This week Capcom’s breach hits 40K players and other breach news.
Dark Web ID’s Top Threats This Week
Top Source Hits: ID Theft Forum
Top Compromise Type: Domain
Top Industry: Health & Medical Research
Top Employee Count: 501+
The Week in Breach News – United States
United States – Parler
Exploit: Hacking
Parler: Social Media Application
Risk to Business: 1.619 = Severe
Now-defunct social media site Parler had a wild ride to the finish, including a hacking incident. Hackers were able to exploit security weaknesses in engineering and security to gain access to the membership-restricted content, scraping at least 70 TB of data. The data scrape also includes deleted posts, meaning that Parler stored user data after users deleted it. The hackers also obtained URLs for over a million video URLs, some deleted and private.
Individual Risk: 1.221 = Extreme
Data was taken from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license. The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Data like this could be used to mount spear phishing attacks, or as blackmail material, as it contains details that could connect users to criminal acts or membership in extremist groups.
Customers Impacted: 10 million
How it Could Affect Your Customers’ Business: Data like this often makes its way to the Dark Web, enabling it to be used to power cybercrime like phishing and credential compromise.
United States – Taylor Made Diagnostics
https://www.freightwaves.com/news/hackers-leak-trucker-rail-worker-medical-records
Exploit: Ransomware
Taylor Made Diagnostics: Occupational Healthcare Provider
Risk to Business: 2.612 = Moderate
A Conti ransomware attack at this Virginia-based healthcare provider led to some unpleasant consequences for employees of the Norfolk Southern Railroad and UPS after 3K patient records were snatched. The stolen data included health records for employees from both firms, in addition to multiple smaller trucking companies, U.S. government agencies and defense contractors from as recently as December 2020.
Risk to Business: 2.722 = Moderate
The leaked data included completed U.S. Department of Transportation (DOT)-mandated medical exams, as well as drug and alcohol testing reports for truckers and rail workers at multiple companies. Many documents contained detailed personal information such as full names, addresses, social security numbers and scans of driver’s licenses. This information could be used for identity theft and spear phishing attacks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware is almost always the result of a successful phishing attack. It’s an expensive nightmare for any business, especially one in the healthcare sector.
United States – Ubiquiti Networks
Exploit: Ransomware
Ubiquiti Networks: Communications Technology Firm
Risk to Business: 1.979 = Severe
Ubiquiti Networks announced that an intruder made its way into that company’s servers. The hacker was able to access stored data on UI.com users, such as names, email addresses, and salted and hashed passwords. It is currently unclear how many users have been affected. The company says there is no indication that there has been unauthorized activity with respect to any user’s account, and the incident is still under investigation.
Individual Risk: No personal or consumer data was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Hacking can come from many directions, but one common source is credential compromise. By adding strong access point protection, companies can add extra security against hackers like this.
United States – South Country Health Alliance
Exploit: Phishing
South Country Health Alliance: Health Plan Provider
Risk to Business: 1.812 = Severe
South Country Health Alliance, a county-owned health plan based in Owatonna, MN, experienced a data breach after a successful phishing attack let cybercriminals access the protected health data and personal information of more than 60K members. The incident has been under investigation since the attack was first confirmed in September 2020, and the filing made with HIPPA regulators noted that affected patients were informed starting 12/30/20.
Individual Risk: 2.006 = Severe
The exposed information included names, Social Security numbers, addresses, Medicare and Medicaid numbers, health insurance information, diagnostic or treatment information, death dates, provider names and information about treatment costs. The health plan is offering complimentary credit monitoring and identity protection service to impacted members.
Customers Impacted: 66,874
How it Could Affect Your Customers’ Business: Phishing attacks on healthcare targets have been increasing, as the demand for healthcare information and the opportunity afforded to cybercriminals by an overstressed healthcare system creates fresh opportunities.
The Week in Breach News – United Kingdom & European Union
United Kingdom – Nohow International
https://www.constructionnews.co.uk/contractors/amey/amey-hit-by-cyber-attack-05-01-2021/
Exploit: Unsecured Database
Nohow International: Staffing Firm
Risk to Business: 1.411 = Extreme
In a devastating blunder, unsecured Microsoft Azure Blob exposed deeply sensitive documents of more than 12,000 construction workers. The treasure trove contained 12,464 images, PDF documents, and email messages presumably sent by the exposed workers to Nohow International in the course of gaining and changing employment with the staffing firm.
Individual Risk: 1.221 = Severe
Employee data impacted in this breach includes scans of passports, national IDs, birth certificates, and tax returns. This data also contained MSG files of email messages sent by construction workers to Nohow’s email address used specifically for receiving documents. The email messages include the workers’ personal and payment information, such as taxpayer reference and national insurance numbers, as well as banking details. This extremely sensitive information can be used to facilitate spear phishing attacks and identity theft.
Customers Impacted: 12,000
How it Could Affect Your Customers’ Business: Failure to secure an average database is a ding to a company’s reputation for trustworthiness, but failing to secure a database full of extremely sensitive information like this could be devastating.
The Netherlands – Eneco
Exploit: Credential Stuffing
Eneco: Energy Company
Risk to Business: 1.827 = Severe
Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords after a recent data breach following a suspected credential stuffing attack. The company reported that hackers accessed approximately 1,700 private and small business accounts. A separate group of approximately 47,000 customers is also being informed by email about the incident “as a precaution”. The investigation is still ongoing.
Individual Risk: 1.717 = Severe
The company stated that affected customers may have had their data “viewed and possibly changed by third parties,” but was unspecific about the exact impact.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing is a popular attack because it’s cheap, effective, and it’s been made so easy due to an abundance of Dark Web data to fuel it.
The Week in Breach News – Asia Pacific
Japan – Capcom
https://threatpost.com/data-breach-resident-evil-gaming/162977/
Exploit: Ransomware
Capcom Co. Ltd.: Videogame Developer
Risk to Business: 1.332 = Extreme
Recent data breach damage at Capcom was significantly worse than they thought. Capcom has announced that their investigation has uncovered that the personal data of up to 400,000 customers was compromised in the attack — 40,000 more than the company originally estimated. The announcement added that its investigation is ongoing and that new evidence of additional compromise could still come. The Ragnar locker ransomware group also captured 1TB of corporate data, including banking details, contracts, proprietary data, emails and more.
Individual Risk: 2.623 = Moderate
It’s uncertain if any further client data was impacted. Capcom was quick to note that no customer credit-card data was exfiltrated during the breach, saying that it’s currently safe to play and purchase the company’s games online since those transactions are handled by a third-party service provider.
Customers Impacted: 400,000 and growing
How it Could Affect Your Customers’ Business: No business is too big or too small to fall prey to cybercrime. Ransomware can strike companies of any size and deliver an impact that resounds for months.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Need to Know
Can Your Staff Really Spot Phishing Messages? Can You?
Phishing is a threat that looms large for every business. In 2020, phishing threats grew by more than 600% as cybercriminals took advantage of a perfect storm of factors that gave them great advantages: a newly remote workforce, world unrest, the COVID-19 pandemic and a crashing economy.
That’s definitely a growth category for cybercrime in 2021. Damage related to cybercrime including phishing-related threats like ransomware and business email compromise is projected to hit $6 trillion annually in 2021 as a new cyberattack is launched every 39 seconds.
One of the best investments that you can make to protect your business from today’s worst cyberattack threats is security awareness training.
Don’t wait to start your 2021 security awareness and phishing resistance training program. Act now to start protecting your business from cybercrime before one click on one phishing email costs you a fortune.