The Week in Breach: 03/25/20 – 03/31/20 | CloudSmart IT

The Week in Breach: 03/25/20 – 03/31/20

This week, phishing attacks reel in a bountiful catch in the healthcare sector, how social distancing makes companies vulnerable to a data breach, and cybersecurity tips for working from home.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Media & Entertainment
  • Top Employee Count: 251 – 500

United States – Tandem Diabetes Care

https://portswigger.net/daily-swig/healthcare-data-breach-medical-device-manufacturer-discloses-phishing-attack Exploit: Phishing scam Tandem Diabetes Care: Medical device manufacturer
Risk to Small Business: 2.555= Severe Five employees fell for a phishing scam that gave hackers access to email accounts containing customer data between January 17 and January 20, 2020. Although the company acted quickly to secure the compromised employee accounts, they were unable to recoup the stolen information. Given the sensitive nature of their industry, Tandem Diabetes Care will likely face increased regulatory scrutiny and hefty financial penalties.
Individual Risk: 2.428 = Severe Although Tandem Diabetes Care has expressed in the integrity of their data storage, hackers likely had access to names, contact information, service-related details – even some patients’ Social Security numbers were exposed in the breach. Victims should consider enrolling in credit and identity monitoring services. 
Customers Impacted: 140,000 How it Could Affect Your Customers’ Business: In response to this breach, Tandem Diabetes Care is updating its email security protocols to prevent a similar incident in the future. However, phishing scams account for a significant portion of all data breaches, and preparing for these attacks should be a built-in component of every organization’s defense strategy.

United States – University of Utah Health 

https://www.securityweek.com/university-utah-health-discloses-data-breach?&web_view=true Exploit: Phishing scam University of Utah Health: Research and teaching hospital
Risk to Small Business: 1.889= Severe A phishing scam provided hackers with access to the University of Utah Health’s network for more than a month, beginning on January 22, 2020. In addition, the healthcare provider discovered malware on its network that allowed hackers to access patient data. Although the University of Utah Health responded quickly, bad actors still had prolonged access to company and customer data, including HIPPA-protected healthcare records – creating financial, reputational, and regulatory consequences both now and in the future.
Individual Risk: 2.428= Severe The compromised accounts included patients’  names, dates of birth, medical record numbers, and clinical data. This information can be used to craft authentic-looking spear-phishing campaigns. Victims should carefully evaluate all digital communications, and consider enrolling in identity and credit monitoring services to ensure that this information isn’t being misused in other ways.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Like many companies responding to a data breach, the University of Utah Health is promising changes to its defensive posture to prevent a similar breach in the future. However, companies should assume that malware attacks and phishing scams are an “if” not a “when” proposition, and they should prepare their defensive posture accordingly.

United States –  Tupperware

https://www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/?&web_view=true Exploit: Malware attack Tupperware: Home products line
Risk to Small Business: 2.334= Severe Hackers infiltrated Tupperware’s online store, injecting payment skimming malware into the checkout process. The malicious script was active for at least five days, and it effectively mimicked Tupperware’s official payment form. After shoppers entered their data into the fake form, a “time out” error appeared, redirecting customers to the actual payment page and disguising the theft, which allowed it to go undetected.
Individual Risk: 2.428= Severe The payment skimming malware collected customer data entered including names, addresses, phone numbers, credit card numbers, expiration dates, and CVV codes. This data could allow hackers to commit financial theft or identity fraud. Those impacted by the breach should immediately notify their banks, as they will likely need to be issued new payment cards and carefully monitor their accounts for misuse.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: The COVID-19 pandemic has heightened the already-important online shopping experience for many businesses, and online shopping is a singular respite in an otherwise bleak outlook for retailers. Companies can’t afford to lose customers because of a cybersecurity vulnerability. Many customers indicate that they will not return to an online store after a data breach, which means that companies looking to capitalize on their online stores need to make sure this avenue is secure.

Canada – Finastra   

https://krebsonsecurity.com/2020/03/security-breach-disrupts-fintech-firm-finastra/ Exploit: Ransomware Finastra: Financial technology provider
Risk to Small Business: 2.556= Severe A ransomware attack has forced Finastra to bring its Canadian services offline temporarily. The company worked quickly to secure its IT infrastructure after detecting the breach, but those efforts will not alleviate the high recovery and reputational cost of the incident. Finastra believes that company and customer data is secure, and that customer and employee data was not exposed or exfiltrated nor were client networks impacted.
Individual Risk: None Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Ransomware attacks are on the rise and uniquely consequential, carrying incredible repair costs and unparalleled opportunity costs as companies are rendered unable to conduct business and employees are left unable to work. Since there are no satisfying solutions to a ransomware attack once it strikes, companies should turn their attention to ensuring that their cyber defensive capabilities can turn away this growing threat.

Canada – Data Deposit Box

https://www.securitymagazine.com/articles/91985-data-breach-report-cloud-storage-exposes-users-private-information Exploit: Unsecured database Data Deposit Box: Cloud storage provider
Risk to Small Business: 2.334= Severe Cybersecurity researchers identified an unsecured database containing thousands of customer files uploaded to the company’s secure cloud storage service. The exposed records include information dating back to 2016, which the company eventually secured. However, it’s unclear how long cybercriminals could have accessed this data or why it took Data Deposit Box nearly a week to close the database after being notified that it wasn’t password protected.
Individual Risk: 2.428= Severe The exposed database includes users’ personally identifiable information that was uploaded to the cloud service, including admin login credentials, IP addresses, email addresses, and GUIDs. The login credentials were stored in plain text, so those impacted by the breach should immediately change their Data Deposit Box password and any other account credentials using the same password combination.
Customers Impacted:  270,000 How it Could Affect Your Customers’ Business: The cost of a data breach is at an all-time high, and it’s expected to continue climbing higher in the years ahead. An unforced error, like failing to password protect a database, is especially troubling for a company that is trusted to provide secure services. As a result of this seeming carelessness, Data Deposit Box has undermined its core value proposition and incurred a costly recovery process, both of which were entirely avoidable.

United Kingdom – Hammersmith Medicines Research

https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#584bcdc818e5 Exploit: Ransomware Hammersmith Medicines Research: Medical testing provider.
Risk to Small Business: 2.112 = Severe Hammersmith Medicines Research was hit with a ransomware attack that encrypted its systems and stole company data that was later posted online. This incident is particularly ill-timed as Hammersmith Medicines Research is a provider of critical COVID-19 testing. The attack was perpetrated by the Maze ransomware group, who previously promised not to attack healthcare facilities during the COVID-19 outbreak. It’s a reminder that there is no honor among thieves, and companies should not use their promises as an excuse to avoid putting their best foot forward when it comes to cybersecurity.
Individual Risk: 2.714 = Moderate It’s clear that cybercriminals exfiltrated company data in the attack. However, Maze attackers only published a sample online, intending to pressure the company to pay the ransom. All patients and employees should assume that their personal information was compromised, and they should carefully monitor their accounts for usual activity or messages.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: As we reported on our blog, healthcare providers are an especially enticing target for cybercriminals because they collect and store uniquely sensitive and valuable information. In 2020, many ransomware attacks also include a data breach,  incurring the ire of regulators and clients. Every healthcare provider has millions of reasons to prevent a ransomware attack before it strikes.

European Union – Norwegian Cruise Line 

http://techgenix.com/norwegian-cruise-line-data-breach/ Exploit: Phishing scam Norwegian Cruise Line: Cruise tourism provider
Risk to Small Business: 2.334 = Severe A Norwegian Cruise Line employee was reeled in by a phishing scam that compromised the personal details of thousands of independent travel agents. The information was then posted on Dark Web forums, making it widely accessible to bad actors. The company, already reeling from the COVID-19 crisis, has now damaged its relationship with partners that are critical to its recovery.
Individual Risk: 2.714= Moderate The data breach includes plain text passwords and email addresses for thousands of travel agents. While many are associated with TUI and Virgin Holidays, it also covers independent agents and those working with other organizations. Those impacted by the breach should immediately reset their login credentials while also monitoring their accounts for unusual or suspicious activity.
Customers Impacted: 27,000 How it Could Affect Your Customers’ Business: This incident underscores the heightened risk and outsized consequences of falling for scams during the COVID-19 crisis. With more employees working remotely and a general, pervasive sense of uncertainty overshadowing many companies, there is a higher risk of damage from cyberattacks including phishing and ransomware encountered (and interacted with) by anxious employees.

Australia – Henning Harders

https://www.itwire.com/security/ransomware-group-said-to-be-publishing-freight-forwarding-firm-s-data.html Exploit: Ransomware Henning Harders: Freight forwarding and logistics firm
Risk to Small Business: 2.556 = Moderate Henning Harders was the victim of a ransomware attack that restricted its operations between March 15 and March 18. However, the company, which refused to pay the ransom demand, is having continual cybersecurity trouble. Hackers have begun posting the company’s stolen data on the Dark Web and using the information to send spear-phishing emails to employees. While the company is touting its restored operations, it’s clear that it will have to deal with a lingering data security issue that will not be resolved quickly.
Individual Risk: 2.857 = Moderate Henning Harders was the victim of a ransomware attack that restricted its operations between March 15 and March 18. However, the company, which refused to pay the ransom demand, is having continual cybersecurity trouble. Hackers have begun posting the company’s stolen data on the Dark Web and using the information to send spear-phishing emails to employees. While the company is touting its restored operations, it’s clear that it will have to deal with a lingering data security issue that will not be resolved quickly.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Increasingly, ransomware attacks are just a first step for cybercriminals, who will continue to exploit businesses by selling company data on the Dark Web or using it to enact phishing scams. The high recovery expense, opportunity cost, reputational damage, and productivity degradation of ransomware attacks make this growing menace as a uniquely harrowing cyber risk.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Expert Cybersecurity Tips for Working From Home

The COVID-19 pandemic has brought about an unprecedented work-from-home experiment as social distancing measures require millions of employees around the world to work from home. As we’ve already seen, this presents unique cybersecurity challenges for both companies and their employees. To help you secure data while working remotely, here are four simple steps that every company and employee can take 1. Use a trusted VPN. These services can provide a layer of protection by encrypting network traffic and making it more difficult for bad actors to spy on your activity. Choose a reputable VPN provider, as a number of VPN scams have tricked employees into downloading malicious software that steals their login credentials 2. Enable two-factor authentication. Account security is critical, especially when entire companies are working remotely. Enabling two-factor authentication is an affordable and effective way to keep company accounts secure at all times. 3. Refrain from using personal devices. Many employees may be tempted to use personal devices for work-related tasks, especially when working from home. It’s always possible that these devices contain malware or other exploits that could compromise company data. 4. Look out for Phishing Scams. Cybercriminals are always looking for ways to capitalize on our vulnerabilities. At this moment, COVID-19-related phishing scams abound, targeting employees’ sense of isolation and vulnerability to capture critical information.

Social Isolation Puts Company Data at Risk

As the COVID-19 pandemic continues to cause chaos for businesses, we continue to be committed to helping keep your data secure. This week, we wanted to highlight a cybersecurity vulnerability that is especially prescient as many people work from home and practice social distancing. According to a study by the Better Business Bureau, the FINRA Investor Education Foundation, and the Stanford Center on Longevity, people are more likely to fall for a scam when they are socially isolated. Cybercriminals are already taking advantage of our new digital environment sending a flurry of phishing and other fraudulent messages meant to compromise personal and company data, and isolated employees are more vulnerable than usual to these attack methodologies. Therefore, in addition to preparing employees for this troubling trend, make an effort to reach out to employees, coworkers, and family members to make personal connections during this challenging time. https://www.helpnetsecurity.com/2020/03/24/risk-scams/?web_view=true
View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.