The Week In Breach 7/8/2020 to 7/14/2020

by Wally Moore

on July 15, 2020

in Data Breach

The Week In Breach 7/8/2020 to 7/14/2020

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

July 15th, 2020 by Kevin Lancaster

This Week in Cybersecurity News: Malicious insiders strike, gambling with security doesn’t pay off for a gambling app, and the debut of our newest eBook to help you transform into a marketing superhero!

Cybersecurity News: Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Hospitality
  • Top Employee Count: 1-10

Cybersecurity News: United States 

United States – DataViper

Exploit: Unauthorized Database Access (Malicious Insider)

DataViper: Information Security  

Severity Meter

Risk to Small Business: 1.239 = Extreme
A malicious insider is the culprit in a data breach at information security firm DataViper. 8,200 databases containing the personal information of millions of users were snatched from the company’s data leak monitoring service. The hacker, purportedly a former employee of Night Lion who is using that name for Dark Web activity, claims to have spent three months inside DataViper servers while exfiltrating databases indexed for the DataViper data leak monitoring service. The hacker also posted ads on the Empire Dark Web marketplace where they put up for sale 50 of the biggest databases that they found inside DataViper’s backend.

Severity Meter

Individual Risk: 2.117 = Severe
While these databases contained the information of billions of people worldwide, much of the information was from old breaches. Some new information was included, but researchers have not ascertained how much and what kind. This kind of information is often used in phishing and credential stuffing attacks.

Customers Impacted: Unknown 

How it Could Affect Your Customers’ Business: Insider threats are a menace to every business. Our insider threats eBook helps companies spot and stop insider threats.  While most insider incidents at organizations are caused by unintentional threats like human error, malicious insider attacks count for more than 20% of insider incidents. Some malicious insiders sell company secrets or even their own credentials on the Dark Web.

ID Agent to the Rescue: Our digital risk protection platform includes Dark Web ID to alert businesses to user passwords appearing in Dark Web markets to help organizations detect password compromise and insider threats faster. LEARN MORE>>

United States – Benefit Recovery Specialists

Exploit: Malware

Benefit Recovery Specialists: Medical Billing and Debt Collection 

Severity Meter

Risk to Small Business: 1.974 = Severe
A malware incident was just confirmed at Benefit Recovery Systems by the US Department of Health and Human Services’ Office for Civil Rights. Several computers at the Houston-based company were infected, leading to a breach that exposed thousands of customer records. In a breach notification statement posted on BRSI’s website, the company says that on April 30, it discovered a malware incident affecting certain company systems. The company stated that customer files containing personal information may have been accessed and/or acquired by the unknown actor between April 20 and April 30, 2020.  

Severity Meter

Individual Risk: 2.227 = Severe
Information that may have been exposed includes name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code. A small number of Social Security numbers may also have been exposed. Patients that were impacted should be alert for spear phishing attempts or identity theft. 

Customers Impacted: 275,000 

How it Could Affect Your Customers’ Business: Healthcare data is one of the hottest commodities in today’s data markets – especially COVID-19 related patient or research data. Plus, healthcare companies face steep fines for HIPPA violations like this, making it prudent for every healthcare organization to add data loss prevention and security awareness training as priorities before a breach.

ID Agent to the Rescue: Phishing is a common delivery system for malware. Our security awareness training solution BullPhish ID helps prevent malware attacks by teaching users to be aware of phishing attempts. LEARN MORE>>

Cybersecurity News: Canada

Canada – Canadian Defence Academy

Exploit: Ransomware

Canadian Defence Academy: Military Training College System 

Severity Meter

Risk to Small Business: 1.694 = Severe
Computer systems at Canada’s four military academies have been taken offline by a purported ransomware attack. The schools affected include the Royal Military College, the Royal Military College Saint-Jean, the Canadian Forces College and the Chief Warrant Officer Robert Osside Profession of Arms Institute. Early indications suggest this incident resulted from a mass phishing campaign. An officer at an engineering school that was impacted reported the incident as a ransomware attack on his personal blog. The incident has not affected any classified systems or classified research. 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the business scourge that keeps information security professionals up at night. Most ransomware arrives through a successful phishing attack, and phishing is the biggest threat of 2020 so far, with a more than 600% increase in attempts noted since the start of the pandemic.

ID Agent to the Rescue: Protection from ransomware starts as protection from phishing. Improved phishing resistance training with BullPhish ID will arm staffers with the knowledge and awareness that they need to spot and stop potentially ransomware-infected emails. LEARN MORE>>

Cybersecurity News: United Kingdom

United Kingdom – Xchanging

Exploit: Ransomware

Xchanging = Insurance Managed Services Platform 

Severity Meter

Risk to Small Business: 2.307 = Severe
Ransomware strikes again, this time taking systems hostage at Xchanging, the UK based subsidiary of DXC Technology. The problem appears to be limited to several of the company’s customer-facing services. Xchanging offers business process services in areas such as customer administration, finance and procurement, and technology services including application management, infrastructure management, specialist software, and data integration. No data is believed to have been stolen in this incident. 

Customers Impacted: 1.000+ 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.

How it Could Affect Your Customers’ Business:  Every business has relationships with service providers, making the risk of a third-party data breach unavoidable. Especially when transacting business with companies that handle payment, financial or personnel data, organizations have to be cognizant of the potential for a data breach that comes through business services relationships, and the Dark Web danger that brings to the table.

Cybersecurity News – European Union

Portugal – Energias de Portugal (EDP)

Exploit: Ransomware 

Energias de Portugal: Energy Provider 

Severity Meter

Risk to Small Business: 2.109 = Severe
Energy giant EDP reported through its North American subsidiary, EDP NA, that it had been affected by a ransomware attack using Ragnar Locker. While the attack was not recent, the company just confirmed the parameters of it publicly as it became apparent that recovery would include notifying potentially affected customers. The attackers reportedly demanded that EDP Group pay a ransom of 1580 bitcoins for a decryptor and to stop the cybercriminals from releasing over 10 TB of data allegedly stolen in the incident.   

Severity Meter

Individual Risk: 2.022 = Severe
Attackers reportedly gained access to some personal information stored on the impacted servers, including personally identifying information and Social Security numbers. No financial or payment card data was accessed. The company is offering customers one year of free data protection via Experian as a proactive measure. 

Customers Impacted: 11,500

How it Could Affect Your Customers’ Business:  As ransomware continues to wreak havoc with cybersecurity at businesses of any size, every business needs to have a plan in place to both recover from a ransomware incident and bolster their security to defend against potential ransomware attacks because Dark Web activity has never been higher – or a bigger threat to businesses.

Cybersecurity News – Australia & New Zealand

New Zealand – Fisher and Paykel

Exploit: Ransomware  

Fisher and Paykel: Appliance Manufacturer and Distributor 

Severity Meter

Risk to Small Business: 2.374 = Severe
The saga continues for New Zealand appliance company Fisher and Paykel, as they continue to experience damage following a ransomware attack last month. In June, attackers took the company’s data hostage, releasing a teaser on the Dark Web as part of its initial ransom demand. The attackers used Nefilim ransomware, whi9ch is effective against Windows systems.  A larger trove of corporate data just hit the Dark Web after the company apparently failed to meet the ransom demand. So far the materials released are financial documents dating back to 2014. 

Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: It’s become increasingly common for ransomware attacks to have multiple components, with attackers initially making a ransom demand while providing sample data as proof that they have information, and then escalating incidents if their demands are not met. With a huge rise in phishing attempts, businesses can’t afford to take security awareness training chances.

ID Agent to the Rescue: Security awareness training that includes phishing resistance with BullPhish ID helps companies shore up their primary line of defense against ransomware, turning workers who are potential security risks into real security assets. LEARN MORE>>

Cybersecurity News: Asia & Pacific

India – T7 Games/Ouroboros Games

Exploit: Unsecured Database

T7 Games/Ouroboros Games: Gambling Games Application Developer 

Severity Meter

Risk to Small Business: 1.217 = Extreme
The world’s most popular social gambling app Clubillion suffered a major data breach that affects customers around the world. A research team initially discovered the problem on March 19, finding the database hosted on Amazon Web Services during the course of working on a web mapping project. The developers of Clubillion were notified by the researchers quickly, but continued inaction exposed approximately 200 million user records per day – 50GB worth of data. The active database included constantly updated gameplay information for affected users as well as IP addresses, e-mail addresses, winnings, and private messages. The database was recorded as open for 16 days before action was taken to contain the leak.  

Severity Meter

Individual Risk: 2.219 = Severe
While researchers did not see any personally identifying or financial information in the affected database, the complexity of the breach prevents certainty about exactly what was leaked. Users of the app should be aware of potential phishing attacks fueled by this data.  

Customers Impacted: 160,000+

How it Could Affect Your Customers’ Business: Staffers aren’t just using their favorite apps and services on their personal phones and computers – they’re doing it on their work machines too. As companies continue to adopt “Bring Your Own Device” policies and the work/personal line gets murkier for staffers, companies have to be concerned about the potential for danger caused by breaches in entertainment and social media apps. 

The Week in Breach Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybersecurity News 

Every weekday, our blog features timely cybersecurity news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch up on what you need to know now:

The Week in Breach Cybersecurity News Spotlight

Web-Based Apps Are Great Tools For Businesses But They Have Hidden Dangers 

Almost every business relies on web-based applications and tools to function these days. From data storage to video conferencing, web-based applications are everywhere. But they’re not as safe as you might think – and that can be a problem for businesses. 

Recently, a newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s widely used Chrome web browser. Google removed around 70 add-ons that it deemed “malicious” in response to that discovery.  

Remote workers are more likely to use work devices for everything. Improve your security to support a remote workforce more effectively with our Remote Working Cybersecurity resource package. GET YOUR FREE PACKAGE NOW!>>

The extensions were designed to avoid detection by antivirus or security software. If a user with one of the malicious browser extensions installed surfed the web on a home computer, it would connect to a series of websites and transmit information. Anyone using a corporate network, which would include security services, would be less likely to transmit sensitive information.

As the work/home device line blurs, every company needs to put protections in place to deal with cybersecurity incidents caused by these kinds of problems. A dynamic, comprehensive digital risk protection platform like ID Agent’s can help reduce the risk of damage from unintentional insider threats like this with Passly.

Our freshly updated secure identity and access management solution Passly, seamlessly integrates with over 1,000 applications to provide an essential added layer of security for companies by requiring multifactor authentication – keeping the bad guys out and company data in to help prevent a costly and potentially devastating breach. 

A note about cybersecurity news for our customers:

Third Party Data Breaches Endanger Every Company 

Just because your company hasn’t had a data breach, that doesn’t mean that your staffers’ credentials are safe. Third-party data breaches are an increasing problem for every company. These days everyone uses internet-enabled services for everything from shopping to airline tickets. But that convenience comes at a price for workers: the risk of a personally identifiable data breach – and those breaches endanger their employers as well. 

Recently, 45 million records of travelers to Thailand and Malaysia appeared on the Dark Web. The stolen information included extensive personal data on travelers from many countries including their Passenger ID number, full name, mobile numbers, passport details, home address, gender, and flight details. And as we reported recently, users of top gambling app Clubillion were recently impacted by a data breach as well, leading to millions of users having personally identifiable data leaked.  

These breaches provide the fuel that powers spear phishing attempts, blackmail, password compromise, and other cyberattacks. While companies can’t stop third-party breaches from accidental exposure of their workers’ personal information, they can mitigate the potential damage and add protections that can stop bad actors from using it against them.  

Ensure that you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan bulwarked by a digital risk protection platform featuring a Dark Web monitoring solution like Dark Web ID to watch for compromised credentials and alert companies to trouble. By making sure that you’re prepared for trouble from unexpected sources, you make your entire cybersecurity posture stronger to increase data loss prevention fast. 

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work