The Week In Breach 09/23/2020 to 09/29/2020

by Wally Moore

on September 30, 2020

in Data Breach

The Week In Breach 09/23/2020 - 09/29/2020

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

September 30th, 2020 by Kevin Lancaster

The Week in Breach: Ransomware sails a major shipping company into trouble, Microsoft makes a rare flub, Luxottica fails to see a threat, malicious insiders shop for data at Shopify, details about our sponsorship of REBOUND from SKOUT, and a sneak peek at our first product update event!

Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1 – 10

The Week in Breach – United States 

United States –  Arbiter Sports

https://www.techtimes.com/articles/252742/20200922/hacker-breached-540-000-referees-league-officials-and-school-representatives-for-ransom-and-won.htm

Exploit: Ransomware

Arbiter Sports: Sports Software and Services Provider 

Severity Meter

Risk to Business: 1.301 = Extreme
Arbiter Sports, a software provider for many athletic associations including the NCAA (National Collegiate Athletic Association) experienced a ransomware attack that led to significant data loss. The shifting story ultimately crystallized into the company paying the ransom to have data freed from what it classifies as a backup server containing a database of more than 540,000 of its registered members — consisting of referees, league officials, and school representatives. The data was from several applications and records including ArbiterOne, ArbiterGame, and even ArbiterWorks.

Severity Meter

Individual Risk: 1.816 = Severe
Arbiter Sports said the backups contained sensitive information about users who registered on these web apps, such as account usernames, passwords, real names, addresses, dates of birth, email addresses, and Social Security numbers. Social Security numbers and passwords were encrypted. The company paid the ransom, but the data could have still been copied. Users should be aware of the potential for identity theft or spear phishing using this information.

Customers Impacted: 540,000+

How it Could Affect Your Customers’ Business: Ransomware is every company’s worst nightmare. Even when a company pays the ransom, there’s no guarantee that the encrypted data wasn’t copied or resold before it was released by the cybercriminals.

ID Agent to the Rescue: If you’ve been hit with ransomware, it probably started as a phishing attack. You need Graphus, the powerful automatic phishing defender that evolves with your business. LEARN MORE>>

United States – IPG Photonics

https://www.bleepingcomputer.com/news/security/leading-us-laser-developer-ipg-photonics-hit-with-ransomware/

Exploit: Ransomware

IP Photonics: Laser Developer 

Severity Meter

Risk to Business: 2.305 = Severe
Defense contractor and laser developer IP Photonics was hit with a nasty ransomware attack using the RansomExx strain of ransomware, sometimes also dubbed Ransom X. IPG Photonics IT operations were affected worldwide, including internal IT, phones, manufacturing, parts, and shipping.

Individual Risk: No individual information was reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Manufacturers that get shut down from ransomware don’t just lose data – they also lose production time, fulfillment capability, access to maintenance or operations technology, and other business essentials that can be hard to quantify yet devastating.

ID Agent to the Rescue: BullPhish ID helps companies fight back against ransomware and other phishing-related attacks with easy to deploy phishing resistance training featuring “set it and forget it” campaign management and plug-and-play training kits. LEARN MORE>>

United States – Microsoft

https://www.zdnet.com/article/microsoft-secures-backend-server-that-leaked-bing-data/

Exploit: Unsecured Database

Microsoft: Technology Conglomerate

Severity Meter

Risk to Business: 2.781 = Moderate
In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.

Individual Risk: No individual data is believed to have been impacted in this breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Elementary security failures are embarrassing, and may lead your company’s customers to take their business elsewhere because if you’re forgetting the basics, how are you handling the more serious stuff?

ID Agent to the Rescue: Make sure that staffers are dotting the Is and crossing the Ts when it comes to basic security best practices with security awareness training from ID Agent, including phishing resistance with BullPhish ID LEARN MORE>>

United States – Town Sports International

https://securityboulevard.com/2020/09/town-sports-international-data-breach-exposed-personal-information-of-600000-members/

Exploit: Unsecured Database

Town Sports International: Sports Club Operator

Severity Meter

Risk to Business: 1.753 = Severe
Cybersecurity researchers discovered an unsecured database owned by Town Sports International that was unprotected for nearly one year, leaving room for unauthorized individuals to browse and steal customer information. The Amazon S3 bucket contained full names, addresses, contact information, credit card last 4 digits and expiry dates, billing histories, and other sensitive information for 60,000 members of health clubs along the East Coast, including clubs in Boston and New York. Employee records were also stored in this database, and their personal information was also likely exposed.

