The Week In Breach News 03/17/2021 to 03/23/2021

by Wally Moore

on March 24, 2021

in Data Breach

The Week In Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology.

One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Go to our Learning Center

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

by Kevin Lancaster

This Week in Breach News:

Acer gets hit for a massive ransom, Chinese hackers meddle in Western Australia’s Parliament, school is out at two hacked colleges, we’ll take a fresh look at the growing menace of double extortion ransomware and a new checklist to help businesses stay away from cybercrime.

United States

United States – Descartes Aljex Software

https://www.hackread.com/shipping-management-software-firm-data-online/

Exploit: Unsecured Database

Descartes Aljex Software: Shipping Software Developer

severity meter

Risk to Business: 1.726 = Severe

An unsecured database is always trouble as Descartes Aljex Software discovered this week. 103 GB worth of data belonging to the New Jersey-based company was discovered by researchers after it was left exposed on a misconfigured AWS S3 Bucket. The exposed data contained corporate, client and employee information.

severity meter

Risk to Business: 1.667 = Severe

An unsecured database is always trouble as Aljex clients’ account data that was exposed included full names, phone numbers, email addresses, Aljex usernames, and plaintext passwords. Carrier information, their full names and email addresses as well as their house addresses and phone numbers were compromised. Client shipment details, shipment information, recipient’s consignee name, shipment origin and destination, addresses, and phone numbers were included in the data that was exposed. Sales representative details were also exposed including full names, corporate emails, Aljex usernames, and sales representative IDs.

Customers Impacted: 4,000

How it Could Affect Your Customers’ Business: Third-party and supply chain risk is growing more dangerous for businesses as the ripple effect of breaches like this fuels cybercrime. Take precautions now to avoid headaches later.

ID Agent to the Rescue: Read our eBook “Breaking Up With Third-Party & Supply Chain Risk” for tips to minimize the impact of this risk and defensive strategies. GET THIS BOOK>>


United States – Guns.com

https://www.hackread.com/hacker-dumps-guns-com-database-customers-admin-data/

Exploit: Hacking

Guns.com: Online Gun Marketplace

severity meter

Risk to Business: 1.227 = Extreme

An enormous database from Guns.com made an appearance in a hacker forum this week and it’s a major trove of information. The abundant data contains both administrator and user information including user IDs, full names, an estimated 400,000 email addresses, password hashes, physical addresses, ZIP Codes, city, state, Magneto IDs, phone numbers, account creation date and other personal details. One of the folders in the leaked database includes customers’ bank account details including full name, bank name, account type and Dwolla IDs. To top it off, an Excel file in the database was exposed containing sensitive login details of Guns.com including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials, with all admin credentials including admin emails, passwords, login links, and server addresses in plain text format.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.112 = Extreme

Users of Guns.com are significantly impacted, as extensive banking and personal information has been exposed. They should be wary of identity theft, spear phishing, and business email compromise/fraud risks as well as change any passwords shared with this account.

Customers Impacted: 400,000

How it Could Affect Your Customers’ Business: Sensitive Personally Identifiable Information (PII) requires strong protection, especially when financial information for clients is at stake.

ID Agent to the Rescue: Make sure that your systems and data have strong protection from hackers with multifactor authentication from Passly. SEE PASSLY IN ACTION>>


United States – Maricopa Community College

https://www.azcentral.com/story/news/local/arizona-education/2021/03/19/maricopa-community-college-students-without-tech-systems/4759189001/

Exploit: Ransomware

Maricopa Community College: Institution of Higher Learning

severity meter

Risk to Business: 2.312 = Severe

Classes have been disrupted as a suspected ransomware attack has caused extensive IT outages at Maricopa Community College. Education tools including MyInfo, Canvas, RioLearn, Maricopa email, Maricopa Google Tools and the Student Information System/Student Center are unavailable. The 10 college system has extended the semester by at least a week and expects service to be restored this week.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: One small email handling mistake can have devastating consequences. Stop ransomware from clobbering your business by preventing employees from interacting with phishing emails.

ID Agent to the Rescue: Ransomware risks are up by more than 100%. Learn how to fight back in Ransomware 101. GET THIS BOOK>>

 

United Kingdom

United Kingdom – South and City College Birmingham

https://feweek.co.uk/2021/03/15/college-group-closes-all-campuses-for-a-week-following-major-cyber-attack/

Exploit: Ransomware

South and City College Birmingham: Institution of Higher Learning

severity meter

Risk to Business: 1.102 = Extreme

The eight sites of South and City College Birmingham closed down in-person learning again this week after a purported ransomware attack wreaked havoc. Students will be back to learning online until systems can be restored, which may take weeks. An investigation is underway.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: 13,000

How it Could Affect Your Customers’ Business: Even without data theft, ransomware can cause a massive disruption that cripples your business. Scenarios like this are also ripe for exploitation with double extortion ransomware.

ID Agent to the Rescue: The new BullPhish ID removes training pain points for employees and trainers, making better (and more frequent) training a snap. SEE IT IN ACTION>>


United Kingdom – The Defence Academy of the United Kingdom 

https://securityaffairs.co/wordpress/115870/hacking/ministry-of-defence-hacked.html

Exploit: Nation-State Hacking

The Defence Academy of the United Kingdom: Specialty Graduate School

severity meter

Risk to Business: 2.775 = Moderate

A nation-state hacking incident took the website and IT system of the UK Ministry of Defence training school offline this week. Systems at the academy were extensively compromised and it will take time to completely restore the impacted computers and servers. Russian and Chinese state-sponsored hackers are suspected to be behind the offensive. IT at the school is run separately by a contractor and no systems at the Ministry of Defence were impacted.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.

ID Agent to the Rescue: BullPhish ID now features customizable “set it and forget it” phishing simulation kits that include attachments, enabling you to simulate the real threats employees face every day. LEARN ABOUT THE NEW BULLPHISH ID>>


Australia & New Zealand

Australia – The Parliament of Western Australia

https://www.abc.net.au/news/2021-03-17/wa-parliament-targeted-cyber-attack/13253926 

Exploit: Nation-State Hacking

Parliament of Western Australia: Regional Legislative Body

severity meter

Risk to Business: 1.603 = Severe

Western Australia’s parliamentary email network was infiltrated by suspected Chinese hackers in the fallout of the recent massive Microsoft Exchange incident. The intrusion was detected on 03/04 in the middle of the state election campaign and led to intervention from Australia’s cybersecurity watchdog. Email service was disrupted but an investigation by Western Australia’s Parliamentary Services Department concluded that no sensitive data was stolen in the attack.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nation-state hacking is a menace that doesn’t show signs of slowing down. Couple that with a massive third party breach at a major technology vendor and danger escalates.

ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity disasters. READ THE BOOK>>


Champions guide

Get the tips, tricks and cheat codes that you feed to beat cybercriminals at their own game! DOWNLOAD THIS BOOK>>


Asia & Pacific

Taiwan – Acer

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/

Exploit: Ransomware

Acer: Computer Manufacturer 

severity meter

Risk to Business: 2.020= Severe

Acer has the dubious honor of setting a new record this year. The REvil cybercrime gang has executed a massive ransomware attack and they’re demanding the largest known ransom to date, $50,000,000. The audacious threat actors offered a 20% discount if payment was made by this past Wednesday. Data to prove the hit including samples of leaked images are for documents that include financial spreadsheets, bank balances, and bank communications has been posted as proof to hacker forums. The incident is ongoing.

Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.

ID Agent to the Rescue: Look at the ascension of this menace in 2020 to see where we think it’s headed in 2021. GET THE GLOBAL YEAR IN BREACH 2021 NOW>>


Insider threats

Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT

Guide to Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Added intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


Phish files

Learn the Secret of How Cybercriminals Trick You Into Falling for Phishing Messages!

Read Phish Files Now>>


Resource spotlight

NEW RELEASE! The Cybersecurity Risk Protection Checklist


Download our Cybersecurity Risk Protection Checklist for 10 critical things to check to see if your company’s risk is under control. Based on data from the Global Year in Breach 2021,  we’ll help you make sure you’ve found your vulnerabilities before cybercriminals do! GET THE CHECKLIST>>


Get Your Copy of The Global Year in Breach 2021


We’ve tabulated the data and it’s official: 2020 was a banner year for cybercrime. See how a global pandemic set off a wave of cybercrime fueled by dark web data and opportunity presented by a chaotic business landscape and an untested remote workforce – plus see what we’re predicting to trend in 2021. In “The Global Year in Breach 2021” you’ll find:

  • 5 key trends that impacted cybersecurity in 2020 and what they tell us for the future
  • The scoop on how the dark web economy contributed to a cybercrime explosion
  • The risks we’re watching for tomorrow
  • And so much more!

Download “The Global Year in Breach 2021” and take a deep dive with us. GET THIS BOOK>>


NEW RELEASE! Mind Games: Protecting Your Business From Social Engineering Attacks 


Social engineering is the driver of today’s most devastating phishing disasters – 98% of cyberattacks in 2020 used social engineering as their main component. Join Jamie Woodruff, Europe’s top ethical hacker and ID Agent for a fascinating webinar where you’ll learn:

  • What tricks cybercriminals favor the most
  • How social engineering can catch even wary employees
  • What you can do to secure businesses against this rising threat

Enjoy the webinar “Mind Games: Protecting Your Business From Social Engineering Attacks” now. SEE THIS WEBINAR>> 


Supply chain

Don’t let supply chain and third-party risk rain on your parade in 2021! Learn how to protect your business (and your profits) in the eBook “Breaking Up with Supply Chain & Third-Party Risk" ! GET IT NOW>>


Featured briefing

Double Extortion Ransomware is the Gift That Keeps On Giving – to Cybercriminals


Double extortion ransomware is having another moment in the sun as cybercriminals double down on their attacks to double their profits. In this devastating style of attack, cybercriminals aim to get paid twice – once for the usual decryption code to unlock systems and data and a separate fee to not have the encrypted data copied by the gang.

This tactic was in vogue before when it first emerged in late 2019 and spread across the cybercrime landscape. It’s reemerged as a favorite of major gangs including REvil, DoppelPaymer and Clop. Even cybercriminals are working a little harder in this economy, leading to this style of attack trending upward again as cybercriminals look for new ways to expand their revenue streams. Practitioners of double extortion ransomware were responsible for more than 50% of all ransomware attacks in 2020.    


Graphus

See how automated, affordable phishing defense with Graphus can save your business a fortune! GET THE EBOOK>>

Ransomware Continues to Rule the Roost


Ransomware risks show no signs of slowing down, and they’re costing companies a fortune. The average ransomware payment rose 33% in 2020 over 2019, to $111,605. The worldwide cumulative cost of ransomware doubled last year as well, from an estimated $11.5 billion in 2019 to $20 billion in 2020. Insurers felt the pinch too – cyber insurance claims for ransomware attacks increased 41% in the first half of 2020 alone.

All of this translates into huge financial danger for companies in every sector. Healthcare led the pack –  An estimated 560 US healthcare targets alone were impacted by ransomware in 2020. More than 45% of cyberattacks against healthcare targets in 2020 were ransomware, but no industry was spared. Manufacturers experienced one-quarter of all ransomware attacks, professional services companies clocked in at 17% and government entities were hit with 13%.


Protection from Ransomware is Priceless


Phishing is the primary delivery source for ransomware, making phishing resistance and defense the cornerstone of a strategy to protect businesses from disasters. There is plenty of room for growth in the area as well – 62% of businesses do not do enough cybersecurity awareness and phishing resistance training.

The new BullPhish ID has been freshly updated and upgraded to provide a smooth, efficient and effective training experience for everyone involved. You’ll love:

  • Customizable, intuitive training portals that make the whole process of taking and conducting training a breeze!
  • Customizable training emails including attachments enabling you to create better simulations of real threats in your industry
  • Simple, clear reporting to gauge the effectiveness of training and find out who needs more help
  • Over 80 plug-and=play phishing simulation kits are ready to go, enabling you to start training immediately
  • 4 new kits added every month to reflect new lures and keep staffers on their toes including COVID-19 threats
  • Video lessons, online testing, and training in 8 languages
  • White labeling capability to provide a superior customer experience
  • Take a tour of the new BullPhish ID in this webinar that goes over all of the details! WATCH THE WEBINAR>>

We’re here to help you find the perfect combination of solutions to protect your business from ransomware through the ID Agent Digital Risk Protection Platform and IT Complete. Book a meeting with one of our solutions experts now and let’s explore the possibilities. BOOK IT>>



Passwords

Would you trust a flimsy lock for your front door? Add a stronger lock between cybercriminals and your business when you learn to Build Better Passwords. GET IT>>


Note for our customers

One Ransomware Attack Can Cost You Twice as Much as Before  


A tight global economy has everyone looking for new revenue streams – including cybercriminals who are doubling down on ransomware threats by doubling the price tag to get your data and systems back.

In a double extortion ransomware attack, cybercriminals make money two ways by asking victims to pay twice: once for a decryption code to unlock their impacted systems or data, and a separate fee to not have the encrypted data copied by the gang. Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020.

This week’s record-setting ransomware incident at Acer proves that the cost of a ransomware incident is only going up – cybercriminals presented Acer with a $50,000.00 ransom demand to hand over the key to decrypt their data. The risk is going up too. Researchers noted a 50% increase in the daily average of ransomware attacks between Q1 2020 and Q4 2020.

Protecting your business from ransomware starts with protecting it from phishing. Regular security awareness training that emphasizes phishing prevention is a key part of any defensive strategy against ransomware. An estimated 65% of ransomware attacks are delivered via phishing. 

Phishing resistance training solution BullPhish ID has just been updated to include more customizable training campaigns and user-friendly features that make training painless for everyone. Launch a new campaign this week to start building your company’s ransomware protection.


Champions guide

If Cybersecurity is Like a Game, Shouldn’t You Play to Win? Here’s How to Do It.

DOWNLOAD THE SECURITY AWARENESS CHAMPION’S GUIDE>>

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW