The Week in Breach: 02/24/21-03/02/21

This week Bombardier and Steris get caught up in a third-party data breach and troubled crypto exchange Cryptopia gets hacked again.

United States – Gab

https://www.hackread.com/gab-hacked-ddosecrets-leak-profiles-posts-dms-passwords-online/

Exploit: Hacking

Gab: Social Media Platform 

Risk to Business: 1.479 = Extreme

Right wing social media platform Gab was hacked by hacktivist group DDoSecrets. The platform is notorious for lax censorship of hate speech and is a haven for extremists including white supremacists, neo-Nazis, white nationalists, the alt-right, and QAnon conspiracy theorists. DDosSecrets has posted 70 GB of Gab content to its website including public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups in SQL format, along with over 70,000 messages in more than 19,000 chats with over 15,000 users in plaintext format.

Individual Risk: 1.447 = Extreme

It is unclear how many individuals may have been impacted. Gab users should be wary of spear phishing attempts, as well as potential legal consequences for nationalist or hate group activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hacktivists are growing bolder in their quest to expose hate in public and private spaces. Information like this will haunt users for years on the dark web.

United States – Steris

https://www.infosecurity-magazine.com/news/steris-touted-as-latest-accellion/

Exploit: Third Party Data Breach

Steris: Medical Equipment Sales 

Risk to Business: 1.919 = Severe

The ransomware gang Clop is claiming to have snatched an unspecified amount of information belonging to the Steris Corporation during a ransomware attack at third party cloud solutions provider Accellion. A small amount of internal data including studies and communications was identified as Steris data.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Third party threats are growing more serious as cybercriminals collect information used in past breaches to fuel future attacks.

United States – Covenant Healthcare

https://www.wnem.com/news/covenant-healthcare-reports-data-breach-through-employee-emails/article_eaf988fc-76c8-11eb-99f1-cbedd3811c29.html

Exploit:  Phishing

Covenant Healthcare: Medical System

Risk to Business: 2.212 = Severe

Bad actors obtained access to two employee email accounts at Covenant Healthcare, leading to the exposure of personal information for an estimated 45K patients. The Michigan-based health system is undertaking an investigation with outside cybersecurity professionals.

Individual Risk: 1.712 = Severe

Potentially stolen patient information includes includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical diagnosis and clinical information, medical treatment, prescription information, doctors’ names, medical record numbers, patient account numbers, and medical insurance information. The hospital is offering identity theft protection to impacted patients.

Customers Impacted: 45K

How it Could Affect Your Customers’ Business: Phishing is the gateway to dangerous cybercrime, and regular phishing resistance training helps keep that gate closed.

Canada – Bombardier

https://www.teiss.co.uk/bombardier-data-breach/ 

Exploit:  Third Party Data Breach

Bombardier: Airplane Manufacturing 

Risk to Business: 1.816 = Severe

Canadian aerotech manufacturer Bombardier has been caught up in a third party data breach In the recent breach at cloud services provider Accellion stolen data about many companies was obtained, including this information that Bombardier says was taken from specific servers and uploaded by hackers on their dark web portal. 

Risk to Business: 1.891 = Severe

Cybercriminals got their hands on a small subset of employee data including unspecified confidential information relating to 130 employees in Costa Rica.

Customers Impacted: 130 employees so far

How it Could Affect Your Customers’ Business: Ransomware that strikes your partner or service provider can be your problem too. Protecting businesses against damage from third party sources is a must these days.

More Than 80% of Data Breaches Are Email Based 

What source puts a company’s data most at risk? It’s not hackers, or nation-state cybercriminals, or even disgruntled employees – it’s email. Seemingly routine, everyday email is the most likely vector for a damaging cyberattack that leads to a data breach. But a few smart steps can be taken to reduce the risk of an email-related data breach in 2021.

Results from a recent survey of 500 IT leaders and 3,000 remote-working employees in the US and UK across vertical sectors including financial services, healthcare and legal affairs make one thing clear: every business is at risk for trouble. More than 80 percent of surveyed organizations have experienced a data breach in the past year because of email. Further, 95 percent of the IT leaders surveyed believed that client and company data is most at risk from actions that are taken over or in response to email.

Human Error, Stress and Distraction Cause Worrisome Jumps in Data Breaches

Employees are handling more email these days as the expected return to offices is slowed by the continued global pandemic. An estimated 85 percent of employees reported sending more emails since they’ve been working remotely. Throughout the last year as companies remained fully or mostly remote, email handling has grown less predictable as well, bringing new challenges to IT teams – 73 percent of employees surveyed said that they regularly read and respond to work emails outside of their working hours, and almost one-quarter of employees (24%) reporting that they handle work email while doing other things.

This tracks with the long established IT maxim that the number one cause of a data breach is human error. One of the major contributors to email based data breaches noted in the survey was remote workers making mistakes and because of distraction, tiredness and stress. About 60 percent of employees noted that they are working in environments where distractions are commonplace. A further 73 percent of employees reported that they feel tired, stressed or upset because of the pandemic.

IT leaders agree that the pandemic and remote work spurred by it are major contributing factors to email-related data breaches. Almost 60 percent of IT leaders reported an increase in email data leaks since implementing remote working as a result of the pandemic. Those same IT leaders reported that email-related data handling mistakes were one of their company’s biggest risks, with almost one quarter of breaches caused by an employee sharing data in error by sending an email containing sensitive data to the wrong recipient or attaching the wrong file.

Employees Are Handing Out Credentials at an Eye-Popping Rate

Employees under pressure and working remotely are also interacting with much more phishing email and handing out their credentials at an alarmingly high rate. In a recent multi channel phishing exercise, researchers noted that one-fifth of the tested employees fell for phishing emails even if they have gone through some security awareness training. Of employees that fell for the phishing email, more than two-thirds also entered their credentials, such as a password.

This is a troubling trend, especially for businesses that do not have adequate access point security. Researchers noted that the number of surveyed employees who fell for phishing tricks and clicked on a phishing link increased by 77 percent in this year’s survey, going up from 11.2 percent in 2019 to 19.8 percent in 2020. Those employees were also quick to hand over their credentials. An astonishing 644 percent year-on-year increase in employees that provided their credentials in response to phishing illustrated the increased danger of an email related data breach for companies, skyrocketing from 1.8 percent in 2019 to 13.4 percent in 2020.

What Will Mitigate This Risk?

Reducing a company’s danger from phishing starts with reducing its proximity. The less exposure employees have to phishing, the better. 

Helping prevent email-related data breaches is essential for securing businesses as we shift into a more permanent work-from-home world. Companies have realized that remote work is here to stay and it brings them unexpected IT challenges (and huge risks) that can only be solved with the right combination of cybersecurity solutions to keep data in and cybercriminals out.