The Week in Breach: 10/16/19 - 10/22/19

This week, ransomware will cost companies critical revenue, repeat offenders put customer loyalty at risk, and businesses fail to account for the risks of compromised employee credentials.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
Finance & Insurance
Top Employee Count:
1 - 10 Employees 


 

United States - Alphabroder 
https://www.asicentral.com/news/newsletters/promogram/october-2019/alphabroder-suffers-ransomware-attack/

Exploit: Ransomware attack
Alphabroder: Promotional product supplier
twib-severe

Risk to Small Business: 1.555 = Severe: A ransomware attack temporarily halted Alphabroder’s processing and shipping platform. Since the ransomware prevented the company from executing orders, Alphabroder was forced to make a statement on social media and interrupt most business processes. Alphabroder did subscribe to cybersecurity insurance to help offset the costs, but the reputational damage and long-term infrastructure costs can be difficult to quantify and are capable of significantly dampening the company's financial prospects in the near term.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are always looking for new ways to profit from businesses’ IT vulnerabilities. Unfortunately, these bad actors only have to execute their strategy once to inflict incredible long-term damage on a company. This complicated threat landscape makes it especially important that businesses regularly assess their cybersecurity stance to ensure that they are ready to defend whatever comes their way.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

 

United States - Stripe
https://www.bleepingcomputer.com/news/security/stripe-users-targeted-in-phishing-attack-that-steals-banking-info/

Exploit: Phishing attack
Stripe: Online payment processing company
twib-severe

Risk to Small Business: 1.888 = Severe: Hackers are deploying fake and invalid Stripe support alerts to engage customers and procure user credentials. After clicking on the fictitious support alert, users are prompted to enter their bank account information and user credentials on a fake customer login page. This isn’t the first time that Stripe customers have been targeted in phishing attacks, and such attacks are becoming increasingly sophisticated and prevalent.

twib-severe

 

Individual Risk: 2.428 = Severe: Given that Stripe is an online financial platform, users can easily be tricked into providing their most sensitive personal data to cybercriminals. It’s unclear if any Stripe customers have fallen for this phishing scam, but any users who responded to one of these malicious messages had their personal data compromised. They should immediately report this to Stripe and their other financial institutions, and they should take steps to ensure their data’s long-term integrity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybersecurity has taken center stage among customers and employees, and both are demonstrating an unwillingness to work with companies that can’t protect their information. Especially for companies operating in a crowded and competitive market, top-shelf cybersecurity standards are a prerequisite to a thriving business model.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

 

United States - Pitney Bowes Inc. 
https://www.zdnet.com/article/pitney-bowes-claims-customer-data-safe-following-malware-attack/

Exploit: Malware attack
Pitney Bowes Inc.: Mail management company
twib-severe

Risk to Small Business: 2.111 = Severe: A malware attack prevented Pitney Bowes’ employees and customers from accessing critical services. The company, which specializes in mail management, lost business directly as a result of the attack. Customers were unable to refill postage or upload transactions on their mailing machines. In addition, news of the announcement sent the company’s shares down 4%, which underscores the many ways that a cybersecurity incident can negatively impact a company’s bottom line.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Regardless of the attack methodology, cybersecurity events are incredibly costly for companies. In this case, Pitney Bowes was punished by investors, lost revenue opportunities, and endured reputational damage that will have long-term implications for the company. Given the high cost of recovery, pursuing robust cybersecurity services is a bargain.


ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

 

Canada - The Canada Post
https://www.ctvnews.ca/canada/canada-post-investigating-whether-some-customer-data-was-compromised-in-2017-1.4642932

Exploit: Credential stuffing attack
The Canada Post: Primary postal operator in Canada
twib-severe

 

Risk to Small Business: 2.444 = Severe The Canada Post recently acknowledged that it discovered a data breach from 2017. The credential stuffing attack relied on redundant username and password credentials obtained from previous hacks to access user accounts. The postal provider was unable to identify the scope of the attack, so Canada Post is resetting all user account passwords.


correct severe gauge

 

Individual Risk: 2.571 = Moderate: The postal operator did not provide specific insights into compromised data, but the lengthy gap between intrusion and identification increases the likelihood that compromised accounts ended up on the Dark Web or leveraged for fraud. All users should review account credentials to ensure that they are not using similar passwords across accounts, or double-dipping, which would make them vulnerable to future threats.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing attacks are a natural consequence of years of data breaches that have compromised billions of records. Since many customers reuse the same username and password combinations across multiple accounts, it can be an easy way for hackers to infiltrate other accounts and access even more user data. In response, businesses should do a better job of encouraging strong, two-factor passwords, while also identifying compromised credentials before they are reused in a credential stuffing attack.


ID Agent to the Rescue: With AuthAnvil™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

 

United Kingdom - Sonic Jobs 
https://www.cisomag.com/recruitment-sites-exposes-250000-resumes-online/

Exploit: Exposed database
Sonic Jobs: Job recruitment website
twib-severe Risk to Small Business: 2.111= Severe: An exposed database revealed the personal information of thousands of job seekers. Sonic Jobs, which partnered with Amazon Web Services for its database, failed to change the database configuration to private, meaning that all users could view the details of job applicants and anyone who knew the locations of the servers could have downloaded the information.
extreme gauge

 

Individual Risk: 2= Severe: The exposed data was provided by job seekers, and it includes their names, addresses, contact information, and work experience. This information can quickly be sold on the Dark Web, where it can be used to facilitate other cyber crimes including phishing and identity scams. To protect themselves, anyone impacted by the breach should enroll in identity monitoring services while also being especially critical of unusual or unexpected communications.

Customers Impacted: 29,202
How it Could Affect Your Customers’ Business: In its response, Sonic Jobs cited its limited resources as one reason that the database’s configuration went undetected. Unfortunately for the company, consumers and global regulators don’t look at this metric when deciding how to respond to a data breach. Given the enormous financial and reputational costs of a data breach, acquiring the services to assess and secure your cybersecurity landscape is a no brainer.


ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more: https://www.idagent.com/dark-web.

 

France - M6 Group 
https://www.zdnet.com/article/m6-one-of-frances-biggest-tv-channels-hit-by-ransomware/

Exploit: Ransomware attack
M6 Group: Privately owned multimedia group
twib-severe

Risk to Small Business: 1.777 = Severe: Cybercriminals attempted to bring M6’s TV and radio channels offline using a ransomware attack. However, employees’ rapid identification and response time prevented the malware from disrupting programming. The company’s email and phone services did not escape the attack, remaining offline for several days after the attack. Several media outlets have been targeted with costly ransomware attacks this year, but M6 was able to sidestep more sinister consequences.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: When it comes to cybersecurity, a company’s employees can either be a vulnerability or an asset. In almost every case, this distinction is forged through training and preparedness. In this case, employees’ quick detection and response prevented an even more catastrophic ransomware attack. Rather than leaving cybersecurity up to chance, provide your employees with comprehensive cybersecurity training so that they can serve as an extra layer of protection against a litany of threats.


ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

 

Australia - CSL
https://www.smh.com.au/business/companies/doctor-patient-details-allegedly-stolen-in-csl-espionage-scandal-20191017-p531k5.html

Exploit: Insider data theft
CSL: Biotherapy provider
twib-extreme

 

Risk to Small Business: 1.333 = Extreme Risk: A former high-level company executive stole a treasure trove of company details that he used to procure a job with a competitor. In addition to millions of pages of trade secrets, sales information, research, and testing information, the former executive procured the information on 800 doctors working with the company. These people are contracted by the company to influence other doctors and industry members and losing these contacts could prevent CSL from capitalizing on the exclusive thought leadership of these members.

twib-severe

 

Individual Risk: 1.857 = Severe: Although the doctors’ data was stolen for business purposes, those impacted by the breach should be aware that their information was used in an unethical and illegal manner by CSL’s former employee.

Customers Impacted: 800
How it Could Affect Your Customers’ Business: CSL’s data breach is a reminder that customer data isn’t the only thing at risk in today’s digital environment. Trade secrets, intellectual property, and valuable industry contracts are all up for grabs, and this information can quickly be deployed by your competitors to undercut your advantage or to short-circuit your strategies. Therefore, when considering your cybersecurity strategy, devise a holistic plan to protect all of your valuable company data.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Channel Success Team will set you up for the win! https://www.idagent.com/goal-assist.

 

New Zealand - NZ First 
https://www.stuff.co.nz/national/politics/116409225/major-leak-of-nz-first-membership-database-exposes-personal-details

Exploit: Database exposure
NZ First: Political party in New Zealand
twib-severe

 

Risk to Small Business: 1.555 = Severe: A bad actor shared confidential information on a political party’s members with reporters. The incident is being described as “deliberate and malicious.” The data breach follows recent complaints about the party’s internal candidate selection process. Members whose data was distributed were furious, speaking with the media about their frustration over the party’s data management.
twib-severe

 

Individual Risk: 1.857 = Severe: The compromised data reveals personally identifiable information, including names, addresses, email addresses, phone numbers, and party member due status. This information can quickly spread on hacker forums or the Dark Web where it is often used to execute additional cybercrimes. Therefore, those impacted by the breach should be especially vigilant about monitoring their accounts, and they should consider enrolling in identity monitoring services to ensure that their information isn’t being misused.

Customers Impacted: 800
How it Could Affect Your Customers’ Business: Beyond the obvious political ramifications, the incident underscores the importance of holistic data security at a time when personal data can be either an asset or a liability. This breach could discourage people from formally affiliating themselves with the party through membership. Similarly, businesses that fail to protect user data in one instance almost always endure long-term consequences that are even more significant than the initial breach.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:


Canadian Companies Victimized by Uptick in Ransomware 

2019 has seen a precipitous increase in the number of ransomware attacks reaching SMBs, government agencies, and educational institutions. These attacks, which consist of encrypting a company’s files and then demanding a ransom payment, are becoming especially common among institutions that lack the resources to continually defend against the devastating attack vector. 

Now, that reality is hitting Canadian businesses especially hard, a noteworthy development for a country that has often managed to avoid being victimized by such threats.

According to a recent survey, 88% of Canadian organizations experienced some type of data breach in the past year, and 82% noted an increased attack volume during that period. However, in that survey, ransomware only accounted for 14% of these breaches. Since then, a string of Canadian healthcare companies, small businesses, and government organizations have been targeted. Some are speculating that the malware’s success in other countries, including the U.S., has encouraged cybercriminals to broaden their horizons.

Regardless of the intention, with ransomware widely available for lease on the Dark Web, businesses shouldn’t expect these attacks to abate any time soon. Rather, they should continually review and update their cybersecurity posture to ensure that their infrastructure is capable of defending against the latest ransomware strains.

https://www.cbc.ca/news/technology/more-ransomware-canada-1.5317871



What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A Note for Your Customers:

Businesses Underestimate the Threat of Stolen Employee Data 

While every business is busy finding ways to protect their customers’ data, a recent survey found that many are not paying attention to the threat posed by stolen employee data. Only 11% of respondents reported believing that compromised employee credentials like usernames and passwords pose high risk. 

However, the reality is that years of extensive data breaches have resulted in employee information being readily available on the Dark Web. Even more, hackers are leveraging tactics like credential stuffing attacks to access company networks undetected.

By failing to account for the entire threat landscape, businesses are opening themselves up to additional data exposure vulnerabilities that involve customer information.

Fortunately, companies can be proactive about identifying compromised credentials. Dark Web monitoring services alert businesses when their employee information is available for sale, providing them the opportunity to safeguard information before it is used against them.

https://www.zdnet.com/article/stolen-staff-data-could-be-your-biggest-security-weakness/

 


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0