The Week in Breach: 03/19/20 - 03/24/20

The Week In Breach_Surgical Mask

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

March 25th, 2020 by Kevin Lancaster

This week, cybercrime makes COVID-19 recovery more difficult, unsecured databases give away millions of records, and resources you need to protect data during this challenging time. 

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Media & Entertainment
  • Top Employee Count: 251 – 500

Switzerland – World Health Organization

https://www.beckershospitalreview.com/cybersecurity/phishing-email-impersonating-who-chief-begins-to-circulate.html

Exploit: Phishing scam

World Health Organization: United Nations agency responsible for international public health  

Severity Meter

Risk to Small Business: 1.888= Severe
Hospital workers are receiving an email purportedly from Dr. Tedros Adhanom Ghebreyesus, director of the World Health Organization (WHO). The email contains a personalized message using the recipients’ valid username and an innocuous-looking attachment. Unfortunately, it’s a phishing attack –  when the attachment is opened, it installs malware capable of stealing credentials from the computer. According to cybersecurity researchers, the messages specifically prey on the altruism of recipients, by purporting to include information about novel, preventative drugs and COVD-19 cures.

Severity Meter

Individual Risk: 2.571 = Moderate
At this time, there are no reports of recipients falling for this scam. However, anyone who does click on the attachment has likely allowed malware to compromise their credentials. In that case, they should immediately take steps to remove the malware, reset account passwords, and notify their employers of the incident.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In 2020, clever spear phishing emails are par for the course when it comes to anticipated attack vectors, and the bad guys are making them look more authentic all the time. Rather than allowing employees to fall for these scams, possibly compromising company and customer data along the way, keep them alert for trouble by providing regular phishing scam awareness training that accounts for the latest trends and encompasses all of the possible vulnerabilities.

ID Agent to the Rescue: Helping you understand the importance of security is no easy task. Learn more here: https://www.idagent.com/goal-assist.

As we finished compiling The Week in Breach, we learned that even more cyberattacks have been mounted against WHO during this crisis, easily double the usual number. A group of hackers known as DarkHotel is suspected in one of the most major recent live attacks. More than 2000 Corona-virus themed websites are being created each day as cybercriminals rush to take advantage of the opportunity to breach data and steal passwords that is presented to them by the chaos of this pandemic. Stay alert to what they’re up to by reading our blog.

United States – Open Exchange Rates

https://www.bleepingcomputer.com/news/security/open-exchange-rates-data-breach-affects-users-of-well-known-orgs/

Exploit: Unauthorized database access

Open Exchange Rates: Currency data provider

Severity Meter

Risk to Small Business: 1.777= Severe
While investigating a network misconfiguration, Open Exchange Rates discovered that an unauthorized user was accessing their network. Ultimately, it was determined that the hacker had been accessing their database for nearly a month, beginning on February 9, 2020, and ending on March 2, 2020. The company believes that hackers extracted sensitive user information. In response, Open Exchange Rates has disabled the passwords for all accounts created before March 2, 2020.

Severity Meter

Individual Risk: 2.285= Severe
A copious amount of personal data was compromised in the attack, including user names, addresses, encrypted and hashed passwords, IP addresses, country of residence details, and website addresses. In addition to resetting their account passwords and updating their credentials on any other website using the same information, Open Exchange Rates is warning customers that this information can be used to execute targeted spear phishing attacks. Therefore, those impacted by the breach should carefully monitor their online accounts for suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Although it’s a relatively small operation, Open Exchange Rates provides an API that is used by several prominent financial service providers. As a result, the costs of repairing this breach will be compounded by reputational damage that could impact its relationship with these critical partners.

ID Agent to the Rescue: BullPhish IDTM simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.      

United States – TrueFire

https://www.infosecurity-magazine.com/news/guitar-tuition-website-suffers/

Exploit: Malware attack

TrueFire: Online music school

Severity Meter

Risk to Small Business: 1.555= Severe
On January 10th, TrueFire identified unauthorized access to its database by a mysterious user who was active for more than six months. It’s unclear why the company waited until March to disclose the incident to its customers. The breach compromised users who made online purchases between August 3, 2019, and January 14, 2020. Although the company didn’t explicitly categorize the breach, payment skimming malware is likely responsible for the theft, which included users’ personal and financial data from their online purchases of classes and services.      

