The Week in Breach: 08/14/19 - 08/20/19

This week, ransomware threatens a company’s financial future, online shoppers have their payment information stolen by MageCart, and Canada promotes cybersecurity for SMBs.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
Manufacturing
Top Employee Count:
11 - 50 Employees 


 

United States - Grays Harbor Community Hospital
https://healthitsecurity.com/news/hackers-demand-1m-in-grays-harbor-ransomware-attack

Exploit: Ransomware
Grays Harbor Community Hospital: Healthcare provider operating as part of the Harbor Medical Group
twib-severe Risk to Small Business: 1.666 = Severe: After an employee accidentally clicked on a phishing email, cybercriminals were able to infect the hospital’s IT infrastructure with ransomware that impacted the provider’s access to medical records, prescription information, and more services, including payment processing. The hackers demanded $1 million to unlock the files, a significant sum that places a serious strain on the cash-strapped hospital. While it’s unclear if the hospital paid the ransom, officials noted that restricted cash flow will threaten the organization’s future financial viability.
twib-severe

Individual Risk: 2.142 = Severe: While there is no evidence that personal data was collected as part of the breach, sensitive patient information, including medical records, demographic information, insurance information, medical history, medical treatment, and billing information could have been made accessible to unauthorized third-parties. Since personally identifiable information can quickly make its way to the Dark Web, where it can be used to facilitate additional cybercrimes, those impacted by the breach should acquire monitoring services to secure this information.

Customers Impacted: 85,000
How it Could Affect Your Customers’ Business: Ransomware is much more than a temporary inconvenience. The astounding costs surrounding repair, restoration, or even ransom payments can significantly impact a company’s ability to continue operating. Once ransomware takes hold of a company’s IT infrastructure, every path forward is expensive and fraught with difficulties. Therefore, identifying and addressing vulnerabilities before they enable a breach is the only effective way of avoiding the costly aftermath of a ransomware attack.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

 

United States - National Baseball Hall of Fame 
https://www.bleepingcomputer.com/news/security/national-baseball-hall-of-fame-hit-by-payment-card-stealing-attack/

Exploit: Malicious code script
National Baseball Hall of Fame: American History Museum for Major League Baseball
twib-severe Risk to Small Business: 1.555 = Severe: The notorious hacking group MageCart infiltrated the National Baseball Hall of Fame, compromising the personal information of customers shopping on their e-commerce store. Hackers had access to shopper information for seven months, beginning in November 2018. The hackers injected a malicious script into the checkout page that forwarded user information to the hacking group. Now, the museum will incur the inevitable repair costs that always accompany a data breach, and the reputational damage to their online store will likely cost them revenue and loyal customers moving forward.
twib-severe Individual Risk: 2.428 = Severe: MageCart scams steal customer data at checkout, and online shoppers between November 15, 2018 and May 14, 2019 could have their information stolen by the hacking group. This data involves customers’ names, addresses, and payment information, including CVV codes. Customers who made purchases at the online store during this timeframe are encouraged to contact their credit card company and monitor accounts for fraudulent or suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Online shopping is quickly becoming the go-to buying method for many shoppers, and SMBs rely on this revenue stream to compete with major corporations. Therefore, securing IT infrastructure is critical to stay competitive in today’s digital-first environment. To mitigate the damage after a breach, businesses should strive to provide proactive customer care to ensure that they can quickly and completely recover from a breach.

ID Agent to the Rescue: Did you know that SpotLight ID™ is 100% US-based and more comprehensive than LifeLock® or other competitors? Discover more about the personal identity protection solution here: https://www.idagent.com/identity-monitoring-programs.

 

United States - Camp Verde Unified School District 
http://www.journalaz.com/news/education/49717-hackers-hit-cvusd-hit-with-ransomware-attack-as-school-year-starts.html

Exploit: Ransomware
Camp Verde Unified School District: Public school district serving students in Camp Verde, Arizona
extreme gauge

Risk to Small Business:  2.111 = Severe: A ransomware attack prevented the school district from accessing its entire network for more than two weeks. The attack’s timing is particularly problematic since it occurred during back-to-school season for the district and its families. Consequently, records and payments are being recorded by hand as the district attempts to continue business as usual. Fortunately, the district has ransomware insurance that will help offset some of the costs, but those resources won’t undo the difficulties incurred by the organization at a critical time for business operations.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Opportunity cost is a significant factor in a ransomware attack. Many businesses are making arrangements to account for the costs of recovery, but there is no way to avoid losses in productivity and revenue that inevitably occur during a ransomware attack. Therefore, businesses and organizations need to take every precaution to prevent a ransomware attack before it occurs.


ID Agent to the Rescue: Dark Web ID™ alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

 

United States - Hy-Vee
https://www.supermarketnews.com/retail-financial/hy-vee-notifies-customers-payment-data-breach

Exploit: Unauthorized database access
Hy-Vee: Supermarket chain with 245 locations throughout the Midwestern United States
twib-severe Risk to Small Business: 1.777 = Severe: Unauthorized activity involving payment processing software compromised transaction data at the company’s fuel pumps, coffee shops, and restaurants. However, card data involving the company’s supermarket check lanes and other payment systems was not impacted by the breach. As a result, the regional company will have to spend considerably to upgrade its cybersecurity standards and absorb the less quantifiable costs in brand erosion.
twib-severe Individual Risk: 2.428 = Severe: Hy-Vee took steps to eradicate the malicious activity, but the company has not revealed the specific data sets that were compromised in the breach. Given that the event focused on point-of-sale platforms, it’s possible that names and payment information was made available to hackers. Customers should anticipate further developments from the company, but they should carefully monitor their accounts to identify suspicious activity.

Customers Impacted: 15,298
How it Could Affect Your Customers’ Business: Supporting those impacted by a data breach is the most important responsibility of any company that fails to protect customer data. Having the policies, procedures, and technology in place to quickly respond to a breach can help mitigate the inevitable reputation damage and customer blowback that accompanies a security lapse.


ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

 

United States - Choice Hotels 
https://www.zdnet.com/article/700000-choice-hotels-records-leaked-in-data-breach/

Exploit: Ransomware
Choice Hotels: Hospitality franchisor based in Rockville, Maryland
twib-severe Risk to Small Business: 2 = Severe Risk: An unsecured database for the hospitality company was discovered by security researchers, but cybercriminals stole a trove of company data before Choice Hotels could repair the vulnerability. When repairing the database, researchers discovered a ransom note indicating the data theft and demanding a $4,000 payment in Bitcoin to return the information. Cybersecurity personnel believe that the hackers intended to destroy the entire database, but their efforts failed.
correct severe gauge Individual Risk: 2.714 = Moderate Risk: The data breach includes data from staff and students from the years 2001 - 2016, and it includes first and last names, school email addresses, and birth dates. Personal data can travel quickly on the Dark Web, and those impacted by the breach should enroll in the credit monitoring services offered by the district.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Choice Hotels is working to put new security measures in place to prevent something like this from happening again. Unfortunately, once a breach occurs, customer information is readily and permanently available online. Therefore, data security is one of the best customer-facing initiatives that a business can adopt. When mistakes are made, knowing what happens to that information and putting procedures in place to prevent future breaches is a must-have service for any business.


ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

 

Australia - Tribal Group PLC 
https://www.morningstar.co.uk/uk/news/AN_1565601473082757200/tribal-reports-data-breach-in-australia%3B-other-operations-unaffacted.aspx

Exploit: Unauthorized database access
Tribal Group PLC: Software and service provider for educational institutions
twib-severe Risk to Small Business: 1.555 = Severe Risk: A data breach at the company’s subsidiaries, Tribal Campus, sent their stock price plummeting nearly 5%. The company reacted quickly to restrict the data breach and to repair the vulnerability, but they face an uphill battle to recover their stock price and to restore their tarnished reputation.
extreme gauge Individual Risk: 2.285 = Severe Risk: Those attending schools that rely on Tribal’s software and services could be impacted by the breach. The company is notifying individuals whose data was accessed, which could include their names and other personally identifiable information. This data can quickly spread on the Dark Web, and those affected should attain the credit and identity monitoring services necessary to ensure their information’s security and integrity.

Customers Impacted: 9,300
How it Could Affect Your Customers’ Business: Tribal Group PLC’s data breach underscores the vast financial implications of a data breach. Not only does repair and restoration result in significant expense but shifting consumer sentiment and global regulations are lowing investors tolerance for lax data security. In other words, data security is a bottom-line issue, and it should be a top priority for businesses of every size.


ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

 

Germany - European Central Bank 
https://www.ecb.europa.eu/press/pr/date/2019/html/ecb.pr190815~b1662300c5.en.html

Exploit: Unauthorized database access
European Central Bank: Central bank for monetary policy within the Eurozone
twib-severe Risk to Small Business: 1.666 = Severe Risk: Hackers infiltrated the database for Banks’ Integrated Reporting Director (BIRD), which includes the subscription information for a newsletter published by the organization. In addition, hackers injected malware into the network that can aid in phishing scams. As a result, the organization took their website offline indefinitely. However, all bank and market-related information was not impacted by the event.
twib-severe Individual Risk: 2.428 = Severe Risk: Database access provided hackers with subscribers' personal information, including their email addresses, names, and position titles. Fortunately, account passwords were not compromised. Since the BIRD website operates independently from the central bank, more critical information was not exposed during the breach.

Customers Impacted: 481
How it Could Affect Your Customers’ Business: In today’s digital landscape, dealing with third-party vendors is an inevitable component of any comprehensive IT infrastructure. However, data security needs to be top-of-mind when contracting with third-parties. In this case, a vulnerability at a third-party hosting service compromised the data at an organization with a rigorous and multifaceted approach to data security.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:


Canadian Government Launches Cybersecurity Certification Program for SMBs 

A recent survey by StaySafeOnline.org found that 71% of data breaches occur at small businesses, a prolific problem that the Canadian government is trying to solve. Consequently, they’re instituting an incentive program for SMBs prioritizing cybersecurity initiatives. 

The new initiative, CyberSecure Canada, allows organizations to prove that they meet specific security criteria, then awards the organization with a certificate and logo that they can include on their website and promotional material.

To become CyberSecure certified, SMBs must demonstrate compliance with 13 security controls that collectively create a safer internet experience for businesses and their customers. The program strives to encourage Canadian SMBs to spend time and resources on cybersecurity initiatives. Not only will this help shore up their own long-term viability, but it also supports customer data security, a top priority in the digital age.

Interestingly, the survey found that many companies aren’t equipped to defend against these threats. The research found that 64% of small businesses don’t have a security team, and only 1/3 provided cybersecurity training to their employees.

Notably, SMBs don’t have to tackle this priority alone. Partnering with qualified cybersecurity professionals can help augment your cybersecurity posture and transforming weaknesses into strengths.

https://www.itworldcanada.com/article/federal-government-launches-cybersecurity-certification-program-for-smbs/420823



What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A Note for Your Customers:

ACSC Warns Australian Small Businesses About BlueKeep Vulnerability 

According to a warning by the Australian Cyber Security Centre, thousands of Australian SMBs are at risk of being compromised by the BlueKeep vulnerability that can wreak havoc on outdated Windows operating systems. 

The warning comes on the heels of a disclosure by a security researcher who revealed a publicly available Remote Desktop Protocol that can scan for unpatched systems.

The ACSC estimates that 50,000 Australian devices are vulnerable to this malady, which is easily defensible using a patch provided in a software update.

Unfortunately, for companies that don’t take advantage of the update, their systems can be easily infiltrated by bad actors who steal and destroy company data.

Software updates are critical for ensuring that your business is protected in an ever-evolving threat landscape. Moreover, cybersecurity specialists (Like us!) can provide a comprehensive view of your cybersecurity readiness posture, ensuring that all vulnerabilities are accounted for.

https://www.cyber.gov.au/news/update-acsc-confirms-potential-exploitation-bluekeep-vulnerability

 


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0