The Week In Breach 03/31/21 - 04/06/21

by Wally Moore

on April 7, 2021

in Data Breach

The Week In Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology.

One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types.

With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

by ID Agent


This Week in Breach News: A massive Facebook leak exposes personal data for millions in the US and India, the Clop ransomware gang had a very good week (and US universities had a very bad week).

United States

United States – The New York Foundling

https://cybernews.com/security/new-york-charity-leaves-sensitive-patients-data-unsecured/

Exploit: Unsecured Database

The New York Foundling: Children’s Charity 

severity meter

Risk to Business: 1.662= Severe

The New York Foundling, a venerable children’s charity, has had significant data exposure. Researchers discovered an unsecured database contained more than 2,000 CSV and TXT files, each with hundreds or thousands of entries related to patients’ medical records, children’s legal guardians, caseworkers, doctors, and other child welfare specialists.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.707 = Severe

At least 13,000 entries on medical procedures including vaccines, diagnostic tests, patient IDs, referral details, chart notes with descriptions, and patient IDs. Another 7,000 entries for patients are in the trove, including patient names and birthdates, parent/guardian names and phone numbers, and insurance or agency information. A TXT file containing SSNs and what appears to be IDs, but without names or other identifying information is in the mix. Employee information is also included with staff names, ID numbers, and other details.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Making simple, avoidable blunders like this is a tragedy. Not only have many families had data exposed, but this charity hospital will also be paying huge HIPAA fines.

ID Agent to the Rescue: Make sure that everyone on your team is up to date on today’s threats and ready for tomorrow’s with the tips and tricks in “The Security Awareness Champion’s Guide". GET THIS FREE BOOK>>


United States – Facebook

https://www.businessinsider.in/tech/news/533-million-facebook-users-phone-numbers-and-personal-data-have-been-leaked-online/articleshow/81889315.cms 

Exploit: Hacking

Facebook: Social Media Company 

severity meter

Risk to Business: 1.627 = Severe

A treasure trove of Facebook user data landed in a hacking forum over the weekend. Hackers dropped a slew of PII on Facebook users including phone numbers and some contact information of hundreds of millions of users for free online. A Facebook spokesperson told Insider that the data was scrapped due to a vulnerability that the company patched in 2019.

severity meter

Individual Risk: 1.627 = Severe

This fresh dump of exposed data includes various PII for over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. Exposed data includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and email addresses. This information can be used to mount spear phishing and brand impersonation schemes.

Customers Impacted: 533 million

How it Could Affect Your Customers’ Business: Cybercriminals will love this windfall. Data like this lives forever on the dark web, providing ammunition for future cyberattacks and fraud.

ID Agent to the Rescue: Dark Web ID alerts businesses to credential compromise fast, giving them the edge to fix vulnerabilities before the bad guys even know they’re there. WATCH A VIDEO DEMO>>


Champions guide

Get the tips, tricks, and cheat codes that you need to beat cybercriminals at their own game! DOWNLOAD THIS BOOK>>


United States – University of Maryland Baltimore (UMB)

https://www.govtech.com/education/higher-ed/University-of-Maryland-Student-Data-Exposed-by-Cyber-Attack.html

Exploit: Ransomware

University of Maryland Baltimore (UMB): Institution of Higher Learning

severity meter

Risk to Business: 2.412 = Severe

The Clop ransomware gang had a banner week. UMB is one of at least 6 US colleges that they’ve hit successfully in the past week after gaining access to systems at data transfer and processing behemoth Accellion in late 2020. Here’s the full list of impacted colleges. At UMB, the gang snatched an assortment of student and staff data including federal tax documents, requests for tuition remission paperwork, applications for the Board of Nursing, passports, ID data, and tax summary documents.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.309 = Severe

The staff data featured lists of individuals and their Social Security numbers, retirement documentation, and 2019/2020 benefits enrollment and adjustment requests. In the student data batch, the gang scored photos, dates of birth, home addresses, passport numbers, immigration status, names of individuals, and Social Security numbers. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This is a textbook illustration of what happens when one of your business partners, suppliers, or service providers has a data breach – cybercriminals get a leg upon breaking into your systems too.

ID Agent to the Rescue: Mitigate the risk of doing business in today’s interconnected world with the expert advice in our ebook “Breaking Up with Third-Party and Supply Chain Risk". DOWNLOAD IT>>


United States – 200 Networks LLC

https://www.hackread.com/call-center-provider-experiences-data-leak/

Exploit: Unsecured Database

200 Networks LLC: Call Center Operator

severity meter

Risk to Business: 2.412 = Severe

A wide-open database belonging to 200 Networks was discovered by security researchers just leaking information freely. The data included logs for at least 1.48 million robocalls. The dataset was exposed for almost 24 hours and the database kept growing in real-time as business continued adding thousands of fresh calls and records to the mix every hour. The exposed record contained only swatches of data on the callers but included extensive inside information for the company including technical data.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: 1.48 million

How it Could Affect Your Customers’ Business: Failing to protect the secrets of your success is problematic for any business. This information will likely make its way to the dark web quickly.

ID Agent to the Rescue: Dark web danger is growing for businesses as millions of records landing in dark web markets create new vulnerabilities. PROTECT YOUR BUSINESS>>


Global Year In Breach

Have you downloaded your copy of our signature cybercrime report “The Global Year in Breach 2021” yet? GET IT NOW!>>


United Kingdom

The Netherlands – Royal Dutch Shell

https://www.theregister.com/2021/03/29/shell_clop_ransomware_leaks_update/

Exploit: Ransomware

Royal Dutch Shell: Oil Company

severity meter

Risk to Business: 1.863 = Severe

The Clop ransomware gang is going to need a vacation after this week. They also struck gold at Royal Dutch Shell, scooping up an assortment of business documents and posting a sample on their leak site. Once again, the gangs foray into Accellion paid off, enabling them to gain access to Royal Dutch Shell. Spokesmen for the company admit that data was stolen but are not saying that this was a ransomware hit, although that is this gang’s stock in trade.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can cause catastrophic delays in production, crippling factories. Preventing it from hitting systems is just as important as protecting data.

ID Agent to the Rescue: Stopping ransomware starts with stopping phishing. in “The Phish Files", you’ll learn strategies to spot and stop phishing attacks fast. READ THIS BOOK>>


France – Asteelflash

https://www.bleepingcomputer.com/news/security/asteelflash-electronics-maker-hit-by-revil-ransomware-attack/

Exploit: Ransomware

Asteelflash: Electronics Manufacturer

severity meter

Risk to Business: 1.802 = Severe

REvil has come to call at French firm Asteelflash, specialists in the design, engineering, and printing of printed circuit boards. This is the latest attack in a series of incidents impacting manufacturers and developers adjacent to the beleaguered semiconductor sector. The gang asked for an initial $12 million ransom, but Asteelflash apparently chose not to pay that within the specified timeframe, so the ransom doubled to $24 million. Data proving the incursion was posted to the gang’s website last week.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: An incident like this is even more costly when your industry is under pressure, as electronics companies are right now. Cybercriminals are always looking for the opportunity to hold businesses up in challenging times.

ID Agent to the Rescue: Make sure that you’re covering all of the bases with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


Italy – Boggi Milano Menswear 

https://threatpost.com/ragnarok-ransomware-boggi-milano-menswear/165161/

Exploit: Ransomware

Boggi Milano Menswear: Luxury Fashion Retailer 

severity meter

Risk to Business: 2.055 = Severe

Italian clothier Boggi Milano menswear had an unwelcome delivery this week. The Ragnarok ransomware gang snatched 40 gigabytes of data from the fashion house, including HR and salary details. Researchers looking into the hack found payroll files, payment PDFs, vouchers, tax documents, and other business data on the dark web. The incident is under investigation.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: It’s no longer acceptable to just survive a cyberattack – businesses have to be prepared to endure challenges and still keep going.

ID Agent to the Rescue: Is your organization ready to repel cyberattacks and keep on going? You are if you’re cyber resilient. Learn how to transform your business in “The Road to Cyber Resilience” today. GET THIS BOOK>>


Passwords

Don’t miss these bad password lists & good password tips. DOWNLOAD IT>>


Guide to risk scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Added intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


Phish Files

Learn the Secret of How Cybercriminals Trick You Into Falling for Phishing Messages!

Read Phish Files Now>>


Resource spotlight

 

ID Agent quarterly update

Ready to see what we have on tap? Watch the ID Agent Q2 Product Update now to see upcoming innovations including highly-anticipated features, plus, get a Graphus update and meet RocketCyber, your next SOC!! SEE IT>>


 

Supply chain third party

Don’t let supply chain and third-party risk rain on your parade in 2021! Learn how to protect your business (and your profits) in the eBook “Breaking Up with Supply Chain & Third-Party Risk“! GET IT NOW>>


Featured briefing

Stamp Out Alert Fatigue: Security Automation is a Win for Everyone


Automation technology has become helpful in so many facets of life. Automated vacuums keep our floors clean. Automated pet feeders keep our cats happy. Automated plugs turn our lights on and off. Adding an automated assistant to daily life has been a huge boon when driving or looking up a recipe. So why not take the power of automation technology and put it to work fighting back against the next wave of record-shattering cybercrime by adding affordable, reliable security automation that reduces alert volumes, increases helpdesk efficiency, completes trivial tasks without human guidance, and finds threats faster than traditional sources?

It’s not something that’s coming in the far-flung future. Security automation has already started making an impact. As more solutions incorporate automation, IT managers are finding out that it’s not just a great way to generate reports or monitor performance. Automated features in an array of security tools enable them to do more with valuable resources like human capital while increasing awareness and efficiency. In a recent study of security leaders, 85% noted that they believe that companies are adding technologies too quickly with 71% admitting that even most existing tools are underutilized. Experts estimate that companies use an average of 19 different security tools, with only 22% of them really important to maintaining security. 


Cyber resilience

Don’t let cyber attacks put the brakes on your business. Stay agile and keep your engine running under any conditions. Start your journey on The Road to Cyber Resilience now! DOWNLOAD THIS PACKAGE>>


As businesses add solutions to address new needs and threats, the volume of alerts that IT teams deal with every day is staggering leading to potentially disastrous consequences. That cacophony of beeps, buzzes, and bells, spurs staffers into turning off or ignoring alerts, and that can be a dangerous practice because an actual emergency may be missed. In this survey about IT team burnout, more than 45% of respondents said that they regularly turn off high volume alerting features because they’re overwhelming. Almost half of the participants said that they personally investigate 10 – 20 alerts each day, a 12% increase from 2019. Another 25% of respondents said they investigate 21 to 40 alerts each day, up from 14% the year prior, and 66% of survey takers reported seeing a significant increase in alerts since March of 2020 as data breach risks proliferated in the wake of the global pandemic and implementation delays created a cascade effect of incomplete maintenance pitfalls. 



Time is Money


Another side effect of the alert flood is a huge time-suck: false positives. In that same survey, security teams said that 25 to 75% of the alerts they investigate on a daily basis are false positives. An in-depth study showed that a security analyst can spend as much as 25% of their time is spent chasing false positives. That’s 15 minutes per payroll hour, per analyst. IT teams can waste about 300 hours per week just wading through on false positives. 

That’s a serious problem when there aren’t enough hands to do the work in the first place. Over 70% of IT managers in a staffing survey said that they couldn’t find the personnel they needed last year, leaving 82% of security teams chronically understaffed. Money isn’t the factor that’s stopping them either – 45% of organizations reported having enough budget available. But only 39% of companies feel they have adequate IT expertise on staff to handle increased ticket volumes, distinctly problematic when IT teams are faced with challenges like pivoting from remote workforce security into securing the new hybrid workforce.


