The Week in Breach News: 12/23/20 – 12/29/20
This Week in Breach News:
Ransomware was an unwelcome holiday gift for a plastic surgery group, a trucking company, and other organizations, kick 2021 off right with our Cybersecurity New Year’s Resolutions infographic, and get our Build Better Passwords eBook!
The Week in Breach News – United States
United States – Forward Air
Exploit: Ransomware
Forward Air: Trucking & Logistics Company
Risk to Business: 2.113 = Severe
Another trucking company got hit with ransomware this week, as attacks on shipping and logistics targets continue to surge. Forward Air took the hit this time from a ransomware gang that’s just coming on the scene, Hades. Operations and web services were disrupted, and recovery is ongoing.
Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is increasingly being used to disrupt business operations instead of just snatch business data, and that’s equally bad news for every company.
ID Agent to the Rescue: Don’t just hope that you’re not a target – get your business ready to fight back against ransomware threats with our eBook “Ransomware 101”. GET THE BOOK>>
United States – TennCare
https://www.wkrn.com/news/tenncare-announces-privacy-breach-impacting-3300-members/
Exploit: Insider Incident (Accidental)
TennCare: Medicaid Services Agency
Risk to Business: 2.602 = Moderate
A blunder at TennCare has led to the exposure of personally identifiable information for about 3,300 Medicaid patients in Tennesee. Employees at an information processing vendor mistakenly sent out misaddressed mailers that may have contained protected health information to the wrong recipients.
Individual Risk: 2.771 = Moderate
The state has set up a hotline for members to find out if they’re at risk by calling (833) 754-1793. The state will also be providing free credit monitoring for breach victims. TennCare users should be wary of potential spear phishing and financial scams using this information.
Customers Impacted: 3.300
How it Could Affect Your Customers’ Business To err is human…unfortunately. But increased security awareness training can help reduce a company’s chance of experiencing a damaging security incident by up to 70%.
ID Agent to the Rescue: Don’t make rookie mistakes. Our Security Awareness Champion’s Guide features detailed walkthroughs of today’s risks and how to beat them. GET THIS BOOK>>
United States – TaskRabbit
Exploit: Credential Stuffing
TaskRabbit: Microlabor Marketplace
Risk to Business: 2.803 = Moderate
Users of the Boston-based gig work platform TaskRabbit were surprised to get forced password reset notices when they logged in over the weekend. The company says it stopped a credential stuffing attack and did not suffer a breach or intrusion, but is having users reset their passwords “out of an abundance of caution”. The incident is still under investigation.
Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing attacks can be devastating. In this case, TaskRabbit got lucky, but they may not be as fortunate next time.
ID Agent to the Rescue: Dark Web ID helps protect businesses from Dark Web danger by watching for protected credentials to appear in Dark Web markets 24/7/365 and alerting your IT team if they appear. SEE DARK WEB ID IN ACTION>>
The Week in Breach News – Canada
Canada – Sangoma Technologies
Exploit: Ransomware
Sangoma Technologies: VoIP Technology Provider
Risk to Business: 2.317 = Severe
FreePBX developer Sangoma Technologies received an unpleasant gift this holiday season – Conti ransomware. The gang published over 26 GB of Sangoma’s stolen data on their ransomware data leak site includes files containing information on accounting, financials, acquisitions, employee benefits and salary, and legal documents. The incident did not impact products or client data.
Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: More municipalities are finding themselves in the crosshairs of cybercriminals looking to make a quick profit than ever. Your customers need solutions that protect their data from risks today and tomorrow, but tough times and tight budgets may be standing in the way of closing that sale.
ID Agent to the Rescue: Are your customers aware of the danger that their business faces from ransomware? Are they ready to do something about mitigating it? If you need a little backup to help you seal the deal to upgrade their security solutions, we’re happy to lend a hand with Goal Assist. LEARN MORE>>
The Week in Breach News – United Kingdom & European Union
United Kingdom – The Hospital Group
https://securityaffairs.co/wordpress/112637/cyber-crime/the-hospital-group-revil.html
Exploit: Ransomware
The Hospital Group: Private Cosmetic Surgery Services
Risk to Business: 1.702 = Severe
The REvil ransomware gang is claiming responsibility for a data breach at celebrity plastic surgery clinic chain The Hospital Group. The ransomware operators say that they’ve hacked essential data storage systems and have threatened to release before-and-after pictures of celebrity clients from their stash of more than 600 GB of data if the ransom is not paid, but no word on how much they’re asking for.
Individual Impact: No individual or personal data has yet been exposed, but that may change as events progress.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is no joke, and gangs can damage your business quickly by selectively stealing especially sensitive information about your clients.
ID Agent to the Rescue: Phishing is still the #1 delivery system for ransomware, and that won’t be changing anytime soon. Improve phishing resistance training with BullPhish ID to improve any company’s defense against ransomware. SEE BULLPHISH ID AT WORK>>
United Kingdom – NOW: Pensions
https://www.theregister.com/2020/12/22/data_breach_now_pensions/
Exploit: Insider Incident (Accidental)
NOW:Pensions : Workplace Pension Services
Risk to Business: 1.667 = Severe
NOW: Pensions recently informed clients of a contractor error that led to information exposure. The company explained that user data was “unintentionally” posted on an unnamed public forum, with data exposed between 12/11/20 and 12/14/20, and reportedly accessed by “a small number of third parties. Appropriate authorities have been informed and the incident is under investigation.
Individual Impact: 1.701 = Severe
The exposed records include biographical data for pensioners (names, email addresses, and dates of birth) as well as National Insurance numbers. The company is offering impacted clients credit and identity theft monitoring. Clients should be aware of phishing and fraud attempts mounted using this data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This complex incident will be a nightmare to unravel, even if it was actually an accident. By allowing the wrong person access to client data, that data was compromised and this company faces big bills ahead.
ID Agent to the Rescue: Make sure that only the right people have access to sensitive information with a secure identity and access management solution like Passly to prevent an expensive disaster. LEARN MORE>>
Scotland – Scottish Environmental Protection Agency
https://news.stv.tv/scotland/scottish-environment-protection-agency-targeted-in-cyberattack?top
Exploit: Hacking
Scottish Environmental Protection Agency (SEPA) – National Environmental Regulatory Authority
Risk to Business: 2.107 = Severe
A hacking incident at SEPA has left some services offline but not severely impacted important data or functions. The Christamas Eve attack knocked communication into and across the organization offline, but core regulatory, monitoring, flood forecasting, and warning services continued unimpeded. The incident is under investigation, and complete restoration is anticipated quickly.
Individual Impact: No personal data was reported as exposed in this incident
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybersecurity incidents can come in all shapes and sizes, and may even only impact part of your business as cybercriminals refine their attacks to continue the trend of becoming more precise in the future.
ID Agent to the Rescue: Is your client’s cybersecurity plan ready to defend against the threats of tomorrow? Are you? Get expert help building out your security portfolio and closing more deals! SCHEDULE A CALL>>
Spain – 21 Buttons
https://www.hackread.com/fashion-marketplace-21-buttons-expose-users-data/
Exploit: Misconfiguration
21 Buttons: Fashion Social Network
Risk to Business: 1.511 = Severe
A misconfigured AWS bucket has led to the exposure of personal data for hundreds of influencers and fashion industry fans after security researchers discovered a gaping hole in the platform. The app, which has been downloaded more than 5 million times, allows users to trade and share content as well as enabling e-commerce. This security issue wasn’t fixed for at least a month, exposing the personal and financial data of the platform’s users to anyone who cared to see it.
Risk to Business: 1.762 = Severe
Over 50 million files were available and exposed in this incident including payment data for influencers, company invoices, users’ full names and addresses, financial information such as bank account numbers, PayPal email addresses, photos, and videos.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This kind of information is valuable, and cybercriminals know that they can make a pretty penny on it in the booming Dark Web data markets.
ID Agent to the Rescue: Protect your business from Dark Web danger with Dark Web ID, the always-on guardian that you can trust to alert you immediately to Dark Web credential exposure. LEARN MORE>>
The Week in Breach News – Asia-Pacific
Japan – Koei Tecmo
https://securereading.com/koei-tecmo-suffers-data-breach-stolen-data-exposed/
Exploit: Spear Phishing
Koei Tecmo: Videogame and Anime Studio
Risk to Business: 1.802 = Severe
Japanese game and media company Koei Tecmo experienced a data breach that impacted users of its European and American sites. The company’s stable includes Hyrule Warriors, Nioh 2, Atelier Ryza, Dead or Alive, and others. An unnamed threat actor claims to have stolen a forum database through Koei Tecmo’s European user portal with 65,000 users and implanted a web shell on the site for continuous access. The company confirmed that the breach only affected the forum and not any other parts of the site, and that no financial data was involved.
Individual Risk: 2.771 = Moderate
Users of the European and American potals to the company’s forums should be aware of potential phishing attempts or fraud using information from stolen forum user accounts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: From the biggest companies to the smallest, phishing is a threat that doesn’t discriminate. It’s a beloved tool for cybercriminals because it works.
ID Agent to the Rescue: Everyone becomes part of the cybersecurity team when everyone learns to spot and stop phishing threats with BullPhish ID – featuring expanded functionality requested by MSPs like you coming in January! LEARN MORE ABOUT THE NEW BULLPHISH ID>>
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Added Intelligence
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Welcome to the Phishing Special Edition of our blog roundup. We’ve gathered some of our best posts on today’s biggest threat here for you to use as you prepare to fight phishing in 2021!
- Get Phishing Resistance Training That Stamps Out Threats
- Don’t Make This Phishing Resistance Training Mistake
- Guest Starring in the Federal Hack: Phishing
- Remote Work Phishing Threats Aren’t Slowing Down
- 10 Alarming Statistics About Phishing in 2020
The Week in Breach: Resource Spotlight
Start the New Year Off Right With This Helpful Cybersecurity New Year’s Resolutions List!
Would you like some expert advice on what to consider as you plan your 2020 cybersecurity moves? We’re here to help! Introducing our NEW 2021 Cybersecurity New Year’s Resolutions checklist. Review our best tips for boosting security in all the right places while staying on budget to make sure you’ve covered all your bases.
Make your New Year’s Cybersecurity Resolutions now! GET THE CHECKLIST>>
Fresh Reading: Build Better Passwords eBook
Are you ready to learn how to make good ones? In our eBook, Build Better Passwords, we’ll take you on a deep dive into the art and science of creating strong, secure passwords including:
- Facts about the cost of relying on weak passwords to protect data
- The biggest problem with passwords and how to beat it
- Tips for saving businesses from password pitfalls
Don’t wait until cybercriminals exploit your company’s bad passwords. Learn to Build Better Passwords now! GET THE EBOOK>>
Reserve Your Space Now for the Debut of the NEW BullPhish ID!
You asked for improved functionality and upgraded features to make BullPhish ID the ideal training solution for your clients. We listened. Join us on January 19, 2021, at 11 am ET to be among the first to see that feedback at work as we unveil the NEW BullPhish ID! RESERVE YOUR SPOT>>
The Week in Breach: Featured Briefing
Data Harvesting Increases Dark Web Threat Pool
While the biggest cybersecurity news stories have been about phishing and nation-state hacking this year, It’s never wise for any cybersecurity professional to take their eyes of the Dark Web for long. As splashy stories like the Twitter hack and the recent Federal hacking scandal have absorbed every one’s attention, the Dark Web has remained active, and it’s been growing at a strong pace – which s definitely bad news for businesses.
One major factor that has contributed to the growth of the Dark Web in 2020 and the corresponding growth in Dark Web threats is an explosive increase in data harvesting. China has been in the lead of these operations, gathering and exposing data about everything from social media posts made by prominent Americans and US military officials to contact information for the children and relatives of people who work in influential positions in government or the arts.
This kind of information is widely leveraged by cybercriminals to conduct precisely targeted spear phishing operations. The goal of these data miners is to find ways to push their targets’ buttons without raising suspicion. By gathering very detailed information about these folks’ likes, dislikes, patterns, locations, families, and other aspects of their lives, data harvesting operations enable bad actors to socially engineer successful attacks.
That’s why it’s essential to remember that just because it’s not in the spotlight, that doesn’t mean that the Dark Web is less of a threat. Information like this is traded in Dark Web markets every day, and deals are constantly being brokered for valuable personal information about the targets of cybercrime. More than 80% of businesses have seen an increase in cybercrime in 2020, especially phishing and spear phishing threats (which shot up by more than 600% in 2020).
Your clients need reliable, affordable, professional Dark Web monitoring. While many businesses are looking for ways to trim their budgets and save money by decreasing their reliance on outside service providers, it’s critical to their overall cybersecurity posture that your clients understand that Dark Web monitoring is not a DIY proposition – only highly trained analysts and cybersecurity experts know where to look for Dark Web danger and how to interpret the data that they find there.
That’s why your clients should feel confident that they can rely on Dark Web ID. Our 24/7/365 human and machine-powered monitoring and analysis knows exactly what to look for, and can quickly alert security teams to potential disaster from credential compromise. As the amount of data that’s available on the Dark Web continues to grow, so does the danger to businesses posed by that data – and more than 65% of what’s there right now could harm enterprises.
Dark Web ID is the right solution to guard your clients against credential compromise danger from huge new data dumps and batches of information garnered by data miners making its way to Dark Web markets. Adding Dark Web ID to their security plans and your cybersecurity menu is a smart move to stay alert to potential pitfalls coming your way from the Dark Web.
Contact us today to improve your cybersecurity portfolio and your clients’ defenses with Dark Web ID.
The Week in Breach: A Note for Your Customers
2021 Trend Watch: Ransomware Never Goes Out of Style
Ransomware is the monster under the bed that every company should be worried about these days. From stealing data to disrupting operations and even nation-state hacking, ransomware was a favored tool of cybercriminals worldwide in 2020 – and that looks set to continue in 2021.
Ransomware surged at the start of the pandemic, with an incredible 148% increase in attacks in March 2020 alone. In Q3 2020, researchers estimate that cybercriminals successfully completed at least 1 new ransomware attack every day. That’s not a trend that your business wants to get in on.
Protecting your business from cybercrime like ransomware starts with building a strong cybersecurity culture. It’s important to make sure that every one of your staffers is up to date on the latest threats and following cybersecurity best practices – after all, they’re part of your security team too.
Using a solution like BullPhish ID to help employees learn to spot and stop phishing attempts is essential these days- phishing messages are the number one delivery system for ransomware. Plus, adding a secure identity and access management solution like Passly adds powerful protection against cyberattacks including ransomware by adding multifactor authentication, a recommended risk mitigation by CISA and other experts.
Take smart precautions now to ensure that your business isn’t a trendsetter because no company can afford to be a part of the expected wave of continued growth in ransomware attacks in 2021.
Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!