Severity Meter

Individual Risk: 1.601 = Severe
This database was left wide open for at least a year, giving cybercriminals and data brokers ample time to harvest it for fuel to empower phishing attacks, identity theft, and other cybercrime.

Customers Impacted: 600,000

How it Could Affect Your Customers’ Business: Minor security errors happen, but colossal blunders like this speak to a culture of sloppy security and lack of regard for data privacy across an organization.

ID Agent to the Rescue: Password reuse is an epidemic, and incidents like this are how huge lists of passwords end up on the Dark Web. Make sure yours aren’t there with 24/7/365 Dark Web monitoring. LEARN MORE>>

United States – Universal Health Services

https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/

Exploit: Ransomware

Universal Health Services: Healthcare System Operator

Severity Meter

Risk to Business: 1.442 = Extreme
Ryuk Ransomware did massive damage at Universal Health Services (UHS), resulting in damage that left UHS hospitals in the US including those from California, Florida, Texas, Arizona, and Washington D.C. without access to computers and phone systems. The healthcare giant operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees, and provides healthcare to approximately 3.5 million patients each year. The affected systems are still not fully restored, but patient care impacts are reported as minimal.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services – and attacks are escalating.

ID Agent to the Rescue: Ransomware typically arrives with a phishing email. Automate your company’s defense against phishing with Graphus to put three layers of protection between a phishing email and your data fast. SEE HOW IT WORKS>>

United States – Tyler Technologies

https://dfw.cbslocal.com/2020/09/23/texas-company-software-local-governments-schools-data-breach/

Exploit: Ransomware

Tyler Technologies – Public and Defense Sector Software Provider

Severity Meter

Risk to Business: 1.779 = Severe
North Texas company Tyler Technologies, provider of software services for everything from jail and court management systems to payroll, human resources, tax, and bill collection and land records, experienced a devastating ransomware attack. The company says that the impact of the incident is limited to internal corporate network and phone systems and that there has been no impact on hosted client environments, including its election results reporting software, although some clients are reporting escalating login problems since the attack.

Individual Risk: No personal data was reported as part of this incident.

How it Could Affect Your Customers’ Business: An event like this at a technology provider is not a good look, especially for a contractor that handles both defense sector jobs and election reporting software.

ID Agent to the Rescue: Security awareness training with cutting-edge solutions like BullPhish ID reduces a company’s chance of suffering a cybersecurity incident by up to 70%. SEE BULLPHISH ID IN ACTION>>

The Week in Breach – Canada

Canada – Shopify

https://www.reuters.com/article/us-shopify-cyber/shopify-says-customer-data-likely-exposed-as-employees-accessed-records-idUSKCN26D36J

Exploit: Malicious Insider

Shopify: e -Commerce Platform 

Severity Meter

Risk to Business: 2.314 = Severe
The data of customers for an estimated 200 merchants on Shopify was exposed in an insider incident at the e-commerce giant. Two employees who were working a scheme to steal transaction data are to blame. The data exposed includes client details like email, name, and street address, as well as order details, but does not involve complete payment card numbers or financial information. The company hosts over one million businesses across more than 175 countries on its platform.

Severity Meter

Individual Risk: 2.603 = Moderate
The rogue staffers were only able to expose a small amount of information from a few businesses. Merchants on the platform are being informed by Shopify as the investigation continues. Users who think they may be at risk should be alert for spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The economy in the rest of the world may be challenged, but the Dark Web data markets are thriving, and staffers who need a little extra cash can be tempted to expose company data, sell their logins, or dip their feet into the cybercrime as-a-service market.

ID Agent to the Rescue: Are your staffers selling their credentials on the Dark Web – or even worse, your customers’ credentials? Find out fast with human and machine powered always on credential monitoring from Dark Web ID. SEE DARK WEB ID IN ACTION>>

The Week in Breach – United Kingdom & European Union

France – CMA CGM

https://gcaptain.com/shipping-giant-cma-cgm-hit-by-cyber-attack/

Exploit: Ransomware

CMA CGM: Maritime Shipping and Logistics  

Severity Meter

Risk to Business: 1.702 = Severe
Ragnar Locker ransomware sailed into the systems of French cargo giant CMA CGM, leaving havoc in its wake. The company’s website and external access to all applications was taken offline. This is the latest in a series of attacks against logistics targets, including major shipping and trucking companies. No ransom has been named in the attack, and CMA CGMis still experiencing outages.

Individual Risk: No personal information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The number one cause of ransomware flooding your systems is a phishing email. Increasing security awareness training including phishing resistance training with BullPhish ID can prevent these types of cybersecurity disasters.

ID Agent to the Rescue: BullPhish ID makes your staffers more wary of suspicious messages. Combine that increased awareness with Graphus’ Phish 911 a feature that enables employees to report dodgy messages to give phishing a knockout blow. SEE OUR SOLUTIONS IN ACTION>>

Italy- Luxottica

https://www.insurancebusinessmag.com/asia/news/cyber/eyewear-giant-gets-blindsided-by-cyberattack-234390.aspx

Exploit: Ransomware

University Hospital Dusseldorf: Healthcare Provider 

Severity Meter

Risk to Business: 1.752 = Severe
Ransomware definitely blindsided Italian eyewear giant Luxottica, producer of popular brands including Ray-Ban, Oakley, Armani, Bulgari, Chanel, Prada, Ferrari, Giorgio Armani, Michael Kors, Burberry, Versace, Dolce and Gabbana, Miu Miu, and Tory Burch. The company’s brand websites and service provider websites for Ray-Ban, EyeMed, Pearle Vision, and Sunglass Hut went down after a ransomware attack disrupted operations worldwide. Investigation and restoration is ongoing.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can shut an organization down entirely, and these days bad actors are just as interested in disrupting business and manufacturing operations as stealing data.

ID Agent to the Rescue: Add 3 layers of protection against email threats like ransomware that can devastate your business with Graphus, the automated phishing guardian that’s on duty 24/7/365. LEARN MORE>>

Poland – BrandBQ 

https://www.infosecurity-magazine.com/news/fashion-retailer-brandbq-seven/

Exploit: Unsecured Database

BrandBQ – Fashion Retailer

Severity Meter

Risk to Business: 1.667 = Severe
An unsecured Elasticsearch database spelled trouble for Krakow-based fashion retailer BrandBQ. Security researchers uncovered the unencrypted Elasticsearch server on June 28 and BrandBQ finally secured it around a month later, but not before records for millions of clients were exposed. Observers reported one billion entries in the exposed database including 6.7 million records related to online customers, with each entry featuring personally identifiable information (PII) including full names, email and home addresses, dates of birth, phone numbers, and payment records (although not card details). Also available on the server were 50,000 records relating to local contractors in certain jurisdictions including VAT numbers and purchase information.

Severity Meter

Individual Risk: 2.863 = Severe
Information contained in this database sat unguarded and available to cybercriminals for at least a month. Clients of BrandBQ or any of its retail stores including online stores and operations in Poland, Romania, Hungary, Bulgaria, Slovakia, Ukraine, and the Czech Republic should be wary of spear phishing attempts using this data.

Customers Impacted: 7,000,000

How it Could Affect Your Customers’ Business: An exposed database of this magnitude is shocking, and it definitely indicates that your company isn’t following cybersecurity best practices like securing sensitive customer data with multifactor authentication.

ID Agent to the Rescue: Put Passly to work for you. This secure identity and access management solution includes all of the features that your business needs, like multifactor authentication and shared secured password vaults at a price that you’ll love. LEARN MORE>>

The Week in Breach – Australia & New Zealand

Australia – Trading Reference Australia

https://www.theguardian.com/australia-news/2020/sep/22/potential-data-breach-at-top-tenancy-blacklist-firm-trading-reference-australia-under-investigation

Exploit: Unauthorized Database Access

Trading References Australia: Digital Real Estate Services 

Severity Meter

Risk to Business: 2.077 = Severe
The Office of the Australian Information Commissioner is investigating a data breach at the keeper of one of Australia’s largest tenant information databases, Trading Reference Australia. In addition to real estate services, the company also maintains a legendary blacklist of tenants. No word yet on what data was stolen and the matter is in current litigation.

Individual Risk: No personal or financial data has been reported as compromised in this breach so far, but it remains under investigation.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Failing to keep information secure, especially damaging information like a tenant blacklist has the potential to be very messy as both a recovery operation and a regulatory headache. Data like this sells fast in the Dark Web data markets.

