The Week In Breach: 4/29/2020 - 5/5/2020

by Wally Moore

on May 6, 2020

in Data Breach

The Week In Breach-5.4.20

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology.

One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types.

With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

May 6th, 2020 by Kevin Lancaster

This week, phishing scams compromise patient data, ransomware disrupts remote work, the sale of the world’s largest whiskey collection is thwarted, and employees struggle to deter cybersecurity threats while working from home.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1-10

United States – Ambry Genetics 

https://securityboulevard.com/2020/04/medical-information-of-233000-individuals-exposed-after-genetic-testing-lab-hack/

Exploit: Phishing scam  

Ambry Genetics: Genetic testing laboratory  

gauge indicating extreme risk

Risk to Small Business: 1.373 = Extreme
An employee failed to identify a phishing scam, interacting with the message and giving hackers access to patient data between January 22, 2020, and January 24, 2020. However, the incident wasn’t reported until March 22nd, as the company struggled to dedicate resources to cybersecurity while it transitioned to remote work. In total, the breach is the second largest healthcare breach of the year, and, although the company is updating its cybersecurity practices in response to the incident, they will need to navigate a challenging recovery process during a pandemic.

gauge indicating extreme risk

Individual Risk: 1.290 = Extreme
Hackers had access to patient data, including names, medical information, genetic-specific information, and a limited amount of Social Security numbers. This information has a strong market on the Dark Web, and those impacted by the breach should take steps to guard themselves against medical or identity theft. To support victims, Ambry Genetics is offering free identity monitoring services for a year. Also, those impacted by the breach should monitor their digital communications for potential spear-phishing messages that could compromise additional data.    

Customers Impacted: 233,000

How it Could Affect Your Customers’ Business: Healthcare services collect and store peoples’ most sensitive personal information, and they are a top target for cybercriminals during the COVID-19 pandemic. Rather than reacting to a cybersecurity incident, companies should take a proactive stance to protect PII. The incredible rise in phishing scams targeting healthcare facilities during this time should make employee awareness training a top priority.  

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – now with COVID-19 scam awareness kits. Click the link to get started: https://www.idagent.com/bullphish-id

United States – CivicSmart   

https://statescoop.com/smart-parking-meter-vendor-data-stolen-ransomware-attack/

Exploit: Ransomware

CivicSmart: Smart parking meter technology producer 

gauge showing severe risk

Risk to Small Business: 2.130 = Severe
A ransomware attack encrypted CivicSmart’s network and exfiltrated company and customer data. The attack, which took place in March, was identified when hackers threatened to publish 159 gigabytes of sensitive data online. To prevent publication, the company paid an undisclosed ransom, and the files were brought offline. However, CivicSmart can’t rest easy. Despite promises to delete the information, it’s unlikely that cybercriminals will destroy valuable resources, which means that the stolen data could come back to haunt the company or its customers.  

image-78

Individual Risk: 2.671 = Severe
Although the details are unclear, CivicSmart’s platform collects peoples’ personal and payment information as part of its smart parking meter service. What’s more, it partners with a variety of mobile apps and parking-garage vendors that could also be compromised in the breach. As a precaution, those impacted by the breach should notify their financial institutions of the incident, while carefully scrutinizing incoming messages for signs of a spear phishing scam.    

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even before bad actors began exfiltrating data, ransomware attacks were uniquely costly and incredibly destructive. Today, companies can expect that a ransomware attack will double as a data breach, giving every organization millions of reasons to ensure that their networks are guarded against this especially problematic malware. 

United States – Saint Francis Ministries 

https://curated.tncontentexchange.com/states/kansas/saint-francis-ministries-provides-notice-of-email-incident/article_89591d55-2275-5bb7-8910-b6a62e6c3bb9.html

Exploit: Phishing scam

Saint Francis Ministries: Non-profit organization  

gauge showing severe risk

Risk to Small Business: 1.583 = Severe
An employee interacted with a phishing scam that provided hackers with access to company IT. The breach, which was first identified on December 19, 2019, gave hackers access to user data between December 13, 2019, and December 20, 2019. However, it would be another two months before the organization understood the full scope of the breach. What’s more, it took until March 24, 2020, to determine that the breach included peoples’ personal data, and Saint Francis Ministries is just now notifying the public of the incident.  

gauge showing severe risk

Individual Risk: 1.677 = Severe
The impacted email account contained peoples’ personally identifiable information, including names, Social Security numbers, dates of birth, driver’s license numbers, state ID information, bank account details, treatment and diagnosis information, account credentials, and other healthcare data. This comprehensive breach could have far-reaching ramifications for victims, who will need to protect themselves against future data misuse. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Whether hackers extract account credentials through phishing scams, purchase them on the Dark Web, or otherwise acquire this valuable data, organizations need to be prepared to protect accounts even when account information is compromised. Enabling easy-to-use tools like two-factor authentication is a natural first step.

ID Agent to the Rescue: With Passly, you can protect your employees’ digital identities, data, and business continuity. We offer integrated multi-factor authentication, single sign-on, and password management solutions to protect your credentials and your data. Find out more at https://www.idagent.com/passly

United States – LearnPress 

https://www.darkreading.com/vulnerabilities—threats/researchers-find-vulnerabilities-in-popular-remote-learning-plug-ins/d/d-id/1337697

Exploit: Software vulnerability

LearnPress: WordPress plug-in 

gauge showing severe risk

Risk to Small Business: 1.708 = Severe
Cybersecurity researchers identified flaws in the LearnPress plug-in that could allow hackers to access student information, steal money from course creators, or to alter their access privileges to become teachers. The popular WordPress plug-in is used by more than 100,000 schools, organizations, and content creators who rely on these digital services even more now that eLearning is the de-facto presentation method for nearly all students.    

Individual Risk: At this time, there is no evidence that personal information was compromised in the breach. However, users should carefully monitor their accounts and credentials for misuse or abuse.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Developers took steps to repair the vulnerability, but businesses that want to thrive in our altered digital environment will need to identify threats before their products reach the public. As other organizations have discovered, the COVID-19 pandemic can be an excellent time to demonstrate strength or expose yourself to issues that will erode your brand’s image long after the crisis abates.

ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.  

Canada – Northwest Territories Power Corporation 

https://www.cbc.ca/news/canada/north/ntpc-apparent-ransomware-attack-1.5551603

Exploit: Ransomware 

Northwest Territories Power Corporation: Electricity provider

gauge indicating severe risk

Risk to Small Business: 1.571 = Severe
A ransomware attack disabled the power provider’s servers and email accounts. Website visitors were abruptly greeted by a message from the hackers notifying them of the attack and providing steps to purchase a decryption key to unlock the data. The event brought dismay from consumers who lamented another hurdle in an already tumultuous time. What’s more, it’s unclear if the company will be able to restore services from backup files, meaning they will likely have an expensive path to recovery.  

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks can feel random and inevitable. In reality, they always require an access point, and companies can take steps to defend their digital environment from these attacks. For instance, assessing your network for vulnerabilities and identifying compromised login credentials can go a long way toward ensuring that your company isn’t the next victim.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web IDTM is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United Kingdom – Zaha Hadid Architects 

https://www.cisomag.com/zaha-hadid-architects-suffers-a-ransomware-attack/

Exploit: Ransomware 

Zaha Hadid Architects: Architectural design firm

gauge showing severe risk

Risk to Small Business: 2.207 = Severe
A ransomware attack forced Zaha Hadid Architects to bring its network offline, disrupting its remote operations as its distributed teams work from home during the COVID-19 pandemic. Fortunately, the company restored operations using backup data, but they were unable to determine the specific data sets that hackers exhilarated before encrypting the network. As a result, the consequences will likely continue, as those responsible try to extract financial value from their efforts.  

Individual Risk: At this time, it’s unclear if personal data was compromised in the breach. However, employees and customers should be especially vigilant to monitor their accounts and messages for unusual activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: As companies battle to remain productive and profitable during the COVID-19 crisis, ransomware remains a constant threat to both priorities. Now, more than ever, every company needs to ensure that its defensive posture is ready to address this growing threat.  

EU – Proton Technologies AG    

https://threatpost.com/data-leak-gdpr-advice-site/155199/

Exploit: Exposed database

Proton Technologies AG: GDPR compliance advice website

gauge showing severe risk

Risk to Small Business: 1.672 = Severe
An exposed database compromised users’ login credentials on GDPR.EU, an advice site for organizations striving to improve data privacy compliance that is partially sponsored by the Horizon 2020 Framework Programme, an EU research program. The ironic cybersecurity incident was easily-identifiable by cybersecurity researchers, who reported the vulnerability to developers. For a company that relies on institutional funding to power its platform, this incident is an embarrassing failure that could impact its long-term viability as a government partner.

gauge indicating moderate risk

Individual Risk: 2.509 = Moderate
The breach compromised usernames and passwords, and victims should immediately reset their account credentials. In addition, any accounts that use the same username and password combination could also be compromised, and users should immediately update that information. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: While we rightly give a lot of attention to the financial cost of a data breach, many organizations fail to appraise the reputational damage that accompanies a cybersecurity incident. Especially for organizations predicated on their data privacy expertise, even a relatively small oversight can have significant consequences.

ID Agent to the Rescue: Passly protects employees’ digital identities, data, and business continuity through an integrated multi-factor authentication, single sign-on, and password management solution. Learn more at https://www.idagent.com/passly.    

Australia – WhiskyAuctioneer.com  

https://www.theguardian.com/technology/2020/apr/25/online-auction-of-record-breaking-whisky-collection-hit-by-cyber-attack

Exploit: DDoS attack 

WhiskyAuctioneer.com: Online auction platform

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.393 = Severe
A DDoS attack disrupted and ultimately forced the cancellation of an auction of the largest private whisky collection for public sale. The event was expected to net millions of dollars, and the cancellation will undoubtedly hurt the company’s bottom line. To protect critical data, the company was forced to bring its website offline, and members are encouraged to stay alert for future breach notifications.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even before COVID-19 forced everyone online, many people already preferred digital platforms to in-person buying experiences. Of course, the pandemic has only accelerated this trend, which means that companies looking to capitalize on digital platforms need to ensure that they are safe, secure amidst a rapidly expanding threat landscape.

ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager.   

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Many Employees Feel Vulnerable to Cyberattacks   

A survey of more than 1,500 UK employees found widespread fear of becoming the victim of a cyberattack following the national order to impose social distancing and transition to remote work. 49% of respondents indicated that they lack confidence in their computer hardware, and 42% reported receiving a suspicious email while working from home.  

Notably, 18% indicated that they’d experienced a cybersecurity event while working from home, and more than half of breach victims indicated a malicious email was to blame. Phishing attacks have soared, up over 600% in the wake of COVID-19. 

While some participants felt that their employers provided helpful defensive tools, like antivirus software or access to a VPN service, only 28% received specific training for the endpoints and applications that comprise their workflow.  

The risks of remote work are well-documented, and with this arrangement likely to continue for the foreseeable future, now is the perfect time to ensure that your employees have the tools necessary to protect your valuable data.   

https://www.techradar.com/uk/news/half-of-remote-workers-feel-vulnerable-to-growing-cyberattacks

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW