Please fill in the form below to subscribe to our blog

The Week in Breach: 04/16/19 – 04/22/19

April 25, 2019

This week, Chipotle accounts might be getting hacked, the Weather Channel is struck by ransomware, both France and UK government organizations face breach, and Australian businesses are paying off ransomware attacks.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry:
Construction & Engineering
Top Employee Count: 
11 – 50 Employees 


United States – Chipotle
https://techcrunch.com/2019/04/17/chipotle-accounts-hacked/

Exploit: Credential stuffing
Chipotle: American chain of fast casual restaurants

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: Several individuals took to Twitter and Reddit to report that their Chipotle accounts were being used to place unauthorized orders at locations across the country. However, many of the customers maintain that their passwords were unique to Chipotle, which could rule out the possibility of a credential stuffing attack and shift the blame directly on Chipotle. In response, Chipotle officials stated that they don’t believe their network was breached or that personal data was revealed to outside entities. This is the company’s second data security incident in two years, and they have yet to roll out two-factor authentication for their customers.
2.5 – 3 = Moderate Risk

Individual Risk: 2.571 = Moderate: In credential stuffing attacks, hackers leverage personal information retrieved from past data breaches to breach new accounts. Chipotle account holders should enlist in identity monitoring solutions and reset their passwords to protect their information going forward.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Being able to rule out a credential stuffing attack is crucial to identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it becomes incredibly difficult to track how compromised data is being leveraged by hackers. When developing digital platforms, companies of all sizes need to plan to protect their customer data by taking every precaution to ensure that their information is never compromised.

ID Agent to the Rescue:  More MSPs rely on Dark Web ID™ than any other monitoring service across the globe to provide actionable stolen credential data. Trust the leader in the Channel: www.idagent.com/dark-web.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Navicent Health
https://www.tripwire.com/state-of-security/security-data-protection/navicent-health-discloses-data-breach-as-the-result-of-a-digital-attack/

Exploit: Employee e-mail breach
Navicent Health: Second largest hospital in Georgia and part of the Central Georgia Health System

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: In a recent data breach notice, Navicent Health disclosed that they learned about a breach originating with their employees’ corporate email accounts, which were accessed by an unauthorized third party. Although no evidence of identity theft was revealed, the company was forced to take responsibility, notify patients, and offer free identity protection services, while also pledging to improve their security infrastructure moving forward.
1.51 – 2.49 = Severe Risk Individual Risk: 2.857 = Severe Navicent doesn’t believe any of the accessed data is being used to perpetuate identity theft or other cybercrimes, but the compromised emails did include sensitive patient data including their names, birthdays, addresses, medical information, and social security numbers.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Companies charged with handling personal health information (PHI) need a comprehensive understanding of their IT infrastructure, including potential vulnerabilities. Since HIPAA compliance and patient trust are both on the line, any company managing PHI should prioritize risk assessment and prevention. Employees should be the first line of defense, as they manage patient data on a daily basis, and they must be armed with proper cybersecurity awareness training to prevent future incidents.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Verint
https://www.zdnet.com/article/cyber-security-firm-verint-hit-by-ransomware/

Exploit: Ransomware attack
Verint: Global cybersecurity firm offering analytics, surveillance, and business IT service

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Verint is an international cybersecurity firm headquartered in the US, and the ransomware is currently contained within their Israel offices. The company reacted quickly, issuing an on-screen message that instructs employees to immediately shut down devices if they receive a ransomware message. However, the erosion of brand reputation has the potential to spread like wildfire, especially among cybersecurity experts and customers who catch wind of the incident.
1.51 – 2.49 = Severe Risk Individual Risk: 2.857 = Severe: Ransomware attacks typically affect businesses because they prevent users from accessing files until a ransom is paid. However, when hackers gain access to a company’s network, there is always a risk of revealing personal information. At this time, there is no indication that Verint employee or customer information was compromised.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident is a reminder of the difficulty of managing and maintaining an international IT infrastructure. Fortunately, Verint’s security software immediately detected the breach and made employees aware of best practices for combating a ransomware attack, but a lot more could have been done. Companies should invest in solutions that can proactively and continuously monitor hacker marketplaces for compromised employee or customer data. Especially in the case of companies conducting business in cybersecurity and IT infrastructure, the risk associated with damaged brand quality is too high.

ID Agent to the Rescue: SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach

United States – The Weather Channel
https://edition.cnn.com/2019/04/18/media/weather-channel-hack/index.html

Exploit: Ransomware attack
The Weather Channel: Television network airing 24-hour coverage of weather

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.333 = Severe: The Weather Channel’s daily morning show AMHQ was unable to air at its regular time because of a ransomware attack that temporarily incapacitated the network. The downtime lasted for more than 90 minutes, and viewers saw pre-recorded footage during this time.
2.5 – 3 = Moderate Risk Individual Risk: 3 = Moderate: It is not currently believed that any personal information was revealed in the ransomware attack.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a serious problem for companies of all sizes. Critical information and operations can be cut off until the ransom is paid. Businesses must establish security protocols and source advanced security solutions in order to appropriately respond in the event of a ransomware attack.


ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Augusta Municipal Operations
https://www.centralmaine.com/2019/04/18/city-of-augusta-hit-by-computer-virus-city-center-closed/

Exploit: Computer virus
Augusta: The city capital of Maine, which provides services to 18,000 residents

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.333 = Severe: A malicious software infiltrated and damaged the city’s computer network system and individual devices, shutting down all offices for an extended period of time. Not only did the virus prevent officials from using servers and computers, but it debilitated the machines used by emergency dispatchers, which required manual tracking of emergency vehicles and responses. The phone system and public safety radio system did remain operational during the ordeal, ensuring no disruption to public safety. Additionally, all services related to the computer network including billing, tax records, and general assistance were completely offline. City officials believe the incident was perpetrated by an inside threat who wanted to destroy, not capture, government data.
2.5 – 3 = Moderate Risk Individual Risk: 2.714 = Moderate: City officials don’t believe that any personal information was compromised in the attack, but they do admit that this information has become inaccessible. Individuals with data stored on the city network should be mindful of the vulnerability by taking precautions to ensure data parity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  The notion that this incident could be perpetrated by an insider threat is a reminder than any single employee can do significant damage to a company’s IT infrastructure. Having contingency plans in place is a veritable must-have, but companies should also be prepared to provide support to any individuals impacted by the breach.

ID Agent to the Rescue: Dark Web ID can find out how payment data is used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

France – Tchap
https://techcrunch.com/2019/04/19/security-flaw-in-french-government-messaging-app-exposed-confidential-conversations/

Exploit: Code bug
Tchap: Proprietary government chat application developed by the French government

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: Built on top of an open-sourced chat protocol, Tchap was intended to provide end-to-end encryption for government communications. Although the application should only be accessible to government employees through their government-issued email addresses, security analysts discovered that users without these credentials could create an account and gain access to communications within the app.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: Tchap allows users to participate in public discussions, private chats, and group discussions, and users who create an account without proper credentials would only have access to public discussions within the app. However, it’s possible that users could engage with unsuspecting employees who might reveal sensitive government information.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Applications predicated on privacy must follow through on this priority and failing to account for possible shortcomings can have cascading consequences for any organization. Not only could sensitive information be revealed, but it undermines user confidence in the product. When it comes to cybersecurity, understanding vulnerabilities, even those derived from friendly code, is a serious shortcoming in any platform’s development.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom – The Department of Digital, Culture, Media & Sport (DCMS)
https://www.zdnet.com/article/matrix-hack-forces-servers-offline-user-credentials-leaked/

Exploit: Accidental sharing
DCMS: UK government agency responsible for managing GDPR implementation

2.5 – 3 = Moderate Risk Risk to Small Business:  2.555 = Moderate: Ironically, the UK government agency responsible for managing GDPR implementation is in violation of the law. In a mass email about the priority of privacy protection, the agency inadvertently revealed the email addresses for 300 journalists by including their credentials in the carbon copy (CC) rather than blind carbon copy (BCC) portion of the message. This is the third agency-related data loss event this month.
2.5 – 3 = Moderate Risk Individual Risk:  2.714 = Moderate: The journalists included on the email had their email addresses exposed to all recipients and additional viewers, but there is little risk of additional data loss from this incident.

Customers Impacted: 300
How it Could Affect Your Customers’ Business: This is the UK government’s third incident involving accidental sharing this month. It’s a reminder that, while external threats play a prominent role in your data security priorities, internal threats remain a persistent problem. Therefore, companies need to deploy a holistic approach to data security that accounts for internal and external threats.

ID Agent to the Rescue:  With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia – iStaySafe Pty. Ltd.
https://www.databreachtoday.com/australian-child-tracking-smartwatch-vulnerable-to-hackers-a-12376

Exploit: Insecure Direct Object Reference (IDOR) attack
iStaySafe Pty. Ltd.: Australia-based organization committed to proliferating child safety best practices across multiple domains

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: A penetration testing company found a flaw in the company’s TicTocTrack smartwatch – a wearable GPS watch that allows parents to track their child’s location. The flaw enabled unauthorized third-parties to access a child’s location, spoof their location, or even communicate directly with a child through the device. The company’s ethos is predicated on the priority of child safety, something that makes this event uniquely troubling and challenging.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: Currently, the company is incredulous about the viability of the risk, but, when it comes to the security of a child, those assurances aren’t particularly inspiring. Since it’s unclear what, if any, steps the company is taking to mitigate these risks, users should be extremely cautious when using this product.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Not only is iStaySafe Pty. Ltd. failing to account for the security of their vulnerable user base, but their continued incredulity doesn’t elicit confidence that they are capable managing a crisis should it emerge. It’s a reminder to every business that security needs to a top priority both in practice and in communication. Customers need to be protected and feel secure.

ID Agent to the Rescue:  With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

A new study reveals data exposure from hotel reservations

Symantec’s recent report on the security vulnerabilities of hotel websites found that the majority of them are leaking customer data.

The study was exhaustive, including 1,500 hotels in 54 countries and covering the gauntlet of lost-cost and high-end hotels. However, no single panacea was presented as a solution for the issue. Instead, different companies faced unique vulnerabilities to their systems and processes.

For instance, most hotels send guests a link to manage their reservation, but some hotels fail to encrypt this data, making it easily accessible to hackers and others accessing this information. At the same time, hotels collaborating with discount sites and advertisers are making guest data available to these third-party partners, elongating the exposure.

Moreover, the company found that hotels are uniquely susceptible to brute force attacks, a unique vulnerability that could allow bad actors to target specific individuals including CEOs, celebrities, or conference attendees.

Coming on the heels of the Marriott breach that revealed the information of 500 million guests, this report is a reminder to the industry that they need to be particularly aware of their security vulnerabilities and to take steps to protect customer information. Software solutions like BullPhish ID can mitigate many of these issues at the root source by helping you gain a thorough understanding of your company’s unique cybersecurity needs.

https://www.natlawreview.com/article/67-hotel-websites-expose-guest-data-study-finds


What We’re Listening To:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A note for your customers:

How Will You Handle Ransomware?

Ransomware attacks are one of the scariest and most reported cybersecurity threats, and a recent report found that most victims are now prepared to pay the ransom.

The Telstra’s 2019 Security Report surveyed 320 Australian businesses, more than half of which paid ransomware attackers to retrieve their data. Interestingly, 77% of those companies successfully recovered their information after paying the ransom.

In some ways, this is a good thing. Nobody wants to lose their data to hackers. However, it also incentivizes bad actors, making it possible for them to continue victimizing more people. Having a plan to combat and address ransomware is quickly becoming a critical component of any cybersecurity strategy, and it’s one that demands more than just a cache of Bitcoin for a rainy day.

https://www.natlawreview.com/article/report-finds-more-half-ransomware-victims-would-pay-ransom


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!