Severity Meter

Individual Risk: 2.571= Severe
The breach compromised customers’ personal and financial data, including names, addresses, payment card numbers, card expiration dates, and security codes. TrueFire is encouraging victims to monitor their financial statements for unusual activity, but they should do much more. Those impacted by the breach should immediately notify their financial institutions of the incident, and they should strongly consider enrolling in a credit and identity monitoring service to provide long-term oversight of this critical information.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Customers increasingly prefer shopping online rather than going to physical stores. Especially now, as the COVID-19 pandemic forces people to stay home, online stores are a vital lifeline for SMBs to continue generating revenue while people stay off the streets. Therefore, protecting the checkout process must be a top priority, as many customers will be gone for good if their personal or financial data is compromised through mishandled data on the merchant’s end when they make online purchases.

ID Agent to the Rescue: Dark Web IDTM can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with you to strengthen your security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.  

United States – College of Dupage 

https://www.infosecurity-magazine.com/news/illinois-college-suffers-data/

Exploit: Accidental data exposure 

College of Dupage: Academic institution 

Severity Meter

Risk to Small Business: 1.555= Severe
The College of Dupage accidentally exposed the 2018 W-2 forms of current and former employees. In a statement, the school identified the risk of data misuse as low. In reality, even one cybercriminal misusing this information could pose significant consequences for a potential victim. The breach occurred as the College of Dupage is preparing to move its services online due to the spread of COVID-19, forcing the cancellation of in-person classes – a  timely reminder that in uncertain times information security will still be top-of-mind for end-users, whether they are consumers, staffers, patients, or students. 

Severity Meter

Individual Risk: 2.142= Severe
W-2 forms contain personally identifiable information, including names, addresses, and Social Security numbers. College of Dupage is offering free identity monitoring services to those impacted by the breach, and victims should take advantage of it to ensure that their information remains secure both now and in the future.  

Customers Impacted: 1,775

How it Could Affect Your Customers’ Business: In response to the incident, the College of Dupage is updating its data management standards to prevent a similar incident from occurring in the future. Unfortunately, these updated protocols will not undo the damage for the nearly 2,000 victims of this data breach. Rather than waiting until a cybersecurity incident occurs, companies should prioritize a reevaluation of their practices to ensure that customer and company data is secure before a breach occurs.

ID Agent to the Rescue: Helping you understand the importance of security is no easy task, especially in uncertain times. Learn more here: https://www.idagent.com/goal-assist.      

Canada – Rogers Communications

https://www.bleepingcomputer.com/news/security/rogers-data-breach-exposed-customer-info-in-unsecured-database/?&web_view=true

Exploit: Unsecured database 

Rogers Communications: Internet service provider

Severity Meter

Risk to Small Business: 2.111= Severe
A third-party vendor left an unprotected database exposed to the internet compromising customers’ personal information. The breach was discovered on February 26th, and it’s unclear why it took the company nearly a month to make a public statement about the incident. Although the company acted quickly to secure the data, its reactive measures will not undo the damage to victims, nor will it mitigate the reputational damage that will inevitably follow the breach.

Severity Meter

Individual Risk: 2.142= Severe
The exposed data includes customer addresses, account numbers, email addresses, and telephone numbers. Fortunately, financial information was not included in the breach. To support the victims, Rogers Communications is offering a free year of credit monitoring. In addition, those impacted by the breach should closely monitor their accounts for targeted phishing scams that could compromise additional data. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: There are many ways that bad actors gain access to company IT. Whether they exploit a third-party vulnerability or acquire credentials in a phishing scam, every organization needs to be prepared to restrict access to critical account access. With simple security steps, like requiring strong, unique passwords and two-factor authentication across all accounts, you can keep cybercriminals away from user and employee information.   

ID Agent to the Rescue: With AuthAnvilTM, user credentials and passwords are protected. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your systems and your data. Find out more at https://www.idagent.com/authanvil-multi-factor-authentication.

Germany – Takeaway

https://www.bleepingcomputer.com/news/security/food-delivery-service-in-germany-under-ddos-attack/?&web_view=true

Exploit: DDoS attack 

Takeaway: Food delivery service 

Severity Meter

Risk to Small Business: = 1.888 Severe
As the spread of COVID-19 forces many restaurants to close or alter their offerings, Takeaway, a food delivery service that’s uniquely well-suited to assist during these times, experienced a DDoS attack that forced its website offline. Cybercriminals demanded a ransom payment of $11,000 in Bitcoin to stop the attacks to restore services. Some customers took to the internet to complain about slow website activity, and the service had to provide refunds for orders placed online that couldn’t be fulfilled due to the attack. 

