The Week In Breach News 2/10/21 - 2/16/21

by Wally Moore

on February 18, 2021

in Data Breach

IDA-TWIB-blog-thumb-1

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach News” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

by Kevin Lancaster

This Week in Breach News:

A Florida municipal water plant breach raises alarm, ransomware impacts hospital care in France, our special look at 3 ways that MSPs and SMBs can work together to fight ransomware.

United States

United States – Syracuse University

http://dailyorange.com/2021/02/names-social-security-numbers-of-syracuse-university-students-exposed-in-data-breach/ 

Exploit: Unauthorized Access to Email

Syracuse University: Institution of Higher Learning

Severity Meter

Risk to Business: 2.379 = Severe

An unknown party gained unauthorized access to an employee’s email account at Syracuse University. The university launched an investigation with a third party firm that determined in early January that emails and attachments in the account that had been improperly accessed did contain names and Social Security numbers of students, and those affected who have been informed by letter.

Severity Meter

Individual Risk: 1.347 = Severe

Impacted students may have had names and Social Security numbers exposed. officials aren’t clear on how much data was stolen or who may have taken it. Students should be alert to potential identity theft or spear phishing attempts.

Customers Impacted: 10,000

How it Could Affect Your Customers’ Business: Data like this is a currency on the Dark Web, and it can hang around for years acting as fuel for future cybercrime like phishing.

ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>


United States – Chess.com

https://www.hackread.com/vulnerability-chess-com-50-million-user-records-accessed/

Exploit: Security Vulnerability

Chess.com: Gaming and Resource Site 

Severity Meter

Risk to Business: 2.211 = Severe

Security researchers found a critical bunch of vulnerabilities in chess.com’s API. The flaws could have been exploited to access any account on the site. They could also be used to gain full access to the site through its administrator panel. The website quickly fixed the problem after they were informed. There’s no current evidence that it was accessed by bad actors before it was patched.

Customers Impacted: 50 million

How it Could Affect Your Customers’ Business: Security vulnerabilities can lead companies down dangerous paths and expose them to unexpected risks. Building a strong security culture helps make sure everyone is on the same page when it comes to data protection.

ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. READ THE BOOK>>


United States – Nebraska Medicine

https://apnews.com/article/technology-data-privacy-nebraska-94d8a76d2b772a3014773023c989d71a

Exploit:  Malware

Nebraska Medicine: Health System

Severity Meter

Risk to Business: 1.663 = Severe

Nebraska Medicine and the University of Nebraska Medical Center have begun notifying patients and employees whose personal information may have been compromised in a breach in late 2020. Bad actors gained access to Nebraska Medicine and UNMC’s shared network using unnamed malware. The breach led to the interruption of some services including the postponement of patient appointments and required staff in the system’s hospitals and clinics to chart by hand.

Severity Meter

Individual Risk: 2.101 = Severe

Nebraska Medicine officials say that the incident did not result in unauthorized access to the health system’s shared electronic medical record application. However, an unspecified number of records that included information such as names, addresses, health insurance data, Social Security numbers and clinical information was compromised. Patients and employees should carefully watch for identity theft, spear phishing or fraud attempts using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware isn’t the only kid on the block when it comes to causing a data breach – many types of malware are available for bad actors to use, and they can do devastating damage without the ransom.

ID Agent to the Rescue: Read our Security Awareness Champion’s Guide, for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals conduct them. GET THE BOOK>>


United States – Oldsmar Water Treatment Plant

https://threatpost.com/florida-water-plant-hack-credentials-breach/163919/

Exploit: Credential Compromise

Oldsmar Water Treatment: Municipal Water System Plant 

Severity Meter

Risk to Business: 2.022 = Severe

In an attack that made national headlines, bad actors are suspected of using stolen credentials to access operational systems at a Florida wastewater treatment plant. The attackers likely used remote access software to enter the operations system with the intent of changing the level of sodium hydroxide, more commonly known as lye, in the water from 100 parts per million to 11,100 parts per million. Other systems detected the chemical change and stopped it before anyone was hurt. Officials suspect that the compromised credentials may have been part of a huge 2017 data dump.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Recycled, reused, and weak passwords can cause trouble for years, and that’s especially dangerous when they give access to critical infrastructure like this.

ID Agent to the Rescue: Passly is an essential protection for every business, adding multifactor authentication that stops more than 90% of password-based cyberattacks. SEE IT IN ACTION>>


Canada

Canada – Canadian Discount Car and Truck Rentals

https://securereading.com/darkside-ransomware-gang-hits-canadian-rental-car-company/ 

Exploit: Ransomware

Canadian Discount Car and Truck Rentals: Vehicle Rental Company

Severity Meter

Risk to Business: 1.668 = Severe

The DarkSide ransomware gang claims to have stolen 120 GB of data from Canadian Discount Car and Truck Rentals. The snatched data includes marketing, finance, account, banking and franchisee information. The company’s clients are also unable to book or manage rentals online.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware usually means phishing, today’s top threat to businesses. Every company can be hit by ransomware at any time. Employee training is vital to guard against this threat.

ID Agent to the Rescue: BullPhish ID is newly updated and upgraded to provide top-tier training that’s user-friendly for everyone involved. LEARN MORE IN THIS WEBINAR>>


United Kingdom

France – Dax-Cote de Argent Hospital

https://portswigger.net/daily-swig/dax-cote-dargent-hospital-in-france-hit-by-ransomware-attack 

Exploit: Ransomware

Dax-Cote de Argent Hospital: Medical Center 

Severity Meter

Risk to Business: 1.413 = Extreme

A suspected Egregor ransomware attack has caused significant operational disruption at French medical center Dax-Cote de Argent Hospital. Staff were resorting to pen and paper for records, phone systems were knocked out of operation and critical departments including radiotherapy care were severely disrupted. Officials at the hospital system, which has six sites and around 1,000 beds, were quoted as saying that restoration of normal operations could be several weeks away.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is lurking around every corner, and it can have severe impacts on every organization, resulting in everything from stolen data to near-complete operational shutdown.

ID Agent to the Rescue: In our eBoom Ransomware 101, learn how to spot and stop ransomware and add essential defenses against future attacks before it impacts your business. GET THE EBOOK>>


France – Mutuelle Nationale des Hospitaliers (MNH)

https://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/

Exploit: Ransomware

Mutuelle Nationale des Hospitaliers (MNH): Insurance Company 

Severity Meter

Risk to Business: 2.062 = Severe

RansomExx ransomware is to blame for an attack at French health insurance company Mutuelle Nationale des Hospitaliers (MNH) that has severely disrupted the company’s operations. The company’s website displays a notice stating that it has been affected by a cyberattack that started on February 5th. This attack has caused their websites, customer portal and telephone platform to go down. The attack is ongoing and under investigation, but operations are severely limited for clients.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware does more than just steal data these days, it is frequently used to halt operations altogether and bring companies to their knees as cybercriminals try for a fast payment from a simple phishing attack.

ID Agent to the Rescue: Is your business ready to fend off today’s tricky phishing attacks? Learn what cybercriminals are using as bait and how to stay off the hook in our eBook Phish Files. GET THIS EBOOK>>


Poland – CD Projekt Red

https://www.theverge.com/2021/2/11/22278121/cd-projekt-red-ransomware-hack-cyberpunk-2077-the-witcher-3-auction-sale

Exploit: Ransomware

CD Projekt Red: Videogame Developer 

Severity Meter

Risk to Business: 1.667 = Severe

Beleaguered game developer CD Projekt Red faces a new challenge as cybercriminals have obtained and auctioned off part or all of the source code for its biggest game properties including Thronebreaker: The Witcher Tales spinoff, The Witcher 3, a ray-traced version of The Witcher 3Cyberpunk 2077, virtual card game Gwent and copies of the company’s internal documents. Experts suspect HelloKitty ransomware is behind the attack.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can give cybercriminals access to your corporate secrets like source code of schematics that they can sell to enrich themselves and hurt your business.

ID Agent to the Rescue: Is your company in danger from insider threats like careless employees clicking on a ransomware-laden phishing email when they shouldn’t? Get our Stop Insider Threats eBook! GET THIS RESOURCE>>


Insider threats

Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT


Australia

Australia – QIMR Berghofer Medical Research Institute 

https://portswigger.net/daily-swig/australian-research-institute-confirms-likely-data-breach-after-third-party-accellion-hack

Exploit: Third Party Data Breach

QIMR Berghofer Medical Research Institute: Medical Research Facility 

Severity Meter

Risk to Business: 1.802 = Severe

Investigators handling a breach at QIMR Berghofer Medical Research Institute have announced that certain data stored in a file-sharing system from third-party service provider Accellion has been improperly accessed. Officials say that they were told that their data had been impacted by a breach at Accellion in December 2020, and subsequently discovered that around 4% of their data held by Accellion had been compromised. QIMR Berghofer said that it used Accellion’s services to share data related to clinical trials of anti-malaria drugs.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third party risk is everywhere, and as the world grows more interconnected with more outsourcing of things like data storage, every company must be cautious about protecting itself against third party risk.

ID Agent to the Rescue: Learn more about keeping your data and systems safe the right way with our Cybersecurity Resolutions Checklist. DOWNLOAD IT>>


Dark Web

COVID-19 has changed everything – including the Dark Web. See how it has evolved and how that impacts security in our eBook. DOWNLOAD IT>>


Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Added intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Cybersecurity is serious business, but it doesn’t always have to have a serious tone. These 5 posts make cybersecurity fun while helping you solve unexpected difficulties.


 

Featured briefing

3 Smart Ways That MSPs & SMBs Can Beat Ransomware Together 


Ransomware threats have been continuing to climb, with a more than 40 percent increase in attacks in Q3 2020 alone. In a recent survey, 70 percent of MSPs report ransomware as the most common malware threat that they’re facing when working to secure to SMBs. The good news for recession-battered MSPs 50 percent of survey respondents said that their clients have increased their budget for IT security including solutions and training in 2020, but how can you utilize that spending power to maximize protection against threats like ransomware?



Educate


Far too many employees still get taken in by phishing. Proper security awareness training can reduce your chances of falling victim to phishing-based cyberattacks by up to 70 percent, as long as that training is updated every 3 – 4 months. Ransomware is commonly the poisoned cargo of a phishing email, and increasing phishing resistance is crucial for stopping it. Every business of every size in every industry is at risk of a damaging phishing attack. No one is immune.

 

Secure


Sometimes, even the most security-conscious employees make a mistake and click on a dodgy email or follow a bad link. Human error is a fact of life for every business. In a recent survey, common accidental employee behaviors cited as likely to result in cyberattacks include clicking on a malicious link or downloading a compromised file (43%), falling victim to phishing emails (39%) and unauthorized use of devices and applications (35%). Those are the kind of mistakes that can open the door to ransomware nightmares.

It’s important that you understand that no solution or plan is perfect – the biggest threat to any cybersecurity plan is people! So you should  find and fill security gaps to add extra protection against human error. Secure identity and access management with Passly is the ideal jack-of-all-trades solution for budget-minded clients. Multifactor authentication alone mitigates against many of today’s most dangerous cyberattacks, and single sign-on plus remote management tools provide an excellent means to both increase access point security (something more than 75 percent of companies need to do), and quickly respond to attacks.


Prepare


What should you do if you experience a ransomware attack? Having a plan in place for incident response is just as important as having the right solutions in securing systems and data against ransomware. Have you created an emergency response plan for each of your clients and reviewed it with them? Having a solid security response plan can save more than 30 percent of the cost of an incident, but only 21 percent of companies have one in place.

In today’s explosive cybersecurity world, your clients need to be ready for anything. Work with them to make sure that everyone is on the same page by building a solid cybersecurity incident response plan that fits their needs and update it as their business evolves. Part of building that plan should start with increasing their cyber resilience. It’s not good enough just to build defenses anymore, companies have to be ready to pivot to respond to today’s sophisticated cyberattacks and keep working.

Contact the experts at ID Agent and let’s talk about how we can work together to help you find exactly the right solutions to secure your clients against ransomware, build your business, and deliver an excellent customer experience.


Events

Mar 3 – Business Management Online Summit REGISTER NOW>>

Mar 11 – The MSP Lounge (EMEA Special) REGISTER NOW>>

Mar 23 – Xaas Summit: Innovation on Demand Via the Channel (EMEA Special) REGISTER NOW>>

Mar 31 – Apr 1 – Zero Trust World (MSP Edition) REGISTER NOW>>


Cybersecurity

If Cybersecurity is Like a Game, Shouldn’t You Play to Win? Here’s How to Do It.

DOWNLOAD THE SECURITY AWARENESS CHAMPION’S GUIDE>>


Customers

Protect Against the Number One Cause of a Data Breach – Human Error


CISOs around the world agree – human error is the most dangerous threat that any cybersecurity plan can face. In a recent study, 55% of survey respondents noted that human error and lack of cybersecurity awareness is their top concern. Even though they were concerned, 44% of the survey respondents stated they did not know how to discover who should be counted among the most at-risk employees for a major mistake.

So how can an organization add protection that helps guard against damage done by employee cybersecurity mistakes if it doesn’t know who might be in line to make those mistakes? By adding a strong guardian that protects your systems and data from all sorts of cybersecurity disasters that’s both effective and cost-effective.

Using a secure identity and access management solution like Passly to guard your access points is the fastest way to stop many of today’s worst threats without breaking the bank. It’s a crucial mitigation for today’s flexible workforce, enhancing security no matter where your staff is working from. That’s why more than 40% of CISOs chose secure identity and access management as their top cybersecurity priority in 2021.



The biggest shield that you gain against cybercrime with Passly is multifactor authentication. This single mitigation on its own can stop more than 90% of password-based cybercrime. That includes the majority of attacks based on credential compromise, the damage from password theft by phishing, the dangers of reused passwords and many other common human error driven catastrophes. Multifactor authentication is an absolute must-have for every business.

Every employee makes errors. Security awareness training and building a strong cybersecurity culture are important to reducing the incidence of mistakes, but you’ll never stop them all. By taking the proper precautions against damage caused by human error, you can keep your systems and data safe even when staffers aren’t on their toes.

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW