The Week in Breach: 04/01/20 – 04/07/20 | CloudSmart IT

The Week in Breach: 04/01/20 – 04/07/20

Ransomware slows COVID-19 treatment development, malware targets online shoppers, and phishing scams jump by 667% in a month.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Medical & Healthcare
  • Top Employee Count: 11-50

United States – Social Bluebook Exploit: Unauthorized database access Social Bluebook: Social media platform
Risk to Small Business: 2.117 = Severe Cybercriminals exfiltrated a company database containing personal information from thousands of internet influencers. Embarrassingly, the breach, which occurred in October 2019, was identified by TechCrunch reporters who were sent a copy of the stolen database. In a statement, the company claimed to be ignorant of the breach, raising serious questions about the efficacy of its cybersecurity strategy. This incident is likely to have significant blowback from well-connected influencers on social media and invite regulatory scrutiny on many fronts.
Individual Risk: 2.122 = Severe The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.
Customers Impacted: 217,000 How it Could Affect Your Customers’ Business: Hackers frequently target social media influencers because of their large public following. Therefore, companies catering to this clientele need to be prepared to protect their users’ valuable personal data. If they can’t, these influencers will almost certainly tell their followers all about it, a principle that applies to a growing number of consumers in every sector.

United States – Ozark Orthopaedics Exploit: Phishing scam Ozark Orthopaedics: Orthopedic healthcare practice
Risk to Small Business: 2.113 = Severe Four employees fell for a phishing scam and gave hackers access to email accounts containing patient data. The scope of the data breach that occurred in late 2019 was just released by the healthcare provider, creating questions about the practice’s cybersecurity practices. As a result, patients were unable to quickly take steps to protect their identities and Ozark Orthopaedics has opened itself up to regulatory scrutiny that could result in substantial financial penalties.
Individual Risk: 1.775 = Severe Patients’ personally identifiable information was exposed in the breach, including their names, treatment information, Medicare or Medicaid identification numbers, Social Security numbers, and financial account information. In the wrong hands, this information can be used in a litany of financial or identity-related crimes. Those impacted by the breach should immediately enroll in credit and identity monitoring services to secure their personal information. 
Customers Impacted: 15,240 How it Could Affect Your Customers’ Business: More than a trillion phishing emails are sent each year, some of which will inevitably make their way into your employees’ inboxes. Training employees to spot these scams is especially important to protect your company from a devastating data breach.

United States – 10x Genomics Inc. Exploit: Ransomware 10x Genomics Inc.: Biotechnology company
Risk to Small Business: 2.206 = Severe A ransomware attack disrupted operations at the biotechnology company, which is currently acting as part of a consortium working to quickly develop a treatment for COVID-19. Before encrypting IT, hackers exfiltrated company data. Although the company reports “no material day-to-day impact,” it’s unclear what the implications are for the stolen data or how this could impact its development of a COVID-19 treatment.
Individual Risk: At this time, no personal information was compromised in the breach. Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time.

United States – GoDaddy Exploit: Phishing scam GoDaddy: Internet domain registrar
Risk to Small Business: 2.313 = Severe A spear-phishing attack tricked a customer service employee into providing information that ultimately allowed hackers to view and modify customer records. As a result, several GoDaddy clients, including, which provides escrow services for several prominent websites, were impacted. The breach will have costly implications for both GoDaddy and its customers, who will have to decide if they want to continue partnering with a company that puts their sensitive data at risk.
Individual Risk: At this time, no personal information was compromised in the breach. Customers Impacted: Unknown How it Could Affect Your Customers’ Business:  Today’s online ecosystem is vast and interconnected. This incident is a reminder that failures at other companies can have significant implications for your own, which increases the importance of securing accounts to buttress your IT infrastructure against potential failure at third-party contractors. With simple cybersecurity features, like two-factor authentication, company accounts remain secure even when credentials or login information is exposed.

Canada – The Beer Store Exploit: Malware attack Data Deposit Box: Retail outlet
Risk to Small Business: 2.187 = Severe Cybercriminals infiltrated The Beer Store’s website and injected payment skimming malware into its online store. The online store allowed customers to place orders for pickup or delivery, two critical features as social distancing measures keep shoppers at home. This breach removed The Beer Store’s ability to accept payments via credit card, which could significantly impact its bottom line during this already challenging time.
Individual Risk: 2.311 = Severe Although the company quickly detected the intrusion and closed its online store, anyone who made an online purchase before the threat was identified likely had their payment credential compromised – including all sensitive identification and financial information entered during the checkout process. Those impacted should notify their financial institutions of the breach while also taking steps to secure their accounts and personal details from misuse.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Customers are increasingly unwilling to do business with companies that can’t protect their personal information. At the same time, privacy regulators are backing them up, collectively ensuring that companies have millions of reasons to execute on this mission critical priority.