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybercriminals often strive to take advantage of a crisis. As COVID-19 makes home delivery an especially prescient product, it’s unsurprising that bad actors would exploit the crisis in an attempt to make a profit. It’s clear that the COVID-19 pandemic will have long-lasting implications for businesses, but that can’t deter organizations to continue being proactive about protecting their critical data and digital platforms.

ID Agent to the Rescue: With BullPhish ID, we can provide a more complete picture of a your security posture and potential risk, transforming the weakest links of your organization into your strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Estonia – Blisk

https://www.zdnet.com/article/browser-vendor-leaks-data-via-open-server/

Exploit: Unprotected database

Blisk: Web browser vendor

Severity Meter

Risk to Small Business: 2.111 = Severe
Blisk developers carelessly left a database exposed to the internet without a password. The database contained personal information for developers with registered Blisk profiles. This is the company’s second accidental data breach in a short time, which could undermine its credibility with the tech-savvy community that frequents its platform. Moreover, the incident could harm the browser’s adoption. Currently, it’s used by some of the most notable companies in tech, but those relationships can quickly change after repeated cybersecurity failures.   

Severity Meter

Individual Risk: 2.285= Severe
The breach impacts developers using Blisk services and includes email addresses and user-agent strings. While personal or financial information wasn’t included in the breach, the available information could be used by hackers to create specialized malware using their user-agent strings.   

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: In today’s regulatory environment, leaving a database unprotected is a foolish and costly mistake, often compromising thousands of records without any help from hackers – and it’s completely avoidable. To avoid hefty regulatory fines, less-quantifiable reputational damage, and burdensome recovery costs, every organization needs to develop workflow best practices that ensure that systems are password protected. It’s a simple step with outsized implications. 

ID Agent to the Rescue: Compliance ManagerTM automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager

France – Marseille

https://securityaffairs.co/wordpress/99658/malware/marseille-city-massive-attack.html

Exploit: Ransomware

Marseille: Local municipality   

Severity Meter

Risk to Small Business: 2.111= Severe
On March 15, a ransomware attack crippled more than 300 computers and left significant swathes of data inaccessible. In addition to the usual implications of a ransomware attack, this incident is particularly problematic because it took place just before a local election and as the government is orchestrating its response to the COVID-19 pandemic. What’s more, even though the government is able to restore systems from backups rather than paying the ransom, this attack will still be incredibly costly as the recovery and restoration expenses will quickly add up to a significant sum.

Individual Risk: At this time, no personal data was compromised in the breach. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are uniquely disruptive costing companies time, resources, and money.  They’re especially problematic when business is disrupted by an emergency. What’s more, the opportunity cost and reputational damage are difficult to overcome, making the cost of a robust defensive posture look like a relative bargain. Using smart practices, companies can protect their data in a quickly-shifting threat environment.   

ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Get started today: https://www.idagent.com/compliance-manager

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Canadian Healthcare System Inundated by Cyberattacks

The stress created by an emergency like the Coronavirus pandemic is a golden opportunity for hackers. As the Canadian healthcare system grapples with surging treatment demands related to COVID-19, their IT systems are also grappling with a significant uptick in cyberattacks from bad actors trying to steal data and breach systems at healthcare organizations in a critical time.  

The threat is so severe that some organizations have called on the government to enact national cybersecurity standards and provide emergency funding to help defend patient data. We’ve reported on several Canadian health institutions impacted by data breaches this year, and in 2019, nearly half of all Canadian data breaches were healthcare-related.

According to several officials, many Canadian healthcare providers are midway through their cybersecurity upgrade roadmaps. Their slow progress means that many of their defenses are outdated and inadequate to meet today’s quickly evolving threats to data and systems.

Don’t wait for your organization’s Doomsday scenario to unfold. Get support now to prevent phishing scams, malware, and other cyber threats from compromising company data. Partnering with cybersecurity experts can help you get your defenses against cyberattacks up to speed faster before a breach occurs.

https://www.cbc.ca/news/canada/nova-scotia/hospitals-health-care-cybersecurity-federal-government-funding-1.5493422

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is FREE, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW