The Week in Breach News: 05/25/22 – 05/31/22
Government and education targets continue to be rocked by ransomware, GM experiences credential stuffing and see fresh data about employee behavior around risks and cybercrime trends in our newly released annual report The Global Year in Breach 2022.
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
North Orange County Community College District
Exploit: Ransomware
North Orange County Community College District: Institution of Higher Learning
Risk to Business: 2.667 = Moderate
North Orange County Community College District in California has been notifying more than 19,000 people about a data security incident. A statement on the school’s website disclosed that Cypress College and Fullerton College in the NOCCCD system experienced a ransomware attack in March 2022. The notice was also posted to the website for Fullerton College for International Students and the Cypress College on-campus Dental Hygiene Clinic, but no confirmation that students in these locations were impacted.
Risk to Individual: 2.901 = Moderate
Exposed information may include a student’s name and passport number or other unique identification number issued on a government document (such as Social Security number or driver’s license number) and possibly financial account information and/or medical information for some students.
How It Could Affect Your Customers’ Business: Schools have been a favorite target of bad actors and school system databases are popular targets because they often hold big stores of information.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
Somerset County Government
https://therecord.media/ransomware-attack-disrupts-a-range-of-services-in-a-new-jersey-county/
Exploit: Ransomware
Somerset County Government: Local Government
Risk to Business: 1.963 = Severe
The government of Somerset County, New Jersey with an estimated population of about 350,000, announced on Tuesday that a ransomware attack had caused some systems outages. The county government said that its email system was down. County offices were using temporary Gmail accounts to enable residents to contact critical departments such as the County Commissioners, Health, Emergency Operations, the County Clerk, Sheriff and Surrogate. The county says that it expects the outages to continue for a week. The County Clerk’s office also disclosed that it has been rendered unable to provide most services that require internet access, including gaining access to land records, vital statistics, probate records and title searchers before 1977 In response, the county has activated its Emergency Operations Center and Continuity of Operations of Government Plan.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business Governments have been high on the cybercriminal’s shopping list since they tend to have big data stores.
ID Agent to the Rescue: Learn to mitigate your clients’ ransomware risk and protect them from trouble with the resources in our Deep Dive Into Ransomware bundle! GET BUNDLE>>
Verizon
https://www.vice.com/en/article/wxdwxn/hacker-steals-database-of-hundreds-of-verizon-employees
Exploit: Hacking
Verizon: Wireless Network Provider
Risk to Business: 2.802 = Moderate
Verizon has announced that hackers obtained access to a database. The hacked database includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. According to reports, the hacker contacted Verizon to ask for an extortion payment of $250,000 to prevent the release of the stolen data. Verizon has said that they do not plan to pay.
Risk to Business: 2.773 = Moderate
Information exposed in the database includes employee names, email addresses, corporate ID numbers, and phone numbers. Verizon says that the database does not include Social Security Numbers, passwords or credit card numbers.
How It Could Affect Your Customers’ Business: Data security must be a priority for protecting employee PII as well as customer PII.
ID Agent to the Rescue: Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with The Cybersecurity Monster Hunter’s Checklist! GET IT>>
General Motors (GM)
https://www.infosecurity-magazine.com/news/general-motors-hit-by-cyber-attack/
Exploit: Credential Stuffing
General Motors (GM): Automobile Manufacturer
Risk to Business: 2.872 = Moderate
General Motors (GM) has announced that it was hit by a credential stuffing attack last month that exposed customer information. GM said that they detected the malicious login activity between April 11-29, 2022, and that hackers obtained access through credential stuffing. GM said in a statement “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.” The bad actors also redeemed loyalty points from some customers’ accounts for gift cards.
Risk to Individual: 2.583 = Moderate
Customer data that was exposed in this incident includes first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members’ avatars and photos (if uploaded), profile pictures and search and destination information, car mileage history, service history, emergency contacts and Wi-Fi hotspot settings (including passwords).
How it Could Affect Your Customers’ Business: Dark web data is a credential compromise hazard that can bite any business big or small leading to a data exposure disaster.
ID Agent to the Rescue: Make sure you’re offering your clients the right protection against dark web risks like this with The Dark Web Monitoring Buyer’s Guide for MSPs. DOWNLOAD IT>>
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
Scarborough Health Network
https://www.cbc.ca/news/canada/toronto/scarborough-health-network-data-breach-1.6465355
Exploit: Hacking
Scarborough Health Network: Healthcare Network
Risk to Business: 1.917 = Severe
Toronto healthcare provider Scarborough Health Network has disclosed that it has experienced a data breach. Officials say that an unauthorized actor gained access to the organization’s systems around January 25, 2022. The attacker was shut out of the system by February 1, 2022. The information of anyone treated before February 1, 2022, may have been compromised. The organization says that patients who received care prior to the amalgamation of SHN Centenary Hospital (also known as Scarborough Centenary Hospital), SHN General (also known as Scarborough General), and Birchmount Hospital (also known as Scarborough Grace) under one network in 2016 might be impacted as well as patients who received care at hospitals that were part of the former Rouge Valley Hospital Network, including RVHS Ajax and Pickering Campus or Ajax-Pickering Hospital.
Risk to Business: 1.917 = Severe
The health network says a big pool of information may have been accessed, including patients’ names, dates of birth, marital statuses, home addresses, phone numbers, email addresses, OHIP numbers, insurance policy numbers, lab results, diagnosis information, COVID-19 immunization records. Staff names and numbers may have also been accessed.
How it Could Affect Your Customers’ Business Medical data is very profitable for the bad guys, and data security incidents are sure to be expensive for medical systems.
ID Agent to the Rescue Help your clients be ready for cybercrime trouble and keep their data safe with The Computer Security To-Do List. DOWNLOAD IT>>
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
Austria – Government of Carinthia
Exploit: Ransomware
Government of Carinthia: Regional Government
Risk to Business: 1.733-Severe
The Black Cat ransomware gang has struck the government of the Austrian state of Carinthia, demanding a ransom of $5 million. The government of Carinthia disclosed that 3,000 IT workstations were affected. Among services that were impacted by this incident include the issuance of passports and the payment of traffic fines. It doesn’t plan to pay the attackers.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Ransomware is a go-to attack against governments because bad actors gave had plenty of success getting them to pay up.
ID Agent to the Rescue Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
Turkey – Pegasus Airlines
https://www.infosecurity-magazine.com/news/turkish-airline-exposes-flight/
Exploit: Misconfiguration
Pegasus Airlines: Air Carrier
Risk to Business: 1.963 = Severe
Turkish carrier Pegasus Airlines has disclosed that data including the personal information of flight crew alongside source code and flight data has been exposed as the result of a misconfiguring an AWS bucket. Researchers discovered an estimated 23 million files were found on the bucket, totaling around 6.5TB of leaked data. This included over three million files containing sensitive flight data including flight charts and revisions, insurance documents, details of issues found during pre-flight checks and information on crew shifts. Over 1.6 million of the exposed files contained personally identifiable information (PII) on airline crew, including photos and signatures. Source code and data from Pegasus’s proprietary software was also exposed, including plain text passwords and secret keys.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Employee mistakes can be just as dangerous, damaging and expensive as many cyberattacks.
ID Agent to the Rescue Get tips for helping your clients identify potential insider risks like employee mistakes or malicious actors with The Guide to Insider Risk. DOWNLOAD IT>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Australia – Spirit Super
Exploit: Phishing
Spirit Super: Financial Services
Risk to Business: 2.771 = Severe
Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added.
Risk to Individual: 2.643 = Severe
Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details.
How it Could Affect Your Customers’ Business Phishing is the first step in more than 90% of data breaches, making stopping it a top security priority.
ID Agent to the Rescue Get tips to spot phishing messages and give them to your clients with this handy infographic How to Spot a Phishing Email. It’s perfect for social sharing or newsletter content! GET IT>>
Australia – National Disability Insurance Scheme (NDIS)
https://www.itnews.com.au/news/ndis-case-management-system-provider-breached-580729
Exploit: Supply Chain Risk
National Disability Insurance Scheme (NDIS): Government Program
Risk to Business: 2.654 = Severe
A client management system provided by a service provider and used by the National Disability Insurance Scheme (NDIS) has exposed sensitive data. The system was maintained by CTARS, a Sydney-based software and analytics provider for the disability and care sectors. NDIS disclosed that an unauthorized third party had gained access to its systems on May 15, 2022.
Risk to Individual: 2.643 = Severe
NDIS says that personal information relating to patients may have been exposed including details of the diagnoses, treatment, or recovery of a medical condition or disability. Other data possibly compromised includes Medicare and pensioner cards, as well as tax file numbers.
How it Could Affect Your Customers’ Business Supply chain risk has been escalating as cybercriminals tap lynchpins in the supply chain and it’s sure to be a major risk for every business this year too.
ID Agent to the Rescue Learn more about supply chain risk and other risks that your clients might face this year in our annual risk report The Global Year in Breach 2022. DOWNLOAD THE REPORT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.
- Do You Really Need Dark Web Monitoring?
- Here’s What the Path to a Ransomware Attack Might Look Like & the Consequences
- Developing an Effective Security & Compliance Awareness Program
- Today’s Booming Dark Web Economy Heightens Ransomware Risk
- The Week in Breach News: 05/18/22 – 05/24/22
Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>
Fresh Resources
The Global Year in Breach 2022 is Here!
The threats that businesses faced last year can be a good indicator of the threats they’ll face in the future. Looking at those challenges can also give insight into threats like insider risk. In our signature annual report The Global Year in Breach, we’re sharing the data that we collected about the threat landscape and employee behavior around cybersecurity as well as our predictions for what’s next.
You’ll find:
- Data from Dark Web ID detailing the threats we saw in 2021
- A look at the phishing simulations that employees fell for and other security training data from BullPhish ID
- Our predictions for the threats you’ll see this year
DOWNLOAD THE GLOBAL YEAR IN BREACH NOW>>
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
Protecting Your Clients from the Next Cyberattack
The Global Year in Breach 2022 Helps You See What’s Next in Cybercrime
Protecting your clients from cyberattacks is always challenging. Not only can it be difficult to determine where the next big attack trend may be coming from, but it can also be challenging to demonstrate to clients just why they need to bolster security against those potential risks. This data from our newly released annual report The Global Year in Breach may help you show your clients the risks they might face ahead and why it pays to maintain strong security, enabling you to ensure that they’ve got the right security solutions in place to prevent trouble today and tomorrow.
Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>
What Risk Do Your Clients Face in 2022 and Beyond?
In the fast-paced world of cybercrime, it’s hard to predict exactly what will come next. Geopolitical factors, economics and technology all play a role in shaping cybercrime. However, it’s safe to say IT professionals will want to keep an eye on these emerging trends in 2022.
1. Growth in cybercrime-as-a-service
The growth of cybercrime-as-a-service has played a major role in escalating cybercrime rates, and that looks set to keep rolling in 2022. An estimated 90% of posts on popular dark web forums are from buyers looking to contract someone for hacking or other cybercrime services. A high level of activity adds competition to the space, resulting in lower prices. Bad actors can farm out phishing operations through a subscription service for as little as $800 per month. Contracting out for a U.S.-targeted, high-quality ransomware campaign in 2021 cost $1,900, but that price has dropped to $17,00 in early 2022 as more cybercriminals entered the space. The evolution of this industry will continue to make cybercrime easier for the bad guys and defense harder for everyone else.
Learn to unleash the power of checklists and other downloads in your marketing efforts! WATCH WEBINAR>>
2. High supply chain risk
Supply chain risk is not going to decrease anytime soon. Booming dark web data markets ensure cybercriminals will be hunting for fresh stores of data, and they’ll be targeting business services companies and other service providers or suppliers to find it. Supply chains also offer bad actors pathways to conduct backdoor attacks on larger organizations, a boon to both garden-variety and nation-state cybercriminals. In the ninth annual Threat Landscape Report, the European Union Agency for Cybersecurity (ENISA) noted that nation-state threat actors conducted at least 17 known supply chain attacks between 2020 and 2021, constituting more than 50% of the attacks they recorded. ENISA also broke down supply chain attacks it recorded in 2021, offering a glimpse at what businesses are likely to face in the future.
Common Goals of Supply Chain Attacks
- About 66% of attacks focused on obtaining supplier code
- About 58% of attacks aimed to access data
Source: ENISA
3. Nation-state tension exacerbating cyberattack danger
Experts have long warned that cyberattacks would be used as an offensive weapon in modern conflicts. That warning has been borne out by high levels of cyberattack activity carried out in the Russia-Ukraine conflict. Overall, nation-state cybercrime has doubled since 2017. Complicating matters, nation-state threat actors that serve isolated or rogue states have been increasing their ransomware operations activity to generate income for their country. North Korea pulled in an estimated $1 billion from cybercrime in 2021. ENISA has predicted that state-backed actors will be increasingly involved in revenue-generating cyber intrusions in 2022.
ENISA’s Top 9 Threats for 2022
This list of threats gives businesses a starting point for considering their risk and their defense strategy in 2022 and beyond.
- Ransomware
- Malware
- Cryptojacking
- Email-related threats
- Threats against data
- Threats against availability and integrity
- Disinformation/misinformation
- Non-malicious threats
- Supply chain attacks
Source: ENISA
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
New Email Security Challenges Are Also Rising Fast
Email security is a major part of protecting your clients from cyberattacks. Many of today’s biggest risks all have one thing in common: they typically arrive on a company’s doorstep via email. The recently released State of Email Security 2022 from Graphus uncovers email security risks based on today’s trends that may impact business email security in the near future. Keep these two risk contributors on your radar.
1. Record rates of discovery for zero-day phishing attacks
Phishing attacks that have never been seen before are called zero-day attacks, and they are notoriously difficult for common email security tools like built-in security or a secure email gateway (SEG) to detect and block. Google estimates that 68% of phishing attacks can be classified as zero-day attacks. Cybercriminals are very good at evolving their techniques to create new zero-day phishing attacks, which is very bad news for businesses that rely on old-fashioned email security. An estimated 90% of undetected phishing attacks are discovered in an environment that uses an SEG, and only 17% of standard email security tools can recognize zero-day malware.
2. The IT skills shortage will continue to complicate business security
More phishing messages and other cyberattack threats pouring into organizations means that they’ll need to up their security game to handle the higher risk. Unfortunately, many organizations are finding it hard to hire the people that they need to do it. IT talent is at a premium, especially in security, and the market keeps getting tighter. Over 70% of IT managers in a staffing survey said that they couldn’t find the personnel they needed last year, resulting in chronically understaffed security teams. In the meantime, the pace of new threats continued to increase, leaving important security maintenance — like patching software or sorting real threats from false positive alerts — undone, placing organizations in a precarious security position.
Learn the secret to making compromised credentials your biggest money maker! WATCH WEBINAR>>
Mitigate Risk Today & Tomorrow with the ID Agent Digital Risk Protection Platform
The innovative solutions in the ID Agent digital risk protection platform provide a powerful defense against nation-state cybercrime.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
- Easy, automated training delivery through a personalized user portal
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Join the over 4,000 MSPs who are prospering as an ID Agent Partner and you’ll gain access to the best sales enablement program in the business through Kaseya Powered Services.
See how security awareness training grows your MRR + get tips for selling it! WATCH NOW>>
Jun 2: Building a Foundation of Security: Document REGISTER NOW>>
Jun 6 – 7: ChannelPro SMB Forum 2022: Southwest (Dallas) REGISTER NOW>>
Jun 6 – 8: IT Nation Secure 2022 REGISTER NOW>>
Jun 7: Business Case for Security Awareness Training REGISTER NOW>>
Jun 9: Building a Foundation of Security: Backup & Recover REGISTER NOW>>
Jun 20-23: Connect IT Global in Las Vegas REGISTER NOW>>
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
The Next Cyberattack Could Be the One That Does Your Organization In
Did you know that 60% of businesses shutter in the wake of a cyberattack? The expense of just one successful cyberattack against your organization is one of the biggest threats it faces today. But taking sensible precautions can help keep our organization safe from harm.
Now is the perfect time to make sure that you’ve got all the right solutions in place to minimize your organization’s exposure to common cyberattack risks like credential compromise, phishing and ransomware. Those risks are growing every day
It’s also a good time to review your organization’s incident response plan and update it to make sure that you’re ready to swing into action if the worse does happen. Plus, incident response planning greatly reduces your chance of having an incident. IBM researchers announced that only 39% of the organizations that they studied with a formal, tested incident response plan experienced an incident at all, compared to 62% of those who didn’t have a plan.
Talk to your MSP about the security measures that you have in place to make sure that they’re still right for your organization’s needs. they’re also a great resource to tap for help with incident response planning. Taking the time to review your defensive array today will save you time and money tomorrow.
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!