The Week in Breach: 03/12/20 – 03/18/20 | CloudSmart IT

The Week in Breach: 03/12/20 – 03/18/20

This week, a ransomware attack impacts COVID-19 care, what happens when a company ignores basic security protocols, and mitigating cybersecurity risks during the Coronavirus pandemic.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Finance & Insurance
  • Top Employee Count: 1-10

United States – Whisper 

https://www.zdnet.com/article/whisper-an-anonymous-secret-sharing-app-failed-to-keep-messages-profiles-private/?&web_view=true Exploit: Unsecured database. Whisper: Privacy-focused messaging app.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.111 = Severe: Developers overlooked basic security protocols when they left a database containing customer information unprotected by even a password, and hackers pounced. As a result, 900 million files dating back to the company’s launch in 2012 were made available online. Although the company was quick to secure the database, its reactive efforts will do little to assuage the doubts and concerns of its privacy-minded customer base.
Moderate
Individual Risk: 2.571 = Moderate: Users’ names were not stored in the exposed database, but nicknames, ages, ethnicities, genders, hometowns, group memberships, and location data were all available. Some personal information was highly sensitive and could be used to execute spear-phishing campaigns or targeted ransomware attacks.
Customers Impacted: Unknown. How it Could Affect Your Customers’ Business: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues.

United States – Champaign-Urbana Public Health District

https://statescoop.com/amid-coronavirus-scare-ransomware-targets-public-health-agency-illinois/ Exploit: Ransomware. Champaign-Urbana Public Health District: Healthcare service provider.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2.111 = Severe: A ransomware attack disabled the healthcare provider’s website as concerns over Coronavirus are reaching a fever pitch. While the incident spared the provider’s email accounts, health records, and patient records, it limited the agency’s ability to communicate with patients. The Champaign-Urbana Public Health District has begun using its social media accounts to communicate with the public, and they’ve launched a backup website to replace the disabled page. This is an expensive and potentially harmful incident at a time when quickly communicating information can be a matter of life and death.
Individual Risk: At this time, no personal information was compromised in the breach Customers Impacted: Unknown. How it Could Affect Your Customers’ Business: The particular malware strain that infected the Champaign-Urbana Health District targets enterprises running Windows 10. It’s a reminder that ransomware is on the rise and companies can take simple steps to ensure that malware doesn’t enter their system through outdated software, phishing attacks, or other vulnerabilities

Canada – EVRAZ

https://www.zdnet.com/article/one-of-roman-abramovichs-companies-got-hit-by-ransomware/ Exploit: Ransomware. EVRAZ: Steel manufacturer.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2 = Severe: A ransomware attack crippled the company’s North American operations, including production at its Canadian steel plants. This attack complicates the company’s financial outlook at a time when it is already experiencing a significant drop in share price. Now, EVRAZ will have to grapple with the high cost of recovery, diminished productivity, and making significant improvements to its IT infrastructure – expenses no company needs during a time of worldwide uncertainty.
Individual Risk: At this time, no personal information was compromised in the breach. Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Few cyberattacks wreak as much havoc as ransomware attacks. Not only are they one of the most expensive attacks to recover from, but they are uniquely disruptive, creating many obstacles on the road to recovery. Every organization can protect itself from possible ransom attacks and other malware by securing accounts and otherwise safeguarding critical IT.

Canada – Koodo

https://www.itworldcanada.com/article/koodo-admits-february-data-breach-data-already-being-sold-on-dark-web/428249 Exploit: Unauthorized database access. Koodo: Wireless carrier
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.88 = Severe: On February 13th, hackers used compromised credentials to access Koodo’s database. Once inside, they stole sensitive user data from August and September 2017. Hackers were not able to access phone numbers, which would have allowed them to receive two-factor authentication codes and further compromise user accounts. In response, Koodo has disabled some features to prevent hackers from misusing customer accounts.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.428 = Severe: Customer account details, including account numbers and identifying information, were obtained by the thieves and are now for sale on the Dark Web. It’s possible that hackers can use customer data to change user account information or receive two-factor authentication codes, which would further compromise personal data. Those impacted by the breach should take steps to ensure that their accounts are secure and that they are not vulnerable to additional attacks.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business:  Data breaches have profound implications for companies and customers. In this instance, a customer-focused data breach could have undermined the company’s network integrity, allowing hackers to further infiltrate Koodo’s IT infrastructure. Rather than waiting to discover a data breach, use responsive monitoring tools to take preemptive steps to identify stolen credentials and to prevent a breach before it occurs.

France – Lise Charmel

https://www.telegraph.co.uk/news/2020/03/04/huge-ransomware-attack-laid-bare-french-lingerie-firm-cost-millions/?&web_view=truee Exploit: Ransomware. Lise Charmel: Retailer.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2 = Severe: A ransomware attack devastated the high-end lingerie retailer, costing it millions and forcing it into receivership. The attack, which first began on November 8, 2019, encrypted the company’s entire IT infrastructure, including employee workstations and data stores. As a result, all company employees were rendered unable to work with dire consequences for the 70-year-old business.
Individual Risk: At this time, no personal data was compromised in the breach. Customers Impacted: Unknown. How it Could Affect Your Customers’ Business: Ransomware attacks have been ramping up and they can have serious consequences. Businesses must be prepared to defend their infrastructure and to orchestrate a comprehensive recovery process. This incident is a reminder that cybersecurity is a bottom-line issue that has real implications for a company’s viability in today’s dangerous digital landscape.

United Kingdom – Anteus Tecnologia 

https://www.dailymail.co.uk/sciencetech/article-8100805/Employee-ID-firm-leaves-76-000-fingerprints-exposed-online-email-addresses-phone-numbers.html?&web_view=true Exploit: Exposed database. Anteus Tecnologia: Developer and distributor of fingerprint identification systems
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.888 = Severe: A cyberattack on February 20, 2020, compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.
1.51 – 2.49 = Severe Risk
Individual Risk: 2.142 = Severe: In addition to precise fingerprint data, the database also contained the email addresses and phone numbers of employees who store their information with the company. Those impacted by the breach should take every precaution to secure their data and beware of potential instances of fraud resulting from this compromised information.
Customers Impacted: 76,000. How it Could Affect Your Customers’ Business: Today’s regulatory landscape promises steep penalties for companies that fail to protect customer information. In this environment careless errors, like failing to password protect a database, are especially egregious to regulators and customers – and all companies need to ensure that data security is a day-one, top-down priority.

Australia – Melbourne Polytechnic 

https://www.itnews.com.au/news/melbourne-tafe-data-breach-exposes-55k-student-staff-files-539180 Exploit: Unauthorized database access. Melbourne Polytechnic: Academic institution.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 1.555 = Severe: Melbourne Polytechnic has updated its data breach notification to reflect an incident that occurred between September and December 2018. The school didn’t identify the breach until October 2019 and has since been conducting an IT investigation to assess the damage. In response, the institution has issued an apology to staff and students impacted by the breach. However, users are still in danger of further compromise because the stolen data puts them at serious risk for fraud and other cybercrimes.
1.51 – 2.49 = Severe Risk
Individual Risk: 1.857 = Severe: The compromised data is limited to staff and student information between September and December 2018. However, it includes highly sensitive personal details, including PII, healthcare-related data, and financial information. In addition, some victims had their usernames, email addresses, and passwords stolen. Although the culprit has been apprehended, this information has a long shelf life on the internet, and those impacted by the breach should carefully monitor their accounts and credentials for potential misuse.
Customers Impacted: 90,000. How it Could Affect Your Customers’ Business: Consumers and employees are increasingly unwilling to work with companies that can’t protect their information. While recovery costs and regulatory fines make a data breach an expensive pitfall, the damage to a company’s reputation can never be fully repaired, ensuring that any breach will have cascading consequences that outlive the initial incident.

Australia – Manheim Auctions 

https://www.smh.com.au/business/consumer-affairs/major-company-with-perth-office-faces-30-million-ransom-demand-after-cyber-attack-20200310-p548lo.html?&web_view=true Exploit: Ransomware. Alinta Energy: Car auction house.
1.51 – 2.49 = Severe Risk
Risk to Small Business: 2 = Severe: The world’s largest wholesale auction house for cars got a surprise it didn’t want on Valentine’s Day- ransomware. Hackers accessed and encrypted the network of the Australian branch of Manheim Auctions, demanding a head-turning $30 million ransom to release the company. The company was forced to post a message to customers on its Facebook page noting the diminished functionality while promising not to pay the ransom. Even without paying the ransom, the company won’t emerge unscathed. Recovery efforts will be incredibly expensive, and the productivity loss and reputational cost incurred will have long-lasting implications.
Individual Risk: At this time, no personal data was compromised in the breach. Customers Impacted: 1,100,000 How it Could Affect Your Customers’ Business: Recovering from a ransomware attack is an expensive proposition. Regardless of whether or not companies choose to pay the ransom, these attacks have a profound impact on the victim’s bottom line. Rather than rewarding bad actors, every company should invest in a robust ransomware defense for protection from these costly incidents.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Hackers Collect Millions from Stolen Payment Card Records 

In an increasingly digital-first world, payment card skimming malware has been a growing threat to both customers and retailers – and a profitable business for the bad guys. Unfortunately, that trend is unlikely to abate anytime soon. According to cybersecurity researchers, hackers recently hauled in $1.6 million from selling 239,000 stolen payment cards on the Dark Web. The card information was stolen throughout 2019 from as thousands of retailers fell victim to malware. In this web-skimming incident, attackers used malicious JavaScript to steal payment data at checkout from stores hosted on the Volusion cloud platform. Unfortunately, the high yield is likely to incentivize other cybercriminals to pursue payment card skimming, creating a serious liability for companies and customers processing payments online. Customers routinely demonstrate an unwillingness to shop at online retailers after a data breach. Making cybersecurity at the point of sale a top priority could be the difference between a flourishing online store and a floundering operation. Any business planning to implement online sales needs to have a strong cybersecurity strategy that works mitigate some of the risk of this means of attack including regular malware assessments and Dark Web monitoring. https://www.bleepingcomputer.com/news/security/hackers-get-16-million-for-card-data-from-breached-online-shops/
View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.