United Kingdom - Steelite

United Kingdom - Steelite

https://cyware.com/news/pottery-giant-steelite-international-hit-by-a-massive-cyber-attack-0b640be8

Exploit: Ransomware.
Steelite: A Middleport-based company that manufactures tableware for the hospitality industry.

	Risk to Small Business: 1.888= Severe: The risk to small business in this scenario is very high. Ransomware is becoming more and more prevalent in the cyber-crime scene as it is a low-risk/ high reward attack vector.
	Individual Risk: 2.571= Moderate: It is unclear if payroll information was accessed, but due to the sensitive nature of the encrypted files, it would be best to be cautious.

Customers Impacted: The employees who work at the organization are the ones at risk.

How it Could Affect Your Customers’ Business: Payroll information is vital for operating a business, which makes this attack particularly damaging. Many organizations would not have the resources available to rebuild their payroll servers so quickly, which would leave them in a precarious situation.

ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go to https://www.idagent.com/dark-web/.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Caribou Coffee gets roasted, and memes are being used as code.

Dark Web ID Trends:Top Source Hits: ID Theft Forums (100%)Top Compromise Type: Domains
Top Industry: Legal
Top Employee Count: 251 - 500 employees (50%)

---

United States - Caribou Coffee 

https://www.zdnet.com/article/caribou-coffee-chain-announces-card-breach-impacting-239-stores/

Below is a link to the notification published by Caribou regarding the affected locations: https://assets.coffeeandbagels-static.com/cariboucoffee/Data-Security-Notice.pdf

Exploit: Compromise of POS systems.
Caribou Coffee: A large coffee chain in the United States.

	Risk to Small Business: 1.777 = Severe: A breach of this magnitude would have a negative impact on any organization for a long time. Around 40% of the company’s locations were affected by the breach, with all cards used during the breach being considered accessed.
	Individual Risk: 2.428 = Severe: Those affected by this breach are at an increased risk of identity theft. Those who used a credit or debit card at the organization between August 28, 2018, and December 3, 2018.

Customers Impacted: 239 of the organization’s stores were affected by the breach.

How it Could Affect Your Customers’ Business: Credit card information being accessed is never good for business. Customers tend not to forget the company whose breach resulted in them losing money.

ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.
Learn more:Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

December Newsletter

Bit by Bit December Newsletter

Quote of the Day

"Art, freedom and creativity will change society faster than politics." - Victor Pinchuk

Quote of the Day

"I feel that there is nothing more truly artistic than to love people." - Vincent Van Gogh

Reminder: That Padlock Doesn’t Mean It’s Secure

Reminder: That Padlock Doesn’t Mean It’s Secure We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that begins with https. Data from PhishLabs show that 49% of all phishing sites in third quarter 2018 had the lock icon. This is up 25% from a year ago. Since a majority of users take “look for the lock” to heart, this new finding is significant. 80% of the respondents to a PhishLabs survey believed the lock indicated a legitimate and safe website. Remind Employees, That Padlock Doesn’t Mean It’s Secure Remind employees that the https portion of the address signifies that the data being transmitted is encrypted and so can’t be read by third parties. The padlock itself signifies nothing more than this. Its appearance may mean nothing more than that criminals are just lending some bogus credibility to their site. John LaCour, chief technology officer for PhishLabs, said, “The bottom line is that the presence or lack of SSL doesn’t tell you anything about a site’s legitimacy.” More: https://blog.knowbe4.com/reminder-that-padlock-doesnt-mean-its-secure

Attackers Impersonate CEOs to Scam Employees Into Sending Gift Cards for the Holidays

Attackers Impersonate CEOs to Scam Employees Into Sending Gift Cards for the Holidays A crafty mix of social engineering, great timing, and context act as the perfect ingredients to trick unwitting users into buying gift cards and placing them into the hands of the attacker. At the end of the year, nearly every company is thinking about holiday bonuses, corporate gifts, and holiday greeting cards for customers. So, it’s not unusual to think that the head of an organization might want to give out some gift cards to select employees at this time of year. This all-too-common scenario is being taken advantage of by cybercriminals, according to the latest threat spotlight from security company Barracuda. Using simple impersonation tactics, the bad guys pose as the CEO asking an office manager, executive assistant, or receptionist to discreetly purchase some gift cards that will be used as gifts to employees. Using well-researched personnel details, these cybercriminals are able to identify an appropriate individual to target, send them an email from the CEO’s supposed personal account, implying a sense of urgency to move the victim to act. What makes these attacks so successful boils down to a few factors:  They are filled with contextual goodness – these attacks get so many details right: the CEO’s name, the recipient selected, the time of year, and the reason for the gift card purchase. In an employee’s mind, this is all very plausible.  There’s no malware – this is a malware-less attack, with no links or attachments for an AV or endpoint protection solution to spot.  They leverage the power of the CEO – this is important. When the CEO says jump, generally people say how high? The fact that the request is coming from the CEO is usually sufficient motivation to make the recipient comply. I can think of only two real ways to stop attacks like this: Process – anytime a request is made to purchase something over a certain amount via email, a phone call should follow to verify the request.  Education – users that continually go through security awareness training should spot this a mile away. The email details and the abnormality of the request are red flags to a user with an elevated security mindset. Users that step through security awareness training are educated on the scams run, tactics used, what to look for, and, generally, to maintain a state of vigilance when it comes to their interaction with email and the web. This impersonation attack is simple but effective. Protect your organization by enabling your users to be the last line of defense in your security strategy before an attack like this hits. CEO Fraud Prevention Manual Download CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim. Download at the KnowBe4 blog: https://blog.knowbe4.com/attackers-impersonate-ceos-to-scam-employees-into-sending-gift-cards-for-the-holidays