Please fill in the form below to subscribe to our blog

The Week in Breach: 01/12/19 – 01/18/19

January 24, 2019

This week, a Tampa Bay Credit Union gets spoofed, Canada sees an uptick in data breaches, and HR/Finance employees get caught in the cross-hairs of cybercrime.

Dark Web ID Trends:

Top Source Hits: Domain (99%)
Top Compromise Type: ID Theft Forum (100%)
Top Industry: High-Tech / IT
Top Employee Count: 11-50 Employees


United States- Tampa Bay Federal Credit Union 

https://www.scmagazine.com/home/security-news/cybercrime/tampa-bay-credit-union-members-had-their-debit-card-information-spoofed-after-threat-actors-generated-false-cards-using-the-banks-bin-numbers/ 

Exploit: Debit card spoofing.
Tampa Bay Federal Credit Union: Financial services provider.

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.555 = Severe: The debit card information of union members was recently spoofed, a technique in which cybercriminals input Bank Identification Numbers (BINs) to a software from the Dark Web that generates fake debit cards and links them to actual accounts. Thankfully, no members incurred any financial losses, but the credit union will be forced to cancel and reissue debit cards to thousands of account holders. Although there is a small risk of customer churn due to impatient members having to wait for new cards, the costs associated with card reissuance pose greater monetary risk for financial institutions.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = SevereSince cards will be getting reissued, it is important for union members to closely monitor their mail and ensure that they receive their new debit cards.

Customers Impacted: Approximately 3,000, or 10% of all union members.
How it Could Affect Your Customers’ Business: Knowing that hackers can simply generate new debit cards to link to your credit union account can be unnerving for those looking for a secure financial services provider. In a world where trust and reputation are paramount for new and existing customers, businesses must do all they can to avoid new headlines and demonstrate their commitment towards security.
ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to detect breaches before it’s too late. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States- BlackRock 
https://www.bloomberg.com/news/articles/2019-01-19/blackrock-exposes-data-on-thousands-of-advisers-on-ishares-site

Exploit: Database leak.
BlackRock: World’s largest asset manager and issuer of exchange-traded funds (ETFs).

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: The global investment management firm unintentionally displayed confidential information regarding thousands of financial adviser clients on its website. The data included personal information including names and emails, but also the assets each adviser was managing. A company spokesperson clarified that “the inadvertent and temporary posting of the information relates to two distribution partners serving independent advisers and does not include any of their underlying client information.” However, this news still has the potential to spook financial advisers from working with BlackRock and clients from entrusting their funds there.
1.51 – 2.49 = Severe Risk Individual Risk: 2.142 = Severe: When vulnerabilities of this magnitude are exposed within a third-party provider’s environment, the finger-pointing begins immediately. LCP Transportation, the vendor for MHS that disclosed the breach, will surface in news headlines and must answer to many other concerned clients as well. Although there is no evidence that any of the information was misused, experts are already calling for better cyber-risk management solutions to protect the healthcare industry.

Customers Impacted: Over 12,000 advisers and sales representatives.
How it Could Affect Your Customers’ BusinessData security is starting to become a priority on Wall Street due to recent losses shaking up public trust in the financial services industry as a whole. Breaches that originate from third-parties and avoid exposing end-user information still cause reputational harm, which can be measured in millions of dollars. Ultimately, companies will be evaluated by the security protocols they already have in place before a cyber-attack happens, along with the timeliness and effectiveness of their response.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States- Hanover County
https://www.wric.com/news/local-news/hanover-county/data-breach-of-hanover-s-online-payment-system-could-put-residents-credit-card-info-at-risk/1704156747

Exploit: Click2Gov breach of online payment portal.
Hanover County: Small county in the Commonwealth of Virginia.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = SevereCounty officials recently disclosed that the Click2Gov online payment system used by Hanover residents to pay utility bills was breached between August 1, 2018 and January 9, 2019. Click2Gov is a product of CentralSquare Technologies and is designed to be a portal used by government entities to accept payments for permits, licenses, fines and utilities. The good news? Hanover County was able to isolate the breach and create an improved server. The bad news? This incident follows on the heels of other Click2Gov breaches, meaning that CentralSquare Technologies will likely be held liable by clients and regulators.
2.5 – 3 = Moderate Risk Individual Risk: 2.574 = Moderate: Given that the cyber attack occurred just before a busy holiday shopping season, you must wonder if the cyber criminals planned their timing strategically. They stole everything from credit card numbers, security codes, and expiration dates, to names, addresses, phone numbers, email addresses and ZIP codes. With this information in hand, anyone is capable of orchestrating payment fraud.

Customers Impacted: To be determined.
How it Could Affect Your Customers’ Business: The string of breaches related to Click2Gov payment portals continues, and it signals how hackers are zooming in on third-party payment processing providers for their access to deep pockets. Businesses that are outsourcing their payments must pay attention when it comes to vetting solutions for proactive detection and monitoring. Otherwise, they risk sharing accountability for breaches with their vendors.
ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for your organization’s compromised customer data. Find out how you can work with us here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada – Health Sciences North
https://www.scmagazine.com/home/security-news/cyberattack-forces-health-sciences-north-to-place-systems-on-downtime-at-24-hospitals/

Exploit: System infection via zero-day virus.
Health Sciences North (HSN): Academic health science center and hospital.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe Officials were forced to shut down HSN’s electronic health record systems for 21 of 24 hospitals, interrupting care procedures and communications. Fortunately, there is no evidence of a breach, but the downtime will heavily disrupt processes and result in financial losses.
2.5 – 3 = Moderate Risk Individual Risk: 3 = Moderate: Since data was not corrupted by the virus, personal health data should remain secure and intact given that the systems were backed up. Nevertheless, patients will be inconvenienced by appointment rescheduling, and the virus that infected HSN’s cancer program signals that such medical information could be valuable to future hackers.

Customers Impacted: To be determined.
How it Could Affect Your Customers’ BusinessEven when a cyber-attack is mitigated, it inevitably results in the slowdown of business activities, which can lead to the erosion of customer loyalty. However, when viruses infect an information system, the time to detection becomes of utmost importance in containing the source and identifying what could be affected.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web and offers industry-leading detection to strengthen the security suites of MSSPs and proactively identify cyberattacks. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada – Coast Capital Savings
https://ca.news.yahoo.com/cyber-thieves-off-hundreds-thousands-222905339.html

Exploit: Phishing, “brute force,” and social engineering fraud.
Coast Capital Savings: Federal credit union headquartered in Surrey.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Coast Capital Savings recently reported that 140 members had money stolen from their accounts in a targeted cyber-attack between November and December of last year. The average loss per victim ranged from $3,000 to $6,000, amounting to hundreds of thousands in total. Customers are voicing their concerns publicly, stating that the credit union has not been able to say how the funds were accessed or if they would be reimbursed. Additionally, some are citing a lack of additional security and negligence in safeguarding member accounts, which drives business risk up high. Aside from a possible onslaught of lawsuits, the credit union stands to lose customers and long-term brand loyalty.

 

2.5 – 3 = Moderate Risk Individual Risk: 2.571 = ModerateThe investigation revealed that the hackers deployed fake emails and texts asking for security information, used a computer program to guess passwords, and impersonated trusted sources to scam customers via telephone. Since payment accounts were compromised, this attack poses significant financial risk to individual members. Also, if the usernames and passwords were reused for other financial accounts, hackers could gain access to those as well.

Customers Impacted: 140 members.
How it Could Affect Your Customers’ Business: The news following this breach is characteristic of any public relations team’s worst nightmare, as it cites specific customer grievances that can significantly impact the outlook of new and existing business. When a payment compromise is discovered over a year after it initially occurs, it becomes increasingly difficult to pinpoint the source and respond to customer complaints in a timely fashion. This further emphasizes the need for businesses to invest in security solutions that offer proactive detection and prevention.
ID Agent to the RescueDarkWeb ID can help you proactively monitor if customer data is being leaked on the Dark Web, helping reduce the losses incurred from such a breach. See how you can benefit here:  https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom – Newcastle’s Royal Grammar School
https://www.bbc.com/news/uk-england-tyne-46920810

Exploit: Email spam.
Royal Grammar School (RGS): British independent school located in Newcastle.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe:

In this incident, hackers attempted to scam parents of Newcastle students by asking them to pay school fees in bitcoin to receive a 25% discount. Since the attackers had access to the email addresses of parents, the Information Commissioner’s Office (ICO) is investigating to learn more and advising caution regarding future phishing attacks targeted towards schools.

1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: It is still unknown how hackers gained access to parents’ email addresses, which could put personal information at risk. However, it is unlikely that payment details were exposed.

Customers Impacted: To be determined.
How it Could Affect Your Customers’ Business: Multiple cybersecurity firms have issued recent warnings for cyber-attacks that are intended for the education sector. Hackers have zeroed in on such institutions because store valuable information and are protected by legacy systems that are easily compromised.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

France – Adverline

https://www.infosecurity-magazine.com/news/new-magecart-group-hits-hundreds

Exploit: Magecart attack, also known as web card skimming.
Adverline: Paris-based online advertising company.

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe:

In November of last year, a cybercriminal group attacked the content delivery network (CDN) of Adverline. They hacked infrastructure in order to send malicious JavaScript code to online stores and steal payment card details entered by customers on checkout pages. Identified as a sophisticated form of a “Magecart” attack, cybersecurity experts are estimating a total of 277 affected sites. Although there is no further clarification on Adverline’s response, speculators can rest assured that the advertising company will be losing many of its client relationships.

1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe:  As you can imagine, there is not much end users can do to protect themselves against Magecart attacks. The risk of payment fraud is extremely high and widespread, especially with the number of sites affected since November. Consumers can protect themselves in the future by constantly monitoring their accounts and employing services that provide unique or encrypted payment card numbers for online transactions.

Customers Impacted: To be determined. 
How it Could Affect Your Customers’ BusinessThe Adverline breach is a classic example of how an infrastructure hack can be manipulated to compromise an entire network of websites. Aside from adhering to best practices for vendor evaluation, companies must find ways to decentralize infrastructures in order to protect key assets and avoid being exposed in one fell swoop.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

New Zealand – 9 Websites
https://www.radionz.co.nz/news/national/380402/new-zealand-companies-caught-up-in-huge-global-data-hack

Exploit: Massive online data breach originating from Collection One.
9 Websites: A consortium of nine company websites that have asked to remain anonymous.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: In the aftermath of the recent mega-breach dubbed Collection One, nine New Zealand companies reported being compromised. Auckland florist Blooms Online, one of the companies affected by the breach, stated it was unaware of the breach until contacted by radio broadcaster RNZ. Although only emails and passwords were exposed, it remains to be seen if hackers will be able to leverage the data to orchestrate sophisticated fraud schemes targeted towards small businesses and customers.
2.5 – 3 = Moderate Risk Individual Risk: 2.571 = Moderate: Since the nine companies affected only exposed emails and passwords, the impact on individual consumers is minimal for now. However, it is important that consumers across the globe monitor their personal and payment accounts for suspicious activities and change their passwords in order to protect from future cyber-attacks resulting from this personal information leak.

Customers Impacted: Unknown 
How it Could Affect Your Customers’ Business: Mega-breaches leave global footprints, and businesses end up being responsible for cleaning up the aftermath. However, encryption and detection can lower the odds of your customer’s personal information being part of a leak, which ultimately results in cost savings over time along with maintained brand reputation.
ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

An Emerging Target for Data Breaches: HR and Finance Employees
As phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the cross-hairs. Historically, such departments have been able to fend off poorly executed phishing campaigns. However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.

Many times, employee data can command a higher price tag on the Dark Web than customer data, since it is more likely to include social security numbers, dates of birth, names of dependents, and other lucrative data that can be used in perpetuity, instead of a one-time payment card fraud. When it comes to phishing attacks, it’s important to remember that human users are the weakest link the security chain.
https://searchhrsoftware.techtarget.com/feature/Phishing-attacks-are-top-employee-data-breach-threat-for-HR

What We’re Listening To:

Know Tech Talks

The Continuum Podcast

Security Now

Defensive Security Podcast

Small Business, Big Marketing – Australia’s #1 Marketing Show!

TubbTalk – The Podcast for IT Consultants

Risky Business

Frankly MSP

CHANNELe2e


A note for your customers:

Does anyone actually know how consumers are affected by a data breach?

If you take a peek into a recent newspaper, you’re likely to see the words ‘data breach’ flash across headlines. The conversation surrounding data privacy is becoming increasingly commonplace, yet surprisingly scarce in acknowledging the actual consequences or outcomes for affected consumers. Although we are able to speculate as to what might happen to consumers, we are usually left wondering what actually does.

This void in information results in our entire industry viewing only part of the problem, as we cannot understand the link between the efficacy of security measures and the level of harm caused to end-users. As a sector, we know very little regarding how hackers transform data breaches into financial gain for themselves. What can we do to solve this?

Tapping into the vast resources of law enforcement agencies, large banks, and major card providers. Through collaboration, they can offer financial forensics, fraud detection, and task forces that can help attribute breaches to thefts and fraud. Some would argue that investments and partnerships must be made to acquire such information, but enhancing awareness could be the match that lights the fire, illuminating the path towards global data accountability by consumers and businesses alike.
https://www.americanbanker.com/opinion/consumer-harm-from-data-breaches-is-a-black-box


 

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!