This week malicious insiders strike and gambling with security doesn’t pay off for a gambling app.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Hospitality
- Top Employee Count: 1-10
Cybersecurity News: United States
United States – DataViper
https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/?&web_view=true
Exploit: Unauthorized Database Access (Malicious Insider)
DataViper: Information Security
Risk to Small Business: 1.239 = Extreme
A malicious insider is the culprit in a data breach at information security firm DataViper. 8,200 databases containing the personal information of millions of users were snatched from the company’s data leak monitoring service. The hacker, purportedly a former employee of Night Lion who is using that name for Dark Web activity, claims to have spent three months inside DataViper servers while exfiltrating databases indexed for the DataViper data leak monitoring service. The hacker also posted ads on the Empire Dark Web marketplace where they put up for sale 50 of the biggest databases that they found inside DataViper’s backend.
Individual Risk: 2.117 = Severe
While these databases contained the information of billions of people worldwide, much of the information was from old breaches. Some new information was included, but researchers have not ascertained how much and what kind. This kind of information is often used in phishing and credential stuffing attacks.
Customers Impacted: Unknown
How it Could Affect Your Business: Insider threats are a menace to every business. While most insider incidents at organizations are caused by unintentional threats like human error, malicious insider attacks count for more than 20% of insider incidents. Some malicious insiders sell company secrets or even their own credentials on the Dark Web.
United States – Benefit Recovery Specialists
https://www.databreachtoday.com/billing-vendor-breach-affects-275000-a-14607
Exploit: Malware
Benefit Recovery Specialists: Medical Billing and Debt Collection
Risk to Small Business: 1.974 = Severe
A malware incident was just confirmed at Benefit Recovery Systems by the US Department of Health and Human Services’ Office for Civil Rights. Several computers at the Houston-based company were infected, leading to a breach that exposed thousands of customer records. In a breach notification statement posted on BRSI’s website, the company says that on April 30, it discovered a malware incident affecting certain company systems. The company stated that customer files containing personal information may have been accessed and/or acquired by the unknown actor between April 20 and April 30, 2020.
Individual Risk: 2.227 = Severe
Information that may have been exposed includes name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code. A small number of Social Security numbers may also have been exposed. Patients that were impacted should be alert for spear phishing attempts or identity theft.
Customers Impacted: 275,000
How it Could Affect Your Business: Healthcare data is one of the hottest commodities in today’s data markets – especially COVID-19 related patient or research data. Plus, healthcare companies face steep fines for HIPPA violations like this, making it prudent for every healthcare organization to add data loss prevention and security awareness training as priorities before a breach.
Cybersecurity News: Canada
Canada – Canadian Defence Academy
Exploit: Ransomware
Canadian Defence Academy: Military Training College System
Risk to Small Business: 1.694 = Severe
Computer systems at Canada’s four military academies have been taken offline by a purported ransomware attack. The schools affected include the Royal Military College, the Royal Military College Saint-Jean, the Canadian Forces College and the Chief Warrant Officer Robert Osside Profession of Arms Institute. Early indications suggest this incident resulted from a mass phishing campaign. An officer at an engineering school that was impacted reported the incident as a ransomware attack on his personal blog. The incident has not affected any classified systems or classified research.
Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the business scourge that keeps information security professionals up at night. Most ransomware arrives through a successful phishing attack, and phishing is the biggest threat of 2020 so far, with a more than 600% increase in attempts noted since the start of the pandemic.
Cybersecurity News: United Kingdom
United Kingdom – Xchanging
https://www.insurancejournal.com/news/international/2020/07/06/574427.htm#
Exploit: Ransomware
Xchanging = Insurance Managed Services Platform
Risk to Small Business: 2.307 = Severe
Ransomware strikes again, this time taking systems hostage at Xchanging, the UK based subsidiary of DXC Technology. The problem appears to be limited to several of the company’s customer-facing services. Xchanging offers business process services in areas such as customer administration, finance and procurement, and technology services including application management, infrastructure management, specialist software, and data integration. No data is believed to have been stolen in this incident.
Customers Impacted: 1.000+
Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.
How it Could Affect Your Business: Every business has relationships with service providers, making the risk of a third-party data breach unavoidable. Especially when transacting business with companies that handle payment, financial or personnel data, organizations have to be cognizant of the potential for a data breach that comes through business services relationships, and the Dark Web danger that brings to the table.
Cybersecurity News – European Union
Portugal – Energias de Portugal (EDP)
Exploit: Ransomware
Energias de Portugal: Energy Provider
Risk to Small Business: 2.109 = Severe
Energy giant EDP reported through its North American subsidiary, EDP NA, that it had been affected by a ransomware attack using Ragnar Locker. While the attack was not recent, the company just confirmed the parameters of it publicly as it became apparent that recovery would include notifying potentially affected customers. The attackers reportedly demanded that EDP Group pay a ransom of 1580 bitcoins for a decryptor and to stop the cybercriminals from releasing over 10 TB of data allegedly stolen in the incident.
Individual Risk: 2.022 = Severe
Attackers reportedly gained access to some personal information stored on the impacted servers, including personally identifying information and Social Security numbers. No financial or payment card data was accessed. The company is offering customers one year of free data protection via Experian as a proactive measure.
Customers Impacted: 11,500
How it Could Affect Your Business: As ransomware continues to wreak havoc with cybersecurity at businesses of any size, every business needs to have a plan in place to both recover from a ransomware incident and bolster their security to defend against potential ransomware attacks because Dark Web activity has never been higher – or a bigger threat to businesses.
Cybersecurity News – Australia & New Zealand
New Zealand – Fisher and Paykel
Exploit: Ransomware
Fisher and Paykel: Appliance Manufacturer and Distributor
Risk to Small Business: 2.374 = Severe
The saga continues for New Zealand appliance company Fisher and Paykel, as they continue to experience damage following a ransomware attack last month. In June, attackers took the company’s data hostage, releasing a teaser on the Dark Web as part of its initial ransom demand. The attackers used Nefilim ransomware, whi9ch is effective against Windows systems. A larger trove of corporate data just hit the Dark Web after the company apparently failed to meet the ransom demand. So far the materials released are financial documents dating back to 2014.
Individual Risk: No personally identifying information or personal financial data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: It’s become increasingly common for ransomware attacks to have multiple components, with attackers initially making a ransom demand while providing sample data as proof that they have information, and then escalating incidents if their demands are not met. With a huge rise in phishing attempts, businesses can’t afford to take security awareness training chances.
Cybersecurity News: Asia & Pacific
India – T7 Games/Ouroboros Games
https://www.vpnmentor.com/blog/report-clubillion-leak/
Exploit: Unsecured Database
T7 Games/Ouroboros Games: Gambling Games Application Developer
Risk to Small Business: 1.217 = Extreme
The world’s most popular social gambling app Clubillion suffered a major data breach that affects customers around the world. A research team initially discovered the problem on March 19, finding the database hosted on Amazon Web Services during the course of working on a web mapping project. The developers of Clubillion were notified by the researchers quickly, but continued inaction exposed approximately 200 million user records per day – 50GB worth of data. The active database included constantly updated gameplay information for affected users as well as IP addresses, e-mail addresses, winnings, and private messages. The database was recorded as open for 16 days before action was taken to contain the leak.
Individual Risk: 2.219 = Severe
While researchers did not see any personally identifying or financial information in the affected database, the complexity of the breach prevents certainty about exactly what was leaked. Users of the app should be aware of potential phishing attacks fueled by this data.
Customers Impacted: 160,000+
How it Could Affect Your Customers’ Business: Staffers aren’t just using their favorite apps and services on their personal phones and computers – they’re doing it on their work machines too. As companies continue to adopt “Bring Your Own Device” policies and the work/personal line gets murkier for staffers, companies have to be concerned about the potential for danger caused by breaches in entertainment and social media apps.
Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Need to Know
Web-Based Apps Are Great Tools For Businesses But They Have Hidden Dangers
Almost every business relies on web-based applications and tools to function these days. From data storage to video conferencing, web-based applications are everywhere. But they’re not as safe as you might think – and that can be a problem for businesses.
Recently, a newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s widely used Chrome web browser. Google removed around 70 add-ons that it deemed “malicious” in response to that discovery.
The extensions were designed to avoid detection by antivirus or security software. If a user with one of the malicious browser extensions installed surfed the web on a home computer, it would connect to a series of websites and transmit information. Anyone using a corporate network, which would include security services, would be less likely to transmit sensitive information.
As the work/home device line blurs, every company needs to put protections in place to deal with cybersecurity incidents caused by these kinds of problems.