ID Agent to the Rescue: Reduce your risk of a cyberattack using credentials that have been compromised in a data breach like this one with 24/7/365 credential monitoring using Dark Web ID. SEE A DEMO>>

The Week in Breach – Asia & Pacific

Singapore – ShopBack

https://www.marketing-interactive.com/shopback-says-consumer-cashback-is-safe-despite-data-breach

Exploit: Unauthorized Database Access

ShopBack: Digital Coupon Company

Severity Meter

Risk to Business: 2.203= Moderate
Cashback reward app ShopBack has reported a data breach as a result of unauthorized access to company systems that contained customers’ personal data. Investigation of the incident is ongoing, but the company says that the damage included an extensive amount of exposed customer records that contained data such as users’ names, contact information, gender, date of birth, and bank account numbers. Singapore’s Personal Data Protection Commission is investigating.

Severity Meter

Individual Risk: 2.419 = Severe
The possibility of bank account information becoming compromised as well as PII opens consumers up to a variety of nasty potential consequences including identity theft, fraud, and dangerous spear phishing attacks.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Unauthorized access to systems containing consumer financial data like bank information is not just a PR disaster, it’s also a potential fine and compliance nightmare that can cost a fortune to clean up.

ID Agent to the Rescue: Secure access to your data and systems with the multifunctional capability of Passly, the cost-effective, efficient secure identity and access management tool that is ideal for making sure that the right people have access to the right things – and only the right people. SEE A DEMO>>

The Week in Breach Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch Up on What You Need to Know Right Now to Protect Your Business.

The Week in Breach: Featured Threat

Business Email Compromise is a Messy, Expensive, Preventable Disaster

Securing highly privileged executive and administrator accounts has to be a high priority for every business

Business email compromise is a nightmare proposition for any company. Trading firm Virtu Financial learned that lesson the hard way in May 2020 when it lost it lost $6.9 million in a nasty incident.

The scam took off when a hacker accessed the email account of one of its executives, reading and analyzing that account’s email for at least two weeks. In phase two, the hacker altered the account’s settings and started sensing out their own fraudulent emails.

The cybercriminals involved then moved into phase 3 of the scam. After monkeying with the inbox rules to hide certain messages from being seen by the account owner they sprung the most important phase of their plan: sending a series of emails to the company’s accounting department asking it to issue two wire transfers to banks in China.

The accounting department didn’t see any red flags, and the two transfers, totaling about $10.8 million, were sent in due course in late May 2020. Shortly after the transfers were made, a routine audit clued accounting staffers into possible trouble but the damage was done, and Virtu Financial was only able to freeze $3.8 million of the money.

This whole nightmare stemmed from a single compromised executive email account. While the integrity of every credential is important to maintain security, executive and administrator credentials can cause the most damage to a company, as Virtu Financial learned to their peril.

It’s essential that every account for every user is under the umbrella of a strong secure identity and access management solution to prevent these incidents. Account compromise like this is frequently the result of a password compromise.

No matter how it’s obtained, whether it’s through spear phishing or it’s a lucky break from a credential stuffing attack, that compromised executive password can be neutralized when a second credential is needed to login to the endangered account. Plus, secure shared password vaults enable companies and IT teams to keep passwords for essential systems and access points especially protected.

Secure identity and access management was cited as the top priority of CISOs in a recent study on 2021 cybersecurity planning, and one reason it tops the list is that it goes a long way toward preventing disasters like this. Add Passly to your security offerings now to be ahead of the curve when it comes to securing your clients against business email compromise.

The Week in Breach: A note for our customers

Malicious Insiders Could Be Just Around the Corner

Cybersecurity risks don’t just come from outside your business. Sometimes, it’s the new staffer in payroll or the disgruntled clerk in receiving that pose your biggest cybersecurity threat and you may not even notice them until it’s too late, like Shopify this week.

But it’s not difficult or expensive to take sensible precautions against potentially malicious employees and you should do that right away – because it will happen to you. Insider threats like this are a never-ending source of worry for business owners, and that’s why secure identity and access management should be at the top of your list for solutions that help prevent malicious insiders from stealing sensitive information.

Using a dynamic secure identity and access management tool like Passly gives you more control over who has access to what, enabling tight controls on sensitive data. It also adds protection against your staffers selling their login credentials by adding multifactor authentication. And if you do have a malicious inside incident, single sign-on LauncPads for every user makes it easy for your security team to cut off access for a user and limit the damage.

Security experts at companies around the globe agree – secure identity and access management is a key component of a strong cybersecurity defense that acts as a major deterrent to malicious insiders. Adding a cost-effective solution like Passly to your security plan now can save you a fortune in incident recovery costs and heartache later.

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

 

GET HELP NOW