The Week in Breach: 02/02/19 - 02/08/19

Happy Valentine's Day! We love MSPs, and we know there's no better way for you to show your customers some love than to protect the very heart of their business...their data! Keep them up-to-date with the latest disclosures this week: an American media company uncovers a breach from 4 years ago, a Canadian healthcare provider faces data dumping extortion, and UK moms report a serious software glitch.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (98%) 
Top Compromise Type: 
Domain (99%)
Top Industry: 
Service Providers
Top Employee Count: 
1 - 10 Employees (96%)



United States - Trakt
https://www.scmagazine.com/home/security-news/movie-and-tv-tracking-service-trakt-belatedly-discovers-2014-breach/

Exploit: PHP exploit
Trakt: Media service for “scrobbling,” or tracking movies and shows watched online

correct severe gauge Risk to Small Business: 2 = Severe: The California-based media platform emailed its customers notifying them of a breach that took place over 4 years ago, in December of 2014. In their statement, they claimed that they only recently discovered the breach, and took steps to mitigate it since. Payment information was not disclosed, but usernames, emails, passwords, names, and locations were. The investigation is ongoing, but the only risk at this point seems to be that of customer attrition.
correct severe gauge                                                   Individual Risk: 2.571 = Moderate: The company seems to have inadvertently mitigated the breach, migrating to a more secure version of its website in January 2015. However, users that have recycled passwords between accounts should be wary.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Even without involving payment data, breaches that trace back multiple years can unnerve end-users into deleting their accounts forever. When they receive an email notifying them that a breach from 2014 was just now discovered, they are likely to weigh other options or stop using the service entirely. In a world where competition is cutthroat and the customer has more information and choices at their fingertips than ever before, businesses must do everything in their power to retain and build trust.
ID Agent to the Rescue:  Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Find out how you can work with us here: https://www.idagent.com/dark-web/

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada- Olympia Financial Group
https://globenewswire.com/news-release/2019/02/04/1709513/0/en/Olympia-Financial-Group-Inc-Announces-Ransomware-Cyber-Attack.html

Exploit: Ransomware attack on IT infrastructure.
Olympia Financial Group: Full-service mortgage firm and trust

severe gauge Risk to Small Business: 2.222 = Severe: Last week, the company reported a ransomware attack on its information technology systems, resulting in an adverse interruption to business operations. The company will continue to investigate the attack, but currently believes that personal information was left intact.
correct severe gauge                                                   Individual Risk: 2.714 = Moderate: The company has claimed that there is currently no evidence that suggests that customers were impacted, but clients should check for updates since the investigation is still underway.

Customers Impacted: To be determined 
How it Could Affect Your Customers’ BusinessRansomware attacks are trending in volume and intricacy, forcing businesses to finally realize the potential threat of losing control of their business systems. Small businesses are not exempt, and they must partner with security providers that can help prevent and mitigate such attacks.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada - CarePartners 
https://healthitsecurity.com/news/hackers-attempt-to-extort-ontario-healthcare-provider-carepartners

Exploit: Data dumping extortion
CarePartners: Ontario-based healthcare service provider

correct severe gauge Risk to Small Business: 1.666 = Severe: After suffering a data breach back in June 2018 affecting patients, the Canadian firm is now facing an exposure of employee information. The recent “data dump” contains employee earnings, contractor details, and forms that include names, addresses, social security numbers, and wages. Currently, the hackers are requesting 5 bitcoins for the encryption key that unlocks most of the files, but CarePartners has not yet responded.
correct severe gauge Individual Risk: 2.428 = Moderate: Personal and financial information is at stake, and CarePartners employees have reasons to be worried. If the hackers are unable to find profits from the data dumping extortion, they will likely sell the information on the Dark Web and allow fraudsters to use the data to conduct damaging cyber-attacks.

