This week healthcare data breaches keep climbing, Twitter apologizes for its breach, and Australian cyberattacks illustrate the importance of basic training.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1-10
Cybersecurity News: United States
United States – Twitter
Exploit: Accidental Data Sharing
Twitter: Social Media Platform
Risk to Small Business: 2.602 = Moderate
Twitter sent a notification to business clients last week acknowledging a data breach that exposed the personal and billing information of some users. The breach occurred due to an issue that led to some users’ sensitive information being stored in the browser’s cache. Twitter explained that it recently became aware of this issue. Business users were warned that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter your account’s billing information may be at risk.
Individual Risk: 2.602 = Moderate
Twitter did not release an estimate of the accounts affected, but it did specify that only business customers were at risk, and only a percentage of business customers had any details exposed. The leaked information potentially included email addresses, users’ contact numbers, and the last four digits of credit card numbers used for Ads accounts. Twitter business customers should monitor potentially affected payment accounts.
Customers Impacted: Unknown
How it Could Affect Your Business: Information like this quickly makes its way to the Dark Web, setting businesses up for cyberattacks including spear phishing attempts. In addition, failing to guard a business customer’s recurring payment information can negatively impact their relationship with that service provider.
United States – AMT Healthcare
https://portswigger.net/daily-swig/amt-healthcare-data-breach-impacts-nearly-50-000-patients
Exploit: Internal Email Account Compromise
AMT Healthcare: Medical Care Solutions Provider
Risk to Small Business: 1.662 = Severe
AMT Healthcare revealed this week that it had experienced a data breach affecting a large pool of customers in December 2019 that was discovered through suspicious activity on an employee email account. The California-based company recently completed an investigation into the incident and contacted those who were affected. Potentially compromised data includes patient names, Social Security numbers, medical record numbers, diagnosis information, health insurance policy information, medical history information, and driver’s license/state identification numbers.
Individual Risk: 1.899 = Severe
Anyone that may be at risk of compromise was informed this week. Extremely sensitive data was compromised in this breach, and those affected should beware of the potential for fraud, identity theft, and spear phishing attempts that this stolen data creates. A filing of the account posted to the breach portal at the U.S. Department of Health and Human Services noted that potentially affected patients are being offered free credit monitoring services.
Customers Impacted: 47,767
How it Could Affect Your Business: When clients choose to do sensitive business with a company, they’re also trusting that company to guard their information. This imperative is even stronger for companies that collect health information. Not only does a data breach cost healthcare organizations patient confidence, but it also costs a fortune in HIPPA-related fines.
United States – CentralSquare Technologies
https://www.databreachtoday.com/payment-card-skimmer-attacks-hit-8-cities-a-14512
Exploit: Malware
CentralSquare Technologies: Public Sector Services Provider
Risk to Small Business: 1.977 = Severe
Eight cities in three U.S. states that use CentralSquare’s Click2Gov payment systems for municipal transactions were recently affected by a payment card skimming attack that exploited a software vulnerability in the Click2Gov platform. Using Magecart-style malware designed specifically to work on Click2Gov payment sites, cybercriminals were able to capture payment card information from people using the affected Click2Gov sites to make municipal services transactions like paying bills or fines. The attacks began in April 2020 and are ongoing. Reports note that 5 of the 8 cities affected were also targeted in attacks in 2019. The names of the affected cities were not released.
Individual Risk: 2.378 = Severe
Financial data was directly compromised in this attack, including payment card numbers, expiration dates, and CVV. Similar information from previous attacks against Click2Gov in 2019 and 2018 was made available on the Dark Web quickly.
Customers Impacted: Unknown
How it Could Affect Your Business: Payment skimming malware is an increasing threat for any business that processes online payments. Compromised financial and identity information can also hang around in Dark Web markets for a long time, creating continued risk.
United States – University of California San Francisco
https://www.infosecurity-magazine.com/news/ucsf-pays-114m-ransomware-fee/
Exploit: Ransomware
University of California San Francisco: Education and Research Institution
Risk to Small Business: 1.275 = Extreme
The University of California San Francisco (UCSF) confirmed this week that it paid cybercriminals $1.14 million to decrypt data following a ransomware attack. Although UCSF was able to detect the incident quickly, it was not fast enough to allow cybersecurity teams to quarantine the affected servers, and a significant portion of its medical school and research data was encrypted. The ransom was demanded to free essential COVID-19 research data that was captured in an intrusion on June 1. Reports indicate that UCSF was one of four academic institutions targeted in a single week by the Netwalker ransomware group.
Individual Risk: No patient or personal data was reported as compromised at this time.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a growing menace to every organization, and it’s not just sensitive business or financial data that Dark Web criminals are after. Research data has become an increasingly hot commodity. Paying ransoms to cybercriminals to decrypt research data sets a dangerous precedent. Collecting large sums will embolden other groups that can take down big fish to score big paydays.
Cybersecurity News: Canada
Canada – OneClass
Exploit: Unsecured Database Access
OneClass: E-learning Platform
Risk to Small Business: 1.407 = Extreme
An unsecured Amazon Secure Storage Services bucket is the culprit for a data breach at North American education services provider OneClass. The Canadian company was informed of the breach on May 25 by cybersecurity researchers and the database was secured within 24 hours. However, personally identifiable information for more than 1 million students, some as young as 13, had already been extracted. The compromised 27GB database includes 8.9 million records.
