The Week In Breach 04/15/2020 - 04/21/2020

by Wally Moore

on April 22, 2020

in Data Breach

The Week In Breach 04/15/2020 to 04/21/2020

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to this website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our partners at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it!

April 22nd, 2020 by Kevin Lancaster

This week, compromised email accounts expose customer data, ransomware disrupts remote work, and the FBI releases a new warning about COVID-19 related healthcare cybercrime.  

Dark Web ID Trends:
Top Source Hits: ID Theft Forums

  • Top Compromise Type: Domain
  • Top Industry: High-Tech & IT
  • Top Employee Count: 11-50

United States – AST LLC. 
https://www.technadu.com/ast-llc-announces-data-breach-circulates-notices-employees/99052/

Exploit: Employee payroll breach 

AST LLC.: Cloud & digital transformation service provider  

Severity Meter

Risk to Small Business: 1.871 = Severe
Using a previously compromised email account, hackers accessed employee payroll information. Hackers used their access to set up rules that diverted received messages, making it more difficult for the company to detect the breach. The incident, which occurred on March 9, 2020, has prompted the company to update its cybersecurity standards to include two-factor authentication on company email accounts. Unfortunately, this change is too-little-too-late and is unlikely to assuage the concerns of the company’s enterprise clients. 

Severity Meter

Individual Risk: 1.690 = Severe
Hackers accessed employees’ payroll information and 2019 W-2 forms, which included their names, addresses, salary details, Social Security numbers, employer identification numbers, and other work-related information. AST has warned employees that this information will likely be transferred to the Dark Web, where it could be used to create convincing spear phishing emails. The company is offering affected personnel a year of identity theft prevention services, and victims should enroll in this service as an extra defense against additional cybercrimes related to this incident.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Employee email accounts are often compromised, and this can have significant repercussions for both employee and company data. Simple steps, like enabling multi-factor authentication, can help keep these accounts secure while protecting ROI.

ID Agent to the Rescue: With Passly, you can protect your employees’ digital identities, your data, and your clients. Our remote-ready solution packs multi-factor authentication, single sign-on, and password management tools in one affordable, easy-to-deploy package. Find out more at https://www.idagent.com/passly.  

United States – San Francisco International Airport
https://www.bleepingcomputer.com/news/security/san-francisco-intl-airport-discloses-data-breach-after-hack/

Exploit: Malware attack

San Francisco International Airport: Airport authority

Severity Meter

Risk to Small Business: 2.505 = Moderate
A malware attack on two websites related to the San Francisco International Airport, SFOConnect.com and SFOConstruction.com, compromised users’ login credentials. The breach applies specifically to users accessing the sites using Internet Explorer or a Windows-based personal device. In response, the airport has reset all account passwords, and they are encouraging everyone with an account on these platforms to update their login information for other websites that use the same information. 

Severity Meter

Individual Risk: 2.775 = Moderate
Hackers obtained peoples’ usernames and passwords. Although the company was quick to reset these credentials, victims should be mindful that this information could be used to access other accounts that rely on the same username and password combination. Therefore, they should carefully monitor their accounts for suspicious or unusual activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Stolen login credentials are often available for sale on the Dark Web, making an awareness of this nefarious marketplace an integral part of any company’s cybersecurity strategy. By having your eyes and ears attuned to this information’s availability, companies can prevent its use before it enables a more devastating data breach. 

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform available. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Canada – The Law Society of Manitoba 
https://www.cbc.ca/amp/1.5530825

Exploit: Ransomware

The Law Society is Manitoba: Law firm collective 

Severity Meter

Risk to Small Business: 1.475 = Extreme
Two Manitoba law firms experienced a ransomware attack that crippled their operations. The encryption left employees unable to access computer systems, digital files, email, or data backups. As a result, firms are left without their client lists, accounting and financial information, photos, and other mission-critical information. The ransomware infected the firms’ systems after employees opened a malicious email attachment. According to the company, cybercriminals are demanding an “enormous” ransom that the companies are unable and unwilling to pay. 

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The challenging business environment created by the COVID-19 pandemic leaves little room for additional setbacks. Since ransomware attacks carry multifaceted expenses, including productivity loss, opportunity cost, and technology recovery, every company needs to be confident that it has its bases covered when it comes to this increasingly prominent threat.

Canada – Holland America Line, Inc.
https://hotforsecurity.bitdefender.com/blog/canadian-authorities-email-private-details-of-247-ms-zaandam-cruise-passengers-23010.html

Exploit: Accidental data sharing 

Holland America Line, Inc.: Cruise company 

Severity Meter

Risk to Small Business: 1.833 = Severe
When communicating with COVID-19 patients from a recently-docked cruise ship, authorities accidentally emailed an attachment that included the personal details to all cruise line passengers impacted by the virus. Compounding the problem, many recipients forwarded the email, expanding the scope of the data exposure. Impacting COVID-19 patients, this data breach is an awful event occurring at a terrible time.

Severity Meter

Individual Risk: 1.905 = Severe
The breach includes patients’ personally identifiable information, including their names, addresses, dates of birth, email addresses, phone numbers, and passport numbers. The 247 passengers are also being asked to change their passport numbers. Victims should enroll in a credit and identity monitoring service to ensure the long-term integrity of this critical data.  

Customers Impacted: 247

How it Could Affect Your Customers’ Business: This incident is a reminder that companies need a 360-degree approach to data security that accounts for all types of data loss opportunities. In this way, holistic cybersecurity training can equip employees to rightly prioritize company data and to take appropriate steps to mitigate the risk of a data breach.

ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.  

United Kingdom – Travelex
https://www.ciodive.com/news/travelex-ransom-breach-investigation/575842/

Exploit: Ransomware

Travelex: Foreign exchange company  

Severity Meter

Risk to Small Business: 1.703 = Severe
Hackers stole and encrypted company data, and they are threatening to publish the information if Travelex doesn’t pay a significant ransom. The attack was first reported by hackers in January when they indicated to media sources that they copied and encrypted 5GB of personal data. Ultimately, the attack has cost Travelex more than $2 million. Hackers exploited a flaw in VPN software to gain access to the network, and cybersecurity researchers believe that hackers had access to the company’s network well before they encrypted its data.

Severity Meter

Individual Risk: 2.711 = Moderate
While it’s unclear what specific data categories were accessible to hackers, stealing and publishing personal data is one of the latest threats to accompany a ransomware attack. Travelex customers should be vigilant to monitor their accounts for unusual activity and their incoming messages for signs of phishing scams.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are incredibly costly, and their repercussions can reverberate through companies for years. Protecting against potential vulnerabilities that give hackers a foothold must be a top priority for companies looking to succeed in a digital environment where a ransomware attack is always a possibility.

Denmark – DESMI  
https://securityaffairs.co/wordpress/101495/hacking/desmi-discloses-cyber-attack.html

Exploit: Ransomware

DESMI: Pump manufacturer and developer

Severity Meter

Risk to Small Business: 2.617 = Severe
A ransomware attack has encrypted company IT, prohibiting remote workers from accessing company systems. Although DESMI is confident in its ability to restore services, this outage constitutes a veritable shutdown as employees can neither utilize in-office tools nor communicate via virtual meetings.    

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: COVID-19 has made remote work a necessity at companies around the world. This workflow is contingent on employees having access to company systems. During this time, a ransomware attack can erode the limited productivity and sales opportunities that companies have now, which increases the impetus to protect your company’s digital environment. 

ID Agent to the Rescue: With BullPhish ID, we can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of your organization into your strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.     