Customers Impacted: Over 12,000 files including employer information
How it Could Affect Your Customers’ Business: The prospect of a double attack is becoming more probable, and businesses should take notice. Experiencing two consecutive data breaches can be a crippling blow to any business, especially when they impact both customers and employees. Retention becomes an uphill battle, as customers and employees begin to quit in droves. In order to prevent this, businesses must work with experts who use industry-leading cybersecurity solutions.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom - MumsNet 
https://www.computerweekly.com/news/252457302/Mumsnet-denies-thousands-affected-by-software-glitch-induced-data-breach

Exploit: Software glitch 
MumsNet: Parenting advice website

correct severe gauge Risk to Small Business: 1.888 = SevereMumsnet has reported an incident to the UK information commissioner after realizing that a software upgrade allowed users to see details of other users’ accounts. Specifically, if two users logged in at the same time, their accounts would be switched and they would have the ability to post as another person, view personal information, and read private messages. At first, the company explained that 4,000 users could have been affected, but quickly concluded that only 46 accounts were breached. Luckily, no payment information was involved, and others have commended the company’s incident response. It remains to be seen how UK moms will react.
correct severe gauge                                                   Individual Risk: 2.571 = Moderate: Given that others were able to access their accounts and view private details, users should feel somewhat violated but even more importantly, understand the weight of the information they post online. Even though this particular event was just a software glitch and entirely innocent in nature, it could have been leveraged to execute malicious cybercrime.

Customers Impacted: Unknown 
How it Could Affect Your Customers’ Business: For those doing business in “privacy-intensive” sectors, especially ones that primarily rely on user accounts, data security should be a number one priority. Users are becoming more cautious about the information they share online, and business ecosystems or products that rely on such details must ensure absolute protection
.
ID Agent to the Rescue: 
Dark Web ID offers industry-leading detection by monitoring the Dark Web for exposed data. Learn how you can partner with us here: https://www.idagent.com/dark-web/.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom - Jack'd 
https://www.bbc.com/news/technology-47156029

Exploit: Authentication flaw
Jack'd: Location-based chat and dating application

extreme gauge Risk to Small Business: 1.888 = Severe: Even after The Register informed app developers of the security vulnerability over three months ago, the code for the Jack’d dating app still contains a serious flaw. Anyone can currently search and download photos from a web browser without needing to login or register an account. Hackers can easily connect such photos to individuals and leverage them for extortion. The parent company known as Online Buddies has also avoided responding to the issue.
correct severe gauge                                                    Individual Risk: 2.571 = Moderate: Users should be worried that the company has done nothing to correct or report the security incident to their customers. Not only is this breach unmitigated, there may be others that the app team has not disclosed. Additionally, the photos that users have previously posted can be linked to individuals through the scores of data that hackers already have.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business:  Companies that do not respond to the threat of breaches are singled out in news headlines, resulting into reputation that declines exponentially until it reaches free fall. In order to feel protected, customers want to know that online applications are investing in detection that can warn them if their data is being used in an inappropriate manner.
ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer data is being leaked on the Dark Web, helping reduce the losses incurred from such a breach. See how you can benefit here: https://www.idagent.com/dark-web/

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom - MetroBank 
https://www.infosecurity-magazine.com/news/flaw-in-ss7-lets-attackers-empty/

Exploit: Signaling System 7 (SS7) attack
MetroBank: Banking and financial services firm

correct severe gauge Risk to Small Business: 2 = Severe: The financial institution announced that it recently faced a SS7 attack, a telecommunications-related exploit that intercepts SMS text messages that serve as authentication codes. Currently, it is believed that a small number of customers were impacted, and their accounts were depleted.
correct severe gauge Individual Risk: 2.285 = Severe: Hackers may not have access to personal information, but they are emptying payment accounts at alarming rates. Thankfully, users are protected through insurance and should receive their funds back but may be reconsidering their banking services based on the attack.

Customers Impacted: To be determined 
How it Could Affect Your Customers’ Business: Legacy systems are growing vulnerabilities for any business, but now they are being exploited more frequently and impactfully. In the future, companies that operate on archaic technologies will be blamed for cyberattacks, as they are inviting hackers to steal personal and payment information from users. In order to make sure technologies used are updated and state-of-the-art, businesses must consult with MSPs.

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

China - Huaxia Bank
https://www.zdnet.com/article/software-exec-jailed-after-exploiting-atm-loophole-to-steal-1-million/

Exploit: Operating system loophole
Huaxia Bank: Commercial bank based in Beijing

correct moderate gauge Risk to Small Business: 2.222 = Severe: A software manager employee has been sentenced after being found guilty for stealing almost $1M from Huaxia Bank ATMs. After spotting a loophole in the bank’s operating system in 2016, he began abusing it to make unrecorded cash withdrawals near midnight for over a year from a dummy account. Once the bank uncovered the scheme, the manager claimed that he was conducting “internal security tests.”
correct moderate gauge Individual Risk: 2.285 = Severe: Since the employee was moving funds from a dummy account, no customer’s personal or payment information was revealed. However, the exploit shows how easy it could be for a rogue employee to do so.

 

Customers Impacted: None 
How it Could Affect Your Customers’ Business: Yet another case of rogue employee activity highlights the importance of training and monitoring employees. Installing security services that can spot breaches proactively also serve as a form of protection, since hackers and employees alike are less likely to invade systems and exploit vulnerabilities. Regardless, companies should make certain that no system loopholes exist, and should not think that employees are beyond reproach.
ID Agent to the Rescue:  Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 


In Other News:

How to save your IT system from its own users: Zero Trust Browsing

2017: The Year of Cryptojacking. 2018: The Year of Ransomware. 2019? It’s shaping up to be the Year of Phishing.

Historically, we’ve labeled phishing as a nuisance that only a select few fall for. However, the increasing sophistication of social engineering, along with a gradual evolution of phishing techniques, have leveled the game. For example, hackers have realized the importance we place on SSL certification, and have found ways to exploit it in order to give us a false sense of reassurance. Browsers such as Edge, Chrome, and Firefox have created advanced filtering techniques, but they are still unable to identify 10-25% of phishing sites.

Experts have responded with an answer: adopting a “Zero Trust” approach. According to this philosophy, organizations must create processes that “trust no one and verify everything”. Although this seems more easily said than done, especially in regard to cloud networks, mobile devices, and internet applications, its principles can be still be applied.

Following the “Zero Trust” approach in a widespread environment can be accomplished by isolating whatever cannot be authenticated. When users click on sites or communications that may be compromised, companies can create simple rules for partitioning them off of a shared network. By controlling user activities, the Zero Trust browsing solution can protect employees and customers from unknown threats, including themselves.

https://www.helpnetsecurity.com/2019/02/11/zero-trust-browsing/ 

What We’re Listening To:

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A note for your customers:

What we can do to stop putting our data at risk of identity theft

As we continue to flip through news headlines of identity thefts that read like scary movies, the average American consumer is growing increasingly aware of the data breach landscape. However, recent data suggests that such awareness has not converted into any serious action. For the most part, we are doing nothing to prevent data breaches, and instead it seems that we are contributing to our own demise.

According to a study conducted by CreditCards.com, 9 in 10 U.S. adults have been committing at least one of the following four risky behaviors regarding data in the past year:

  • 82% have reused online passwords
  • 48% have used a public Wi-Fi network
  • 45% saved their passwords online
  • 33% carry a social security card in their wallet or purse

This goes without saying, but compromised information that falls in the hands of cybercriminals can be leveraged for credit card fraud, or worse, the creation of unauthorized accounts. In the case that a hacker opens a credit line or loan in your name, it can be years until you finally realize it.

However, we’re not here to spell out doom and gloom. You can avoid this by placing a credit freeze on your account, which can be lifted when you decide to open a new account or loan. Doing this for your children is also beneficial, with an estimated one million child identity cases being reported in the US last year. Finally, checking your credit report every 4-5 months and avoiding the risky behaviors mentioned above can take you a long way in terms of sidestepping the crosshairs of cybercrime.

https://www.forbes.com/sites/lizfrazierpeck/2019/02/07/over-90-of-adults-put-their-personal-data-at-risk-increasing-chances-of-identity-theft/#472002c95fdd


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0