The Week In Breach 09/30/2020 - 10/06/2020

by Wally Moore

on October 7, 2020

in Data Breach

Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

October 7th, 2020 by Kevin Lancaster

This Week in Breach: Ransomware hits the high seas at the United Nations International Maritime Organization, Aussie Scouts staffers aren’t picking up a “Phishing Resistance” merit badge anytime soon, a look at rising ransomware costs and rates, plus two new webinars to teach you how to think like a hacker to defeat cybercrime!

Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

The Week in Breach – United States 

United States –  Arthur J. Gallagher & Co. 

https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html

Exploit: Ransomware

Arthur J. Gallagher & Co.: Insurance Brokerage 

Severity Meter

Risk to Business: 2.119 = Severe
Ransomware struck at insurance giant Arthur J. Gallagher last week, according to the company’s Untied States Securities and Exchange Commission filing. The report went on to note that a limited portion of its internal systems were impacted and its operations were able to continue. Security researchers suspect that bad actors were able to exploit a known security flaw in the company’s servers to gain entry.

Individual Risk: So far, no personal data from clients or employees was noted as exposed in the breach, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nowadays, ransomware operators aren’t just seeking ways to steal data – they also want to disrupt operations to cause damage.

ID Agent to the Rescue: Get Graphus, the powerful automatic phishing defender that evolves with your business, to protect your company from phishing-based email threats like ransomware. LEARN MORE>>

United States – Cache Creek Casino

https://www.dailydemocrat.com/2020/09/30/cyberattack-shuts-down-cache-creek-casino/

Exploit: Ransomware

Cache Creek Casino: Resort

Severity Meter

Risk to Business: 1.492 = Extreme
Ransomware cleaned up at Cache Creek Casino in California, shutting down operations at the popular gambling destination just as it began recovering from a COVID-19 closure earlier this year. No reopening date has been set as the investigation and recovery continues. Other businesses including a golf club and shopping at the complex remain open. Cache Creek Casino is part of Cache Creek Casino Resort, one of Northern California’s largest casino-resort destinations, is owned and operated by the Yocha Dehe Wintun Nation.

Individual Risk: No individual information was reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: More than 60% of businesses that experience a damaging cyberattack close – and it’s even more dangerous now as businesses try to recover from COVID-19 closures.

ID Agent to the Rescue: BullPhish ID is the easy, cost-effective solution that helps companies train staffers to be aware of phishing (and ransomware) risks including “set it and forget it” campaign management and plug-and-play training kits. LEARN MORE>>

United States – District of Columbia Bar Association 

https://techcrunch.com/2020/09/30/district-columbia-bar-exposed-personal-data/

Exploit: Unsecured Database

District of Columbia Bar Association: Regulatory Body

Severity Meter

Risk to Business: 2.077 = Severe
An unsecured Elasticsearch server appears to be at fault for a data breach involving the personal data of new lawyers applying to test before the bar at the District of Columbia Bar Association. A whistleblower complaint was first submitted to the association in August, but resolution was slow, and applicant data may have leaked for some time before it was fixed. The DC Bar claims that only one record was exposed, but researchers and applicants who discovered the breach dispute that claim.

Severity Meter

Individual Risk: 2.206 = Severe
Documents uploaded by applicants that may have been exposed include documents containing personal information like names, phone numbers, email addresses, Social Security numbers, the applicant’s full employment history, previous home addresses, and any disciplinary records provided.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Serious personal information deserves serious security. Any company that collects sensitive information about clients or applicants needs to do due diligence to determine that the information is properly secured.

ID Agent to the Rescue: Don’t let your business just walk into a preventable cybersecurity incident like the failure to secure a database. Make sure that staffers are adhering to basic security best practices with security awareness training from ID Agent. LEARN MORE>>

United States – Clark County School District

https://www.wsj.com/articles/hacker-releases-information-on-las-vegas-area-students-after-officials-dont-pay-ransom-11601297930

Exploit: Ransomware

Clark County School District: Education System

Severity Meter

Risk to Business: 1.871 = Severe
Cybercriminals have followed through on their threats to release the information that they’d snatched about students after officials refused to pay the ransom demanded to release it. Students in the Clark County School District, Las Vegas, Nevada discovered over the weekend that their school records had been dumped on the Dark Web.

Severity Meter

Risk to Individual: 1.660 = Severe
The leak included detailed personal and student record information including students’ names, social security numbers, addresses, and some financial information as well as grades, testing, awards, and disciplinary reports. Impacted students should be wary of spear phishing or identity theft attempts.

Customers Impacted: 320,000

How it Could Affect Your Customers’ Business: Failing to institute regular security awareness training including phishing resistance leaves organizations ripe for ransomware – and cybercriminals are more than willing to double down on ransom demands.

ID Agent to the Rescue: BullPhish ID enables organizations of any size to implement phishing resistance training quickly and easily, bringing staffers up to date on the latest threats without breaking the bank. LEARN MORE>>

United States – eResearch Technology

https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/

Exploit: Ransomware

eResearch Technology: Medical Research Technology Provider

Severity Meter

Risk to Business: 1.330 = Extreme
In a disturbing turn of events, eResearch Technology was severely impacted by a ransomware attack that slowed down progress on COVID-19 vaccine and treatment research. The provider of technology that enables clinical trials and data sharing at organizations including AstraZeneca, Oxford University, and Bristol Myers Squibb, reported that its employees could not access many systems. That in turn affected clinical trials in progress as researchers were forced to track patient data manually using pen and paper. Systems were down for several days for repair.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services and attacks in the medical sector have been escalating – just last week healthcare giant Universal Health Services was walloped by ransomware and is still recovering.

ID Agent to the Rescue: Ransomware is almost always the nasty payload of a phishing email. Automate your company’s defense against phishing with Graphus to stop ransomware in its tracks. SEE HOW IT WORKS>>

United States – Oaklawn Hospital

https://www.beckershospitalreview.com/cybersecurity/michigan-hospital-email-phishing-attack-exposes-26-861-patients-info-4-notes.html

Exploit: Phishing

Oaklawn Hospital: Medical Care Provider 

Severity Meter

Risk to Business: 2.126 = Severe
Multiple successful phishing forays at Michigan’s Oaklawn Hospital netted a wealth of information for cybercriminals. After gaining access to several employee email accounts, cybercriminals were able to exfiltrate patient data. The attack is believed to have occurred in April 2020 but was just disclosed in a filing.

Severity Meter

Individual Risk: 1.811 = Severe
Patient information exposed as a result of the incident included names, passwords, dates of birth, addresses, phone numbers, medical and health insurance numbers, Social Security numbers, financial account information, and driver’s license numbers. Impacted patients should be alert to potential phishing and fraud attempts.

Customers Impacted: 26,861

How it Could Affect Your Customers’ Business: Not only does a data breach leave a huge mess of expensive cleanup behind, in many industries like healthcare, a data breach can also mean your organization will be paying big regulatory penalties and fines too.

ID Agent to the Rescue: Information like the patient data obtained in this breach is a hot seller on the Dark Web. Prevent leaked credentials from giving cybercriminals a route into your systems and data with 24/7/365 credential monitoring using Dark Web ID. SEE DARK WEB ID IN ACTION>>

United States – Piedmont Cancer Institute

https://www.beckershospitalreview.com/cybersecurity/piedmont-cancer-institute-email-phishing-incident-exposes-5-226-patients-info.html

Exploit: Phishing

Piedmont Cancer Institute: Specialty Medical Clinic

Severity Meter

Risk to Business: 2.234 = Severe
Atlanta-based Piedmont Cancer Institute experienced a data breach exposing patient records and other sensitive information after an employee fell for a phishing attack. The incident occurred in a window stretching from mid April to early May and was just disclosed.

Severity Meter

Individual Risk: 2.206 = Severe
Patient information exposed due to the email hack includes names, dates of birth, financial account information, and credit/debit card information. Patients who have been affected have been informed and should be alert for identity theft since payment card information was part of this breach.

Customers Impacted: 5,226

How it Could Affect Your Customers’ Business: Securing access to sensitive data is essential. Piedmont Cancer Institute is adding multifactor authentication to combat future incursions, a must-have for every business.

ID Agent to the Rescue: Passly packs essential secure identity and access management tools like multifactor authentication, single sign-on, secure shared password vaults, and more in one cost-effective package. LEARN MORE>>

The Week in Breach – Canada

Canada – Telus/Medisys

https://globalnews.ca/news/7367127/medisys-data-breach/

Exploit: Ransomware

Medisys: Healthcare Provider 

Severity Meter

Risk to Business: 2.391 = Severe
Medisys just disclosed that it had been impacted by ransomware, exposing 60,000 patient records. A division of Telus, Medisys operates clinics in British Columbia and Alberta providing preventive health-care services under the name Copeman Clinics. The company chose to retrieve the stolen data by paying the ransom.

Severity Meter

Individual Risk: 1.866 = Severe
The company estimates that the breach disclosed information for about 5% of its clients, but the investigation continues. Stolen information for impacted patients includes names, contact information, provincial health numbers, and test results. Clients’ financial information and social insurance numbers were not affected.

Customers Impacted: 60,000

How it Could Affect Your Customers’ Business: Phishing-based email threats are a danger for any company, and they’re only increasing as cybercriminals take advantage of a wealth of cheap data and software for conducting these attacks on the Dark Web.

