PII was exposed and concern remains that sensitive defense information may also have been exposed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703=Severe

EWA has admitted that the attackers snatched files with certain personal information including name and Social Security Number and/or drivers’ license number for an undisclosed number of EWA employees, but no further information was given.

Customers Impacted: Unknown



us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code




Newfoundland and Labrador Health 

https://www.securitymagazine.com/articles/96481-canadian-healthcare-system-suffered-cyberattack 

Exploit: Ransomware

Newfoundland and Labrador Health: Healthcare System

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.442=Extreme

What may be the largest cyberattack in Canadian history crippled the healthcare system of the province of Newfoundland and Labrador on October 30th. The suspected ransomware attack hit scheduling and payment systems, causing widespread interruptions in patient care including the cancellation of all non-urgent imaging and medical appointments well as a reduction in chemotherapy sessions and significant complications the province’s COVID-19 response. Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack. Email and telephone capability has been restored in some locations and an investigation is ongoing. 

Individual Impact: No information about the exposure of patient information was disclosed in this incident as of press time. 

Customers Impacted: Unknown



Is Cryptocurrency risk one of 2021's biggest threats




Greece – Danaos Management Consultants 

https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/

Exploit: Hacking

Danaos Management Consultants: Maritime IT

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615= Severe

Maritime clients who use the communication systems of Danaos Management Consultants found themselves without some communications capability after a cyberattack blocked their communication with ships, suppliers, agents, charterers and suppliers. Several Greek shipping companies were impacted. The incident also resulted in the loss of an unspecified amount of files and correspondence for the impacted shipping firms. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time. 

Customers Impacted: Unknown



Germany – Media Markt

https://www.bleepingcomputer.com/news/security/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom/

Exploit: Ransomware

Media Markt: Electronics Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

Electronics retailer MediaMarkt has suffered a ransomware attack that caused the company to shut down some IT systems, impacting store operations in Netherlands and Germany. While cash registers and payment card systems in brick-and-mortar locations were disrupted, online sales were not impacted. The attack was purportedly carried out by the Hive ransomware outfit who initially demanded $240 million in ransom. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown






Australia – mySA Gov 

https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.html 

Exploit: Hacking

mySA Gov: Government Services Platform

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.595 = Extreme

South Australia’s Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. Officials went on to say that the hackers gained access to several mySA Gov accounts that were secured with recycled passwords. The department went on to say that there was no evidence of any unauthorized transactions on the impacted accounts while encouraging users to update their passwords. 

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.595 = Extreme

A report from ABC says that 2,601 mySA Gov accounts were accessed in the attack, with 2,008 of them containing registration and licensing information. It is unclear if any information was exfiltrated. 

Customers Impacted: Unknown 







1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831