This Week In Breach 11/25/2020 to 12/01/2020

TWIB1130draft

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology.

One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

December 2nd, 2020 by Kevin Lancaster

This Week in Breach News: Baltimore County Public Schools learn a lesson about ransomware, healthcare targets worldwide take security hits, learn to spot and stop phishing with intel from our cybercriminal secret files, see how business email compromise scams are taking a new turn, and show your customers the importance of cyber risk literacy.

The Week in Breach News – United States 

United States – Baltimore County Public Schools

https://www.bizjournals.com/baltimore/news/2020/11/25/ransomware-attack-baltimore-county-public-schools.html

Exploit: Ransomware

Baltimore County Public Schools: School System 

Severity Meter

Risk to Business: 1.222 = Extreme
Ransomware attacks on school systems around the country have grown exponentially, and that lesson was driven home for Baltimore County Public Schools last week. A ransomware attack forced the system to shut down completely for three days, disrupting online learning for K – 12 students. The district has 115,000 students.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Approximately 115,000 students and 7,300 teachers.

How it Could Affect Your Customers’ Business: Ransomware can unleash extreme devastation, going beyond stealing data to shutting down an organization’s operations completely.

ID Agent to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>

United States – Belden

https://www.securityweek.com/belden-discloses-data-breach-affecting-employee-business-information

Exploit: Unauthorized Database Access

Belden: Signal Transmission Solutions Manufacturer 

Severity Meter

Risk to Business: 1.992 = Severe
An unauthorized user gained access to at least one database full of employee and client information. The company noted in a statement that attackers apparently accessed a “limited number” of Belden’s file servers, but the firm said the breach did not have any impact on production in manufacturing plants, quality control, or shipping.

Severity Meter

Individual Risk: 1.990 = Severe
The company went on to state that filched employee information may have included names, birthdates, government-issued identification numbers (for example, social security / national insurance), bank account information of North American employees on the Belden payroll, home addresses, and email addresses. Potentially compromised information for business partners includes bank account data and tax ID numbers.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Password compromise is often the culprit behind an intrusion like this, and that’s a matter that needs to be taken seriously in order to prevent this kind of drama.

ID Agent to the Rescue: Passly adds essential security tools like multifactor authentication to throw up roadblocks between unauthorized users and your sensitive employee and client data. LEARN MORE>>

United States – Spotify

https://blog.malwarebytes.com/reports/2020/11/spotify-resets-some-user-logins-after-hacker-database-found-floating-online/

Exploit: Credential Stuffing

Spotify: Digital Music Streaming Service 

Severity Meter

Risk to Business: 1.992 = Severe
Spotify ended up with egg on its face last week after security researchers uncovered an unsecured Elasticsearch database containing more than 380 million records. The exposed data contained login credentials and other information belonging to Spotify users. The researchers in concert with Spotify investigators determined that whoever owned the database had probably obtained the login credentials from an external site and used them on Spotify accounts in a credential stuffing operation.

Severity Meter

Individual Risk: 2.801 = Moderate
The data that was exposed includes customers’ usernames and passwords for Spotify, as well as email addresses and countries of residence. Information like this could be used to fuel spear phishing attempts. Spotify users should reset their passwords.

Customers Impacted: 80,000

How it Could Affect Your Customers’ Business: Credential stuffing is a threat that becomes more serious every day as new dumps of passwords hit the Dark Web. If you’re not watching for potential trouble, you’re leaving your business open to disaster.

ID Agent to the Rescue: Millions of passwords are available in Dark Web dumps just waiting for cybercriminals to use for password-based cyberattacks like credential stuffing. With Dark Web ID, you’re alerted if your protected passwords show up in Dark Web dumps. BOOK A DEMO>>

United States – LSU Health New Orleans

https://www.infosecurity-magazine.com/news/louisiana-hospitals-report-data/

Exploit: Unauthorized Systems Access

LSU Health New Orleans: Medical System 

Severity Meter

Risk to Business: 1.802 = Severe
A major attack on another healthcare target, LSU Health New Orleans disclosed that an unauthorized intrusion into an employee email inbox occurred on September 15, 2020. The mailbox access was discovered and disabled on September 18, 2020, but not before sensitive information was potentially snatched about patients who received care at Lallie Kemp Regional Medical Center in Independence; Leonard J. Chabert Medical Center in Houma; W. O. Moss Regional Medical Center in Lake Charles; the former Earl K. Long Medical Center in Baton Rouge; Bogalusa Medical Center in Bogalusa; University Medical Center in Lafayette; and Interim LSU Hospital in New Orleans.

Severity Meter

Individual Risk: 1.616 = Severe
Data exposed in the attack may have included patients’ names, medical record numbers, account numbers, dates of birth, Social Security numbers, dates of service, types of services received, phone numbers and/or addresses, and insurance identification numbers. The type and amount of patient information compromised in the incident varied and a limited number of exposed emails may have contained a patient’s bank account number and health information including a diagnosis. Patients treated by LSU health New Orleans should be alert to potential identity theft and spear phishing risks.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Controlling access to your company’s systems and data is even more important when the data that you’re storing is especially sensitive and its exposure could incur major penalties.

ID Agent to the Rescue: Control your access points effectively with Passly to ensure that the right people have access to the right things at the right times – and only the right people. SEE HOW IT WORKS>>

United States – Sophos

https://www.zdnet.com/article/sophos-notifies-customers-of-data-exposure-after-database-misconfiguration/

Exploit: Misconfiguration

Sophos: Cybersecurity Provider 

Severity Meter

Risk to Business: 2.336 = Severe
A misconfigured database with access permission issues is to blame for the exposure of client data at Sophos. The company stated that the exposed database was used to store information on customers who have contacted Sophos Support. This is the second major security incident Sophos has dealt with this year.

Severity Meter

Individual Risk: 2.772 = Moderate
The database did not contain any sensitive information. Sophos disclosed that the exposed information included details such as customer first and last names, email addresses, and phone numbers. Clients should be alert to potential spear phishing risk using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nocomany can avoid occasional problems like this, whether they’re caused by malfunctioning software or an employee miss-click. Putting extra layers of security in place helps mitigate the damage of these troublesome security incidents.

ID Agent to the Rescue: Protecting your data and systems with more than one layer of security helps blunt the blow of inevitable mistakes and malfunctions. Passly provides that extra protection immediately at an excellent price. LEARN MORE>>

United States – US Fertility

https://securityaffairs.co/wordpress/111513/data-breach/ransomware-hits-us-fertility.html

Exploit: Ransomware

US Fertility: Specialty Medical Clinic Operator 

Severity Meter

Risk to Business: 2.229 = Severe
Ransomware disrupted operations at the largest provider of fertility services in the US after a number of servers and workstations became encrypted by ransomware. While US Fertility was able to restore operations quickly, the healthcare company determined that some patient data had been exfiltrated in the incident.

Severity Meter

Individual Risk: 2.312 = Severe
Cybercriminals were able to steal an indeterminate number of files containing patient information including names, addresses, dates of birth, MPI numbers, and for some individuals Social Security numbers. Clients should be alert to the possibility of spear phishing and identity theft using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a huge threat to healthcare targets right now, as was disclosed in a recent CISA alert. Healthcare sector businesses need to be alert to the danger and using their resources wisely to combat it.

ID Agent to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>

The Week in Breach News – United Kingdom & European Union

United Kingdom – National Health Service

https://www.infosecurity-magazine.com/news/nhs-error-exposes-data-hundreds/

Exploit: Insider Threat (Employee Error)

National Health Service: National Healthcare System 

Severity Meter

Risk to Business: 2.706 = Severe
An employee error at NHS Highland earlier this month led to the personal information of 284 patients with diabetes becoming exposed after a spreadsheet was accidentally shared via email with 31 NHS staffers who weren’t authorized to access it.

Severity Meter

Individual Risk: 2.812 = Severe
The spreadsheet of data was limited to just patients treated at the affected location. Information on the spreadsheet included names, dates of births, contact information, and hospital identification numbers for the 284 patients.

Customers Impacted: 284

How it Could Affect Your Customers’ Business: Human error will always be a factor in cybersecurity. But adding extra locks on sensitive information can prevent incidents like this one.

ID Agent to the Rescue: Passly provides the extra security that businesses need to guard against accidental unauthorized access incidents with single sign-on LaunchPads that make it easy to control who has access to what. LEARN MORE>>

Holland – Endemol Shine Group

https://www.forbes.com/sites/leemathews/2020/11/28/notorious-ransomware-gang-hits-producers-of-big-brother-master-chef-and-the-voice/?sh=1b017a2773bb

Exploit: Ransomware

Endemol Shine Group: Television Production & Distribution 

Severity Meter

Risk to Business: 1.662 = Severe
DoppelPaymer came calling at the Amsterdam-based production and distribution giant behind hits like Big Brother, Master Chef, and The Voice. The gang added sample data to its leak site last week, but no determination has been made about the scope or variety of information stolen. Investigation and recovery are ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware and phishing go hand in hand and as social engineering tactics improve it’s always going to be the fastest, easiest way for cybercriminals to strike.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>

Denmark – Ritzau

https://au.news.yahoo.com/ritzau-news-agency-hit-cyber-attack-150448121–spt.html

Exploit: Hacking

Ritzau: News Wire Service 

Severity Meter

Risk to Business: 2.237 = Severe
An unspecified hacking attack knocked out the email and telephone capabilities at Ritzau. The bureau was forced to resort to sending out news updates via an emergency email system. Sevice remains impacted with no timeline for recovery.

Individual Impact: No personal data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks like this one are typically caused by ransomware. It has been an increasingly popular tool for nation-state hackers and other bad actors looking to disrupt infrastructure and official service targets.

ID Agent to the Rescue: Don’t wait until ransomware creates a massive disruption in your organization’s ability to fulfill critical roles. Update phishing resistance and security awareness training for every staffer BullPhish ID. SEE BULLPHISH ID IN ACTION>>

The Week in Breach News – Asia Pacific

India – IIAM Jobs

https://inc42.com/buzz/data-of-1-4-mn-users-on-iimjobs-allegedly-leaked-on-dark-web/

Exploit: Data Theft

IIAM Jobs: Job Search & Listing Provider

Severity Meter

Risk to Business: 1.569 = Severe
A security researcher uncovered a huge trove of information likely stolen from Indian jobs service IAM Jobs on the Dark Web. The data of more than 1 million users was exposed including passwords, names, phone numbers, email addresses, the location of users, their industry, and links to their LinkedIn profiles. The data appears to be about a year old.

Severity Meter

Individual Risk: 1.779 = Severe
Users of IIAM should be alert to the potential of identity theft or spear phishing created by this exposed information.

Customers Impacted: 1.4 million

How it Could Affect Your Customers’ Business: Data theft is even more problematic when it’s not noticed until far afterward by someone else. It shows your customers that you don’t take cybersecurity seriously and can make them take their business elsewhere in a hurry.

ID Agent to the Rescue: Remember, employees routinely recycle passwords between work and personal applications. Don’t miss the memo when your employee passwords are exposed on the Dark Web through incidents like this. LEARN MORE>>

The Week in Breach News – Australia & New Zealand

Australia – Law In Order

https://www.itnews.com.au/news/law-in-order-hit-by-ransomware-attack-558197

Exploit: Ransomware

Law In Order: Legal Document Services Provider

Severity Meter

Risk to Business: 1.770 = Severe
Netwalker ransomware is the culprit of a cyberattack at Law In Order, a leading processor of legal services documents. The company is still determining the scope of the attack. While originally claiming that no data was exfiltrated, Law In Order backtracked to say that it was determining exactly what data has been stolen after the cybercrime gang posted samples of the purloined information on its leak site. Recovery is ongoing and operations are experiencing a lasting impact.

Individual Risk: The company is unable to provide information about what data was stolen and to whom that data pertains.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Putting extra security between your client records and hackers is a smart move to avoid having your data become a new asset in the booming Dark Web data economy.

ID Agent to the Rescue: Information from attacks like this inevitably makes its way to Dark Web data markets. Make sure your employee credentials are protected from Dark Web data risk when you have them monitored with Dark Web ID. SEE DARK WEB ID AT WORK>>

 

what happens in dark web markets? find out now! before you choose DIY Dark Web Monitoring

Watch ” Unveiling Cybercrime Markets on the Dark Web” and get a FREE deck of Dark Web screenshots!>>

The Week in Breach News Guide to Our Risk Scores

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Resource Spotlight

Our Power Pairs Give You a Refresher Course in Cybersecurity Threats Fast

Pair One: Stay One Step Ahead of Cybercrime When You Brush Up on Phishing Threats

Phishing threats are a menace that every business is combatting these days. Wouldn’t it be great to know how cybercriminals create and launch phishing campaigns in order to predict what threats you’ll face next? We’re here to help with this power pair that delivers the goods to help you understand and defeat phishing threats in a flash!

Read: Phish Files

We’ve gathered all of our best intel about phishing-related cybercrime into this NEW eBook. Learn how phishing threats are born, why cybercriminals are so enthusiastic about phishing, and what you can do to secure your clients against today’s nastiest threats!  GET THE BOOK>>

Watch: Phishing Confidential: Offensive and Defensive Playbooks of a Phishing Attack Revealed

Learn about phishing from both sides as you see attackers and defenders in action in this webinar that demonstrates how hackers launch phishing attacks and how cybersecurity experts defend against them with real-time, step-by-step examples! WATCH THE WEBINAR>>

Pair Two: See Why Security Awareness Training is Your Real Defensive Secret Weapon

Read: Security Awareness Champion’s Guide

Become a cybersecurity hero with the tips, tricks, and clear walkthroughs of cybersecurity threats in this fantastic new eBook. Learn step-by-step strategies to defeat ransomware, business email compromise, phishing, and more on your journey to becoming a Security Awareness Champion! GET THE BOOK>>

Watch: How Phishing and Security Awareness Training Will Reduce Your Largest Attack Surface: Your Employees

Why not use every arrow in your quiver to fight cybersecurity threats? Learn how to protect your systems and data effectively and cost-effectively by taking advantage of the defensive possibilities of one of your company’s most powerful resources – your staff. WATCH THE WEBINAR>>

The Week in Breach: Featured Briefing

Business Email Compromise Scams Are Evolving to Pose a Nastier Threat Than Ever Before

Business email compromise (BEC) scams have been around for years. While they take more time and effort than other cybercrimes like ransomware or credential stuffing, BEC scams make up for it with a handsome payoff – and in a challenging economy, even cybercriminals are looking for new ways to turn a quick profit.

That’s why BEC has become both more favored and more dangerous. Bad actors are using the opportunities created by chaotic world conditions and an increased amount of information about businesses that’s readily available on the Dark Web to evolve their attacks, creating scams that are harder to spot and more efficient.

One unexpected facet of this uptick in BEC is that the operators of these scams aren’t based in some of the most expected locations for cybercrime gangs. Five US states are the home of more than 50% of BEC scammers: California, Florida, Georgia, New York, and Texas. Researchers note that BEC scams have launched in 45 states across the US in the last 12 months.

BEC scams have also been increasing is profitability for scammers. Analysts have determined that more than $64 million in stolen funds from BEC victims was transferred through 2,900 “money mule” accounts (a common tool of money laundering) in 39 countries. More than 900 US-based money mules were used in BEC scams between May 2019 and July 2020, with at least one mule spotted in every state.

 

the state of the dark web after covid-19 represented by an iceberg showing ransomware up 33% in 2020

COVID-19 has changed everything – including the Dark Web. See how it has evolved and how that impacts security in our eBook. DOWNLOAD IT>>

After a booming spring and summer for cybercrime, BEC scams show no signs of slowing down. In Q3 2020 the median number of BEC attacks received per company each week rose by 15% over Q2 2020. Attacks that perpetrated invoice or payment fraud jumped by 155% as well, with COVID-19 themed scams up by 81% during the quarter. A huge increase in Dark Web activity and large quantities of fresh data hitting Dark Web markets and dumps helped fuel the trend.

With this increased activity in BEC scams, your clients need to have their security ducks in a row to avoid potential disasters, and no business is too small to be at risk. By adding a few simple solutions to their cybersecurity mix, your clients can put the extra protection that they need to fight back against BEC in place at an excellent price, boosting their security and your MRR.

First things first: If your clients aren’t already using multifactor authentication with a tool like Passly, they need to add it immediately. One of the most widely recommended mitigations for all types of cybercrime, multifactor authentication as part of a secure identity and access management solution is a vital defensive tool for every business of every size. Passly combines the protection of MFA with other security essentials like single sign-on and secure shared password vaults to maximize protection at a minimum price.

The second component of a strategy to mitigate BEC danger is increased security awareness and phishing resistance training. Almost all BEC scams start with a phishing message. Some deploy malware, some steal passwords, but they’re all intended to do the same thing: give cybercriminals access to company systems and data.

Increasing security awareness and phishing resistance training with a solution like BullPhish ID is ideal for guarding against phishing-based cybercrime like BEC scams. Regularly updated training (at least every 4 months) transforms a company’s staff from its largest attack surface into its largest defense asset. As an added benefit, phishing resistance training also helps mitigate ransomware and credential compromise danger.

With such a handsome payoff for their work in a difficult economy, cybercriminals aren’t going to be giving up on BEC scams anytime soon. It’s time to make sure that your clients understand the danger that they face from this growing threat – and we’re here to help. Contact the experts at ID Agent to learn more about protecting your clients and your business from BEC risks.

Watch a video demo of BULLPHISH ID>>
Schedule a live demo and let our experts show you the benefits of phishing resistance training with BULLPHISH ID>>

The Week in Breach: A Note for Your Customers

Cyber Risk Literacy is Critical for a Strong Defense 

Business cyberattack threats have never been higher. Massive increases in phishing (more than 600%), ransomware (more than 150%) and other cybercrime might keep you up at night, but are your staffers aware of exactly how important cybersecurity really is to your business? Your employees might not be on the same page as you are about cybersecurity risks – and that’s a problem that could end up costing you a fortune.

For most people outside of directly technology-related positions, a cyberattack is a vague, hard to understand threat. It just doesn’t seem possible that one miss-click on an email could cost a company millions. That’s why making risk literacy a top priority for every employee is crucial to maintaining a strong defense against cybercrime.

One effective way to increase your employees’ risk literacy is with regular, engaging security awareness training that includes phishing threats since phishing is by far the most common delivery system for cyberattacks. Over 90% of incidents that end in a data breach start with a phishing email and no company can afford that right now.

 

Insider threats include phishing. Explore cybercriminal tricks to stop phishing with our new book represented by a light blue comic panel of a phishing hook and old-fashionesd comic book style in light blue on dark blue

Uncover Cybercriminal Secrets to See How They Trick You Into Falling for Phishing Attacks & How to Fight Back!
Read Phish Files Now>>

BullPhish ID is the ideal choice to increase your staff’s risk literacy with memorable, easy-to-understand security awareness and phishing resistance training in 8 languages. Using engaging video lessons, risk information is served to your employees in bite-sized pieces for easy comprehension no matter how tech-savvy they may be.

Online testing measures their retention of the lessons, giving you the information that you need to see who has a handle on security awareness and who needs more help. More than 80 training campaigns are available for you to use right now, and 4 more are added every month, including content about the latest threats like COVID-19 scams.

Training your staff to be aware of potential threats pays handsome dividends for your business – companies that engage in regular security awareness training have up to 70% fewer damaging cybersecurity incidents. By establishing a strong culture of cybersecurity awareness and giving everyone the help that they need to be part of the team, your company gets a huge overall cybersecurity boost that can make the difference between success and failure for cyberattacks now and in the future.

 

how to define insider threats represented by two men shaking hands, but one has the shadow of the a devil behind him.

Insider threats are today’s scariest business cybersecurity risk. Learn to spot and stop them with the eBook and other tools in this resource package!
Get “Stop Insider Threats” now>>

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW