The Week in Breach: 03/05/19 - 03/11/19

This week, US surgeons pay cyber ransom, Canadian universities come under attack, a UK charity is breached, and healthcare gets hit hard by hackers.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry: 
Manufacturing
Top Employee Count: 
11 - 50 Employees 



United States - Columbia Surgical Specialists
https://www.modernhealthcare.com/cybersecurity/columbia-surgical-specialists-pays-hackers-14k-ransomware-attack 

Exploit: Ransomware attack.
Columbia Surgical specialists: Surgical facility in Spokane, Washington. 

correct severe gauge Risk to Small Business: 2.111 = Severe: Columbia Surgical Specialists decided to pay almost $15,000 in ransom to unlock files that were encrypted by hackers. After originally discovering the incident on January 9th, the firm hired an outside security firm to mitigate the aftereffects of the attack. Initially it was believed that 400,000 patients could have been affected, but the number has since then been reduced. Columbia Surgical Specialists explained that their delay in reporting was due to the time needed to analyze information surrounding the breach, and they do not believe that the attackers were able to access patient data.
correct severe gauge                                                 

Individual Risk: 2.428 = Severe: Names, drivers’ license numbers, SSNs, and protected health information was impacted in the ransomware attack. However, the outside security firm believes that it is unlikely that the data was exposed in the incident.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Ransomware is a sticky subject for businesses and can resemble a virtual hostage situation. In the event of an attack, security experts recommend not paying ransoms to hackers, since it incentivizes future exploits and can result in greater demands. To prevent such exploits from occurring in the first place, organizations must partner up with managed security providers.

ID Agent to the Rescue:  Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/ 

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Dun & Bradstreet
https://cyware.com/news/trickbot-distributed-in-new-spoofed-complaint-emails-d5781024

Exploit: Trojan spam campaign.
Dun & Bradstreet: Business analytics company based in New Jersey.

correct moderate gauge Risk to Small Business: 2.555 = Moderate: Emails identified as spam were found attempting to impersonate Dun & Bradstreet’s official website using a lookalike domain. These “complaint” emails contained macros that deliver Trickbot, a damaging trojan that can be leveraged by hackers against banks. However, security researchers were able to uncover the campaign and users have been advised to disable macros from automatically opening in the Word application or open their emails in protected view.
correct moderate gauge                                                  Individual Risk: 2.571 = Moderate: If users avoid opening spam emails and attachments, there is limited risk involved. Nevertheless, if the Trickbot trojan installs itself on a computer containing valuable files, all bets are off.

Customers Impacted: To be disclosed 
How it Could Affect Your Customers’ BusinessPhishing campaigns are not only growing in sophistication, but also their potential impact. Enhancing cybersecurity efforts at your company begins with the first-line of defense: your employees. To protect invaluable assets and customer data, businesses must improve cybersecurity awareness and prepare their workforce for inevitable phishing attacks.

ID Agent to the Rescue: Our newest offering, BullPhish ID™, simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id 

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States- Grinnell, Oberlin, and Hamilton Colleges 
https://www.washingtonpost.com/education/2019/03/08/hackers-breach-admissions-files-three-private-colleges/?noredirect=on&utm_term=.208718c165a9

Exploit: System breaches and ransom schemes.
Grinnell, Oberlin, and Hamilton Colleges: Three private colleges across the US.

correct severe gauge Risk to Small Business: 2.333 = Severe: College applicants across Grinnell, Oberlin, and Hamilton are receiving ransom notes from hackers who claim to have access to their files. The only common thread that the three colleges share is a third-party data system known as Slate, which helps track applicant data, but security experts do not believe the company was at fault. Information that was allegedly hacked included personal information, along with notes from admissions officers and acceptance decisions. Although two of the colleges have stated that financial information was encrypted and not exposed, all three will likely face reputational damages and a downtrend in applications.
correct severe gauge Individual Risk: 2.428 = Severe: If the hackers are unable to generate profit from the ransom schemes, they will most likely turn to the Dark Web or orchestrate identity theft themselves. Applicants are at high risk unless authorities can pinpoint and mitigate the source of the breach.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: As the higher education vertical continues to grow more competitive for students, such a breach can be crippling for any institution. News of college applicants being hacked can cause serious concerns for prospective students and even result in turnover amongst current ones. To draw the parallel to small business, having a lead generation system breached can be similarly catastrophic to any company.

The first step to containing such an incident should be to understand whether hackers truly have access to customer data, and whether they are trying to sell it. One way to accomplish this is to proactively monitor the Dark Web for stolen customer data.

ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web 

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States- Rush University Medical Center
https://www.chicagotribune.com/business/ct-biz-rush-data-breach-20190304-story.html

Exploit: Third-party breach. 
Rush University Medical Center: Academic medical center in Chicago, IL.

correct severe gauge Risk to Small Business: 1.555 = SevereAfter unearthing a massive data breach on January 22nd, the hospital revoked its contract with an IT vendor and launched an investigation. Patients whose data was compromised were notified, but Rush maintains that the data was not misused after the incident. Although the institution has offered one-year identity protection and breach helplines, this is the second security incident that Rush has suffered within the last year, causing patients and caregivers to reconsider their selection in care providers.
correct severe gauge                                                  Individual Risk: 2.142 = Severe: According to a financial filing by the medical center, compromised data included names, addresses, birthdays, SSNs, health insurance information, and even medical data. Patients should enroll in identity protection immediately and continue to monitor their accounts for fraudulent activity.

Customers Impacted: 45,000
How it Could Affect Your Customers’ Business: Back-to-back breaches produce adverse effects on customer retention, and this is especially true in healthcare. As patients grow increasingly cyber-vigilant, it is only a matter of time until they will evaluate security when choosing their care providers. By partnering with the right MSPs, businesses can avoid breaches while building rapport with their customers.


ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs 

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States- Emerson Hospital
http://www.lowellsun.com/news/ci_32502247/emerson-hospital-reports-data-breach

Exploit: Third-party breach.
Emerson Hospital: Full-service, non-profit community hospital.

extreme gauge Risk to Small Business: 1.777 = Severe: In a statement that was released two weeks ago, the hospital announced that it had fallen victim to breach. A third-party vendor known as MiraMed Global Services sent electronic files containing patient information to an unauthorized entity. After conducting a forensic investigation, the hospital explained to patients in a letter that medical conditions, treatments, and credit card numbers were not exposed. Additionally, the third-party employee responsible was fired and law enforcement was contacted.
correct severe gauge                                                  Individual Risk: 2.571 = Moderate: Personal information including names, addresses, SSNs, and insurance policy numbers were disclosed, but Emerson stated that “the files were of such poor quality that a third-party did not find the data useful.” Regardless, some risk is involved and patients should enroll in the free two-year membership to identity protection services that is being offered.

Customers Impacted: 6,300 patients. 
How it Could Affect Your Customers’ Business:  When it comes to communicating with your audience, whether that be customers or patients, the end-goal is the same. Companies must build trust. In order to preserve relationships after a breach incident, it is paramount that the facts are right, and corrective actions have been taken. Emerson was able to effectively take responsibility while demonstrating their commitment to their service to patients by promptly launching an investigation and asking for the responsible third-party employee to be fired.

ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web 

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada- Canadian Universities
http://fortune.com/2019/03/05/chinese-hackers-targeted-27-universities-to-steal-maritime-research-report-finds/

Exploit: State-sponsored spyware phishing campaign.
Canadian Universities: Group of universities across Canada.

correct severe gauge Risk to Small Business: 1.555 = Severe: Chinese hackers are targeting 27 universities across Canada, United States, and Southeast Asia to uncover maritime technology that can be developed for military use. According to the report from Wall Street Journal, the campaign dates back to April 2017. Along with having confidential research exposed and garnering bad publicity, the affected institutions will be forced to fortify their cybersecurity efforts to the tune of millions of dollars.
correct severe gauge Individual Risk: 3 = Moderate: Researchers that were involved in the naval technology department of their respective universities may have been affected, but there is no evidence that personal information was targeted.

Customers Impacted: To be determined.
How it Could Affect Your Customers’ Business: Recent cyber-attacks are shining a bright spotlight on organizations in the higher education space, since they have historically harbored invaluable information with limited firewalls. Companies that are storing proprietary data must prioritize training for their employees or faculty to avoid walking into the crosshairs of hackers. By creating a culture that is focused on cybersecurity protection and awareness, organizations can sidestep malicious phishing attacks that are entirely preventable.

ID Agent to the RescueWith BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id 

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom- The Institute for Statecraft
https://www.independent.co.uk/news/uk/home-news/cyber-attack-russia-uk-charity-institute-for-statecraft-a8811341.html

Exploit: To be determined.
The Institute for Statecraft: Charity established to counter Russian disinformation.

correct moderate gauge Risk to Small Business: 2 = Severe: The UK charity that received government funding to combat Russian disinformation was hacked and is now being investigated by the National Crime Agency (NCA). All website content was temporarily removed from the site, but the organization plans to relaunch shortly.
correct severe gauge Individual Risk: 2.714 = Moderate: Although there is no evidence that the personal information of individuals was directly impacted, this type of hack has many implications for the public. Citizens must avoid falling prey to disinformation by validating sources and staying cyber-vigilant.

Customers Impacted: N/A
How it Could Affect Your Customers’ Business: Organizations that operate in the nonprofit sector are not exempt from data breaches. As hackers begin to turn their sights toward information that is the most valuable and least protected, IT security teams must understand the gravity of leaving data exposed.

ID Agent to the Rescue:  BullPhish ID gives MSPs the tools to help end users recognize when there is risk and raise their general awareness so they can bolster a company’s defenses. Find out how more here: https://www.idagent.com/bullphish-id 

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom- TalkTalk
https://blog.malwarebytes.com/cybercrime/2019/03/zombie-email-rises-from-grave-after-8-years-of-radio-silence/

Exploit: Dormant email account hack.
TalkTalk: Internet service provider in the UK.

correct moderate gauge Risk to Small Business: 2.222 = Severe: After keeping a former customer’s email address open for 8 years, TalkTalk is taking heat for a brute-force login attack to her account. Spammers were able to crack the account password and harvest contacts from an address book, using them in personalized phishing campaigns. Upon receiving notifications of headline coverage, a company spokesperson finally announced that they had deleted the email address. News readers may take notice and shift their business elsewhere.
correct moderate gauge Individual Risk: 2.428 = Moderate: Although most personal information was not included, data from contact lists can still be manipulated in social engineering attacks. Other former customers who had accounts with the company should also reach out to have their accounts deleted.

Customers Impacted: One known customer.
How it Could Affect Your Customers’ Business: Aside from following proper data governance policies and deleting data from former accounts, companies must establish anti-phishing protocols. Businesses must protect their customer data by enlisting the help of security providers who have access to the latest and leading solutions on the market.

ID Agent to the Rescue:  Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID complements that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime. Find out how more here: https://www.idagent.com/bullphish-id 

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Why human behavior is at the heart of cybersecurity risk

As the delineation between personal and business continues to blur with trends like bring your own device (BYOD), IOT and work from home, cybersecurity risk increases exponentially. Pair this with the societal lack of cybersecurity knowledge and it creates the perfect storm for hackers to exploit. Cybercriminals follow the path of least resistance, and many times this takes the form of exploiting human vulnerabilities.

Most security and compliance tools on the market are focused on safeguarding endpoints and patching vulnerabilities, but what about the risks that are amplified by human behavior? To stop the cyberattacks of the future, businesses must task themselves with developing a people-centric strategy for cybersecurity.

Enter BullPhish ID. Designed to protect against human error, this product simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more about it here: https://www.idagent.com/bullphish-id 

https://www.helpnetsecurity.com/2019/03/04/human-behavior-cybersecurity-risk/ 

 


What We’re Listening To:

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!

IT Provider Network – The Podcast for Growing IT Service

TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e


A note for your customers:

Dark Web 101: Small Business Edition

In the past, being a small business was enough to divert hackers from targeting your company. However, cyber criminals have discovered ways to generate profit from compromised data, many times through the Dark Web. Many small business owners are beginning to ramp up their cybersecurity efforts, but the Dark Web remains an elusive concept for most. 

In some ways, the Dark Web is exactly what it sounds like: an anonymous network of websites and forums where stolen information is put up for sale. How do organizations protect themselves and their customers from ending up on the Dark Web? By employing advanced monitoring tools through security providers and creating security training programs to foster a culture of cybersecurity education and awareness.

https://www.techrepublic.com/article/how-to-protect-your-small-business-from-the-dark-web/


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0