United States – US Cellular
Exploit: Credential Compromise
US Cellular: Mobile Phone Company
Risk to Business: 1.379 = Extreme
USCellular, the fourth largest mobile network in the US, has suffered a data breach after a successful malware attack. Hackers used malicious code disguised as a routine software update to gain access to systems including its Customer Relationship Management (CRM) and client records. This is not USCellular’s first time at this rodeo – the company has had consistent information security problems.
Individual Risk: 1.321 = Extreme
USCellular advised customers that their account records including name, address, PIN code, and cellular telephone numbers(s) as well as information about the customer’s wireless services including service plan, usage and billing statements, personal information, PIN code, service plan, and billing statements might have been compromised. However, data such as social security numbers and credit card information remained inaccessible to the hackers. Clients should be wary of spear phishing, business email compromise and identity theft using this information.
Customers Impacted: 4.9 million
How it Could Affect Your Customers’ Business: Data like this is sought-after by cybercriminals to power phishing operations. Unfortunately for these folks, it often hangs around for years on the Dark Web, acting as fuel for future cybercrime.
United States – DSC Logistics
https://www.freightwaves.com/news/ransomware-attack-targets-major-us-logistics-firm-dsc
Exploit: Ransomware
DSC Logistics: Shipping and Freight Logistics
Risk to Business: 1.775 = Severe
DSC logistics received an unwelcome delivery of Egregor ransomware. The attack was announced on the gang’s ransomware site. The company noted that it was successfully able to continue operations without incident. DSC has called in outside experts to investigate, and declined to comment on whether any data was stolen.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Ransomware has been a plague on every industry, but freight and logistics companies have been hit especially hard in recent months.
United States – Nissan North America
Exploit: Misconfiguration
Nissan North America: Automotive Manufacturer
Risk to Business: 2.779 = Moderate
Nissan North America recently suffered a data breach that resulted in source code for its mobile apps and internal tools turning up online. The data leak is reportedly the result of a misconfigured Git server. The source code is reported by a security researcher to pertain to Nissan NA Mobile apps, some parts of the Nissan ASIST diagnostics tool, the Dealer Business Systems and Dealer Portal, Nissan internal core mobile library, Nissan/Infiniti NCAR/ICAR services, client acquisition and retention tools, sale and market research tools and data, various marketing tools, the vehicle logistics portal and vehicle connected services.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Keeping data safe from hackers starts with keeping data secure by using strong identity and access management tools across the board and basic security protocols like multifactor authentication.
United Kingdom – UK Research and Innovation (UKRI)
Exploit: Ransomware
UKRI: Scientific Research Agency
Risk to Business: 1.411 = Severe
The UK Research and Innovation (UKRI) agency is now researching a ransomware incident that encrypted data and impacted its proprietary services. The impacted services include a service offering information to subscribers and the platform for peer review of various parts of the agency. The agency has not yet disclosed if data was stolen or any other impact, and the incident is under investigation. UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and research, and it’s generous budget may have made it an attractive target for ransomware.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a huge risk for every business, and it’s essential that everyone in your team is on board to spot and stop ransomware attacks.
UK- Mensa
Exploit: Password Compromise
Mensa: Intellectual Club
Risk to Business: 1.827 = Severe
Mensa UK experienced a hack on its website that has resulted in the theft of members’ personal data. The organization had reportedly failed to secure the data of its 18,000 members properly. The stored passwords of Mensa members who accessed the site were not hashed or encrypted in any way, with some sent and stored in plain text, making it a snap for hackers to gain entry. The hackers were able to access and use a Director’s password, to extract an indeterminate amount of information including personal details of members and private conversations conducted on the platform.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: 21,000
How it Could Affect Your Customers’ Business: Password compromise is a constant menace for companies that don’t use contemporary safety protocols like multifactor authentication, let alone handling passwords in plain text files.
Austria – Palfinger
Exploit: Ransomware
Palfinger: Crane Manufacturer
Risk to Business: 2.006 = Severe
Crane manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations. The company notes that its enterprise resource systems and many online or digital functions are unavailable to customers. No information is available on the kind of ransomware involved or an expected date for service restoration.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is almost always the result of a phishing attack, and it’s been a constant danger for healthcare organizations around the world as the global pandemic continues.
Hong Kong – Dairy Farm
Exploit: Ransomware
Dairy Farm: Retail Conglomerate
Risk to Business: 1.616 = Severe
Enormous Pan-Asian retailer Dairy Farm is the latest victim of REvil ransomware. The attackers claim to have demanded a $30 million ransom. As proof, REvil has released images of the company’s Active Directory Users and Computers MMC. The attackers claim to still be in control of the company’s computer systems, including full control over Dairy Farm’s corporate email, which they state will be used for phishing attacks.