Cybersecurity Risk

Inspect your defenses to find vulnerabilities before the bad guys do with our Cybersecurity Risk Protection Checklist GET IT>>


Security Automation is a Game-Changer


Automation is the answer to many IT team problems, and IT managers are beginning to realize it. – 68% of IT leaders were bullish on AI and automation technology. More than 60% of executives in that study also said that automated tools and AI technology helped them optimize the value of their existing tools and personnel. IBM notes that automated security reduces trouble tickets by 80% and increases caseload capacity by 300% or more. It also saves money all over your security operation, including in some unexpected ways like saving energy

So how can you start benefitting from security automation? Make use of the automation capabilities available now in each of our digital risk protection solutions.

  • Dark Web ID – Enjoy automated deployment in minutes, with no additional hardware or software to install. Painless integrations with multiple PSA systems including Kaseya’s own BMS ensures automated data sharing for a fast, frictionless alerting and mitigation process, so you never miss a security event. Plus, Dark Web ID seamlessly integrates with other tools across Kaseya’s portfolio, making it easy for MSP technicians to manage them together.
  • BullPhish ID – Automate training to make it even easier to manage. Deploy campaigns fast with plug-and-play kits and have content delivered automatically through brandable portals on a pre-determined schedule. Then have all of the reports that you need to demonstrate the value of training to your clients automatically generated.
  • Passly – This is the process automation that will make every security team happy. Wave goodbye to trouble tickets for password resets because they’ll be automated. An average MSP that serves 1300 users wastes around $9350 each year just managing password reset tickets and you have better things to do with that money.

Don’t Wait – Automate


You don’t need to wait until you get a fresh budget to start automating security. These features are already built into our solutions, there’s nothing extra to add or set up. Just start enjoying the extra time in your day from using smart security automation to take care of mundane tasks like password resets and report generation. Your staff will be grateful too. Maybe that will even free up a few minutes to see how much your business would benefit from Graphus, an automated phishing defender that’s 40% more effective than traditional security. Contact us today to learn more about our security automation and how it’ll benefit your business.


Bullphish ID

See the NEW BullPhish ID: unbeatable value, now updated & upgraded! SEE THE WEBINAR>>


 

For your customers

Automation Saves Everyone’s Nerves 


Are you tired of filing a trouble ticket and waiting for a technician for every little IT issue? When you take advantage of the automation capabilities that many of today’s smart solutions feature, you don’t have to. Affordable automation means that you can make just a few small adjustments to your security plan that bring big results, reducing your trouble tickets while increasing your security posture.

By far the most common trouble ticket that helpdesks receive is a password reset. On average, 20% to 50% of all IT help desk tickets each year are for password resets. one password reset can set you back around $100. This calculator using averaged data can help you determine the cost of a password reset for your business.

But if you’re using a secure identity and access management solution like Passly, you never have to pay or wait for a password reset – it’s automated, eliminating wait time (and expense) for you and stress on IT personnel. On average, every one of a company’s employees is going to call the helpdesk 11 times per year, so that savings really adds up.

Consider using that money to automate a few other security tools. If you add Graphus to your security plan you'll be upgrading your security and reducing trouble tickets at an unbeatable value. You get automated antiphishing security that uses AI and more than 50 data points to spot and stop phishing emails. It catches 40% more than traditional solutions.

Also, consider automating security awareness training with BullPhish ID. Choose from an array of plug-and-play phishing kits and set your phishing simulation to deliver the training that your staff needs, then report on their progress – automatically. Automated deployment and no-fuss integration with Dark Web ID also makes it a snap to keep an eye open for dark web credential compromise too.

Don’t stress out yourself or your security team with a sea of trouble tickets for mundane issues. No one wants to spend the day waiting for IT to reset a password. Affordable automation lowers everyone’s stress. Automate as many routine processes as you can and free up your staff to do something more important with their time.


Graphus

Employees can’t click on a phishing message they never see – and automated antiphishing security catches 40% more phishing messages than any other kind. That’s one reason why you need Graphus. SEE 10 MORE REASONS>>


DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it.

We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW