The Week in Breach: 01/29/20 - 02/04/20

This Week In Breach 01_29_20 to 02_04_20

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

By Kevin Lancaster

null

on Feb 5, 2020 3:04:59 PM

This week, a phishing scam compromised an entire healthcare network, malware impacted productivity, and ransomware attacks become costlier than ever.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Media & Entertainment
Top Employee Count: 251 - 500 Employees

United States - Tampa Bay Times 

https://www.cyberscoop.com/tampa-bay-times-ransomware/

Exploit:Ransomware

Tampa Bay Times:Local news organization

extreme gauge

Risk to Small Business: 2.111 = Severe: Cybercriminals infected Hanna Andersson’s online store with payment skimming malware that collects customers’ personally identifiable information. The breach impacted customers shopping between September 16 and November 11, 2019. The company only identified the breach after being notified by law enforcement, and the consequences were exacerbated because Hanna Andersson failed to follow PCI standards for payment card encryption and CVV management. As a result, the company will likely face both customer blowback and regulatory scrutiny, neither of which will help the business thrive.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are frequently turning to ransomware attacks to exploit companies that can’t or won’t protect their critical IT. These attacks are relatively easy to deploy, and, for organizations unprepared to defend themselves, they are uniquely expensive. With today’s threat landscape, it’s critical to regularly assess and update your defense posture to meet the moment.

ID Agent to the Rescue: Helping you understand the importance of security is no easy task. Learn more here: https://www.idagent.com/goal-assist.

United States - California Healthcare Network

https://portswigger.net/daily-swig/california-healthcare-data-breach-could-impact-nearly-200-000-patients

Exploit:Phishing scam

California Healthcare Network:Hospital and urgent care center operator

twib-severe

Risk to Small Business: 1.888 = Severe: Employees fell for a phishing scam that compromised patients’ protected health information (PHI). The company first discovered the breach on June 19, 2019, when it secured accounts by resetting login credentials. However, an additional investigation revealed that patient data was compromised in the breach. The California Healthcare Network is notifying patients of the incident and updating the email security standards, but the real test is certainly still ahead. Healthcare data breaches are the most expensive of any sector, and the company will undoubtedly endure intense regulatory scrutiny because of the sensitive nature of the breach.

twib-severe

Individual Risk: 2.428 = Severe: Hackers had access to patient data contained in employee email accounts. California Health Network declined to provide specific data categories, but healthcare records often include patients’ most sensitive personal data. The access is limited between June 11, 2019 and June 18, 2019, but the information has now been available for more than six months, so those impacted by the breach will want to work quickly to secure their data. The California Healthcare Network is offering free credit monitoring services to all victims.

Customers Impacted: 199,548
How it Could Affect Your Customers’ Business: Most data breaches begin with a successful phishing scam. Every organization has a responsibility to train its employees in defensive best practices, which is a relative bargain compared to the high cost of a data breach. In doing so, organizations transform a known vulnerability into a valuable asset to their defensive posture.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Canada - Rogers Communications 

https://www.itworldcanada.com/article/rogers-internal-passwords-and-source-code-found-open-on-github/426429

Exploit:Intentional data exposure

Rogers Communications:Telecommunications company

extreme gauge

Risk to Small Business: 1.777 = Severe: Security researchers found sensitive data from Rogers Communications posted on two public GitHub accounts. The information included application source code, internal usernames, passwords, and the company’s private keys. The data was dumped on the website by a former employee. Although the company claims that the information is outdated and couldn’t lead to a data breach, other specialists note that it could provide cybercriminals with insights into the company’s IT infrastructure. At the very least, it’s a black mark on the company’s data privacy reputation, but that’s unlikely to be the only consequence the company faces.

twib-severe

Individual Risk: 2.285 = Severe: While customer data wasn’t compromised, the incident exposed employee account information. These credentials may no longer be relevant, but employees would be wise to update their passwords and, if possible, enable two-factor authentication.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Employee email accounts are often the gateway for all types of data loss events. Securing this easy avenue into your company's critical IT can go a long way towards preventing a data breach. Since email credentials are some of the most frequently sought out by cybercriminals, an extra security layer, like two-factor authentication, can ensure that accounts remain secure even if usernames or passwords are compromised.

ID Agent to the Rescue: With AuthAnvilTM, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

Canada - Bird Construction

https://www.infosecurity-magazine.com/news/bird-construction-compromised-in/

Exploit:Ransomware

Bird Construction:Commercial and institutional building construction company

twib-severe

Risk to Small Business: 1.888 = Severe: A December ransomware attack has encrypted critical company data. In a statement, Bird Construction noted that the organization continues to function without interruption. However, after the company refused to pay a ransom, cybercriminals began releasing the stolen data online, creating a more expansive and expensive data loss event. The company relies on hundreds of millions of dollars in government contracts, and sensitive government and military information may be included in the breach. The recovery process is bound to be incredibly expensive, and it could have long-term implications for their business model.

twib-severe

Individual Risk: 2.285 = Severe: Cybercriminals have begun publishing employees’ personal data online. The hacking group is slowly releasing the data, perhaps trying to encourage the company to pay up. The specific details of the exposed data remain unclear, but all employees should reset their account credentials and closely monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are a growing threat for every organization, and cybercriminals appear to be upping the ante. Rather than moving on when companies refuse to pay up, many have begun releasing company data online, increasing the cost and scope of the attack. Therefore, every organization to reassess its defensive posture to account for this burgeoning threat.