Individual Risk: No personal or business data was reported as confirmed to be stolen in this incident that is still under investigation.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice of most of today’s cybercriminals, and it can strike any buiness of any size from corner stores to retail giants.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Major Ransomware Gangs Get Crushed but Risk Keeps Climbing
On the heels of a surge in cybercrime, especially ransomware, officials around the world have taken steps to shut down cybercrime gangs and destroy their networks. While several major cybercrime purveyors have been recently impacted in those operations, ransomware is still chugging along as an extremely dangerous and growing cybercrime sector.
It’s no wonder that ransomware is the preferred weapon of cyber criminals worldwide. More than 50% of businesses have been impacted in some way by ransomware in the last 12 months. Ransomware is at the root of 50% of data breaches in the healthcare sector alone. It’s also a tremendous player in other industries, with the rest of the top 5 being manufacturing, Government, retail and construction.
Hitting Them Hard and Fast Works
Government officials around the world have been acting to crack down on ransomware gangs and the technology that services them, for years, but they’ve really stepped up their efforts in the last 6 months. A massive US-based operation in November 2020 dealt a strong blow to TrickBot in the run-up to the US elections after fears of nation-state interference impacted public concern, and other operations occur daily to make things harder for cybercriminals
One recent success in the fight against ransomware was the takedown of the Emotet botnet and crippling of the NetWalker ransomware gang. Officials in the US, Canada, UL, and EU worked together to perform a well-timed series of arrests and seizures, including criminal arrests and seizing hardware. A Canadian national has been detained in connection with the NetWalker attacks and more than $450K in cryptocurrency was seized. Bulgarian authorities also seized resources including hardware that NetWalker attackers used to facilitate their crimes.
The RCMP, FBI and EU authorities took the legs out from under the legendary Emotet botnet as part of a concurrent operation. Canadian officials seized or disabled 13 of the 50 command and control servers behind Emotet, and officials in The Netherlands disabled or seized the technology powering their European operations center. Dutch authorities are planning to release an update through captured Emotet servers on March 25 designed to erase any malware delivered through the botnet.
But Risk is Still Outrageous
International authorities executing major crackdowns against ransomware gangs is good news, but it doesn’t come close to addressing the full scope of the problem. Ransomware is by far the biggest bully on the playground, and it grew by an estimated 311% in 2020. That’s because it’s still a goldmine – ransomware payments in just the health sector alone increased to more than $230k.
Protecting your clients from ransomware has to be a top of the list priority for every MSP. No business is too large or too small to get walloped by ransomware, but you can add a few security precautions that can help your clients be less likely to fall prey to an attack. Successful ransomware attacks against all kinds of targets have drastically increased the odds of a spear phishing or ransomware attack arriving because of a third party data breach as well.
Encourage the immediate adoption of a secure identity and access management solution. Not only is it a fast, affordable mitigation against cybercrime that includes conveniences like single sign on and easy remote management, Passly also features the current champion of mitigation: multifactor authentication, a single tool that can stop up to 99% of password-based cybercrime.
Starting and maintaining an efficient security awareness training program is the preferred long term solution for your clients. Studies show that employees retain the training that companies give if it’s refreshed at least quarterly. That’s good for businesses because security awareness training including phishing resistance can prevent up to 70% of damaging cyberattacks from landing.
Contact the experts at CloudSmart IT and let’s talk about how we can work together to help you build a stronger business, secure your clients increase your MRR with our security solutions.
Remote Work Raises Ransomware Risks & Fears
Your employees feel more vulnerable to cyberattacks when working remotely – and they’re right. But you can put the brakes on many threats quickly and easily without breaking the bank in just one step, and it’s practically painless: institute regular security awareness and phishing resistance training.
One cyberattack that employees are especially concerned about spotting is ransomware. About 48% of the employees in a recent survey named ransomware and similar malware as their biggest cybersecurity concern. That’s a valid concern because ransomware attacks ramped up by more than 300% in 2020.
Almost half of all damaging cyberattacks were ransomware attacks in 2020 with the total financial damage from ransomware operations clocking in at over $1 billion. That trend looks to continue into 2021 as a tight economy spurs cybercriminals into new territory looking for fresh profit centers.
Continuing stress from the global pandemic means that many employees will be working remotely well into the future. Unfortunately, many employees don’t feel safe from cyberattacks when they’re working from home – about 30% of workers do not feel confident about cybersecurity when working from home. Almost 60% of those workers cited a lack of security awareness training as a root cause of that lack of confidence.