The Week in Breach: 03/17/21-03/23/21 | CloudSmart IT

The Week in Breach: 03/17/21-03/23/21

 
 

This Week in Breach News:

Acer gets hit for a massive ransom, Chinese hackers meddle in Western Australia’s Parliament, and school is out at two hacked colleges.


United States – Descartes Aljex Software

https://www.hackread.com/shipping-management-software-firm-data-online/

Exploit: Unsecured Database

Descartes Aljex Software: Shipping Software Developer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.726 = Severe

An unsecured database is always trouble as Descartes Aljex Software discovered this week. 103 GB worth of data belonging to the New Jersey-based company was discovered by researchers after it was left exposed on a misconfigured AWS S3 Bucket. The exposed data contained corporate, client and employee information.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.667 = Severe

An unsecured database is always trouble as Aljex clients’ account data that was exposed included full names, phone numbers, email addresses, Aljex usernames, and plaintext passwords. Carrier information, their full names and email addresses as well as their house addresses and phone numbers were compromised. Client shipment details, shipment information, recipient’s consignee name, shipment origin and destination, addresses, and phone numbers were included in the data that was exposed. Sales representative details were also exposed including full names, corporate emails, Aljex usernames, and sales representative IDs

Customers Impacted: 4,000

How it Could Affect Your Customers’ Business: Third-party and supply chain risk is growing more dangerous for businesses as the ripple effect of breaches like this fuels cybercrime. Take precautions now to avoid headaches later.


United States – Guns.com

https://www.hackread.com/hacker-dumps-guns-com-database-customers-admin-data/

Exploit: Hacking

Guns.com: Online Gun Marketplace

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

An enormous database from Guns.com made an appearance in a hacker forum this week and it’s a major trove of information. The abundant data contains both administrator and user information including user IDs, full names, an estimated 400,000 email addresses, password hashes, physical addresses, ZIPcodes, city, state, Magneto IDs, phone numbers, account creation date and other personal details. One of the folders in the leaked database includes customers’ bank account details including full name, bank name, account type and Dwolla IDs. To top it off, an Excel file in the database was exposed containing sensitive login details of Guns.com including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials, with all admin credentials including admin emails, passwords, login links, and server addresses in plain text format.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.112 = Extreme

Users of Guns.com are significantly impacted, as extensive banking and personal information has been exposed. They should be wary of identity theft, spear phishing, and business email compromise/fraud risks as well as change any passwords shared with this account

Customers Impacted: 400,000

How it Could Affect Your Customers’ Business Sensitive Personally Identifiable Information (PII) requires strong protection, especially when financial information for clients is at stake.


United States – Maricopa Community College

https://www.azcentral.com/story/news/local/arizona-education/2021/03/19/maricopa-community-college-students-without-tech-systems/4759189001/

Exploit: Ransomware

Maricopa Community College: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.312 = Severe

Classes have been disrupted as a suspected ransomware attack has caused extensive IT outages at Maricopa Community College. Education tools including MyInfo, Canvas, RioLearn, Maricopa email, Maricopa Google Tools and the Student Information System/Student Center are unavailable. The 10 college system has extended the semester by at least a week and expects service to be restored this week.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: One small email handling mistake can have devastating consequences. Stop ransomware from clobbering your business by preventing employees from interacting with phishing emails.


United Kingdom – South and City College Birmingham

https://feweek.co.uk/2021/03/15/college-group-closes-all-campuses-for-a-week-following-major-cyber-attack/

Exploit: Ransomware

South and City College Birmingham: Institution of Higher Learning

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.102 = Extreme

The eight sites of South and City College Birmingham closed down in-person learning again this week after a purported ransomware attack wreaked havoc. Students will be back to learning online until systems can be restored, which may take weeks. An investigation is underway.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: 13,000

How it Could Affect Your Customers’ Business: Even without data theft, ransomware can cause a massive disruption that cripples your business. Scenarios like this are also ripe for exploitation with double extortion ransomware.