ID Agent to the Rescue: Dark Web IDTM monitors the Dark Web to find out if your employee or customer data has been compromised. We work with you to strengthen your security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

United Kingdom - Royal Yachting Association 

https://www.theregister.co.uk/2020/01/24/royal_yachting_association_data_breach/

Exploit:Unauthorized database access

Royal Yachting Association:Boating organization

twib-severe

Risk to Small Business: 1.777 = Severe: Hackers infiltrated the company’s network and downloaded a database containing customers’ personal information. The organization identified the breach on January 17th and hired cybersecurity specialists to investigate the event and secure customer data. To prevent unauthorized account access, the Royal Yachting Association reset all customer passwords. Although the database contains information from several years ago, there are still many ways that bad actors can deploy this information in additional cybercrimes.

twib-severe

Individual Risk: 2.428 = Severe: The data breach compromised members’ personally identifiable information, including names, email addresses, and hashed passwords. No financial data was compromised. Those impacted by the breach should immediately reset their password on any accounts using these login credentials. In addition, they should carefully assess online communications, as this data can be used to craft spear phishing attacks that can dupe unsuspecting recipients into compromising even more personal information.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches compromising usernames and passwords can have far-reaching consequences for an organization, as this data can be used in many ways to make an already bad situation even worse. Moreover, cybercriminals can come up with many ways to misuse this information, and businesses need tools to stop its spread as soon as possible.

ID Agent to the Rescue: Dark Web ID alerts you when your customers’ emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

Germany - City of Potsdam 

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/

Exploit:Malware attack

City of Potsdam:Local municipality

twib-severe

Risk to Small Business: 2 = Severe: A malware attack forced the City of Potsdam to bring its network entirely offline to prevent further expansion and data exfiltration. As a result, government employees cannot send or receive email, and most administrative functions are inaccessible. While emergency services remain unharmed, there will be a significant cost for the government, as worker productivity slows, sales opportunities are missed, and recovery efforts eat away at precious resources.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches continue to become more expensive, partly because the opportunity costs are so high. In the digital age, cyberattacks can render an organization useless, eroding their bottom line and dampening the future financial outlook. Unfortunately, many organizations can’t sustain that level of financial loss and are forced to close their doors. However, a strong defense posture can ensure that your business is ready to thrive amidst today’s evolving threat landscape.

ID Agent to the Rescue: With BullPhish ID, we can provide a more complete picture of your security posture and potential risk, transforming the weakest links of your organization into your strongest point of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United Kingdom - SuperCasino

https://www.technadu.com/supercasino-breached-customer-info-leaked/90769/

Exploit:Unauthorized data access

SuperCasino:Online gambling platform

extreme gauge

Risk to Small Business: 1.888 = Severe: SuperCasino experienced a data breach that compromised users’ personally identifiable information. While the online gambling outfit identified and investigated the breach, their customer communications were blasé at best, minimizing the potential harm to customers’ data privacy. The company will likely endure intense scrutiny under GDPR and other privacy regulations, which could mean painful penalties alongside other financial implications of the data breach.

extreme gauge

Individual Risk: 2.285 = Severe: SuperCasino claims that users’ financial data was not compromised in the event. However, hackers did access users’ names, usernames, email addresses, telephone numbers, residential addresses, and account activity data. SuperCasino is asking all users to reset their passwords and to reset passwords on any platforms that may use duplicate credentials. Victims are at a heightened risk for phishing attacks and other scam messages, so they should carefully scrutinize their online communications.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Protecting against a data breach should be every company’s first priority but deploying an adequate response to an event needs to be a close second. Moreover, as data privacy regulation becomes the new norm, every organization needs to consider the necessary steps to compliance that can prevent a breach or mitigate the consequences after an event occurs. Pre-planning for both of these contingencies can ensure that your organization is ready to thrive in today’s digital environment.

ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.

New Zealand - Toll Group 

https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12305031

Exploit:Cyberattack

Toll Group:Transport and logistics company

twib-severe

Risk to Small Business: 2.222 = Severe: A cyberattack has forced Toll Group to shut down many of its customer-facing network systems to contain any impact on customers and operations. Although Toll Group is referring to the incident as a “cyberattack,” it’s likely that this episode is the result of a ransomware attack. The company expects that many customer applications will be impacted. The incident underscores that opportunity cost that is increasingly driving up the cost of ransomware attacks. During the outage, it’s unlikely that Toll Group will be able to collect revenue, meaning the event could have a significant impact on its bottom line.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks will likely be one of the most expensive and pervasive cyber risks in 2020. The holistic high costs associated with these breaches should make a robust defense a top priority at every organization. Ultimately, cybercriminals always require an access point to infect a company with ransomware, and closing off common loopholes like phishing scams, outdated software, and compromised credentials can go a long way toward ensuring that your company isn’t the next victim of a ransomware attack.

ID Agent to the Rescue: It’s critical that you understand the importance of cybersecurity.  Learn more here: https://www.idagent.com/goal-assist.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW