The Week in Breach: 04/15/20 – 04/21/20 | CloudSmart IT

The Week in Breach: 04/15/20 – 04/21/20

This week, compromised email accounts expose customer data, ransomware disrupts remote work, and the FBI releases a new warning about COVID-19 related healthcare cybercrime.  

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: High-Tech & IT
  • Top Employee Count: 11-50

United States – AST LLC.

https://www.technadu.com/ast-llc-announces-data-breach-circulates-notices-employees/99052/

Exploit: Employee payroll breach

AST LLC.: Cloud & digital transformation service provider

gauge indicating severe risk

Risk to Small Business: 1.871 = Severe

Using a previously compromised email account, hackers accessed employee payroll information. Hackers used their access to set up rules that diverted received messages, making it more difficult for the company to detect the breach. The incident, which occurred on March 9, 2020, has prompted the company to update its cybersecurity standards to include two-factor authentication on company email accounts. Unfortunately, this change is too-little-too-late and is unlikely to assuage the concerns of the company’s enterprise clients.

gauge showing severe risk

Individual Risk: 1.690 = Severe

Hackers accessed employees’ payroll information and 2019 W-2 forms, which included their names, addresses, salary details, Social Security numbers, employer identification numbers, and other work-related information. AST has warned employees that this information will likely be transferred to the Dark Web, where it could be used to create convincing spear phishing emails. The company is offering affected personnel a year of identity theft prevention services, and victims should enroll in this service as an extra defense against additional cybercrimes related to this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Employee email accounts are often compromised, and this can have significant repercussions for both employee and company data. Simple steps, like enabling multi-factor authentication, can help keep these accounts secure while protecting ROI.


United States – San Francisco International Airport

https://www.bleepingcomputer.com/news/security/san-francisco-intl-airport-discloses-data-breach-after-hack/

Exploit: Malware attack

San Francisco International Airport: Airport authority

gauge indicating moderate risk

Risk to Small Business: 2.505 = Moderate

A malware attack on two websites related to the San Francisco International Airport, SFOConnect.com and SFOConstruction.com, compromised users’ login credentials. The breach applies specifically to users accessing the sites using Internet Explorer or a Windows-based personal device. In response, the airport has reset all account passwords, and they are encouraging everyone with an account on these platforms to update their login information for other websites that use the same information.

gauge indicating moderate risk

Individual Risk: 2.775 = Moderate

Hackers obtained peoples’ usernames and passwords. Although the company was quick to reset these credentials, victims should be mindful that this information could be used to access other accounts that rely on the same username and password combination. Therefore, they should carefully monitor their accounts for suspicious or unusual activity. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Stolen login credentials are often available for sale on the Dark Web, making an awareness of this nefarious marketplace an integral part of any company’s cybersecurity strategy. By having your eyes and ears attuned to this information’s availability, companies can prevent its use before it enables a more devastating data breach.


Canada – The Law Society of Manitoba

https://www.cbc.ca/amp/1.5530825

Exploit: Ransomware

The Law Society is Manitoba: Law firm collective

gauge indicating extreme risk

Risk to Small Business: 1.475 = Extreme

Two Manitoba law firms experienced a ransomware attack that crippled their operations. The encryption left employees unable to access computer systems, digital files, email, or data backups. As a result, firms are left without their client lists, accounting and financial information, photos, and other mission-critical information. The ransomware infected the firms’ systems after employees opened a malicious email attachment. According to the company, cybercriminals are demanding an “enormous” ransom that the companies are unable and unwilling to pay.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The challenging business environment created by the COVID-19 pandemic leaves little room for additional setbacks. Since ransomware attacks carry multifaceted expenses, including productivity loss, opportunity cost, and technology recovery, every company needs to be confident that it has its bases covered when it comes to this increasingly prominent threat.


Canada – Holland America Line, Inc.

https://hotforsecurity.bitdefender.com/blog/canadian-authorities-email-private-details-of-247-ms-zaandam-cruise-passengers-23010.html

Exploit: Accidental data sharing

Holland America Line, Inc.: Cruise company

gauge indicating severe risk

Risk to Small Business: 1.833 = Severe

When communicating with COVID-19 patients from a recently-docked cruise ship, authorities accidentally emailed an attachment that included the personal details to all cruise line passengers impacted by the virus. Compounding the problem, many recipients forwarded the email, expanding the scope of the data exposure. Impacting COVID-19 patients, this data breach is an awful event occurring at a terrible time.

Gauge indicating severe risk

Individual Risk: 1.905 = Severe

The breach includes patients’ personally identifiable information, including their names, addresses, dates of birth, email addresses, phone numbers, and passport numbers. The 247 passengers are also being asked to change their passport numbers. Victims should enroll in a credit and identity monitoring service to ensure the long-term integrity of this critical data.

Customers Impacted: 247

How it Could Affect Your Customers’ Business: This incident is a reminder that companies need a 360-degree approach to data security that accounts for all types of data loss opportunities. In this way, holistic cybersecurity training can equip employees to rightly prioritize company data and to take appropriate steps to mitigate the risk of a data breach.


United Kingdom – Travelex

https://www.ciodive.com/news/travelex-ransom-breach-investigation/575842/

Exploit: Ransomware

Travelex: Foreign exchange company

gauge indicating severe risk

Risk to Small Business: 1.703 = Severe

Hackers stole and encrypted company data, and they are threatening to publish the information if Travelex doesn’t pay a significant ransom. The attack was first reported by hackers in January when they indicated to media sources that they copied and encrypted 5GB of personal data. Ultimately, the attack has cost Travelex more than $2 million. Hackers exploited a flaw in VPN software to gain access to the network, and cybersecurity researchers believe that hackers had access to the company’s network well before they encrypted its data.

gauge indicating moderate risk

Individual Risk: 2.711 = Moderate

While it’s unclear what specific data categories were accessible to hackers, stealing and publishing personal data is one of the latest threats to accompany a ransomware attack. Travelex customers should be vigilant to monitor their accounts for unusual activity and their incoming messages for signs of phishing scams.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are incredibly costly, and their repercussions can reverberate through companies for years. Protecting against potential vulnerabilities that give hackers a foothold must be a top priority for companies looking to succeed in a digital environment where a ransomware attack is always a possibility.


Denmark – DESMI   

https://securityaffairs.co/wordpress/101495/hacking/desmi-discloses-cyber-attack.html

Exploit: Ransomware

DESMI: Pump manufacturer and developer

gauge showing severe risk

Risk to Small Business: 2.617 = Severe

A ransomware attack has encrypted company IT, prohibiting remote workers from accessing company systems. Although the DESMI is confident in its ability to restore services, this outage constitutes a veritable shutdown as employees can neither utilize in-office tools nor communicate via virtual meetings.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: COVID-19 has made remote work a necessity at companies around the world. This workflow is contingent on employees having access to company systems. During this time, a ransomware attack can erode the limited productivity and sales opportunities that companies have now, which increases the impetus to protect your company’s digital environment.


Australia – Ingram   

https://portswigger.net/daily-swig/ingram-data-breach-digital-content-platform-hack-resulted-in-theft-of-publishers-titles

Exploit: Unauthorized account access

Ingram: Book distributor

gauge showing severe risk

Risk to Small Business: 2.335 = Severe

Hackers accessed a customer account and downloaded numerous book titles from the company’s repository. The bookseller, which operates in the US, UK, France, and Australia, immediately revoked the account credentials and hired a third-party cybersecurity team to investigate the breach. As an on-demand printing business, Ingram relies on its reputation, as authors select platforms that can securely and reliably deliver their content to readers.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In today’s digital environment, where billions of login credentials are readily on sale on the Dark Web, every company should expect that hackers could gain front door access to its IT infrastructure. Therefore, it’s critical that they deploy security solutions, like two-factor authentication, that can prevent hackers from accessing user accounts even when they are armed with login information


Australia – Wappalyzer    

https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/

Exploit: Unsecured database

Wappalyzer: Technographics data provider

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.417 = Severe

On January 20, 2020, hackers copied data from an exposed database containing customers’ personal details. Now, Wappalyzer customers are receiving emails from hackers offering to sell the database for $2,000 in Bitcoin. The company downplayed the incident, claiming that the information was from an old database from its previous website. However, the details were valid enough that hackers were able to communicate with customers directly. As a best-case scenario, this incident is a PR disaster for the company, but the consequences could become more onerous.

gauge indicating moderate risk

Individual Risk: 2.883 = Moderate

Wappalyzer contends that the exposed database doesn’t include customers’ personal data. Even so, because hackers have access to users’ email addresses, those impacted by the breach should be especially vigilant about assessing incoming messages for potential spear phishing messages that could compromise even more sensitive personal data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Data breaches do serious damage to a company’s reputation. Customers and business partners are increasingly unwilling to work with companies that are stained by a data security incident. When coupled with expanding privacy regulations and soaring costs, today’s companies have millions of reasons to secure their customers’ data.


Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News

Thousands of Zoom Credentials Available on Dark Web   

Zoom and other video conferencing services have soared in popularity, but their convenience can come at a steep cost to cybersecurity. Unfortunately, these services have been subject to a litany of cyber threats. Terms like “Zoom bombing” are now part of our vernacular as Zoom takes the most heat for cybersecurity weaknesses, but other services have faced privacy concerns of their own.

This reality was underscored this week when cybersecurity researchers discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users.

Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing dark web monitoring is one way to stay ahead of the game during this critical time.

https://securityaffairs.co/wordpress/101475/deep-web/zoom-dark-web.html


Need to Know

COVID-19 Treatment Centers Targeted by Cybercrime   

This week, the Federal Bureau of Investigation (FBI) issued a warning that hackers are increasingly targeting companies pursuing treatments for the novel Coronavirus. As a result, the FBI warned, “Now is the time to protect critical research you’re conducting.”

Of course, it’s not just researchers experiencing a surge in COVID-19-related cyberattacks. Other healthcare facilities, including hospitals, testing facilities, and specialty care units have experienced a barrage of phishing scams, ransomware attacks, and other cyberattacks. This activity is part of a concerted effort by cybercriminals to take advantage of this scary and destabilizing moment to steal valuable company and customer data.

Consequently, now is the time for every company to reassess its cyber preparedness in light of the new realities posed by COVID-19. If we can support these efforts in any way, please don’t hesitate to contact our team.

https://www.reuters.com/article/us-health-coronavirus-cyber/foreign-state-hackers-target-u-s-coronavirus-treatment-research-fbi-official-idUSKBN21Y3GL?&web_view=true

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.