United Kingdom – The Defence Academy of the United Kingdom 

https://securityaffairs.co/wordpress/115870/hacking/ministry-of-defence-hacked.html

Exploit: Nation-State Hacking

The Defence Academy of the United Kingdom: Specialty Graduate School

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate

A nation-state hacking incident took the website and IT system of the UK Ministry of Defence training school offline this week. Systems at the academy were extensively compromised and it will take time to completely restore the impacted computers and servers. Russian and Chinese state-sponsored hackers are suspected to be behind the offensive. IT at the school is run separately by a contractor and no systems at the Ministry of Defence were impacted.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.


Australia – The Parliament of Western Australia

https://www.abc.net.au/news/2021-03-17/wa-parliament-targeted-cyber-attack/13253926 

Exploit: Nation-State Hacking

Parliament of Western Australia: Regional Legislative Body

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.603 = Severe

Western Australia’s parliamentary email network was infiltrated by suspected Chinese hackers in the fallout of the recent massive Microsoft Exchange incident. The intrusion was detected on 03/04 in the middle of the state election campaign and led to intervention from Australia’s cybersecurity watchdog. Email service was disrupted but an investigation by Western Australia’s Parliamentary Services Department concluded that no sensitive data was stolen in the attack.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nation-state hacking is a menace that doesn’t show signs of slowing down. Couple that with a massive third party breach at a major technology vendor and danger escalates.


Taiwan – Acer

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/

Exploit: Ransomware

Acer: Computer Manufacturer 

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.020= Severe

Acer has the dubious honor of setting a new record this year. The REvil cybercrime gang has executed a massive ransomware attack and they’re demanding the largest known ransom to date, $50,000,000. The audacious threat actors offered a 20% discount if payment was made by this past Wednesday. Data to prove the hit including samples of leaked images are for documents that include financial spreadsheets, bank balances, and bank communications has been posted as proof to hacker forums. The incident is ongoing.

Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Double Extortion Ransomware is the Gift That Keeps On Giving – to Cybercriminals


Double extortion ransomware having another moment in the sun as cybercriminals double down on their attacks to double their profits. In this devastating style of attack, cybercriminals aim to get paid twice – once for the usual decryption code to unlock systems and data and a separate fee to not have the encrypted data copied by the gang.

This tactic was in vogue before when it first emerged in late 2019 and spread across the cybercrime landscape. It’s reemerged as a favorite of major gangs including REvil, DoppelPaymer and Clop. Even cybercriminals are working a little harder in this economy, leading to this style of attack trending upward again as cybercriminals look for new ways to expand their revenue streams. Practitioners of double extortion ransomware were responsible for more than 50% of all ransomware attacks in 2020.    

Ransomware Continues to Rule the Roost


Ransomware risks show no signs of slowing down, and they’re costing companies a fortune. The average ransomware payment rose 33% in 2020 over 2019, to $111,605. The worldwide cumulative cost of ransomware doubled last year as well, from an estimated $11.5 billion in 2019 to $20 billion in 2020. Insurers felt the pinch too – cyber insurance claims for ransomware attacks increased 41% in the first half of 2020 alone.

All of this translates into huge financial danger for companies in every sector. Healthcare led the pack –  An estimated 560 US healthcare targets alone were impacted by ransomware in 2020. More than 45% of cyberattacks against healthcare targets in 2020 were ransomware, but no industry was spared. Manufacturers experienced one-quarter of all ransomware attacks, professional services companies clocked in at 17% and government entities were hit with 13%.



One Ransomware Attack Can Cost You Twice as Much as Before  


A tight global economy has everyone looking for new revenue streams – including cybercriminals who are doubling down on ransomware threats by doubling the price tag to get your data and systems back.

In a double extortion ransomware attack, cybercriminals make money two ways by asking victims to pay twice: once for a decryption code to unlock their impacted systems or data, and a separate fee to not have the encrypted data copied by the gang Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020.

This week’s record-setting ransomware incident at Acer proves that the cost of a ransomware incident is only going up – cybercriminals presented Acer with a $50,000,00 ransom demand to hand over the key to decrypt their data. The risk is going up too. Researchers noted a 50% increase in the daily average of ransomware attacks between Q1 2020 and Q4 2020

Protecting your business from ransomware starts with protecting it from phishing. Regular security awareness training that emphasizes phishing prevention is a key part of any defensive strategy against ransomware. An estimated 65% of ransomware attacks are delivered via phishing. 

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.