United Kingdom – SOS Online Backup Exploit: Unprotected database SOS Online Backup: Cloud storage provider
Risk to Small Business: 2.472 = Severe Cybersecurity researchers identified an exposed database containing nearly 70 GB of sensitive data. The database was discovered in November 2019, but it wasn’t examined until December 9, 2019. Although SOS Online Backup was notified of the breach the next day, it took ten days to have the vulnerability secured – and the company waited several months before informing customers of the event. The company has databases around the world, including in the United States and the United Kingdom, and will undoubtedly face intense regulatory scrutiny for the incident.
Individual Risk: 2.630 = Moderate The exposed database includes users’ personally identifiable information, including names, email addresses, phone numbers, internal company details, and account usernames. This information is often redeployed in spear-phishing campaigns that trick unsuspecting recipients into disclosing even more sensitive data. Therefore, victims should carefully monitor their accounts and digital communications for suspicious or unusual messages.
Customers Impacted: 135,000,000 How it Could Affect Your Customers’ Business: Data privacy regulation is the new norm, as countries around the world enact regulations to support the public’s growing desire for online privacy. Consequently, companies that endure a data breach can expect that increased regulatory scrutiny of the way that information is stored will incur substantial financial penalties as well as other negative legal consequences.

Australia – iStaySafe Pty Exploit: Unauthorized database access iStaySafe Pty: GPS smartwatch for children
Risk to Small Business: 2.434 = Severe This product lets parents track their child’s location and alerts them if the child leaves their designated safe location – but a coding error allowed hackers to download users’ personal data and mimic their location on the service. This dangerous vulnerability not only disrupted that functionality, it also gave hackers access to minors’ location and personally identifiable information. To make matters worse, this is the second time that the watchmaker has experienced this flaw. The same problem was discovered and repaired in 2019, raising serious questions about the platform’s commitment to cybersecurity.
Individual Risk: 1.899 = Severe The breach allowed hackers to access users’ names, email addresses, phone numbers, and profile photos. In addition, bad actors could modify minor children’s location data. This information could be used to craft spear-phishing campaigns or for exploitative criminal purposes, so users should be especially vigilant to assess their use of the product.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Customers are increasingly unwilling to do business with companies that can’t protect their personal information. At the same time, privacy regulators are backing them up, collectively ensuring that companies have millions of reasons to execute on this mission critical priority.

Australia – Commonwealth Federal Courts Exploit: Accidental data exposure Commonwealth Federal Courts: Federal Circuit Court of Australia
Risk to Small Business: 2.805 = Moderate The Commonwealth Federal Courts have acknowledged a “systemic failure” that resulted in the publication of the personal details of hundreds of asylum seekers. The court system removed the discovery feature that compromised peoples’ information. Still, the court has known about the vulnerability for years, leaving many to question its commitment to privacy, especially as it relates to a uniquely vulnerable group of people. In addition to public blowback for the incident, the court system could face additional scrutiny from lawmakers.
Individual Risk: 2.667 = Moderate The exposed information included the names, nicknames, and birthdates of hundreds of asylum seekers. This information could put them or their families in danger, which is especially egregious given their already vulnerable position.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Public sentiment and new regulatory standards are working to hold organizations accountable when they fail to protect private data. Consequently, any organization that handles this kind of information needs to account for potential vulnerabilities and take every step possible to ensure that their defensive posture can meet the moment, keeping sensitive information off the Dark Web.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Healthcare Data Breaches See Significant Increase

In late 2019, we wrote about the connection between healthcare data and the Dark Web, noting a troubling trend that saw bad actors increasingly targeting patient data. Unfortunately, that trend has only accelerated with the onset of the COVID-19 pandemic that is pushing healthcare providers to their limits. A study of the Department of Health and Human Services’ HIPAA breach reporting tool found 105 breaches impacting 2.5 million patients. However, before February 19th, only 38 incidents and 1.1 million records were affected. Cybercriminals have upped their game to take advantage of the chaotic situation on the ground, and healthcare organizations need to be prepared. Notably, the study found that hacking incidents are, by far, the leading cause of data breaches. Many included various forms of email account compromise. Moreover, the report predicts that, as more employees work from home, incidents of phishing attacks will increase because employees are more likely to fall for scams when they are isolated at home. Fortunately, a comprehensive employee awareness campaign can thwart these attacks, helping ensure that healthcare providers are focused on patient care rather than being inundated with cybersecurity threats.

*** Need To Know ***

Phishing Scams Have Spiked by 667% in One Month

The global COVID-19 response has required millions of workers to work from home. When coupled with a general sense of unease and uncertainty, the situation has created a perfect environment for cybercriminals to execute phishing scams. As a result, the number of phishing emails has increased by 667% in the past month. According to an assessment of 468,000 phishing emails, 2% were directly related to COVID-19. Meanwhile, 54% were labeled as scams, 34% as brand impersonation attacks, and 11% as blackmail. In addition, many are luring clicks by claiming to sell cures, face masks, and other critical supplies. For businesses, the implications are clear. Nobody can afford a data breach in this environment. Now is the right time to update and reemphasize phishing scam awareness training to ensure that employees can repel these damaging cyberattacks.
View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.