Australia – Ingram  
https://portswigger.net/daily-swig/ingram-data-breach-digital-content-platform-hack-resulted-in-theft-of-publishers-titles

Exploit: Unauthorized account access 

Ingram: Book distributor   

Severity Meter

Risk to Small Business: 2.335 = Severe
Hackers accessed a customer account and downloaded numerous book titles from the company’s repository. The bookseller, which operates in the US, UK, France, and Australia, immediately revoked the account credentials and hired a third-party cybersecurity team to investigate the breach. As an on-demand printing business, Ingram relies on its reputation, as authors select platforms that can securely and reliably deliver their content to readers.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In today’s digital environment, where billions of login credentials are readily on sale on the Dark Web, every company should expect that hackers could gain front door access to its IT infrastructure. Therefore, it’s critical that they deploy security solutions, like two-factor authentication, that can prevent hackers from accessing user accounts even when they are armed with login information.

ID Agent to the Rescue: Passly protects employees’ digital identities, data, and business continuity through an integrated multi-factor authentication, single sign-on, and password management solution. Learn more at https://www.idagent.com/passly.   

Australia – Wappalyzer 
https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/

Exploit: Unsecured database 

Wappalyzer: Technographics data provider

Severity Meter

Risk to Small Business: 2.417 = Severe
On January 20, 2020, hackers copied data from an exposed database containing customers’ personal details. Now, Wappalyzer customers are receiving emails from hackers offering to sell the database for $2,000 in Bitcoin. The company downplayed the incident, claiming that the information was from an old database from its previous website. However, the details were valid enough that hackers were able to communicate with customers directly. As a best-case scenario, this incident is a PR disaster for the company, but the consequences could become more onerous.  

Severity Meter

Individual Risk: 2.883 = Moderate
Wappalyzer contends that the exposed database doesn’t include customers’ personal data. Even so, because hackers have access to users’ email addresses, those impacted by the breach should be especially vigilant about assessing incoming messages for potential spear phishing messages that could compromise even more sensitive personal data. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Data breaches do serious damage to a company’s reputation. Customers and business partners are increasingly unwilling to work with companies that are stained by a data security incident. When coupled with expanding privacy regulations and soaring costs, today’s companies have millions of reasons to secure their customers’ data.

ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager.st.   

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Thousands of Zoom Credentials Available on Dark Web  
As we recently reported in our blog, Zoom and other video conferencing services have soared in popularity, but their convenience can come at a steep cost to cybersecurity. Unfortunately, these services have been subject to a litany of cyber threats. Terms like “Zoom bombing” are now part of our vernacular as Zoom takes the most heat for cybersecurity weaknesses, but other services have faced privacy concerns of their own. 

This reality was underscored this week when cybersecurity researchers discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users.

Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing Dark Web monitoring is one way to stay ahead of the game during this critical time.
https://securityaffairs.co/wordpress/101475/deep-web/zoom-dark-web.html

A Note for Our Friends

COVID-19 Treatment Centers Targeted by Cybercrime   
This week, the Federal Bureau of Investigation (FBI) issued a warning that hackers are increasingly targeting companies pursuing treatments for the novel Coronavirus. As a result, the FBI warned, “Now is the time to protect critical research you’re conducting.”   

Of course, it’s not just researchers experiencing a surge in COVID-19-related cyberattacks. Other healthcare facilities, including hospitals, testing facilities, and specialty care units have experienced a barrage of phishing scams, ransomware attacks, and other cyberattacks. This activity is part of a concerted effort by cybercriminals to take advantage of this scary and destabilizing moment to steal valuable company and customer data. 

Consequently, now is the time for every company to reassess its cyber preparedness in light of the new realities posed by COVID-19. If we can support these efforts in any way, please don’t hesitate to contact our team!

https://www.reuters.com/article/us-health-coronavirus-cyber/foreign-state-hackers-target-u-s-coronavirus-treatment-research-fbi-official-idUSKBN21Y3GL?&web_view=true

Get our new free remote workforce cybersecurity toolkit now, and follow us on social media to get our latest news, events, blog posts, insights, product updates, marketing tools, and so much more!

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW