The Week In Breach 6/24/2020 to 6/30/2020

by Wally Moore

on July 1, 2020

in Data Breach

The Week In Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

July 1st, 2020 by ID Agent

This Week in Cybersecurity News: Healthcare data breaches keep climbing, Twitter apologizes for its breach, and Australian cyberattacks illustrate the importance of basic training.

Cybersecurity News: Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1-10

Cybersecurity News: United States 

United States – Twitter 

https://latesthackingnews.com/2020/06/29/twitter-admits-business-data-breach-for-some-users-and-conveys-apologies/

Exploit: Accidental Data Sharing

Twitter: Social Media Platform 

Severity Meter

Risk to Small Business: 2.602 = Moderate
Twitter sent a notification to business clients last week acknowledging a data breach that exposed the personal and billing information of some users. The breach occurred due to an issue that led to some users’ sensitive information being stored in the browser’s cache. Twitter explained that it recently became aware of this issue. Business users were warned that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter your account’s billing information may be at risk.

Severity Meter

Individual Risk: 2.602 = Moderate
Twitter did not release an estimate of the accounts affected, but it did specify that only business customers were at risk, and only a percentage of business customers had any details exposed. The leaked information potentially included email addresses, users’ contact numbers, and the last four digits of credit card numbers used for Ads accounts. Twitter business customers should monitor potentially affected payment accounts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Information like this quickly makes its way to the Dark Web, setting businesses up for cyberattacks including spear phishing attempts. In addition, failing to guard a business customer’s recurring payment information can negatively impact their relationship with that service provider.  

ID Agent to the Rescue: Dark Web ID enables companies to keep an eye on potentially compromised credentials and contact information for privileged accounts, like executives and administrators who have access to major corporate vendor accounts and credit cards. LEARN MORE >>

United States – AMT Healthcare

https://portswigger.net/daily-swig/amt-healthcare-data-breach-impacts-nearly-50-000-patients

Exploit: Internal Email Account Compromise 

AMT Healthcare: Medical Care Solutions Provider 

Severity Meter

Risk to Small Business: 1.662 = Severe
AMT Healthcare revealed this week that it had experienced a data breach affecting a large pool of customers in December 2019 that was discovered through suspicious activity on an employee email account. The California-based company recently completed an investigation into the incident and contacted those who were affected. Potentially compromised data includes patient names, Social Security numbers, medical record numbers, diagnosis information, health insurance policy information, medical history information, and driver’s license/state identification numbers.

Severity Meter

Individual Risk: 1.899 = Severe
Anyone that may be at risk of compromise was informed this week. Extremely sensitive data was compromised in this breach, and those affected should beware of the potential for fraud, identity theft, and spear phishing attempts that this stolen data creates. A filing of the account posted to the breach portal at the U.S. Department of Health and Human Services noted that potentially affected patients are being offered free credit monitoring services. 

Customers Impacted: 47,767 

How it Could Affect Your Customers’ Business: When clients choose to do sensitive business with a company, they’re also trusting that company to guard their information. This imperative is even stronger for companies that collect health information. Not only does a data breach cost healthcare organizations patient confidence, but it also costs a fortune in HIPPA-related fines. 

ID Agent to the Rescue: Insider threats like a compromised email account can result from the actions of malicious insiders or careless staffers. Learn to spot and stop insider threats in our “Combatting Insider Threats” resource package, including a free eBook. GET IT NOW>>

United States – CentralSquare Technologies

https://www.databreachtoday.com/payment-card-skimmer-attacks-hit-8-cities-a-14512

Exploit: Malware 

CentralSquare Technologies: Public Sector Services Provider

Severity Meter

Risk to Small Business: 1.977 = Severe
Eight cities in three U.S. states that use CentralSquare’s Click2Gov payment systems for municipal transactions were recently affected by a payment card skimming attack that exploited a software vulnerability in the Click2Gov platform. Using Magecart-style malware designed specifically to work on Click2Gov payment sites, cybercriminals were able to capture payment card information from people using the affected Click2Gov sites to make municipal services transactions like paying bills or fines. The attacks began in April 2020 and are ongoing. Reports note that 5 of the 8 cities affected were also targeted in attacks in 2019. The names of the affected cities were not released.  

Severity Meter

Individual Risk: 2.378 = Severe
Financial data was directly compromised in this attack,including payment card numbers, expiration dates, and CVV. Similar information from previous attacks against Click2Gov in 2019 and 2018 was made available on the Dark Web quickly. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Payment skimming malware is an increasing threat for any business that processes online payments. Compromised financial and identity information can also hang around in Dark Web markets for a long time, creating continued risk.  

ID Agent to the Rescue: Dark Web ID monitors the Dark Web 24/7/365 using human and machine intelligence to uncover potential threats, like stolen data and compromised credentials, and alert you to danger so that you can take action. SEE HOW IT WORKS>>

United States – University of California San Francisco 

https://www.infosecurity-magazine.com/news/ucsf-pays-114m-ransomware-fee/

Exploit: Ransomware 

University of California San Francisco: Education and Research Institution 

Severity Meter

Risk to Small Business: 1.275 = Extreme
The University of California San Francisco (UCSF) confirmed this week that it paid cybercriminals $1.14 million to decrypt data following a ransomware attack. Although UCSF was able to detect the incident quickly, it was not fast enough to allow cybersecurity teams to quarantine the affected servers, and a significant portion of its medical school and research data was encrypted. The ransom was demanded to free essential COVID-19 research data that was captured in an intrusion on June 1. Reports indicate that UCSF was one of four academic institutions targeted in a single week by the Netwalker ransomware group.  

Individual Risk: No patient or personal data was reported as compromised at this time. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Ransomware is a growing menace to every organization, and it’s not just sensitive business or financial data that Dark Web criminals are after. Research data has become an increasingly hot commodity. Paying ransoms to cybercriminals to decrypt research data sets a dangerous precedent. Collecting large sums will embolden other groups that can take down big fish to score big paydays.  

ID Agent to the Rescue: The most common way that a system becomes infected with ransomware is through phishing. Don’t allow staff training updates to lag as you wait for things to slow down. BullPhish ID includes phishing resistance training kits that are perfect for training in office and remote staffers featuring video content and online testing to judge user competence in 8 languages. LEARN MORE>> 

Cybersecurity News: Canada

Canada – OneClass

https://securityboulevard.com/2020/06/e-learning-platform-exposes-personal-information-of-over-1-million-north-american-students/

Exploit: Unsecured Database Access 

OneClass: E-learning Platform 

Severity Meter

Risk to Small Business: 1.407 = Extreme
An unsecured Amazon Secure Storage Services bucket is the culprit for a data breach at North American education services provider OneClass. The Canadian company was informed of the breach on May 25 by cybersecurity researchers and the database was secured within 24 hours. However, personally identifiable information for more than 1 million students, some as young as 13, had already been extracted.  The compromised 27GB database includes 8.9 million records.  

Severity Meter

Individual Risk: 1.719 = Severe
Students, teachers, and other users of the platform had personally identifiable data including full names, email addresses (some masked), schools and universities attended, phone numbers, course enrollment data, textbooks, testing results, faculty data, and other OneClass account details compromised. No payment information or financial data is believed to have been affected.  

Customers Impacted: 1 million

How it Could Affect Your Customers’ Business:  Failure to secure the personally identifiable data of users, especially children, is distasteful to both potential and current clients. Students, teachers, and schools may look at other education platforms to find a more secure alternative. Information compromised in this incident could haunt those affected for years to come as it lingers on the Dark Web. 

ID Agent to the Rescue: Dark Web ID provides 24/7/365 human and machine powered monitoring and analysis to alert businesses quickly if their credentials or data appear in Dark Web markets, giving them a chance to prevent a cybersecurity incident from snowballing into a cybersecurity disaster. LEARN MORE>>

Cybersecurity News: United Kingdom

United Kingdom – Babylon Health

https://www.zdnet.com/article/telehealth-data-breaches-to-worsen-as-adoption-skyrockets/?&web_view=true

Exploit: Accidental Data Sharing  

Babylon Health: Telemedicine Technology Developer 

Severity Meter

Risk to Small Business: 2.207 = Severe
A recently completed investigation revealed that a flaw in the software created by Babylon Health to enable telemedicine appointments also allowed users to see the consultations of other patients after they finished their own telemedicine visits. The app is used by about 2.3 million UK users. It allows members to book medical appointments, access a triage chatbot, and have consultations with NHS doctors via smartphone video or audio-only call. Apparently, when users switched from video to audio-only during their call, they also gained access to the audio recordings of the medical consultations of other users.

Severity Meter

Individual Risk: 2.919 = Moderate
Babylon Health reports that the issue was discovered in early June and repaired rapidly, with a “very small” unspecified number of users affected. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  More and more interactions are taking place over video these days, especially in the wake of the global pandemic. Many video conferencing service providers have had issues with intrusions and software glitches that put the private conversations and meetings of users at risk, creating doubt in the security of this type of communication. Because of this, data that is shared during a video conference through display, audio, or screen sharing may be in danger of compromise.

Cybersecurity News: Australia & New Zealand 

Australia – Chem Pack

https://www.itwire.com/security/gang-uses-revil-to-attack-melbourne-contract-formulation-firm-chem-pack.html

Exploit: Ransomware

Chem Pack: Liquid Chemical Formulation Manufacturer 

Severity Meter

Risk to Small Business: 1.779 = Severe
As a barrage of cyberattacks continues to affect companies in Australia, Chem Pack has been caught in a ransomware attack. Cybercriminals using REvil ransomware have compromised and encrypted data at the Melbourne-based manufacturer. REvil ransomware exploits a known 2018 Windows vulnerability to elevate account privileges, enabling these bad actors to strike. The attackers claim to have exfiltrated financial information, personal information, and other essential business data, and recently posted a screenshot of a sample of the data on a Dark Web forum. Typically, this group posts a screenshot as proof that they’ve encrypted the affected data and asks the victim to contact them to negotiate a ransom for the key to unlock it. 

Individual Risk: No individual data was reported as compromised.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a scourge that doesn’t just hold a company’s operations hostage, it also creates extended cybersecurity risks as data that has been obtained in attacks is copied and shared on the Dark Web. Even when a ransom is paid, victims have no guarantee that the captured data is returned without being replicated or sold to others first.  

ID Agent to the Rescue: Dark Web ID alerts companies immediately when their protected data hits Dark Web markets, giving IT security teams actionable intelligence about potential threats and vulnerabilities that allows them to act fast to throw a roadblock up against attackers and mitigate potential damage. SEE IT IN ACTION>>

The Week in Breach’s Cybersecurity News Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybersecurity News 

Every weekday, our blog features timely cybersecurity news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch up on what you need to know now:

Free eBook of the Week

Stronger Passwords Are Essential for Stronger Security

Human error is the number one cause of a data breach One major error that any staffer can make is to create a terrible password. If any user’s password is weak, recycled, or easy-to-guess, it’s a risk to data and system security for the whole company. See three ways that bad passwords are born, and learn three techniques to create better passwords now. How does your password measure up?

Read “Is This Your Password? 3 Common Password Fails & Three Quick Password Wins” today! DOWNLOAD THE BOOK>>

The Week in Breach Cybersecurity News Spotlight

Australian Cyberattacks Prove That Threat Resistance Training is Always a Good Investment

Sophisticated cyberattack risks are growing throughout the world, and the attacker isn’t always just a group of opportunistic cybercriminals. A recent explosion of cyberattacks against targets in Australia has been reported to be linked to potentially malicious state sponsored actors, creating a new level of worry for cybersecurity architects.  

Ransomware has become an even greater menace for Australian companies. Government officials have warned that ransomware that is delivered through spear phishing attacks is suspected to be part of the overall larger attack picture in this wave of attacks. Therefore, it’s clear that frequent, high-quality phishing defense and resistance training is essential to protect a company from ransomware attacks. 

Ransomware is devastating to any business, as was recently demonstrated by two incidents at Australian drinks conglomerate Lion. Systems at the beverage company have been infected twice in the last month alone, freezing essential production and operations technology just as it began to ramp up its post-pandemic production.   

Get tips to help secure a remote workforce fast and insight into the unexpected risks that remote operations bring in our Remote Working Cybersecurity resource package. 

A dynamic solution like BullPhish ID is the right choice for state-of-the-art phishing resistance training. BullPhish ID’s constantly updated educational tools allow staffers to learn through video and be tested on that knowledge with online quizzes – with pre-made phishing kits including the latest threats available in 8 languages for quick deployment. These features also make it an ideal vehicle for remote training because training shouldn’t stop just because staffers aren’t in the office.  

Updating a company’s cybersecurity stack to boost ransomware defense should always include upgrading phishing resistance training. Dark Web monitoring is a great place to start when constructing a strong cybersecurity defense, but every building block in that defense is important – and improved phishing resistance with BullPhish ID is an easy and affordable block to add.

Watch this 10-minute technical demonstration video of BullPhish ID in action.

A note about cybersecurity news for your customers:

An Ounce of Prevention is Worth a Pound of Cure 

We’ve all heard this old saw, and it’s still popular for a reason: it’s right. Taking strong preventative measures now to protect your data saves both time and money later. More than 50% of businesses had a data breach in 2020 – and that’s a time-consuming money pit for any company. By taking the right preventative measures now, you can lower your risk of a data breach later.  

One of the most important preventative measures to take right away is updated training about current phishing threats. Right now, cybercriminals are using many new tricks to mount phishing attacks. While your staff may be aware that they shouldn’t open unexpected attachments, do they know not to click surprise links, or open unanticipated PDFs, or accept unverified Zoom invitations? Updated phishing training prepares them to resist these threats and protect your data.  

Coupling phishing resistance training with 24/7/365 Dark Web monitoring guards your data on two fronts. Not only are you preventing bad actors from getting a front door key to your data with improved phishing resistance, but you’re also making sure that cybercriminals aren’t sneaking in the back door either by watching for Dark Web threats. By combining multiple solutions that work together well, you can maximize the ways that your security solutions help prevent data loss – because strong, sensible preventative measures always pay off.

Outro

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it.

We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW