The Week in Breach: 06/12/19 - 06/18/19

This week, ransomware shuts down a food bank, Canadian patient data is leaked via employee email, and Australian universities get schooled on cybersecurity.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
Finance & Insurance
Top Employee Count:
51 - 100 Employees 


 

United States - Emuparadise
https://www.zdnet.com/article/emuparadise-gaming-rom-repository-suffers-data-breach/

Exploit: Compromised password hashing algorithm
Emuparadise: Retro gaming emulator website
twib-severe Risk to Small Business: 1.555 = Severe: An outdated, compromised password hashing algorithm was exploited by hackers, causing user data to be compromised. Although the data breach took place on April 1, 2018, the damage was only recently revealed when accounts were provided to HavelBeenPwned. By failing to update their cybersecurity standards, Emuparadise will now face reputational erosion and incur significant costs associated with interrupted business processes and recovery.
twib-severe

Individual Risk: 2 = Severe: Emuparadise users can search HavelBeenPwned to view the status of their credentials. For those compromised, hackers gained access to email addresses, IP addresses, usernames, and passwords. Impacted individuals should be mindful that their credentials could be compromised, and they should be especially careful about using duplicate passwords on other services.

Customers Impacted: 1,131,229
How it Could Affect Your Customers’ Business: A data breach predicated on outdated security standards is an unnecessary and self-inflicted wound that is entirely avoidable. Instead, every organization should routinely evaluate their cybersecurity standards, ensuring that they reflect industry standard best practices.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United States - Lake City
https://cyware.com/news/triple-threat-ransomware-attack-cripples-email-systems-and-services-of-lake-city-729e1f23

Exploit: Ransomware
Lake City: Local government organization serving Lake City, Florida
twib-severe Risk to Small Business: 2 = Severe: A malware attack delivered “triple threat” ransomware that targeted the city’s network systems, rendering many city services inaccessible. Although emergency services such as police and fire are operational, city email accounts, land-line phones, and credit card services were disabled. In the meantime, the city has been forced to write bills, receipts, and other services by hand. It’s a reminder that ransomware attacks are uniquely dangerous because they not only cost money to repair, but those impacted run the risk of disrupting business processes or losing valuable data.
correct severe gauge Individual Risk: 3 = Moderate Risk: City officials believe that personal data, including online payment information, was not compromised in the breach. However, residents should monitor their accounts for suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Local governments are a top target for hackers, and ransomware is becoming a commonly deployed method for extorting valuable city resources away from citizens. Therefore, every local government needs a comprehensive ransomware response plan before an incident occurs. Ransomware attacks are often initiated by phishing scams, signaling the importance of cybersecurity awareness and training at the front line.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United States - U.S. Customs and Border Protection
https://techcrunch.com/2019/06/10/cbp-data-breach/

Exploit: Malicious cyberattack
U.S. Customs and Border Protection: Law enforcement agency operating under the authority of the Department of Homeland Security
extreme gauge Risk to Small Business:  1.777 = Severe: A subcontractor violated the department’s policy and transferred copies of license plate and traveler images to their network where they were stolen in a malicious cyberattack. In response, the agency is monitoring the Dark Web for evidence of this data, and they are reevaluating their cybersecurity and privacy standards. Of course, these initiatives are simpler and more palatable when they are done proactively, rather than after an incident occurs. Consequently, the agency will now have to endure increased governmental oversight and media scrutiny.
twib-severe Individual Risk: 2.428 = Severe: The stolen data included license plate and travel images from certain lanes at a particular border crossing. The agency isn’t providing any more specific information at this time, noting that it processes more than a million border crossings each day. However, they did indicate that no passport or other travel information was compromised in the breach.

Customers Impacted: 100,000
How it Could Affect Your Customers’ Business: When sensitive personal information is compromised in a data breach, organizations have a responsibility to help those impacted recover from the incident. These responses vary significantly, but they should foundationally include understanding what happens to personal information after its stolen. Personal data can be quickly bought and sold on the Dark Web, so monitoring this environment is a staple of any comprehensive response that can begin restoring the organization’s reputation and protecting those that are affected.


ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United States - Auburn Food Bank
https://www.bleepingcomputer.com/news/security/food-bank-hit-by-ransomware-needs-your-charity-to-rebuild/

Exploit: Ransomware
Auburn Food Bank: Charitable organization providing free food to families and individuals
twib-severe Risk to Small Business: 2.111 = Severe: A ransomware attack struck the non-profit, charitable organization, encrypting all but one of its computers. This particular ransomware, GlobalImposter 2.0, cannot be decrypted, and victims must contact the hackers to negotiate a ransom. However, Auburn Food Bank is refusing to negotiate. Instead, they are seeking donations to replace their technology, which is roughly equal to the ransom demands.
correct severe gauge Individual Risk: 3 = Moderate Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are frequently initiated through phishing emails, but this incident occurred at 2:00 A.M., when no employees were in the office. Keeping in mind that such threats can arrive at any time and any place, organizations must prepare a response plan proactively and continuously evaluate their cybersecurity posture.


ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United States - Evite 
https://www.zdnet.com/article/evite-e-invite-website-admits-security-breach/

Exploit: Unauthorized system access
Evite: Social planning and e-invitation service
twib-severe Risk to Small Business: 1.888 = Severe Risk: Hackers were able to access Evite’s network, which allowed them to download an inactive data storage file that contained the personal information of millions of their customers. Despite being notified of the breach on April 15th, the company is only now acknowledging the breach. Their slow response time and lax security standards will now require them to incur the fees of third-party cybersecurity analysts as well as cascading reputational costs that are difficult to quantify and even more challenging to repair. In the meantime, the company is encouraging users to reset their passwords, a modest first step for such a traumatic incident.
twib-severe Individual Risk: 2.428 = Severe Risk: The compromised information could include names, usernames, email addresses, dates of birth, phone numbers, and mailing addresses. Fortunately, social security numbers and financial data were not included as part of the breach. However, since this information was already discovered on the Dark Web, those impacted by the breach should immediately attain credit and identity monitoring services to secure their credentials.

Customers Impacted: 10 million
How it Could Affect Your Customers’ Business:  When organizations are compromised in a data breach, their response becomes a critical metric in restoring their users’ trust. In this case, the company was slow to respond to the breach, delaying their messaging by several months. When exposed information makes its way to the Dark Web, timing is of the essence, and understanding what happens to the information accessed in the data breach can provide employees or customers with confidence in the integrity of their personal information or credentials. Partnering with an MSP can provide the insight necessary to achieve this.


ID Agent to the Rescue: SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

Canada - Nova Scotia Health Authority 
https://www.cbc.ca/news/canada/nova-scotia/nova-scotia-health-authority-privacy-breach-1.5169171

Exploit: Phishing attack
Nova Scotia Health Authority: Provincial health authority serving Nova Scotia, Canada
twib-severe Risk to Small Business: 2 = Severe Risk: When an employee entered his credentials into an email purporting to be from the company's information technology department, hackers gained access to sensitive patient information stored in the employee’s email account. Although the breach was first reported on May 13th, the organization required nearly a month to determine the type and scope of the compromised data. Their slow response time and weak protocols will make the clean-up costly as they must reestablish their patients’ trust even as they upgrade their cybersecurity practices.
twib-severe Individual Risk: 2.428 = Severe Risk: The breach specifically pertains to patients who were scheduled for surgery at or who were communicating with the Colchester East Hants Health Centre in Truro. Since the organization can’t verify specific data exposure, those impacted by the breach should prepare for the worst and assume that their information could be made accessible on the Dark Web.

Customers Impacted: 2,841
How it Could Affect Your Customers’ Business: The Health Authority has repeatedly struggled to mitigate the threat of a breach, and employee actions are frequently the cause, something that is certainly not restricted to this particular organization. A rapidly changing and increasingly capricious threat landscape means that companies need to routinely and continually train and prepare their employees to succeed in this regard. Often, that means partnering with industry experts to keep your employees up to speed.


ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

Canada - City of Burlington 
https://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach

Exploit: Phishing scam
City of Burlington: Local government organization serving Burlington, Canada
twib-severe Risk to Small Business: 2 = Severe Risk: A sophisticated phishing email requesting new bank account information was purportedly sent from an established city vendor. Workers didn’t immediately identify the scam, and the city sent $503,000 to a falsified bank account. Although the government is updating its protocols to prevent this from happening in the future, it’s a reminder that, when it comes to guarding resources, proper cybersecurity training is a bargain.
correct severe gauge Individual Risk: 3 = Moderate Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing attacks are entirely preventable, but they can be incredibly difficult to identify. As hackers adopt more sophisticated methodologies, it increases the importance of sophisticated and continual training to prevent them from wreaking havoc on your company’s IT infrastructure and customer data. What’s more, this training needs to reflect the evolving nature of today’s attacks.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns, helping employees identify the signs of a scam in a rapidly changing threat environment. Click the link to get started: https://www.idagent.com/bullphish-id/.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

Belgium - ASCO 
https://www.scmagazineuk.com/airplane-parts-maker-asco-ransomware-attack/article/1587573

Exploit: Ransomware
ASCO: Designer and manufacturer of aerospace components
twib-severe

Risk to Small Business: 2.111 = Severe: A ransomware attack crippled IT systems and halted production at the company’s Belgium plant. To prevent the ransomware from spreading, the company also shut down production in Germany, Canada, and the United States. Not only is ASCO faced with either paying the ransom or purchasing new network infrastructure, but the company had to send home 1,000 of its workers on paid leave for the entire week.

 correct severe gauge Individual Risk: 3 = Moderate: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Regardless of your company’s size or sector, having a plan in place in the event of a ransomware attack is a must-have asset in today’s digital economy. Since data breach management is considerably more expensive than proactively training employees and implementing safeguards, such efforts should be a no-brainer for every institution.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:


Australian Universities at Significant Risk of a Cyber Attack 

A recent audit of the IT environment for Australia’s universities found repeated failures to address identified weaknesses in their IT systems, making them especially susceptible to cyber attacks. Focused on just 10 universities, the audit identified one university, Charles Sturt University, as a high risk, and the other universities were classified as a moderate security risk. Perhaps most troubling, many of the vulnerabilities were repeat findings, indicating that universities are either unable or unwilling to improve their cybersecurity posture to address existing and emerging threats.

The report comes on the heels of a recent cyber attack in which hackers accessed 19 years of university data that included sensitive information about current and former staff and students. Since universities are trusted with troves of personal information, including data from minors, addressing these concerns should be a top priority. These weaknesses, according to the audit, could cause significant financial or reputational loss for universities that can’t improve in this capacity.

Of course, cyber threats are not unique to universities. Today’s threat landscape is continually progressing, making it wise to partner with trusted cybersecurity authorities to ensure that your organization is prepared to meet these challenges.

https://amp.smh.com.au/national/nsw/universities-across-nsw-at-significant-risk-of-further-cyber-attacks-audit-finds-20190606-p51vba.html



What We’re Listening To:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A note for your customers:

Cyber Criminals Are Getting More Clever 

Security-minded internet users often look for certain signs – like the padlock that accompanies a web address or the “https” designation – to identify websites that are safe and secure. Those hallmarks of internet integrity are not as sure as they once were.

According to a public service announcement released by the U.S. Federal Bureau of Investigation (FBI), cyber criminals are using these designations to proliferate phishing campaigns by establishing a more trustworthy messaging apparatus.

Many are using cloud hosting websites to achieve SSL certificates that help convince users to hand over sensitive personal information. Regardless of the methodology, it’s evident that internet users will have a more difficult time identifying phishing scams. However, comprehensive training from providers like us can stop phishing scams in their tracks by preparing customers and employees to address the shifting security trends and the emerging threats.


https://www.bleepingcomputer.com/news/security/fbi-issues-warning-on-secure-websites-used-for-phishing/

 


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0