ID Agent to the Rescue: In tumultuous times, every company needs to have a strong suite of solutions in place to protect their systems and data in an increasingly dangerous threat landscape. Our digital risk protection platform provides that power at a price you’ll love. SEE OUR SOLUTIONS>>

The Week in Breach – United Kingdom & European Union

United Kingdom –  International Maritime Organization (UN IMO) 

https://www.infosecurity-magazine.com/news/un-shipping-agency-offline/

Exploit: Ransomware

UN IMO: Shipping Safety Regulatory Authority

Severity Meter

Risk to Business: 2.071 = Severe
Ransomware chose UN IMO as it’s newest port of call last week, taking several key systems offline at the regulatory organization. In an announcement, UN IMO reported that its Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its Virtual Publications service had been knocked down by the attack. Restoration and recovery is underway, and most systems have been restored.

Individual Risk: No personal information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The number one way for ransomware to land at your business is through a phishing email. Increasing security awareness training including phishing resistance training is essential for preventing cybercrime like ransomware from impacting your organization.

ID Agent to the Rescue: BullPhish ID makes your staffers more wary of suspicious messages. Featuring easy remote management and plug-and-play training kits in 8 languages, BullPhish ID is ideal for training an in-office or remote workforce. SEE BULLPHISH ID IN ACTION>>

Switzerland – Swatch

https://www.reuters.com/article/us-swatch-ch-cyber/swatch-shuts-down-some-technology-systems-after-cyberattack-idINKBN26K1F8

Exploit: Ransomware

Swatch: Watchmaker

Severity Meter

Risk to Business: 2.301 = Severe
World-renowned watchmaker Swatch was hit with ransomware that impacted several of its systems, causing disruptions throughout its operations for several days. Some systems weren’t directly affected but were shut down to mitigate damage and stem the tide of the infection. The company did not identify the exact type of ransomware used but indicated in a statement that it was aware of the culprit and would be pursuing legal action accordingly.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware doesn’t always allow thieves to steal data – sometimes cybercriminals want to shut a business down by stopping production or impacting other business operations to cause disruption.

ID Agent to the Rescue: Don’t let ransomware shut down your operations. Put 3 layers of protection against email threats like ransomware and your business with Graphus, the automated phishing guardian that’s on duty 24/7/365. LEARN MORE>>

The Week in Breach – Australia & New Zealand

Australia – Scouts Victoria

https://portswigger.net/daily-swig/scouts-victoria-reports-data-breach-after-employee-duped-by-phishing-campaign

Exploit: Phishing

Scouts Victoria: Youth Organization

Severity Meter

Risk to Business: 2.227 = Severe
Someone needs to spend more time working on their “Phishing Defense” merit badge at Scouts Victoria after an employee fell for a phishing attack exposing the personally identifiable data of thousands of members. The youth organization provides empowerment, community support, and job training for young people. The incident happened in late July and August 2020. Scouts Victoria said it has notified the victims of the breach and has contacted relevant government authorities, including the Office of the Australian Information Commissioner (OAIC) and the Department of Human Resources.

Severity Meter

Individual Risk: 2.317 = Severe
Sensitive information including names, phone numbers, credit card information, ID documents including passport information and driver’s license details, and bank details were exposed ion the breach, but it’s unclear if that data belongs to youth members, parents of members, or adult volunteers.

Customers Impacted: 900 estimated at this time, but the organization’s full membership includes 17,000 youth members and 5,000 adult volunteers.

How it Could Affect Your Customers’ Business: Phishing is a dangerous proposition that every business faces daily, but businesses who store sensitive information, especially about children, need to be sure that their data is protected even if a staffer falls for a phishing attack.

ID Agent to the Rescue: Add an essential second layer of protection between the bad guys and your data with secure identity and access management controls like multifactor authentication with Passly. SEE A DEMO>>

The Week in Breach – Asia & Pacific

India – Edureka

https://inc42.com/buzz/edureka-suffers-server-breach-data-of-2-mn-users-exposed/

Exploit: Unsecured Database

Edureka: Education Technology Provider

Severity Meter

Risk to Business: 1.866= Severe
Cybersecurity researchers discovered an unsecured Elasticsearch server belonging to Indian education technology service Edureka that was overflowing with information for bad actors to savor – 25 gigabytes of fresh data, containing more than 45 million breached records of personal data from users. Many of the records were duplicates or fragments, obfuscating the real impact. After informing the company and not receiving a response, the researchers informed the Indian Computer Emergency Response Team (CERT-In) and the server was secured.

Severity Meter

Individual Risk: 2.661 = Moderate
The exposed server contained names, addresses, and phone numbers for users primarily located in India, although some US users were also impacted.

Customers Impacted: 2 million estimated

How it Could Affect Your Customers’ Business: Failing to secure a server is a rookie move and an indication that a company may not be using cybersecurity best practices elsewhere in the organization.

ID Agent to the Rescue: Data like this generally ends up in a Dark Web data dump, the fuel that empowers cybercrime with millions of PII records, email addresses, and passwords. Protect your company from password compromise due to Dark Web data dumps and be alerted if any of your protected credentials appear in one with Dark Web ID. SEE THE POWER OF DARK WEB ID>>

The Week in Breach Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

The Week in Breach: New Resources

Phishing Confidential: Offense and Defense Playbooks of a Phishing Attack

To win any war, you need to be able to understand both sides – what they’re after, what tools they can use, and how to stop them. In this webinar, we bring together two experts in phishing to demonstrate the offensive and defensive sides of a phishing attack, as well as show you innovative ways to protect your clients from today’s biggest threat.  

  • Renowned Hacking Expert & ID Agent Security Analyst Duncan Miller will demonstrate live how phishing-related cyberattacks endanger businesses
  • Phishing Defense Master & CEO of Graphus Manoj Srivastava will show you how to defend your businesses from phishing-related cyberattack danger
  • Go inside phishing attacks with a court-side view and learn the tricks of the trade to plan an effective phishing defense

A Cybersecurity Trilogy – Predict: A New Idea 

Take a deep dive into the reasons why social engineering attacks can be so successful as you learn how hackers use psychological tricks to influence user behavior and get that fatal click on a malicious link in a phishing email. Get insight into puzzles like how bad actors capitalize on fear and confusion around subjects like COVID-19 to land more effective attacks. 

You’ll learn:

  • What makes cybercriminal traps so enticing with Cybersecurity & Human Behavior expert Jessica Barker (named one of the Top 20 Most Influential Women in Cyber Security in the UK)
  • How social engineering drives cybercrime like phishing with Minoj Srivastava, CEO of Graphus

The Week in Breach: Featured Briefing

Cybersecurity Awareness Training is a Win for You and Your Clients

In a challenging economy, every client is looking for a way to save money – and every corner of the budget is on the table. That makes it hard to convince them of the importance of things like security awareness and phishing resistance training when intangibles always look like a good place to economize.

In 2020, 80% of firms have seen an increase in cyberattacks, and phishing attempts have increased by more than 660% since March 1, 2020. In these tumultuous times, companies can’t afford to ignore the benefits of training to save money. Businesses that engage in regular security awareness training like phishing resistance training have up to 70% fewer expensive, damaging cybersecurity incidents, making security awareness training a clear cost-benefit proposition.

Phishing resistance training definitely provides measurable value. Today, 90% of incidents that end in a data breach start with a phishing email. It’s just smart to increase phishing resistance training to mitigate that risk. Plus, since more than 80% of all reported cybercrime is phishing-based, it’s a smart bet to invest resources in phishing resistance training.

The damage related to cybercrime is projected to hit $6 trillion annually by 2021, and the average cost of a data breach in 2020 is $3.86 million. Anything that a company can do to avoid similar costs should be right at the top of their essential expenses list, and that includes security awareness and phishing resistance training.

The Week in Breach: A Note for Your Customers

Ransomware Incidents and Expenses Are on the Rise – and No Business is Safe  

Ransomware is a terrifying threat that every business is facing these days and a favored tool of cybercriminals. Ransomware incidents are becoming more frequent, and both ransoms and recoveries are growing more expensive. Here are our best tips for avoiding getting caught up by expensive, damaging ransomware. 

Add an automated phishing defense solution. Your employees can’t click on a ransomware-laden email if they never get it. Automated phishing protection using a smart solution like Graphus reduces the chances of a dangerous email reaching your employees and also provides warnings to call out unusual communications.

Never stop training. Cybercriminals are constantly updating their phishing attack playbooks. Shouldn’t you be constantly updating your phishing resistance training to fight back? When you use BullPhish ID for phishing awareness training, you have access to more than 100 plug-and-play phishing simulation kits, with new kits added every month to ensure that you’re training for the latest threats.

Lock your doors. Take the sting out of a stolen, phished, or cracked password by adding secure identity and access management to your defenses. It’s a recommended mitigation for cybercrime by the FBI. Choose a multifunctional solution like Passly to get all of the features that you need like multifactor authentication, secure shared password vaults, and easy remote management, in one affordable package.

By making a few simple and affordable tweaks to your defensive security plan, you can add several shields to protect your systems and data (and your bottom line) from the devastating effect of a ransomware disaster.

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW