The Week In Breach 7/1/2020 to 7/7/2020

by Wally Moore

on July 8, 2020

in Data Breach

The Week In Breach-7.6.20

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

July 8th, 2020 by Kevin Lancaster

This Week in Cybersecurity News: A storm of ransomware rocks companies around the world, unsecured databases spell trouble, and our new growth-focused eBook is here.

Cybersecurity News: Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Hospitality
  • Top Employee Count: 501+

Cybersecurity News: United States 

United States – Department of Education

https://www.washingtonpost.com/education/2020/06/30/education-dept-left-social-security-numbers-thousands-borrowers-exposed-months/

Exploit: Unsecured Database

United States Department of Education: Federal Government Agency 

Severity Meter

Risk to Small Business: 2.077 = Severe
A large number of Americans may have had their personally identifiable data compromised by the United States Department of Education. According to reports, the agency left the Social Security numbers of tens of thousands of people seeking student debt relief unprotected and susceptible to a data breach for at least six months. While the information was stored securely enough to prevent an external breach, any users of the agency’s systems could freely access the information in a simple shared folder, including outside contractors.   

Severity Meter

Individual Risk: 2.316 = Severe
The breached information was collected from complaints filing for student debt relief after paying for years of education of dubious value from for-profit colleges. Personally identifiable information, including Social Security numbers, was not secured correctly. The information was easily obtained by anyone with access to agency or contractor systems. Those who suspect that they may be at risk should watch their credit reports and be on alert for spear phishing attacks.

Customers Impacted: 240,000 

How it Could Affect Your Customers’ Business: Failure to secure a customer’s information briefly is bad enough but allowing that information to stay unsecured for more than 6 months shows indicates an overall lack of concern regarding cybersecurity that may make future clients think twice about starting a business relationship.

United States – Healthcare Fiscal Management

https://www.hipaajournal.com/up-to-58000-individuals-impacted-by-healthcare-fiscal-management-ransomware-attack/

Exploit: Ransomware

Healthcare Fiscal Management: Payment Solutions Provider 

Severity Meter

Risk to Small Business: 2.429 = Severe
Maze ransomware has claimed another victim. Healthcare Fiscal Management in North Carolina was hit, exposing private data for thousands of patients of St. Mary’s Healthcare System in Georgia, including names, dates of birth, Social Security numbers, account numbers, medical record numbers, and dates of service. The company was able to restore data from backup storage the same day to a different hosting provider and a forensic investigation firm was brought on board to investigate the breach.

Severity Meter

Individual Risk: 2.393 = Severe
Investigators do not believe that any of the stolen data is available on the internet or currently in the hands of the attackers, but that can’t be confirmed. Customers of St. Mary’s Healthcare System who suspect that they may be affected should monitor their credit reports for identity theft attempts. This information could also be used for blackmail or spear phishing attempts.  

Customers Impacted: 58,000 

How it Could Affect Your Customers’ Business: Ransomware is an ongoing threat to every business, and it’s primarily delivered via phishing. Failure to stop a ransomware attack can not only cost a fortune in recovery, it can also incur huge fines from regulators. Companies that deal with particularly sensitive data should have constantly updated training in place for every user to prevent phishing attacks from landing. 

ID Agent to the Rescue: BullPhish ID trains staffers to watch for suspicious emails, files, PDFs, links, and other attack vectors, reducing the success rate of a phishing attack that is laced with ransomware. Learn more>>

United States – CNY Works

https://www.syracuse.com/business/2020/07/data-breach-at-cny-works-career-center-may-have-exposed-personal-information-of-56000-clients.html?&web_view=true

Exploit: Ransomware

CNY Works: Employment Assistance Non-Profit

Severity Meter

Risk to Small Business: 1.803 = Severe
Job seekers who used CNY Works as part of their search were recently informed that their personal information may have been compromised in a data breach caused by ransomware in December 2019. The agency noted that it had only begun notifying potentially affected clients in June 2020 because it did not discover that any personal information was affected until May 2020. 

Severity Meter

Individual Risk: 2.227 = Severe
Personally identifiable data including names, addresses, phone numbers, email addresses, and Social Security numbers was compromised. CNY Works is offering all potentially affected clients a one-year membership in a service that helps prevent identity theft by detecting possible misuse of personal information.  

Customers Impacted: 56,000 

How it Could Affect Your Customers’ Business: By taking so long to investigate the incident and warn potential victims, CNY Works has left them at risk for identity theft. Data that enables identity theft is a valuable commodity in Dark Web markets and travels quickly, enabling bad actors to open credit accounts with the stolen information.   

ID Agent to the Rescue: Dark Web ID uses 24/7/365 human and machine monitoring and analysis to find information like stolen employee passwords that puts data at risk in Dark Web markets, enabling companies to learn about a breach and mitigate the damage fast. Learn more>>

United States – V Shred 

https://www.hackread.com/fitness-firm-v-shred-leaks-606-gb-customer-data/

Exploit: Unsecured Database

V Shred: Fitness and Nutrition Brand 

Severity Meter

Risk to Small Business: 1.345 = Extreme
An unsecured Amazon S3 bucket is once again the cause of a data breach. This time, fitness and nutrition company V Shred failed to secure 606 GB of customer data that is now in the hands of cybercriminals. The huge haul of information includes the full name, age, gender, date of birth, spouse names, email address, phone numbers, home addresses, health conditions, citizenship status, Social Security number, social media accounts, username, and password for clients and fitness trainers throughout the US. It’s also suspected that potentially revealing fitness journey “before” and “after” photos were included in the files. 

Severity Meter

Risk to Small Business: 1.341 = Extreme
All U.S. clients and trainers who were associated with V Shred should be cautious about potential threats to their credit as well as blackmail, identity theft, and spear phishing attempts using the stolen data, and conclude that any personally identifiable information that was stored by the company has now been exposed.

Customers Impacted: 100,000+ 

How it Could Affect Your Customers’ Business:  Failure to secure this database could be catastrophic for this company. It entered an agreement with trainers and clients when it collected such personal information, and it failed to keep up its end, creating distrust that will linger. This information has already been seen on the Dark Web and includes extremely sensitive data. 

ID Agent to the Rescue: Digital risk protection is a necessity for any organization that handles and stores sensitive data. In this economy, no one can afford a breach. Be sure you have all of your cybersecurity bases covered with our digital risk protection platform. Learn more>>

Cybersecurity News: Canada

Canada – Heartland Farm Mutual

https://portswigger.net/daily-swig/data-breach-at-canadian-insurance-firm-exposes-personal-information\

Exploit: Email Account Compromise 

Heartland Farm Mutual: Insurance Company 

Severity Meter

Risk to Small Business: 2.335 = Severe
An unknown actor gained unauthorized access to an employee email account and all of the information it contained. Heartland Farm Mutual, a provider of agricultural insurance, announced that a small number of clients may have had their personal data exposed in the incident. The company has announced that the incident was contained quickly and that they’re bringing in an outside firm to investigate the breach.  

Severity Meter

Individual Risk: 2.717 = Moderate
Customers who corresponded with the affected account had personal information exposed. The company claims to have notified everyone who may have had information compromised, offering them credit monitoring for a year.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Email compromise is often the result of a successful phishing attack. Phishing is the top menace of 2020 and is, unfortunately, more effective against remote workers. Cybercriminals are using a huge variety of means to attempt phishing attacks and constantly changing tactics. 

ID Agent to the Rescue: Remote workforce security must be a top concern for any company. Make sure that cybersecurity training and protection are up to speed with our Remote Work Cybersecurity package, including a free eBook outlining potential risks. Get it now>>

Cybersecurity News: United Kingdom

United Kingdom – BMW UK

https://www.scmagazine.com/home/security-news/bmw-customer-database-for-sale-on-dark-web/?web_view=true

Exploit: Unauthorized Database Access  

BMW UK: Automobile and Truck Manufacturer, UK Division

Severity Meter

Risk to Small Business: 2.203 = Severe
A customer database containing information for BMW owners in the UK was recently discovered for sale by cybersecurity researchers. The database was offered in an underground forum by the KelvinSecurity Group, a well-known hacking group responsible for several major data sales in the last few months. The available information included customer names, emails, addresses, vehicle numbers, dealer names, and other information. The data was purportedly obtained from a corporate call center and includes records from 2016 to 2018. The database is also reported to contain data for some UK customers of other car companies including Mercedes, Honda, and Hyundai.  

Severity Meter

Individual Risk: 2.616 = Moderate
No financial information or highly sensitive personal data was reported stolen in the breach. BMW owners in the UK should be aware that this information could be used for spear phishing.  

Customers Impacted: 500,000 

How it Could Affect Your Customers’ Business:  One stolen credential can lead to a world of trouble. Data like this is always popular on the Dark Web. While highly coveted information like credit card numbers or other financial data isn’t included in this database, the information that is available could prove useful for bad actors who are looking for ammunition to mount spear phishing and whaling attacks. 

ID Agent to the Rescue: Dark Web ID monitors the Dark Web for stolen or compromised credentials, and alerts businesses fast when one is found, giving companies time to deal with the problem before it becomes a catastrophe. Learn more >>

Cybersecurity News: South America

Brazil– Light SA 

https://securityaffairs.co/wordpress/105477/cyber-crime/sodinokibi-ransomware-light-s-a.html?&web_view=true

Exploit: Ransomware

Light SA: Energy Provider 

Severity Meter

Risk to Small Business: 2.133 = Severe
REvil ransomware is to blame again, this time in an attack that has encrypted data at a Brazilian energy company. The attackers have asked for a $14 million ransom to release the impacted data. Hackers purportedly encrypted the data through a known vulnerability in Windows software that allows them to encrypt Windows system files. The ransom has increased to $14 million after the company failed to pay the initial demand of $7 million in equivalent Monero by the original deadline imposed.  

Individual Risk: No individual data was reported as compromised.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even cybercriminals are working overtime these days. Ransomware attacks have increased since the beginning of 2020 and that shows no signs of slowing down. Most ransomware is delivered through phishing, making phishing resistance training a crucial component of an effective defense against ransomware. 

ID Agent to the Rescue: BullPhish ID doesn’t just train workers to resist past phishing attacks – it also trains workers to be aware of new possibilities with constantly updated training kits, including engaging videos in 8 languages. Learn more>>

Cybersecurity News: Asia/Pacific

India – Limeroad 

https://ciso.economictimes.indiatimes.com/news/personal-details-of-1-29-million-limeroad-customers-up-for-sale-on-darkweb-cyble/76715156?&web_view=true

Exploit: Unauthorized Database Access 

Limeroad: Apparel Marketplace 

Severity Meter

Risk to Small Business: 2.655 = Moderate
Approximately 1.29 million customers of popular Indian social shopping site Limeroad had their personal data compromised last week in a database break-in, and the stolen information is already up for sale on the Dark Web. Cyber researchers report that the database contained the full names of users, phone numbers, and email addresses of users. No financial data was noted as compromised.  

Severity Meter

Risk to Small Business: 2.702 = Moderate
While some personal information was compromised in the breach, no financial data or sensitive identity information was stolen. Limeroad users should be on the lookout for potential spear phishing attempts using this data.  

Customers Impacted: 1.29 Million 

How it Could Affect Your Customers’ Business: Unauthorized access to a database can often be traced to a compromised password. While this was a minimally damaging breach, it makes customers wonder about the rest of a company’s cybersecurity strategy – and how safe their more sensitive data might be. 

ID Agent to the Rescue: Employee passwords and other login credentials could be circulating in Dark Web markets right now. With Dark Web ID, companies find out about compromised credentials fast to know when it’s time for a credential update for everyone. Learn more >>

The Week in Breach’s Cybersecurity News Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybersecurity News 

Every weekday, our blog features timely cybersecurity news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch up on what you need to know now:

The Week in Breach Cybersecurity News Spotlight

Cryptocurrency Scam Raises Business Breach Risks After It Hits Thousands of Victims Worldwide 

Cryptocurrency has been revolutionary in creating a new world economy, and it’s the primary vehicle for transactions on the Dark Web. After lots of splashy coverage in mainstream news organizations around the world, the fascination for it has spread from Dark Web markets to average internet users – making them the perfect targets for cybercriminals. 

In a recent scam, cybercriminals were able to pull off a multi-stage operation that exposed the personal data of thousands of users worldwide including 147,610 victims in the UK, 82,263 Australians, 4,149 South Africans, 4,147 people in the US, 3,499 folks in Singapore, 2,491 Malaysians and 2,420 people in Spain, and other countries. 

Data like this is fodder for Dark Web markets. Learn more about them from two experts who will take you inside & get a deck of Dark Web screenshots! TAKE THE TOUR>>

The data was obtained through an interesting style of phishing scam. Users were lured in by an SMS message “starring” a locally famous celebrity (in this case a local journalist) who had “built a fortune” through cryptocurrency trading. Victims who clicked the link were then directed to a unique landing page that had an article quoting a local news personality that dovetailed believably to their region. Each unique SMS link also contained some personal information for the target.  

When the target clicked anything on the fake article landing page, they were then directed to a bitcoin investment platform, where the personal information that had been carried through the process in their unique link was then automatically filled in – and they were asked for their balances in other bitcoin accounts, which were now accessible to the thieves.  

As scams that are hatched through SMS and messaging applications become more common, they can also become an unexpected threat to businesses. Staffers frequently handle personal correspondence on their work devices, especially as more companies employ a “Bring Your Own Device” policy. Interacting with scam messages like these can give cybercriminals an opening to strike. Staffers need to understand that phishing isn’t just an email problem – it’s a problem everywhere.  

Updated phishing training with a dynamic solution like BullPhish ID gets everyone up to speed on potential types of phishing, with easy to understand lessons about common attacks served in bite-sized pieces and delivered through engaging videos to keep lessons memorable, plus online quizzes to test retention. BullPhish ID offers plug-and-play training content in 8 languages, bolstering a business’s cybersecurity by strengthening its best defense against phishing – their employees. 

Watch this 10-minute technical demonstration video of BullPhish ID in action.

The Ransomware Tide is Rising Worldwide

No industry is immune to ransomware attacks. Just last week, hackers attempted to breach more than 30 news sites owned by a major US media company in an audacious attempt to deploy WastedLocker ransomware. The hacking gang, known as Evil Corp, was attempting to use this method to infect the systems of employees of over 30 major US private firms using fake software update alerts that popped up after the targeted employees browsed news at the affected news sites.  

It’s common for employees to access non-work websites from their work machines during the workday. Everyone checks a few headlines or looks up the weather. In this case, the employees’ computers were set up to be used as a stepping point into their companies’ networks. There hasn’t been any reported further action, but that doesn’t mean that there wasn’t a successful compromise at one of the targeted firms. 

By 2021, it’s estimated that a ransomware attack will take place every 11 seconds. So, what’s the most common way that ransomware is delivered? Phishing. Whether it’s a malicious link, a spurious PDF, a poisoned SMS, or the old classic infected attachment, ransomware is the threat that really keeps IT staffers up at night.  

A phishing resistance training and testing solution that is consistently updated with the latest threats can help companies effectively defend against ransomware attacks by improving their defense against phishing. BullPhish ID delivers, with easy to understand, engaging training campaigns including video components that clearly explains today’s threats. The simple set-up, grouping, and deployment tools allow you to manage campaigns any way you need to get every staffer enlisted in the effort to guard against ransomware.

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW