The Week In Breach 03/12/20 - 03/18/20

by Wally Moore

on March 20, 2020

in Data Protection, Data Breach

This Week In Breach 01_29_20 to 02_04_20

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

March 18th, 2020 by ID Agent

This week, a ransomware attack impacts COVID-19 care, what happens when a company ignores basic security protocols, and mitigating cybersecurity risks during the Coronavirus pandemic.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Finance & Insurance
  • Top Employee Count: 1-10

United States – Whisper 

https://www.zdnet.com/article/whisper-an-anonymous-secret-sharing-app-failed-to-keep-messages-profiles-private/?&web_view=true

Exploit: Unsecured database.

Whisper: Privacy-focused messaging app.  

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.111 = Severe:
Developers overlooked basic security protocols when they left a database containing customer information unprotected by even a password, and hackers pounced. As a result, 900 million files dating back to the company’s launch in 2012 were made available online. Although the company was quick to secure the database, its reactive efforts will do little to assuage the doubts and concerns of its privacy-minded customer base.  

Moderate

Individual Risk: 2.571 = Moderate:
Users’ names were not stored in the exposed database, but nicknames, ages, ethnicities, genders, hometowns, group memberships, and location data were all available. Some personal information was highly sensitive and could be used to execute spear phishing campaigns or targeted ransomware attacks. 

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues.

ID Agent to the Rescue: Helping you understand the importance of security is no easy task. Learn more here: https://www.idagent.com/goal-assist.

United States – Champaign-Urbana Public Health District

https://statescoop.com/amid-coronavirus-scare-ransomware-targets-public-health-agency-illinois/

Exploit: Ransomware.

Champaign-Urbana Public Health District: Healthcare service provider.  

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.111 = Severe:
A ransomware attack disabled the healthcare provider’s website as concerns over Coronavirus are reaching a fever pitch. While the incident spared the provider’s email accounts, health records, and patient records, it limited the agency’s ability to communicate with patients. The Champaign-Urbana Public Health District has begun using its social media accounts to communicate with the public, and they’ve launched a backup website to replace the disabled page. This is an expensive and potentially harmful incident at a time when quickly communicating information can be a matter of life and death. 

Individual Risk: At this time, no personal information was compromised in the breach

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: The particular malware strain that infected the Champaign-Urbana Health District targets enterprises running Windows 10. It’s a reminder that ransomware is on the rise and companies can take simple steps to ensure that malware doesn’t enter their system through outdated software, phishing attacks, or other vulnerabilities

ID Agent to the Rescue: BullPhish IDTM simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.    

Canada – EVRAZ

https://www.zdnet.com/article/one-of-roman-abramovichs-companies-got-hit-by-ransomware/

Exploit: Ransomware. 

EVRAZ: Steel manufacturer.  

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2 = Severe:
A ransomware attack crippled the company’s North American operations, including production at its Canadian steel plants. This attack complicates the company’s financial outlook at a time when it is already experiencing a significant drop in share price. Now, EVRAZ will have to grapple with the high cost of recovery, diminished productivity, and making significant improvements to its IT infrastructure – expenses no company needs during a time of worldwide uncertainty.    

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Few cyberattacks wreak as much havoc as ransomware attacks. Not only are they one of the most expensive attacks to recover from, but they are uniquely disruptive, creating many obstacles on the road to recovery. Every organization can protect itself from possible ransom attacks and other malware by securing accounts and otherwise safeguarding critical IT.

ID Agent to the Rescue: AuthAnvilTM protects everyone’s password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect user credentials and company data from ransomware and other malware. Find out more at https://www.idagent.com/authanvil-multi-factor-authentication.  

Canada – Koodo

https://www.itworldcanada.com/article/koodo-admits-february-data-breach-data-already-being-sold-on-dark-web/428249

Exploit: Unauthorized database access.

Koodo: Wireless carrier

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.88 = Severe:
On February 13th, hackers used compromised credentials to access Koodo’s database. Once inside, they stole sensitive user data from August and September 2017. Hackers were not able to access phone numbers, which would have allowed them to receive two-factor authentication codes and further compromise user accounts. In response, Koodo has disabled some features to prevent hackers from misusing customer accounts.  

1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe:
Customer account details, including account numbers and identifying information, were obtained by the thieves and are now for sale on the Dark Web. It’s possible that hackers can use customer data to change user account information or receive two-factor authentication codes, which would further compromise personal data. Those impacted by the breach should take steps to ensure that their accounts are secure and that they are not vulnerable to additional attacks. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Data breaches have profound implications for companies and customers. In this instance, a customer-focused data breach could have undermined the company’s network integrity, allowing hackers to further infiltrate Koodo’s IT infrastructure. Rather than waiting to discover a data breach, use responsive monitoring tools to take preemptive steps to identify stolen credentials and to prevent a breach before it occurs.  

ID Agent to the Rescue: We go into the Dark WebTM to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform available. Our award-winning platform combines sophisticated human and Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.  

France – Lise Charmel

https://www.telegraph.co.uk/news/2020/03/04/huge-ransomware-attack-laid-bare-french-lingerie-firm-cost-millions/?&web_view=truee

Exploit: Ransomware.

Lise Charmel: Retailer.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2 = Severe:
A ransomware attack devastated the high-end lingerie retailer, costing it millions and forcing it into receivership. The attack, which first began on November 8, 2019, encrypted the company’s entire IT infrastructure, including employee workstations and data stores. As a result, all company employees were rendered unable to work with dire consequences for the 70-year-old business. 

Individual Risk: At this time, no personal data was compromised in the breach.  

Customers Impacted: Unknown.  

How it Could Affect Your Customers’ Business: Ransomware attacks have been ramping up and they can have serious consequences. Businesses must be prepared to defend their infrastructure and to orchestrate a comprehensive recovery process. This incident is a reminder that cybersecurity is a bottom-line issue that has real implications for a company’s viability in today’s dangerous digital landscape.  

ID Agent to the Rescue: It’s critical that you understand the importance of dynamic, well-designed cybersecurity. Learn more here: https://www.idagent.com/goal-assist.  

United Kingdom – Anteus Tecnologia 

https://www.dailymail.co.uk/sciencetech/article-8100805/Employee-ID-firm-leaves-76-000-fingerprints-exposed-online-email-addresses-phone-numbers.html?&web_view=true

Exploit: Exposed database.

Anteus Tecnologia: Developer and distributor of fingerprint identification systems

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.888 = Severe:
A cyberattack on February 20, 2020, compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.

1.51 – 2.49 = Severe Risk

Individual Risk: 2.142 = Severe:
In addition to precise fingerprint data, the database also contained the email addresses and phone numbers of employees who store their information with the company. Those impacted by the breach should take every precaution to secure their data and beware of potential instances of fraud resulting from this compromised information. 

Customers Impacted: 76,000. 

How it Could Affect Your Customers’ Business: Today’s regulatory landscape promises steep penalties for companies that fail to protect customer information. In this environment careless errors, like failing to password protect a database, are especially egregious to regulators and customers – and all companies need to ensure that data security is a day-one, top-down priority.  

ID Agent to the Rescue: Compliance ManagerTM can automate regulatory compliance in maintaining required data privacy standards, eliminating guesswork, and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager

Australia – Melbourne Polytechnic 

https://www.itnews.com.au/news/melbourne-tafe-data-breach-exposes-55k-student-staff-files-539180

Exploit: Unauthorized database access.

Melbourne Polytechnic: Academic institution.  

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.555 = Severe:
Melbourne Polytechnic has updated its data breach notification to reflect an incident that occurred between September and December 2018. The school didn’t identify the breach until October 2019 and has since been conducting an IT investigation to assess the damage. In response, the institution has issued an apology to staff and students impacted by the breach. However, users are still in danger of further compromise because the stolen data puts them at serious risk for fraud and other cybercrimes.    

1.51 – 2.49 = Severe Risk

Individual Risk: 1.857 = Severe:
The compromised data is limited to staff and student information between September and December 2018. However, it includes highly sensitive personal details, including PII, healthcare-related data, and financial information. In addition, some victims had their usernames, email addresses, and passwords stolen. Although the culprit has been apprehended, this information has a long shelf life on the internet, and those impacted by the breach should carefully monitor their accounts and credentials for potential misuse.  

Customers Impacted: 90,000.

How it Could Affect Your Customers’ Business: Consumers and employees are increasingly unwilling to work with companies that can’t protect their information. While recovery costs and regulatory fines make a data breach an expensive pitfall, the damage to a company’s reputation can never be fully repaired, ensuring that any breach will have cascading consequences that outlive the initial incident. 

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or company data has been compromised, allowing companies to quickly act to mitigate the effects of a data breach. We work with you to strengthen your security suite with the leading Dark Web monitoring and reporting tool available. Discover more at https://www.idagent.com/dark-web/.  

Australia – Manheim Auctions 

https://www.smh.com.au/business/consumer-affairs/major-company-with-perth-office-faces-30-million-ransom-demand-after-cyber-attack-20200310-p548lo.html?&web_view=true

Exploit: Ransomware.

Alinta Energy: Car auction house. 

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2 = Severe:
The world’s largest wholesale auction house for cars got a surprise it didn’t want on Valentine’s Day- ransomware. Hackers accessed and encrypted the network of the Australian branch of Manheim Auctions, demanding a head-turning $30 million ransom to release the company. The company was forced to post a message to customers on its Facebook page noting the diminished functionality while promising not to pay the ransom. Even without paying the ransom, the company won’t emerge unscathed. Recovery efforts will be incredibly expensive, and the productivity loss and reputational cost incurred will have long-lasting implications.

Individual Risk: At this time, no personal data was compromised in the breach. 

Customers Impacted: 1,100,000

How it Could Affect Your Customers’ Business: Recovering from a ransomware attack is an expensive proposition. Regardless of whether or not companies choose to pay the ransom, these attacks have a profound impact on the victim’s bottom line. Rather than rewarding bad actors, every company should invest in a robust ransomware defense for protection from these costly incidents.   

ID Agent to the Rescue: The most common way that ransomware is delivered is phishing. Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate your employees, making them the best defense against this kind of cybercrime. Learn more here: https://www.idagent.com/bullphish-id.  

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Hackers Collect Millions from Stolen Payment Card Records 

In an increasingly digital-first world, payment card skimming malware has been a growing threat to both customers and retailers – and a profitable business for the bad guys. Unfortunately, that trend is unlikely to abate anytime soon. According to cybersecurity researchers, hackers recently hauled in $1.6 million from selling 239,000 stolen payment cards on the Dark Web.  

The card information was stolen throughout 2019 from as thousands of retailers fell victim to malware. In this web-skimming incident, attackers used malicious JavaScript to steal payment data at checkout from stores hosted on the Volusion cloud platform. Unfortunately, the high yield is likely to incentivize other cybercriminals to pursue payment card skimming, creating a serious liability for companies and customers processing payments online.  

Customers routinely demonstrate an unwillingness to shop at online retailers after a data breach. Making cybersecurity at the point of sale a top priority could be the difference between a flourishing online store and a floundering operation. Any business planning to implement online sales needs to have a strong cybersecurity strategy that works mitigate some of the risk of this means of attack including regular malware assessments and Dark Web monitoring

https://www.bleepingcomputer.com/news/security/hackers-get-16-million-for-card-data-from-breached-online-shops/

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it.

We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW