The Week In Breach News 05/05/2021 - 05/11/2021

by Wally Moore

on May 12, 2021

in Data Breach

The Week In Breach News

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach News” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

by ID Agent


Major breaches at two medical service providers are sending shockwaves throughout the industry. A new email security report from Graphus shows massive cybercrime increases. Plus, government entities around the world have another bad week and a look at how to protect your clients from nation-state hacking including who should be beefing up security to stay safe from their schemes.


United States

United States – MedNetwoRX

https://www.healthcareitnews.com/news/reported-ransomware-attack-leads-weeks-aprima-ehr-outages

Exploit: Ransomware

MedNetwoRX: Medical Information Processing 

Severity Meter

Risk to Business: 1.607= Severe

A reported ransomware attack on MedNetwoRX has impeded medical providers’ access to their Aprima electronic health record systems for more than two weeks. This hack impacts medical practices, clinics, and hospitals of all sizes, from solo providers to conglomerates that rely on MedNetworx to host the Aprima electronic medical records system from vendor CompuGroup eMDs. MedNetworx says that on April 22, it experienced a network outage that resulted in a temporary disruption to its servers and other IT systems. Two major clients, Arthritis & Osteoporosis Center of Kentucky, the Alpine Center for Diabetes, Endocrinology, and Metabolism have been identified as victims as well as many small single and partner practices. The incident is under investigation and some functionality has been restored.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: This is the kind of third-party service provider incident that reverberates for months as rolling damage becomes apparent. With no clear word on what if any data was stolen, your clients could be waiting for a nasty surprise.

ID Agent to the Rescue: Are your clients taking the right precautions to minimize damage from third-party data incidents like this? Get expert advice in our ebook Breaking Up with Third Party and Supply Chain Risk. GET THE BOOK>>


United States – City of Tulsa

https://therecord.media/city-of-tulsa-hit-by-ransomware-over-the-weekend/

Exploit: Ransomware

City of Tulsa: Municipality

Severity Meter

Risk to Business: 1.722= Severe

The city of Tulsa, Oklahoma, has been hit by a ransomware attack that affected the city government’s network and brought down official websites. The attack, which took place on the night between Friday and Saturday, is under investigation, and city IT crews have begun restoring functionality and data from backups. This follows a string of ransomware attacks on other US municipalities in recent weeks. City officials were careful to note that no customer information has been compromised, but residents will see delays in network services. While emergency response is not hampered, 311, some credit card payment systems, and the city’s new online utility billing system were impacted.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware has been an especially nasty foe for government entities, especially cities and towns. Cybercriminals know that these targets are likely to pay ransoms and unlikely to have strong security or security awareness training in place.

ID Agent to the Rescue: Don’t take chances! Double-and triple-check to make sure that you're covering all of the bases with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


United States – Fermilab

https://www.govinfosecurity.com/us-physics-laboratory-exposed-documents-credentials-a-16536

Exploit: Credential Compromise

Fermilab: Research Laboratory 

Severity Meter

Risk to Business: 1.523 = Severe

The Fermilab physics laboratory has taken action to lock down its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details, and credentials. Fermilab, which is part of the US Department of Energy, is a world-famous particle accelerator and physics laboratory in Batavia, Illinois. One database the researchers discovered allowed unauthenticated access to 5,795 documents and 53,685 file entries. One entry point led into Fermilab’s IT ticketing system, which displayed 4,500 trouble tickets. Also found was an FTP server that required no password and allowed anyone to log in anonymously. Other impacted systems exposed credentials, experiment data, and other proprietary information that were stored with no security.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Proprietary data needs to be stored securely. Not only does it give your competition an edge if they can see what you’re doing, but it also gives cybercriminals an edge when they’re crafting a cyberattack against your company.

ID Agent to the Rescue: Keep your data in and the bad guys out with Passly. By including multiple security essentials into one tool, Passly does the job of multiple solutions at a price everyone will love. WATCH A VIDEO DEMO>>


United States – BlueForce Inc.

Exploit: Ransomware

https://searchsecurity.techtarget.com/news/252500356/US-defense-contractor-BlueForce-apparently-hit-by-ransomware

BlueForce: Defense Contractor 

Severity Meter

Risk to Business: 1.668 = Severe

Someone who runs training programs may need to upgrade their security awareness training. Defense contractor BlueForce has been hit by the Conti ransomware group. The gang posted data from the operation on its leak site along with supposed chat records from its negotiation with BlueForce. The Conti gang has demanded 17 bitcoin for the decryption key. BlueForce is a Virginia-based defense veteran-owned contractor that works with the US Department of Defense and the US Department of State on program management, training, and development initiatives.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Increased security awareness training makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.

ID Agent to the Rescue: Security awareness training including phishing resistance with BullPhish ID is easy and painless for trainers and employees. SEE IT AT WORK IN A NEW VIDEO!>>


United States – CaptureRX 

https://www.infosecurity-magazine.com/news/capturerx-data-breach-impacts/

Exploit: Ransomware

CaptureRX: Medical Software Company 

Severity Meter

Risk to Business: 1.907 = Severe

Texas-based CaptureRx, fell victim to a ransomware attack in which cybercriminals snatched files containing the personal health information (PHI) of more than 24,000 individuals. The security breach impacted 17,655 patients of Faxton St. Luke’s Healthcare and a further 6,777 patients at Gifford Health Care as well as an indeterminate number of Thrifty Drug Store patients. CaptureRx is currently unclear how many of its healthcare provider clients have been affected by the attack. Nor has the company finished its final tally of how many individuals had their PHI exposed because of the incident.

Severity Meter

Risk to Business: 1.959 = Severe

Data exposed and stolen by the ransomware attackers included names, dates of birth, prescription information, and, for a limited number of patients, medical record numbers. Affected healthcare provider clients were notified of the incident by CaptureRx between March 30 and April 7.

Customers Impacted: 24K +

How it Could Affect Your Customers’ Business: The medical sector has been absolutely battered by ransomware in the last 12 months. Breaches at service providers like this and Accellion show that cybercriminals are playing smart by hitting targets that offer them access to a variety of information that has value for future attacks.

ID Agent to the Rescue: Stopping ransomware starts with stopping phishing. in “The Phish Files", you’ll learn strategies to spot and stop phishing attacks fast. READ THIS BOOK>>


United States – Alaska Court System (ACS) 

https://thehill.com/policy/cybersecurity/551463-alaska-court-system-forced-offline-by-cyberattack

Exploit: Ransomware

Alaska Court System: Judicial Body 

Severity Meter

Risk to Business: 1.572 = Severe

The Alaska Court System (ACS) was forced to temporarily disconnect its online servers this week due to a cyberattack that installed malware on their systems, disrupting virtual court hearings. The court’s website had been taken offline and the ability to search court cases had been suspended while it worked to remove malware that had been installed on its servers. Activities that may be impacted by the ACS taking its website offline include the ability of the public to view court hearings over Zoom, online bail payments, submitting juror questionnaires, and sending or receiving emails to or from an ACS email address.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime especially against local, state, and municipal governments with often weak or outmoded IT departments.

ID Agent to the Rescue: Don’t let cybercriminals slow your business down – learn to mitigate the risk of trouble in Ransomware 101. DOWNLOAD FREE EBOOK>>


Au

Australia – NSW Labor Party

https://www.smh.com.au/national/nsw/police-investigate-cyber-attack-on-nsw-labor-party-20210505-p57p4y.html

Exploit: Ransomware

NSW Labor Party: Political Organization 

Severity Meter

Risk to Business: 2.109 = Severe

The ransomware group Avaddon is threatening to release a trove of sensitive information including images of passports, driver’s licenses, and employment contracts from a ransomware hit on the NSW Labor Party. The cybercriminals have demanded a response to its ransom request within 240 hours and threatened to launch a denial of service attack against the party if it did not pay. NSW Police has come on board in the investigation.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the modern cybercriminal’s weapon of choice. Make sure your clients are taking every possible precaution because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.

ID Agent to the Rescue: Review the trends in ransomware in 2020 and see how we expect it will impact businesses in 2021 in The Global Year in Breach 2021. GET THIS BOOK>>


Australia – Schepisi Communications 

https://www.news.com.au/technology/online/hacking/telstra-service-provider-hit-by-cyber-attack-as-hackers-claim-sim-card-information-stolen/news-story/2ff32b2e3634506882102e9c9d012994

Exploit: Hacking

Schepisi Communications: Cloud Storage 

Severity Meter

Risk to Business: 2.307 = Severe

Melbourne-based Schepisi Communications has been the victim of a suspected ransomware attack. The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web. The company is a service provider for Telstra that supplies phone numbers and cloud storage services. Among Schepisi’s other customers that appeared to have had their information exposed were global food conglomerate Nestle, a Melbourne radio station, an Australian property management firm, and a financial services company based in Victoria.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Malware and ransomware have been the plague of increasingly beleaguered service providers. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack.

ID Agent to the Rescue: Make sure that everyone on the IT team is up to date on today’s threats and ready for tomorrow’s by arming them with the essential tips, tricks, and walkthroughs for security challenges in “The Security Awareness Champion’s Guide"GET THIS FREE BOOK>> 


Asia Pacific

India – WedMeGood 

https://www.hackread.com/shinyhunters-leak-india-wedmegood-database/

Exploit: Hacking

WedMeGood: Wedding Planning 

Severity Meter

Risk to Business: 1.817 = Severe

Legendary cybercrime gang ShinyHunters has dumped a database belonging to WedMeGood, a popular Indian wedding planning platform. WedMeGood is yet to verify the data breach, but dark web analysts say that the database contains 41.5 GB worth of data. Lately, the hacking group has been focusing on leaking databases of Indian entities. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.773 = Severe

Impacted users have had PII exposed including full names, city, gender, phone numbers, email addresses, password hashes, booking leads, last login date, account creation date, Facebook unique ID numbers, vacation descriptions for Airbnb, and other wedding details. Site users will want to be aware of the potential of spear-phishing attacks using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks have been especially prevalent against targets in India recently, with hits on other major companies like BigBasket and Dr. Reddy’s. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack.

ID Agent to the Rescue: Get the tools that you need to conduct security awareness training that includes phishing resistance painlessly in the new BullPhish ID. SEE THE UPDATE WEBINAR>>


dark web

Take a deep dive into the dark web with experts (and take home a deck of screenshots) In the webinar Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>


Guide to risk scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Added intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


Cybersecurity Risk Protection Checklist

Don’t become a cybercrime statistic. The Cybersecurity Risk Protection Checklist will help you find and fix security gaps. GET IT>>


Resource spotlight

Fight Back Against Ransomware Attacks with These Resources

In light of the major breach at Colonial Pipeline, we’re shining our resource spotlight on resources that you can use to protect your clients (and your business) from similar incidents. 

  • One important metric for avoiding productivity loss when faced with nation-state cybercrime is cyber resilience. Are you ready to keep operating under challenging conditions? The Road to Cyber Resilience will help you prepare. GET IT>>

Featured briefing

Service Providers Are at Risk For Infrastructure Attacks Like What Just Happened at Colonial Pipeline


A major Russian hacking gang has successfully mounted a ransomware attack on major US fuel transporter Colonial Pipeline. The company is the operator of the largest fuel pipeline in the US, moving fuel into states on the Eastern seaboard, transporting more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor. Colonial Pipeline was forced to shut down its operations Friday including approximately 5,500 miles of pipeline, responsible for half of the East Coast’s fuel supply.

Late Monday, FBI officials announced that the culprit is DarkSide, a Russian ransomware gang. Sources familiar with the operation say that the gang stole almost 100 gigabytes of data in the incident. DarkSide has compromised more than 40 victim organizations and demanded between $200,000 and $2 million in ransom from them since its emergence in August 2020. The gang claims to be apolitical and contends that it did not know that a subsidiary was mounting this attack. DarkSide contends that this attack violates their stated policy of socially responsible hacking.

It’s Not Just Big Fish Anymore

Attacks like this one, against infrastructure targets and the service providers that operate and support them, are becoming increasingly more common as threat actors look for key targets to hit. Ransomware gangs that perform these operations often work toward several purposes like hunting for juicy ransoms from critical infrastructure, manufacturing, and emergency services targets that they render inoperable and capturing data that can be used or sold in today’s booming dark web data markets. Sophisticated gangs are also always on the hunt for vulnerabilities or opportunities that will allow them to strike at other high-value targets. The Colonial Pipeline attack comes amid rising concerns over the cybersecurity vulnerabilities in America’s critical infrastructure following a spate of recent incidents.

Any organization that provides services for companies in multiple sectors is at risk of landing in the sights of cybercriminals who are probing for vulnerabilities that will allow them to damage infrastructure targets. Many smaller companies that are not in commonly targeted industries may have security gaps that are easy for skilled gangs to get through. Infrastructure attacks are most commonly carried out by gangs with a higher level of sophistication. Those same cybercriminals may be considering ransomware attacks that enable them to steal data about or gain backdoor access to their true targets. In some cases, the challenges of supporting a remote workforce have given bad actors an edge when mounting attacks. Experts suspect that may have been the case in the Colonial Pipeline attack.

Nation-state cybercriminals are some of the biggest threats to infrastructure targets. The unclassified version of the 2021 Annual Threat Assessment recently released recently by the US intelligence community concluded that “cyber threats from nation-states and their surrogates will remain acute” as countries with nefarious aims “use cyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure.” Ransomware is the preferred weapon of nation-state cybercrime. But other sectors are also at risk for nation-state ransomware attacks. Over 90% of security alerts released by Microsoft about nation-state cyberattacks in 2020 warned of danger against non-governmental or infrastructure targets.


Password

Is your data really password-protected? Learn the truth in Building Better Passwords. GET THIS BOOK>>


The Target List is Expanding

Some sectors that have recently been under threat include:

  • Infrastructure & Utility Services Infrastructure targets are high on the ransomware priority list, and so are the companies that facilitate their operations. Not only do cybercriminals know that these services will need to be restored quickly, giving them a better shot of getting paid, but successful strikes against the specialty service providers for those targets can provide them with valuable data, credentials, malware delivery systems, and backdoors that facilitate more attacks.
  • Transportation & Logistics Transportation and logistics targets got hammered in the run-up to vaccine distribution. Ransomware gangs, some of them nation-state threat actors, conducted a spear-phishing/ransomware campaign against organizations in six countries involved in providing special temperature-controlled environments to support the COVID-19 supply chain.
  • Manufacturing Taking advantage of a greater reliance on remote operations software, ransomware gangs, and nation-state threat actors turned their weapons on a wide array of manufacturers in 2020, including brewers in Australia. In addition to general ransomware danger, Commercial facilities and manufacturers are high priority targets for nation-state actors as well.
  • Education & Research Russian and Chinese state-sponsored hackers took the website and IT system of the UK Ministry of Defence training school offline using ransomware in an attempted incursion into the larger systems of the UK Defence department. Ransomware gangs also hit many colleges conducting remote learning as well as medical schools, research facilities, and institutions involved in gathering data about COVID-19 in 2020.
  • Pharmaceutical Strikes against pharma were fast and furious in 2020, culminating in a period in which 3 major companies were hit in the same week. Ransomware gangs including nation-state actors were involved in ransomware attacks against laboratories and pharmaceutical companies developing vaccines for COVID-19 like Pfizer, Takeda, and Dr. Reddy’s.
  • Healthcare Innumerable hospitals, clinics, and medical facilities were nailed by ransomware gangs in 2020 sometimes impacting patient care, and healthcare is still at the top of the list for ransomware. A recent tally notes 92 individual ransomware attacks occurred at healthcare organizations, and 600 clinics, hospitals, and organizations were affected. In addition, more than 18 million patient records were impacted by these ransomware attacks, a 470% increase from 2019.
  • Insurance Just a few weeks ago, CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) reported a ransomware attack conducted by nation-state actors in which data on more than 100k insureds was stolen and attempts were made to leverage its systems against its partners.
  • Cybersecurity, Software, Cloud Computing, & Digital Services Companies that provide software, services, and security are in cybercriminal sights as quick, quiet ways to access systems at major entities in government, defense, and business, as we saw in the recent Microsoft Exchange hack. This method of targeting has been spectacularly successful with breaches at critical data processing and storage giant Accellion creating ripple effects that lasted for months after the initial hit.

Phishing

Don’t get caught by phishing! Learn more about types of attacks and how to avoid them in The Phish Files. READ THIS BOOK>>


Prepare Now to Avoid Trouble Later

This attack only reinforces the lesson taught through the Solarwinds incident as well as data breaches: cybercriminals are willing to go into the supply chain and hit third-party service providers in order to get to their big targets. Experts estimate that 51% of businesses were victims of ransomware in 2020. For SMBs that fall in their sights, it’s often a case of looking for a weak security link that will allow these gangs access to systems and data that will further their aims. Ransomware cyber insurance claims grew by 260% in 2020. Take your clients out of the line of fire by equipping them to present a strong defensive posture to these predators.

Stop Phishing Lures from Landing

The number one tool of sophisticated cybercrime gangs and nation-state cybercriminals is ransomware. Reduce the chance of a ransomware attack landing by reducing the chance of someone falling for phishing. The freshly retooled BullPhish ID makes it a snap to create industry-specific content for your clients that simulates the real threats that their employees face every day including attachments, or our plug-and-play kits are constantly updated to reflect new threats. Take a look at the new BullPhish ID in this webinar.

Stay Up to Date on Trends

In our eBook Breaking Up with Third Party and Supply Chain Risk, we look at how ransomware trends were aligned with major world events in 2020. Stay in the know about what trends are emerging to spot the next big area of impact and get your business and your customers prepared accordingly. Get a complete analysis of cybercrime trends in 2020 and our predictions on what we expect to see this year as well as data that you can use to make your own projections in The Global Year in Breach 2021. Then use our Cybersecurity Risk Protection Checklist to make sure that all of the bases are covered for each of your clients.

Lock Every Entrypoint

Make sure that your clients understand the real power of secure identity and access management to protect them from danger if their business is targeted in an infrastructure ransomware attack. By adding an affordable solution like Passly, your clients gain protection against common attacks that these threat actors use, like logging into systems with a phished password to deploy ransomware. Multifactor authentication (MFA)is the most powerful defensive tool that your clients can implement now, and it stops 99.9% of password-based cybercrime according to experts at Microsoft. In addition to its usefulness as a weapon against hacking. This video explains more about the benefits of Passly.

Note To Our Customers

Is Your Business in Danger from an Infrastructure Attack?


Infrastructure-targeted cyberattacks aren’t just the problem of big business, government, and military targets these days. Increasingly, cybercriminals including nation-state actors, are setting their sights on smaller companies that may have weaker security. One in four attacks that IBM Security X-Force Incident Response remediated in 2020 were caused by ransomware. But by taking a few sensible precautions, you can bolster your defenses against this threat.

Experts estimate that 51% of businesses were victims of ransomware in 2020. These included companies in data handling, cloud computing, medical information processing and storage, transportation, manufacturing, education, and many other sectors that may not at first glance seem like infrastructure targets. By attacking companies that do business with big fish, cybercriminals can gain information about them, or even gain access to the systems of major targets, like recently happened with Solarwinds.

Cybercrime gangs overwhelmingly favor ransomware as their weapon of choice in these attacks. This multifunctional tool can be used to shut down production lines, steal data, lockdown servers, and cripple services. The number one delivery system for ransomware is phishing – 94 % of ransomware arrives at businesses via email. By preventing phishing attacks from finding success in your business, you can protect your business from ransomware.

BullPhish ID is the perfect solution for training staffers to resist phishing attacks. Customization capability means that your employees can be trained in simulations that mimic real threats that they face every day, no matter what your industry – including URLs, attachments, and content. Plus, increased security awareness training that includes phishing resistance can reduce your risk of suffering a cybersecurity incident by up to 70%!

Take action now to protect your business from this growing threat by implementing sensible precautions like a security assessment to find vulnerabilities and increased security awareness training to ensure that you’re ready for trouble.

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW