The Week In Breach 6/6/2020 to 6/16/2020

by Wally Moore

on June 18, 2020

in Data Breach

The Week In Breach_6_15_20

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field  for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

June 17th, 2020 by Kevin Lancaster

New this week in cybersecurity and breach news: ransomware shuts down production of cars and beer, phishing lands a professional haul, and 2 free new coloring books to teach kids about internet safety! 

Cybersecurity & Breach News: Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Insurance
  • Top Employee Count: 1 – 10

Cybersecurity & Breach News: United States

United States – ST Engineering

https://securityaffairs.co/wordpress/104351/cyber-crime/st-engineering-maze-ransomware.html

Exploit: ransomware

ST Engineering: aeronautics contractor 

Severity Meter

Risk to Small Business: 1.732 = Severe
The San Antonio, Texas branch of defense, aeronautics, and space contracting conglomerate ST Engineering was hit with a MAZE ransomware attack disrupting operations and putting data at risk for a second time. This division of the international flight equipment services giant was also hit with a MAZE ransomware attack in May 2020 to the same effect. In an industry that expects top-notch security standards to be maintained by any company that wants to be a player, this is problematic and dangerous.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware like MAZE is commonly delivered to vulnerable businesses through phishing attacks, including the use of fake websites and dodgy attachments to infect systems. Phishing has grown exponentially in 2020, and COVID-19 related attacks are on track to be the biggest phishing scam driver in history.

ID Agent to the Rescue: BullPhish ID is the ideal phishing training and testing solution for today’s remote workforce, with simulation kits and video lessons in 8 languages addressing today’s most dangerous phishing threats. LEARN MORE>>

United States – Kentucky Employee Health Plan 

https://www.govtech.com/security/Two-Data-Breaches-Hit-Kentucky-Employees-Health-Plan.html

Exploit: unauthorized database access

Kentucky Employee Health Plan: health insurance provider 

Severity Meter

Risk to Small Business: 1.462 = Severe
Two data breaches compromised plan members’ personal data and enabled bad actors to steal more than $100,000 in gift cards. Hackers used valid login information to access the system in the first breach and were able to compound the damage of that breach in a second breach. The second breach accessed member programs to redeem reward points for gift cards. The two breaches created scrutiny and drew calls for further investigation as to whether the “bad actors” were from outside the office or if insider threats were the root cause.

Severity Meter

Individual Risk: 2.703 = Moderate
Hackers accessed users’ account portals containing their screening and health assessment data. Although this attack appears to be financially motivated, healthcare-related data often makes its way to the Dark Web, where it can be used to execute additional fraud attempts. Those impacted by the breach should immediately update their account passwords while monitoring their accounts for suspicious activity.  

Customers Impacted: 2,700

How it Could Affect Your Customers’ Business: whatever the results of this investigation show, it raises the question of insider threats. Whether staffers are accidentally or deliberately giving information and passwords to bad actors, insider threats have to be a top concern for every business

ID Agent to the Rescue: Don’t wait until insider threats become a problem for your company. Download our eBook on insider threats for tips on spotting and stopping them before they become a problem GET IT NOW>>

Cybersecurity & Breach News: Canada

Canada – Chartered Professional Accountants of Canada 

https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/?&web_view=true

Exploit: phishing

Chartered Professional Accountants of Canada: professional membership organization  

Severity Meter

Risk to Small Business: 1.317 = Severe
The organization recently disclosed that personal information for its members had been compromised following a successful phishing attack in April. CPA Canada announced the results of its completed investigation, determining that the compromised information primarily affected subscribers of its CPA Canada magazine and an indeterminate number of website users. Impacted members were sent a phishing email asking them to change their user information on the organization’s online platform. 

Severity Meter

Individual Risk: 2.238 = Moderate
The security alert sent to all users of the CPA Canada website or magazine subscribers notes that members should be wary of spear phishing emails using industry-specific details from CPA Canada and change their login credentials on the website as a safety precaution.  

Customers Impacted: 329,000

How it Could Affect Your Customers’ Business: A data breach caused by a human error like phishing is a sign to an organization’s membership that it doesn’t take those members’ information security seriously, making it harder to retain members and sell professional resources. 

ID Agent to the Rescue: A well-educated staff is every company’s best defense against phishing. BullPhish ID has constantly updated training and testing materials available that keep staffers informed about the latest phishing threats and on guard to resist attempts. LEARN MORE>>

Canada – Fitness Depot 

https://securityboulevard.com/2020/06/data-breach-canadas-fitness-depot-blames-isp-for-security-incident/

Exploit: ransomware 

Fitness Depot: fitness equipment retailer 

Severity Meter

Risk to Small Business: 1.871 = Severe
Fitness Depot’s online store was infected with card-skimming malware that stole customers’ personal and financial data at checkout. It took the retailer more than three months to identify the breach, giving cybercriminals ample time to capitalize on the surge of online sales since the COVID-19 pandemic began. The data breach, which began on February 18th, will likely cause online shoppers to think twice before buying from their platform, potentially disrupting a vital lifeline while many in-person shops remain closed.  

severity

Risk to Small Business: 1.764 = Severe
Payment card skimming malware captures all information entered at checking. This information can allow hackers to commit identity or financial fraud. Those impacted by the breach need to notify their financial institutions and to carefully monitor their accounts for misuse. In many cases, victims should enroll in credit or identity monitoring services to ensure their data’s long term integrity.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  For most consumers, cybersecurity is a critical component of their buying decisions when shopping online. Card skimming malware represents a growing threat to online stores, and companies counting on digital sales to drive revenue need to account for this risk and many others presented by online shopping. In 2020, it’s a bottom-line issue that retailers can’t afford to ignore. 

Cybersecurity & Breach News: United Kingdom

United Kingdom – Inventory Hub 

https://portswigger.net/daily-swig/flaw-in-property-inventory-website-exposed-thousands-of-users-home-contents

Exploit: accidental data sharing

Inventory Hub: property management inventory platform 

Severity Meter

Risk to Small Business: 2.209 = Severe
A recently unearthed flaw in the security of this property management platform made members’ names and addresses, internal and external property images, inventories of each property’s contents, and information about physical security including photos of alarms, cameras, and locks available for an indeterminate amount of time. According to the researcher who discovered the vulnerability, the opening allowed would-be burglars to access exact layouts of all the listed properties, plus inventories of the contents, and user records back to 2017.  

Severity Meter

Individual Risk: 2.607 = Moderate
User information including names, physical addresses, and lists of contents for properties listed on the platform since 2017 were compromised. Users should remain on guard for potential spear phishing attacks using these details.

Customers Impacted: 8,871

How it Could Affect Your Customers’ Business: Data breaches that leak personal information can be dangerous and lead to other types of criminal activity. Users of a service like Data Hive expect that even their most basic personal information will be kept safe when they choose a partner company, and increasingly reject service providers that fail them.  

ID Agent to the Rescue: It pays for you to know quickly if a flaw in third party security has caused a data breach at your company. Dark Web ID immediately alerts businesses if their information or important data appears on the Dark Web, allowing you to address the flaw and stop the problem before it becomes a catastrophe. LEARN MORE NOW>>

Cybersecurity & Breach News: Africa

South Africa – Life Health Care 

https://www.iol.co.za/business-report/companies/life-healthcare-hit-by-cyber-attack-49149807

Exploit: unauthorized database access

Life Health Care: healthcare provider 

Severity Meter

Risk to Small Business: 2.605 = Extreme
The healthcare provider, which operates 49 hospitals and dozens of other healthcare facilities across South Africa and Botswana, was hit with an attack that compromised its data storage and intake systems. The attack affected its admissions systems, business processing systems, and email servers, although investigators have not yet determined how much patient data (if any) has been compromised. The healthcare provider said that patient service and care were not impacted, although patients could expect longer wait times for the resolution of administrative requests. 

Severity Meter

Risk to Small Business: 2.230 = Severe
Patients who have been treated at any of Life Health Care’s facilities should expect that their personal information and health information has been compromised and take appropriate measures to protect their identities. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Healthcare facilities that fall victim to cyberattacks aren’t just facing the costs of a standard breach recovery – they’re also facing potentially hefty regulatory fines, as well as the negative impact on patient trust. 

ID Agent to the Rescue: Digital threats are causing more serious (and expensive) damage than ever before. A comprehensive digital risk protection platform ensures that companies have all the bases covered for both security and compliance. See how ours fits the bill.  LEARN MORE NOW >>

Cybersecurity & Breach News: Australia & New Zealand 

Australia – Lion Beer Australia 

https://www.thedrinksbusiness.com/2020/06/australian-brewer-lion-suffers-major-cyber-attack/

Exploit: ransomware

Lion Beer Australia: brewing conglomerate 

Severity Meter

Risk to Small Business: 1.302 = Extreme
At Lion Brewing Australia, operations were disrupted by a ransomware attack as it began to reopen and restaff its 8 breweries in Australia and New Zealand. The attack came just as the company was able to resume operations after a period of closure caused by COVID-19 restrictions. The company has been forced to shut down its key systems entirely, reverting to manual systems to operate and process orders in this devastating incident that has still not been fully resolved. 

Individual Risk: No employee or customer information was reported affected by this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: A successful ransomware attack can be catastrophic for a business at any time, and its typically powered by information obtained from the Dark Web. Ransomware is especially problematic right now, and a nasty surprise as businesses try to start recovering lost revenue in the wake of the COVID-19 pandemic.   

ID Agent to the Rescue: Watch for trouble to prevent disasters like this. Dark Web ID uses human and machine intelligence to search for and analyze Dark Web threats to your company, alerting you fast when potential trouble arises LEARN MORE>>

Cybersecurity & Breach News: Asia & Pacific 

Japan – Honda Motor Company Inc.

https://www.computerweekly.com/news/252484389/Honda-investigates-suspected-Snake-ransomware-attack

Exploit: ransomware

Honda Motor Company Inc.: automotive and equipment Manufacturer 

Severity Meter

Risk to Small Business: 1.308 = Extreme
Honda was recently walloped by a huge cyberattack that briefly shut down production at its factories worldwide. The attackers are suspected of using SNAKE/EKANS ransomware to infiltrate equipment and computer systems connected to operations and production in every Honda facility, leading to delayed post-pandemic reopenings at some factories. Honda is undertaking restoration operations at its factories, sales centers, and business units and has successfully restored most functionality.  

Individual Risk: No individual data was reported as compromised in this breach, nor does Honda believe that individual data was affected. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a powerful foe, and even unsophisticated ransomware like SNAKE/EKAN can bring a mighty company like Honda to its knees fast. Without a comprehensive digital risk protection strategy in place, companies are at a higher risk of attack by bad actors looking to steal data or disrupt operations.

The Week in Breach Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybersecurity & Breach News 

Have you been reading our blog? We’re bringing you timely cybersecurity & breach news, problem-solving advice, and expert analysis of today’s threats every day, plus intelligent cybersecurity insight that helps you plan for tomorrow. 

Catch up on what you need to know now: 

Free Education


Internet and Information Safety is Important for Kids too! 

Kids these days are instant citizens of the digital world. That’s why it’s important for kids to learn about safe online behavior and what to watch out for. To that end, we’ve created 2 fun books to teach kids about how not to get tricked by cybercriminals using lovable characters and memorable rhymes combined with fun coloring pages and other activities. Download them today to print out some fun art pages for family time – or maybe just to keep the kids busy during your next Zoom.  

Click here to get “The ID Agent Security Team Coloring and Activity Book” with coloring pages and games that teach kids about general online information and password safety. 

Click here to get “Billy the Bull Goes Phishing”, a coloring book to teach kids to protect their personal information and not be fooled by phishing attacks. 


Free eBook of the Week


NEW RELEASE! How Does Your Password Measure Up? 

Bad passwords can have serious cybersecurity consequences. Passwords don’t just become compromised because they’re stolen or mishandled – sometimes they become compromised because they have a fatal flaw that makes them terrible. Is your password a winner or a failure? Find out now

Download our new eBook “Is This Your Password? 3 Common Password FAILS & 3 Quick Password Wins 


The Week in Breach Threat Spotlight


Ransomware is Everywhere, and Every Company is At Risk  

Ransomware is a growing menace to companies of every size and has surged to become even more popular as a means of attack. During the global pandemic, researchers reported that ransomware attacks have skyrocketed, increasing by more than 140% over 2019.  

Ransomware has not only become more pervasive; it’s also become more expensive. The expected cost of a ransomware attack, (including recovery, remediation, and ransoms), is expected to increase to $20 billion in 2021.  One U.S. oil and gas company lost a whopping $30 million to a single ransomware attack in 2019, and ransomware related downtime can also cost a fortune.  

Healthcare is an especially popular and juicy target for bad actors, and cyberattacks against healthcare industry targets have increased fivefold in 2020.  Ransomware has ravaged healthcare organizations providing essential COVID-19 care in the US, Canada, the UK, and other regions impacted by the pandemic.  

The most common method of delivery for ransomware is through a phishing attack, and they’ve jumped over 600% since the start of the COVID-19 pandemic. Don’t wait until ransomware makes an impact on your bottom line – start training every staffer thoroughly to make them the strongest possible defense against the phishing attacks that aim to deliver ransomware.  

BullPhish ID is the perfect training and testing solution for today’s remote workforce. This dynamic platform includes over 80 phishing kits (including the initial email and related landing page and reply email), and 50 security video campaigns (short animated videos with test and reply email), including training to resist COVID-19 phishing scams.  

Because phishing is a universal menace, we offer training materials in 8 languages, and we’re constantly updating our menu of training choices to account for new threats as they become apparent, keeping every user in an organization on guard for trouble like ransomware.  

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it.

We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW