This week Kia hits a bump in the road with ransomware, Underwriters Laboratories didn’t check their cyber safety, and Simon Fraser University is back for a cyberattack encore.
Automatic Funds Transfer Services (AFTS): Payment Processor
Risk to Business: 1.879 = Severe
Cuba ransomware is the culprit of an attack at AFTS, a payment processor that serves state government clients including the states of California and Washington. This cyberattack has caused major disruption to AFTS operations, making their website unavailable and impacting payment processing. The gang claims to have stolen financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents.
Individual Risk: 1.847 = Severe
It is unclear how many individuals may have been impacted. The California Department of Motor Vehicles and several cities in Washington state have released data breach notifications. The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware at your third party business services partner’s business is also your problem. It pays to make sure that your company’s credentials haven’t been exposed.
Kia Motors America has experienced a suspected ransomware attack that has had a severe impact on its entire US operation. crippling some functions and impacting others for dealers and consumers. Sevices impacted include mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: 50 million
How it Could Affect Your Customers’ Business Ransomware can come calling at any time at any business with a devastating impact on operations, customer service, productivity and profit.
Sequoia Capital, a major venture capital firm, announced this week that it has experienced a phishing-related cyberattack. The firm invests in companies like Airbnb, DoorDash, Robinhood and cybersecurity firms like FireEye and Carbon Black. Sequoia’s investors include university endowments, tech executives and charitable foundations.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: More than 65 percent of cybercrime is phishing based. Training employees to spot and stop phishing is essential to avoid becoming one of those 65 percent of hacked companies.
Underwriters Laboratories, the oldest and largest device safety certifier in the world, should have checked the safety of their email systems a little more closely. They’ve experienced a ransomware attack that has encrypted its servers and caused them to shut down systems while they recover.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a huge hit to every company’s performance and budget – and it’s preventable through security awareness training.
Simon Fraser University: Institution of Higher Learning
Risk to Business: 1.623 = Severe
Simon Fraser University is in the spotlight again after another data breach. Cybercriminals breached a server that stored information on student and employee ID numbers and other data, including admissions or academic standing. This is the second data breach at Simon Fraser University in 12 months.
Individual Risk: 2.117 = Severe
The server contained personal information for some current and former students, faculty, staff and student applicants including student or employee ID numbers.
Customers Impacted: 200,000
How it Could Affect Your Customers’ Business: Continued security problems at any organization aren’t acceptable to consumers anymore as people become more serious about protecting their data.
NWO has reported that it was the victim of a malware attack. Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future. Impacted functions include the organization’s email service (Outlook) and online resources for two entities under NWO, the Netherlands Initiative for Education Research (NRO) and the National Governing Body for Practice-oriented Research (SIA).
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Malware can strike when you least expect it and cause a cascade effect that ripples through an entire organization, gumming up the works, with an expensive cleanup.
The Netherlands – Réseaux IP Européens Network Coordination Centre (RIPE NCC)
Réseaux IP Européens Network Coordination Centre (RIPE NCC): World Regulatory Body
Risk to Business: 1.913 = Severe
RIPE NCC has reported that it recently defended against a credential stuffing attack that attempted to breach its single sign-on system. There was minimal disruption and the organization has resumed operations normally.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing is a favorite cyberattack technique because it’s cheap and simple – and cybercriminals won’t be giving it up anytime soon.
French boat builder Beneteau SA has experienced a malware attack that has forced it to temporarily suspend some operations. The company says that it will be deploying backups and production at some of its units, particularly in France, will have to slow down or stop for a few days.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Malware is frequently used to damage a company’s operations capability, and its most commonly delivered by a phishing email.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Phishing Flood Continues to Swamp Companies and Create Security Sinkholes
Phishing became the biggest cybersecurity threat of 2020 for every business to handle very quickly at the beginning of the global pandemic as cybercriminals sought to capitalize on pandemic-related challenges to companies that were suddenly forced into remote operations. That tide continues to rise with new phishing threats and new security sinkholes that can swallow up data, time and money.
COVID-19 Threats Aren’t Over Yet
In a recent study, experts estimated a minimum growth rate of 220 percent for overall phishing in 2020 (including SMS, voice, message and social media) – and that trend is expected to continue into 2021 with a minimum 15 percent increase in overall phishing this year.
Much of that phishing was devoted to COVID-19 threats. Google indicated that it saw a 660 percent increase in phishing in Q2 2020 as it bulwarked the onslaught of phishing that powered a cybercrime burst in 2020. COVID-19 was Google’s biggest phishing topic in history, a record that’s unlikely to be broken anytime soon. More than 80 percent of businesses saw an increase in cybercrime including phishing in 2020 – and not all of that steep increase can be chalked up to COVID-19 threats.
2 Popular Phishing Categories That Trap the Unwary
Brand Impersonation
One major lure that cybercriminals have been profiting from is brand impersonation. Especially as email volumes surged at the start of the pandemic, faux branded phishing emails were a fast, easy way for cybercriminals to get past security and get into employee inboxes (which would be 40 percent less likely with Graphus). About than 405 percent of those emails mimicked just one brand – Microsoft. Rounding out the Top 5 were DHL (18 percent) LinkedIn, (6 percent), Amazon (5 percent) and Rakuten (4 percent). An estimated 55 percent of phishing sites made use of target brand names and identities in their URLs.
Remote Workforce Support
Remote workers face a unique set of challenges, and every business in the world got to experience them in 2020. Phishing is an especially dangerous threat for remote workers. In a comprehensive study of over 1,000 remote workers, 47 percent of respondents cited distraction as the main factor in their failure to spot phishing attempts. Over half of employees said they were more likely to make security mistakes when stressed and 41 percent flubbed security procedures when tired. Overall 43 percent of the surveyed employees admitted that they’d made cybersecurity blunders as a result of newly remote workforce stress.
Training Works against These Threats
A key way for companies to prevent these lures from snagging their staffers is through regular, comprehensive security awareness training that includes phishing. Up to 70 percent of phishing attacks now lack a malicious payload – employees aren’t just looking for an attachment anymore, and they need to know that. Most phishing is done through spurious links, and employees need to be ready for that.
Are You Cyber Resilient?
Is your company prepared to not just survive a cyberattack but thrive? You are if you’re cyber resilient. By building your organization’s defenses with an eye toward cyber resilience, you give your business a better chance of making it through the unpleasantness of a cyberattack with minimal disruption to your workflow or your budget.
Companies that are cyber resilient have their bases covered, with security solutions that work together to provide layered protection. That creates strength by adding more roadblocks and warning systems between cybercriminals and your data. For example, if your IT team is getting real-time threat intelligence from Dark Web ID, they know immediately if one of your company’s credentials appears in a Dark Web market, giving them time to take care of the issue before it becomes a disaster.
Building cyber resilience also means making sure that your business can keep operating during challenging times. You shouldn’t have to shut down operations and experience major disruptions like loss of access to email because of cybercrime. In many defense plans, even when a cyberattack is repelled, businesses experience significant disruptions.
A cyber resilient organization can quarantine problems, keeping them away from operations to minimize the impact of a cyberattack. Companies that are using Passly have access to that capability through single sign on backed up with even more protection through multifactor authentication.
A new cyberattack is launched every 39 seconds , but in this economy, you can’t afford to buy every solution on the market. Get more value out of simple solutions when they work together and build your company’s cyber resilience.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!
Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.
Thanks for reaching out!
Our founder and CEO, Rick Williams, makes it a point to connect personally with each new client. Check your inbox and voicemail – you’ll receive an email or call from him within the next 24 hours!
Ready to customize an IT solution that fits YOUR business goals?
Get free guidance from CloudSmart IT.
Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.