The Week in Breach: 04/09/19 - 04/15/19

This week, phishing scams target US government and healthcare employees, Canadian plane parts are held for ransom, EU citizens are compromised in a UK breach, and 60,000 digital fingerprints find their way to the Dark Web.


Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry:
Manufacturing
Top Employee Count: 
11 - 50 Employees 


 

United States - City of Greenville 
https://www.scmagazine.com/home/security-news/ransomware/ransomware-knocks-greenville-n-c-offline/

Exploit: Ransomware attack
City of Greenville: Part of a South Carolina network

correct severe gauge Risk to Small Business: 1.777 = Severe: After local police detected a ransomware infection, the city was forced to shut down most of its servers. While police and fire facilities remain unaffected, other services, including payments to city agencies, are significantly restricted. Consequently, city officials recommend making cash payments until the network can be restored. The city expects servers to be offline for several days as they work to determine the next steps towards rectifying the situation.
correct moderate gauge                                               

Individual Risk: 2.571 = Moderate: According to the city’s communications manager, Brock Letchworth, the city does not believe that the incident compromised personal information.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: This episode is a reminder of the fragility within local infrastructure. Although critical safety operations remain unaffected, city employees are unable to continue business as usual, and new solutions are not immediately apparent. Most importantly, it’s essential to know if data is stolen and to understand what thieves intend to do with that information.

ID Agent to the Rescue:  SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs



Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Minnesota Department of Human Services
https://www.securityweek.com/minnesota-state-agency-breach-may-have-put-thousands-risk 

Exploit:
 Phishing scam

MN Department of Human Services: Minnesota state agency
correct severe gauge Risk to Small Business: 2 = Severe: In March 2018, a bad actor logged into a state agency email account and sent emails seeking personal information and invoice payments via wire transfer. The breach was detected when an agency employee received the email and flagged it as suspicious. The breach was just disclosed this week, and department officials believe that hackers gained access to the personal information of 11,000 users.
correct severe gauge                                                 Individual Risk: 2.285 = Severe Although the agency contends that personal information has not been misused, the perpetrator certainly had access to the data of thousands of people. Because the breach impacted the agency's Direct Care and Treatment division, the data stolen includes treatment information and other sensitive health files.
Customers Impacted: 11,000
How it Could Affect Your Customers’ Business: This most recent incident is the department’s third breach in just over a year, something that can have broad implications for data security and patient trust. The employee who received the malicious email responded appropriately, but these scams are preventable through security training and education.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: idagent.com/bullphish-id

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Palmetto Health & Women's Health USA
https://www.palmettohealth.org/patients-guests/news/palmetto-health-addresses-phishing-incident

Exploit: Phishing scam
Palmetto Health & Women's Health USA: Healthcare providers based in the U.S. that collect and maintain ePHI

correct severe gauge Risk to Small Business: 1.666 = Severe: Palmetto Health and Women’s Health USA reported separate phishing scams that compromised private employee information and patient health records. Only two employee accounts were compromised, but this had cascading consequences for both the companies and their patients.
correct severe gauge Individual Risk: 2 = Severe: Both healthcare companies acknowledge that hackers accessed sensitive patient information including names, addresses, social security numbers, Medicare Health Insurance Claim Numbers, and health insurance policy numbers.
Customers Impacted: 41,162
How it Could Affect Your Customers’ Business: Sensitive patient information was disclosed in this breach, and the companies are offering identity theft protection services or free credit reports to affected patients. By all accounts, these companies worked quickly to secure patient information and to respond appropriately. However, email phishing scams are entirely preventable, and training and education can make all the difference.


ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
 

Canada - Mitsubishi Aerospace
https://www.citynews1130.com/video/2019/04/11/canadian-company-victim-of-apparent-cyber-attack/

Exploit: Ransomware
Mitsubishi Aerospace: Airplane parts manufacturer
correct severe gauge Risk to Small Business: 1.888 = Severe: Employees at the Mitsubishi Canada Aerospace offices received a notification on their desktops declaring, “Your network has been penetrated. You will receive a BTC address for payment.” The ransomware was signed by RYUK, a notorious hacker believed to have Russian or North Korean origins. While the company's manufacturing capabilities are unobstructed, their facilities have been without internet service since that attack.
correct moderate gauge                                                Individual Risk: 3 = Moderate: It is not currently believed that any personal information was revealed in the ransomware attack.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a serious problem for companies of all sizes. Critical information and operations can be cut off until the ransom is paid. Businesses must establish security protocols and source advanced security solutions in order to appropriately respond in the event of a ransomware attack.



ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United Kingdom - UK Home Office
https://www.bbc.co.uk/news/uk-politics-47888214

Exploit: Accidental sharing
UK Home Office: Ministerial department of the UK government responsible for immigration, security, and law and order 
correct moderate gauge Risk to Small Business: 2.555 = Moderate: In a mass email communicating with EU citizens applying for the EU Settlement Scheme, an employee inadvertently included all recipients’ emails in the CC field rather than the BCC field, exposing the list of email addresses to all recipients. The agency notified the Information Commissioner’s Office and the Departmental Data Protection Officer about the error, and new internal steps are required to prevent a similar error from happening again.
correct moderate gauge                                               Individual Risk: 2.714 = Moderate: Individuals included in the communication had their email addresses exposed to all other recipients. However, there is little risk of other information exposed from the message.
Customers Impacted: 240
How it Could Affect Your Customers’ Business:  In many ways, this mistake could happen to anyone as human error is often the cause of a data breach. Companies need to put their employees in a position to be successful by implementing software that identifies potential vulnerabilities and deploys real-time safeguards to prevent accidental information sharing.


ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United Kingdmo - VSDC (Flash-Integro LLC)
https://www.bleepingcomputer.com/news/security/vsdc-site-hacked-again-to-spread-password-stealing-malware/

Exploit: Trojan malware attack
VSDC (Flash-Integro LLC): Free multimedia editor
correct severe gauge Risk to Small Business: 2.222 = Severe: Hackers accessed the platform’s download links and replaced them with links containing trojan malware that stole personal information from various applications on the infected computer. The company acknowledged the breach and issued a patch, but it will be much more difficult to repair their reputation and to restore customer confidence in their platform.
correct severe gauge Individual Risk: 2.428 = Severe: Users who downloaded the application between February 21, 2019 and March 23, 2019 could be impacted by this malware.
Customers Impacted: 648
How it Could Affect Your Customers’ Business: This isn’t the first time that VSDC’s website was compromised, and previous breaches made this event possible. Although the company deploys security software to guard its websites, it’s evident that they are not doing enough to protect their critical infrastructure. With a myriad of solutions to choose from, it’s important for small businesses to partner with competent providers and protect users from trojan malware attacks and other vulnerabilities.


ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United Kingdom - Matrix.org
https://www.zdnet.com/article/matrix-hack-forces-servers-offline-user-credentials-leaked/

Exploit: Credentials leak
Matrix.org: Internet protocol for decentralized communication including instant messaging, VoIP, IoT, and more
correct moderate gauge Risk to Small Business: 2.111 = Severe: A hacker accessed hosting servers for the Matrix.org platform, providing them access to several of the company’s database and exposing unencrypted personal data. The attackers capitalized on outdated software to access the servers. The breach caused widespread network outages that shut down many messaging platforms for hours while the company rebuilt its production servers.
correct moderate gauge Individual Risk: 2.428 = Severe Matrix.org’s communication protocols are predicated on privacy, and this incident may have compromised unencrypted content like private messages, password hashes, and access tokens. All users were logged out and asked to change their passwords, and certain data including encrypted conversation history may no longer be available.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Matrix.org may have escaped the most catastrophic consequences of a data breach, but they will struggle to rebuild their infrastructure and user trust for a long time. Unfortunately, this entire incident may have been avoided through a simple software update. By deploying security software that provides offer a high-level snapshot of a company’s security vulnerabilities, it’s possible to protect against preventable data breaches.

ID Agent to the Rescue:  With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

Japan - Uniden
https://www.bleepingcomputer.com/news/security/hacked-uniden-commercial-site-serves-emotet-trojan/

Exploit: Emotet trojan distribution
Uniden: Wireless communications brand offering security, monitoring, and radio technologies
correct moderate gauge

Risk to Small Business: 1.777 = Severe: The company’s website was compromised, hosting a Microsoft Word document that delivers a form of the Emotet trojan. When opened, the document runs a macro that downloads three versions of the Trojan. Although the virus is now detectable using many antivirus programs, it was originally discovered by a Twitter user who posted about the incident. The problem is still unsolved, and the website remains compromised. Not only do they risk infecting their customers’ computers, but their lack of awareness and action is even problematic for a company operating in an industry where the emphasis on security should be paramount.

correct moderate gauge Individual Risk: 2.142 = Severe: According to reports, the website remains compromised, and any users who download Microsoft Word files from the company could be impacted by the virus.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: The company's lack of response is most troubling here. When a data breach does occur, it’s important for businesses to quickly acknowledge and solve the problem. However, at the time of publication, Uniden’s website is still compromised. Companies need the tools to identify security risks and to detect anomalies, rather than having Twitter users raise the alarm by finding them first.

ID Agent to the Rescue:  Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.



Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:


Fire sale on the Dark Web: 60,000 digital fingerprints

This week’s Kaspersky Security Analyst Summit revealed a troubling development, even by Dark Web standards.

Kaspersky researchers detailed a new online marketplace where cybercriminals can purchase full digital fingerprints for 60,000 online users. Genesis, the name ascribed to the new marketplace, sells full user profiles for as little as $5. This information helps cyber criminals evade many of the security standards that currently detect abnormal account behavior and can be indicative of fraud.

For instance, a full user profile doesn’t just include login information. It provides thieves with account cookies, browser details, webGL signatures, and other features that allow criminals to evade detection. Data thieves use a Genesis Chrome extension to use the stolen information, something that security researchers have already discovered in the wild.

It’s recommended that people enable two-factor authentication whenever possible to help prevent this scheme from impacting them. At the same time, keeping an eye on our digital information seems even more pertinent than ever. Software solutions like BullPhish ID can help you keep a pulse on your customer and employee data by continuously tracking the “when, where, and what.”

https://www.zdnet.com/article/cybercrime-market-selling-full-digital-fingerprints-of-over-60000-users/


What We’re Listening To:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A note for your customers:

Coming soon - Cybersecurity for 5G

As you might imagine, many industries are gearing up to harness the widely anticipated development of 5G. Although there is much to gain, including better speeds and more consistency, we must also prepare for 5G to usher in its own showcase of security threats.

One of the immediate concerns that rises to the top is how 5G will transform data collection and protection. With fast-moving and highly customized web traffic, new technologies such as IoT devices will be enabled, creating an unmet need in security statistics and metrics.

High-level cybersecurity strategies must adapt to meet these needs, but one maxim still holds true. Hackers will continue to expose the gaps within the infrastructures of small businesses or enterprises, but security providers and solutions will prepare you with the tools to fight back.

https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/securing-enterprises-for-5g-connectivity

 


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0