The Week in Breach News: 11/04/20 – 11/10/20
This Week in Breach News: This week: Capcom discovers ransomware isn’t a game, Magecart hackers strike gold from JM Bullion, healthcare cyberattack warnings come to fruition, and we’ve put together a Dark Web crash course for you!
The Week in Breach News: Dark Web ID’s Top Threats This Week
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Finance & Insurance
- Top Employee Count: 501+
The Week in Breach News – United States
United States – JM Bullion
https://www.bankinfosecurity.com/precious-metal-trader-jm-bullion-admits-to-data-breach-a-15294
Exploit: Skimming (Magecart)
JM Bullion: Precious Metals Dealer
Risk to Business: 1.772 = Severe
This Texas precious metals trader discovered that someone was cashing in on their clients’ transactions and it wasn’t them. In a recent regulatory filing, the company disclosed that malicious payment skimming code was present and active on their website from February 18, 2020, to July 17, 2020.
Individual Risk: 1.624 = Severe
The information stolen in this attack includes customers’ names, addresses, and payment card information, including the account number, expiration date, and security codes. Customers should be alert to potential identity theft and spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Failing to notice a payment card skimmer operating on your site for 6 months does not speak well to your company’s commitment to keeping client data secure.
ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. LEARN MORE>>
United States – University of Vermont Medical Center
https://www.idagent.com/passly-digital-risk-protection
Exploit: Ransomware
University of Vermont Medical Center: Hospital System
Risk to Business: 1.402 = Extreme
In the wake of recent warnings from US government agencies about increased ransomware risk for healthcare targets, University of Vermont Medical Center (UVM) has landed in that trap. A ransomware attack has led to significant, ongoing tech problems for the University of Vermont Health Network, affecting its six hospitals in Vermont and New York. The Vermont National Guard and the FBI have been working with the tech team at UVM to restore service since the attack first began affecting systems on October 30th. Damage assessment and recovery are ongoing, and some systems are still offline. The hospital says that urgent patient care was not impacted.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Healthcare targets are in increasing danger from money-hungry cybercriminals who know that medical targets don’t have time for a long, complex recovery procedure, but they do have money.
ID Agent to the Rescue: Ransomware is typically delivered as the nasty cargo of a phishing attack. Improve your staff’s phishing resistance to fight back against ransomware threats. LEARN MORE>>
United States – GrowDiaries
Exploit: Misconfiguration
GrowDiaries: Industry Blogging Platform
Risk to Business: 2.237 = Severe
Leading cannabis industry blogging platform GrowDiaries may need to clear its head after a configuration error in Kibana apps left two Elasticsearch databases unlocked and leaking data. Those open gates allowed attackers to dive into two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding more than two million user data points.
Individual Risk: 2.612 = Moderate
One open database exposed usernames, email addresses, and IP addresses for platform users, and the other exposed user articles posted on the GrowDiaries site and users’ account passwords. Users should be aware of spear phishing and blackmail risks.
Customers Impacted: 1.4 million
How it Could Affect Your Customers’ Business: Cyberattacks can have cascading consequences, with information stolen in cyberattacks coming back to haunt businesses months or years later. Data like login credentials can live on in Dark Web data dumps to haunt you later.
ID Agent to the Rescue: Dark Web ID helps keep credentials safe with 24/7/365 human and machine monitoring using real-time data analysis. to find compromised credentials and alert you fast. LEARN MORE>>
United States – Mattel
https://www.bleepingcomputer.com/news/security/leading-toy-maker-mattel-hit-by-ransomware/
Exploit: Ransomware
Mattel: Toymaker
Risk to Business: 2.327 = Severe
In a recent regulatory filing, Mattel told regulators that it suffered a ransomware attack in July 2020 that shut down some systems but did not include a significant data loss. Only business systems were impacted, production and distribution were not affected. Experts believe that TrickBot ransomware was used in the incident.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybersecurity awareness starts with phishing resistance. It’s the most likely delivery system for ransomware, but training only sticks if it’s refreshed at least every 4 months.
ID Agent to the Rescue: Don’t get caught in cybercriminal nets by ransomware lures. BullPhish ID had more than 80 plug-and-play phishing simulation campaigns ready to train your staff to spot and stop phishing now, with 4 new ones added every month. SEE HOW IT WORKS>>
United States – GEO Group
https://www.natlawreview.com/article/geo-group-hit-ransomware-attack
Exploit: Ransomware
GEO Group: Private Prison Developer
Risk to Business: 2.066 = Severe
GEO Group has begun informing impacted individuals and facilities that the Florida-based prison developer was struck by ransomware in July 2020. The company notes that some personally identifiable information and protected health information for some inmates and residents was exposed in the incident. The impacted people connected to the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville Pennsylvania, and an unnamed defunct facility in California. Employee data was also obtained in the incident.
Individual Risk: 2.221 = Severe
Residents and former residents of the impacted facilities should be alert to spear phishing, identity theft, or blackmail attempts using the stolen data. Employees of GEO group should also be on the lookout for similar activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: failure to stop ransomware attacks from landing on your business is a fast track to a long, messy, and expensive recovery.
ID Agent to the Rescue: Don’t set yourself up for disaster by failing to train everyone in your organization. From interns to the C-suite, everyone’s a potential phishing target. BullPhish Id uses fast, effective training tools like engaging videos to make sure everyone is up to speed. LEARN MORE>>
The Week in Breach News – Canada
Canada – Saskatchewan Polytechnic
https://globalnews.ca/news/7450319/saskatchewan-polytechnic-cyberattack-online-classes/
Exploit: Ransomware
Saskatchewan Polytechnic: Institution of Higher Learning
Risk to Business: 1.317 = Extreme
Classes were canceled for a week at Saskatchewan Polytechnic after a suspected ransomware attack on October 30th rocked the school’s systems. Students and staff lost access to O365 functions, Zoom, and learning platforms. Online classes have been partially restored, but the recovery for impacted systems is ongoing with law enforcement involved. Saskatchewan Polytechnic operates campuses in 4 locations.
Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.
Customers Impacted: 14,176 students, unknown staff
How it Could Affect Your Customers’ Business: Ransomware isn’t just about capturing data anymore, it can also be intended to shut down your business. Security awareness training prevents up to 70% of cybersecurity incidents.
ID Agent to the Rescue: Phishing resistance training is one of the most important ways that businesses can protect their systems and data. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. LEARN MORE>>
The Week in Breach News – United Kingdom & European Union
United Kingdom – Flagship Group
https://www.theregister.com/2020/11/06/revil_sodinokibi_ransomware_gang_flagship_group_housing/
Exploit: Ransomware
Flagship Group: Rental Housing Facilitator
Risk to Business: 1.862 = Severe
Social housing platform Flagship Group got an unwelcome visitor – REvil ransomware. The company announced that one of their data centers was infected by the ransomware, “compromising some personal staff and customer data”. Operations were not impacted. The attack took place on November 1, 2020, and authorities are investigating as recovery continues.
Individual Risk: 1.613 = Severe
Clients and employees should be aware of the possibility that their personally identifiable or financial data was compromised and be alert to spear phishing and identity theft attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: As the company noted in their report, REvil came calling as part of a phishing email, the biggest cybersecurity threat your business is facing in 2020.
ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>
Sweden- Folksam Insurance Group
https://www.pymnts.com/news/security-and-risk/2020/sweden-folksam-insurance-data-breach-big-tech/
Exploit: Accidental Data Sharing
Folksam Insurance Group: Insurance Company
Risk to Business: 2.801 = Moderate
Swedish insurer Folksam made a misstep last week, when employees accidentally shared access to sensitive client data with Facebook, Google, Microsoft, LinkedIn, and Adobe. There are no indications that the data was used. The data was generated as part of an internal marketing analysis.
Individual Risk: 2.654 = Moderate
Folksam has not said precisely what data was shared, but data they maintain includes financial, personal, and professional information about clients.
Customers Impacted: 1.000,000
How it Could Affect Your Customers’ Business: Accidental data sharing is often a result of sloppy data handling and security practices. Clients will lose trust in companies that promise to secure their sensitive data and fail.
ID Agent to the Rescue: Passly adds extra protections between outsiders and your data with a robust suite of secure identity and access management tools at a price that’s also sweet. SEE PASSLY IN ACTION>>
Spain – Prestige Software
https://www.hackread.com/hotel-reservation-platform-data-leak-online-booking-sites/
Exploit: Misconfiguration
Prestige Software: Travel Industry Software Developer
Risk to Business: 1.613 = Severe
International booking software provider Prestige is in hot water for a misconfiguration incident that led to the exposure of personally identifiable data for potentially millions of travelers worldwide. An AWS S3 bucket was left open with free access to 24.4 GB of information, about 10 million files. Clients of Prestige Software include Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and several others. Credit card data for businesses including travel agents and hotel customers was also stored in this database without any security measures.
Risk to Business: 1.624 = Severe
Travelers from as far back as 2013 who have used Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and smaller service providers may be impacted. The information exposed includes travelers’ full names, NIC numbers, email addresses, phone numbers, hotel reservation number, date and duration of stay, credit card numbers including owner’s name, CVV code, and card expiration date.
Customers Impacted: Unknown, 10 million files were exposed
How it Could Affect Your Customers’ Business: This egregious data handling and security error isn’t just a PR disaster – it’s also going to cost a pretty penny in fines and penalties once regulators get finished, including an anticipated large GDPR bill.
ID Agent to the Rescue: Compliance is a major concern in many industries. Are you checking off the boxes on your industry’s compliance checklist? We can help make sure that you’re on the ball. LEARN MORE>>
Italy – Campari Group
Exploit: Ransomware
Campari Group: Beverage Vendor
Risk to Business: 2.607 = Severe
The Ragnar Locker ransomware gang stopped by Italian beverage maker Campari Group, leaving a sticky situation in its wake. The company, creators of brands including Campari, Cinzano, and Appleton, had a large part of its IT systems encrypted leading to a business disruption. Campari has announced that it was able to restore affected systems and no sensitive data was impacted. The ransom demand is currently set for $15 million
Individual Risk: No personal or consumer information was reported as impacted in this incident
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Backup and restoration is an important tool in ransomware recovery – but training your staff to not be fooled by the phishing email that launches a ransomware attack is an effective mitigation strategy.
ID Agent to the Rescue: BullPhish ID is available in 8 languages to keep worldwide staff up to date to spot and stop the latest phishing threats, including COVID-19 scams. LEARN MORE>>
The Week in Breach News – Asia Pacific
India – Lupin
Exploit: Ransomware
Lupin: Drugmaker
Risk to Business: 1.806 = Severe
As the race to find a vaccine or treatment for COVID-19 heats up, Mumbai-based Lupin became the second major Indian pharmaceutical company to be hit by a suspected ransomware attack in the last few weeks. The company was forced to shut down operations and production at several of its facilities for a brief period, but systems have been restored.
Individual Impact: No personal data was exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Snarling systems and impacting production are two goals that we’re seeing on the rise on cybercriminal hit lists, and frequently ransomware is the tool that they prefer to shut down businesses.
ID Agent to the Rescue: Don’t get locked out of your business by ransomware. Phishing resistance training with BullPhish ID transforms your staffers from your largest attack surface to your largest defensive asset. . LEARN MORE>>
Japan – Capcom Inc. Ltd.
Exploit: Ransomware
Capcom Inc. Ltd.: Videogame Company
Risk to Business: 2.070 = Severe
Ragnar Locker ransomware is on the case again, this time in an incident at legendary Japanese game company Capcom. The gang claims to have scored 1TB of sensitive data from Capcom, including data from corporate networks in the US, Japan, and Canada. Industry sources report that Ragnar Locker claims to have encrypted 2,000 devices on Capcom’s networks and are demanding $11,000,000 in bitcoins for the key.
Individual Risk: No individual information was reported as impacted in this incident, although the extent and type of the stolen data is still unclear.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even giant corporations can become victims of the humble phishing attack, and huge amounts of data like what was captured here help fuel the spear phishing attacks that often lead to ransomware events.
ID Agent to the Rescue: Information from attacks like this frequently makes its way to Dark Web data markets and dumps, including stolen password lists. Make sure your employee credentials are protected from unexpected risk when you have them monitored with Dark Web ID SEE DARK WEB ID AT WORK>>
The Week in Breach – South America
Brazil – Superior Court of Justice
https://www.hackread.com/ransomware-attack-brazil-top-court-encrypts-backups/
Exploit: Ransomware
Superior Court of Justice: Judiciary Body
Risk to Business: 1.227 = Extreme
A ransomware attack savaged the Brazilian judiciary system last week, encrypting or disrupting all major services including the official website. Outlets are also reporting that the system cannot be easily restored because the backups have also been encrypted, which squares with the demands made by cybercriminals for a ransom payment. The Court is collaborating with the Brazilian Army’s Cyber Defense Command and other relevant authorities for investigations. Court actions are suspended pending the restoration of required services.
Individual Risk: While it’s clear that a great deal of information has been stolen or encrypted, there are no specifics on the type.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is also becoming a favored weapon of nation-state hackers, and is being more frequently used to disrupt government and essential service operations.
ID Agent to the Rescue: Are nation-state hackers a threat to your business? Many essential services are at risk, especially in healthcare. Find out more about what they’re going after and how to protect your business. LEARN MORE>>
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Added Intelligence
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
- 3 Threats to Watch for Election 2020 Cybersecurity
- Will the Vastaamo Patient Data Breach Set a GDPR Penalty Record
- The Week in Breach News: 10/28/20 – 11/03/20
- Is Your Company Really at Risk for Business Cyberattacks
- Graphus Named in 2020 Gartner Market Guide for Email Security
- Cybersecurity News: The Ink This Week 11/06/20
- Ransomware Up 33% in 2020 Q2 Alone Says IBM
- Third Party Risk is Worse Than You Think
The Week in Breach: Resource Spotlight
Dark Web Danger Isn’t Decreasing – Here’s the Crash Course You Need to Keep Up
Are you up to speed on today’s Dark Web? Take this crash course in Dark Web threats to get ready to learn more about how the Dark Web economy really works to confidently sell more Dark Web monitoring and effectively secure your clients.
- COVID-19 changed everything – including the Dark Web. See how it could impact your business in the eBook “State of the Dark Web 2020“. Download it now>>
- In our webinar “MSPs Are Lifting the Veil of the Dark Web”, MSP experts will show you everything an MSP needs to know about today’s Dark Web. Watch the webinar>>
- Go deep into Dark Web data markets with experts and get a free deck of Dark Web screenshots in the webinar Unveiling Cybercrime Markets on the Dark Web. Watch this webinar>>
Insider threats are today’s scariest business cybersecurity risk. Learn to spot and stop them with the eBook and other tools in this resource package!
The Week in Breach: Featured Briefing
Credential Stuffing Attacks Disproportionately Target Certain Industries
Many types of cyberattacks are more common in some industries than others, while ransomware has been a consistently dangerous across-the-board offender, things like business email compromise scams and corporate espionage tend to cluster. That seems to be the case with credential stuffing attacks in 2020, as certain industries have seen more than their share.
In recent reporting, cybersecurity researchers have uncovered a trend that doesn’t bode well for three already beleaguered industries. In the analysis period, July 1 2018 to June 30, 2020, researchers counted over 100 billion credential stuffing attempts against myriad targets. and discovered that cybercriminals are playing favorites.
More than 60% of the credential stuffing attacks recorded in the last 12 months have targeted businesses in the retail, hospitality, and travel sectors, led by 64 billion attempts at cracking open user accounts in just those verticals. While every company carries some risk for credential stuffing, retail is the clear favorite of cybercriminals, with more than 80% of credential stuffing attacks directed at retail targets.
Analysts suspect that additional online shopping traffic spurred on by worldwide COVID-19 lockdowns added as an extra incentive to go after retailers this year. That explosion in shopping brought some users who hadn’t been shopping online much back into the fold, enabling cybercriminals to get new mileage out of old lists of compromised credentials in Dark Web data dumps.
So, how can you secure your clients and your business against credential stuffing threats? It turns out that a few simple tools pave the way to enhanced protection from this growing threat:
- Find exposed credentials that could put your clients at risk. Millions of passwords from millions of sources are easily acquired on the Dark Web, even for free. Make sure that employee credentials aren’t floating around on any of those lists with Dark Web ID. Our 24/7/365 Channel-leading Dark Web monitoring uses real-time, validated data and real human analysts as well as machine intelligence to spot compromised protected credentials and alert you to trouble immediately.
- Eliminate flimsy barriers that let cybercriminals walk right in. One of the universally recommended mitigations for credential stuffing risk is multifactor authentication for a good reason – it works. Add Passly to your arsenal to give your clients enhanced access point protection that goes to work in days, not weeks – without the enhanced price point.
Protecting your clients from credential stuffing attacks isn’t a magic trick, and it’s not an expensive proposition. It’s a smart move that will prevent data breaches, enhance your MRR, and build your clients’ trust in your expertise. By adding efficient, affordable protection, your clients can have confidence that you’re making sure they’ve got their shield in place against credential stuffing.
See Passly and Dark Web ID in action. WATCH IT>>
Book a live demo with an ID Agent expert to see how Passly and Dark Web ID can grow your business! BOOK IT>>
Find out why Dark Web danger is just around the corner for every business in the post-pandemic world.
The Week in Breach: A Note for Your Customers
Compliance Essentials Save You Money in More Ways Than One
As we head into the last weeks of 2020 (finally!), businesses are starting to take stock of what they’ve accomplished this year and what they need to get done in Q1 2021. When you’re making your review list, don’t forget to include “compliance”, because failing to maintain data and system security is a nasty misstep that no business can afford.
Take a moment to review how compliance requirements may have changed in your industry. Japan’s 2005 Protection of Personal Information law received a major update in 2020. Plus, new GDPR updates and clarifications can add additional complications and additional penalties for failure. India and Hong Kong are also set to enact and enforce updated data privacy regulations.
In the US, data privacy bills were put before legislatures in at least 30 states and Puerto Rico in 2020, and new regulations were enacted in Virginia and Michigan. The newly enacted California Consumer Privacy Act could also impact your business, California voters also just passed Proposition 24 on November 3, 2020, allowing consumers to stop businesses from selling or sharing their personal information, including race, religion, genetic details, geographic location, and sexual orientation.
One data security best practice that is required or encouraged in many industry compliance regulations is multifactor authentication (MFA), and Passly is an ideal choice. Protect your data with more than one lock: a password and MFA. With Passly’s MFA feature, a separate code or token is also needed to gain access to your systems and data, guarding you from the impact of a compromised employee password.
Compliance is a tricky field, and it’s always best to consult with an expert to ensure that you’re safe. Your managed services provider can help you find out exactly what you need to do to ensure that your company’s data handling and storage are on track with industry best practices and compliance requirements, giving you peace of mind as you head into the end of a challenging year.
Catch Up With Us at These Virtual Events
- NOV 12: Best Practice Tips for Building Even Better Client Relationships Webinar REGISTER>>
- NOV 18: Securing Your C-Suite; a Cybersecurity Panel Discussion REGISTER>>
- DEC 7-11: The TruMethods MSP Success Summit REGISTER>>
- DEC 15: ‘Twas the Night Before Krampus REGISTER>>
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!