Individual Risk: 1.719 = Severe
Students, teachers, and other users of the platform had personally identifiable data including full names, email addresses (some masked), schools and universities attended, phone numbers, course enrollment data, textbooks, testing results, faculty data, and other OneClass account details compromised. No payment information or financial data is believed to have been affected.
Customers Impacted: 1 million
How it Could Affect Your Business: Failure to secure the personally identifiable data of users, especially children, is distasteful to both potential and current clients. Students, teachers, and schools may look at other education platforms to find a more secure alternative. Information compromised in this incident could haunt those affected for years to come as it lingers on the Dark Web.
Cybersecurity News: United Kingdom
United Kingdom – Babylon Health
Exploit: Accidental Data Sharing
Babylon Health: Telemedicine Technology Developer
Risk to Small Business: 2.207 = Severe
A recently completed investigation revealed that a flaw in the software created by Babylon Health to enable telemedicine appointments also allowed users to see the consultations of other patients after they finished their own telemedicine visits. The app is used by about 2.3 million UK users. It allows members to book medical appointments, access a triage chatbot, and have consultations with NHS doctors via smartphone video or audio-only call. Apparently, when users switched from video to audio-only during their call, they also gained access to the audio recordings of the medical consultations of other users.
Individual Risk: 2.919 = Moderate
Babylon Health reports that the issue was discovered in early June and repaired rapidly, with a “very small” unspecified number of users affected.
Customers Impacted: Unknown
How it Could Affect Your Business: More and more interactions are taking place over video these days, especially in the wake of the global pandemic. Many video conferencing service providers have had issues with intrusions and software glitches that put the private conversations and meetings of users at risk, creating doubt in the security of this type of communication. Because of this, data that is shared during a video conference through display, audio, or screen sharing may be in danger of compromise.
Cybersecurity News: Australia & New Zealand
Australia – Chem Pack
Exploit: Ransomware
Chem Pack: Liquid Chemical Formulation Manufacturer
Risk to Small Business: 1.779 = Severe
As a barrage of cyberattacks continues to affect companies in Australia, Chem Pack has been caught in a ransomware attack. Cybercriminals using REvil ransomware have compromised and encrypted data at the Melbourne-based manufacturer. REvil ransomware exploits a known 2018 Windows vulnerability to elevate account privileges, enabling these bad actors to strike. The attackers claim to have exfiltrated financial information, personal information, and other essential business data, and recently posted a screenshot of a sample of the data on a Dark Web forum. Typically, this group posts a screenshot as proof that they’ve encrypted the affected data and asks the victim to contact them to negotiate a ransom for the key to unlock it.
Individual Risk: No individual data was reported as compromised.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a scourge that doesn’t just hold a company’s operations hostage, it also creates extended cybersecurity risks as data that has been obtained in attacks is copied and shared on the Dark Web. Even when a ransom is paid, victims have no guarantee that the captured data is returned without being replicated or sold to others first.
Cybersecurity News Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Added Intelligence
Stronger Passwords Are Essential for Stronger Security
Human error is the number one cause of a data breach One major error that any staffer can make is to create a terrible password. If any user’s password is weak, recycled, or easy-to-guess, it’s a risk to data and system security for the whole company. How does your password measure up?
Australian Cyberattacks Prove That Threat Resistance Training is Always a Good Investment
Sophisticated cyberattack risks are growing throughout the world, and the attacker isn’t always just a group of opportunistic cybercriminals. A recent explosion of cyberattacks against targets in Australia has been reported to be linked to potentially malicious state-sponsored actors, creating a new level of worry for cybersecurity architects.
Ransomware has become an even greater menace for Australian companies. Government officials have warned that ransomware that is delivered through spear phishing attacks is suspected to be part of the overall larger attack picture in this wave of attacks. Therefore, it’s clear that frequent, high-quality phishing defense and resistance training is essential to protect a company from ransomware attacks.
Ransomware is devastating to any business, as was recently demonstrated by two incidents at Australian drinks conglomerate Lion. Systems at the beverage company have been infected twice in the last month alone, freezing essential production and operations technology just as it began to ramp up its post-pandemic production.
Updating a company’s cybersecurity stack to boost ransomware defense should always include upgrading phishing resistance training. Dark Web monitoring is a great place to start when constructing a strong cybersecurity defense, but every building block in that defense is important.A note about cybersecurity news for your customers:
Need to Know
An Ounce of Prevention is Worth a Pound of Cure
We’ve all heard this old saw, and it’s still popular for a reason: it’s right. Taking strong preventative measures now to protect your data saves both time and money later. More than 50% of businesses had a data breach in 2020 – and that’s a time-consuming money pit for any company. By taking the right preventative measures now, you can lower your risk of a data breach later.
One of the most important preventative measures to take right away is updated training about current phishing threats. Right now, cybercriminals are using many new tricks to mount phishing attacks. While your staff may be aware that they shouldn’t open unexpected attachments, do they know not to click surprise links, or open unanticipated PDFs, or accept unverified Zoom invitations? Updated phishing training prepares them to resist these threats and protect your data.
Coupling phishing resistance training with 24/7/365 Dark Web monitoring guards your data on two fronts. Not only are you preventing bad actors from getting a front door key to your data with improved phishing resistance, but you’re also making sure that cybercriminals aren’t sneaking in the back door either by watching for Dark Web threats. By combining multiple solutions that work together well, you can maximize the ways that your security solutions help prevent data loss – because strong, sensible preventative measures always pay off.