This week BlackBaud’s breach woes cause complications worldwide, double extortion ransomware comes calling, and how neglecting basic security awareness training can cost a fortune.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
Cybersecurity and Breach News – United States
United States – National Cardiovascular Partners
Exploit: Unauthorized Account Access
National Cardiovascular Partners: Healthcare Provider
Risk to Small Business: 2.232 = Severe
Patient data was exposed after hackers were able to gain access to the Excel spreadsheet where it was stored through an employee account compromise. Undetected for over 3 weeks, the spreadsheet contained patient information, including names, contact information, and a host of other sensitive data that varied by patient. No word on what else the hackers may have obtained.
Individual Risk: 2.377 = Severe
Impacted patients are being notified and offered a one-year membership in Experian IdentityWorks, an identity theft protection service. These patients should also take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.
Customers Impacted: 78,070
How it Could Affect Your Business: Handling sensitive medical data is a proposition that requires excellent security training as well as a strong suite of cybersecurity solutions. Not only was this incident preventable, but it was also expensive – and it will not just cost a fortune in recovery, it will also invite regulatory penalties.
United States – IndieFlix
Exploit: Unsecured Database
IndieFlix: Streaming Service
Risk to Small Business: 1.603 = Severe
Another unsecured data bucket on a publicly accessible Amazon Simple Storage (S3) server is the culprit for a data breach at the streaming platform IndieFlix. The exposed data includes over 90,000 files. Some of the data includes scans of confidential motion picture acquisition agreements, tax ID requests that include filmmaker social security numbers and employer identification numbers, and detailed contact information of thousands of film professionals – plus thousands of unlocked video files of short films, movie clips, and trailers that can be accessed and downloaded by anyone with a direct link to the files.
Individual Risk: 1.599 = Severe
3,217 scans of requests for tax identification numbers that include addresses, signatures, as well as social security numbers and/or employer identification numbers of the filmmakers or their distribution agents were compromised. Film industry professionals and organizations that have signed agreements with IndieFlix or given the company their contact details between 2013 and 2016, should be aware of the potential for their data, including financial information, to be used for fraud and spear phishing attacks.
Customers Impacted: Unknown
How it Could Affect Your Business Sloppy storage causes big problems that can have a huge impact on a company’s reputation client confidence. By improving security awareness training, employees will develop better handling habits for data and passwords.
United States – Athens Independent School District
Exploit: Ransomware
Athens Independent School District: Public School System
Risk to Small Business: 1.207 = Extreme
A school system in East Texas has paid cybercriminals a ransom of $50K for the key to unencrypt its data. The school board noted that it had no choice but to pay the ransom because it could not complete recovery in time to start the new school year. The report also noted that other school systems in East Texas have been hit with ransomware attacks recently as well. The district has cyberattack insurance.
Individual Risk: No personal or financial data about students or staff was reported as compromised at this time.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is today’s biggest cybersecurity headache, and it’s usually delivered through a poisoned phishing email. A well-timed ransomware attack can create a big payday for cybercriminals as impacted victims are left with little recourse when they’re on a tight schedule.
United States – Ledger
Exploit: Unauthorized Database Access
Ledger: Cryptocurrency Storage Hardware Developer
Risk to Small Business: 1.993 = Severe
Cryptocurrency wallet maker Ledger has announced that they experienced a data breach that exposed contact information for many clients. The breach was discovered by a participant in a bug bounty program. A marketing database containing email addresses for approximately one million users was unsecured, and a subset of 9,500 customers also had other contact information including first and last name, mailing addresses, and phone numbers exposed.
Individual Risk: 2.775 = Moderate
Only basic information like email addresses was exposed for a majority if the affected clients, but some customers’ addresses and phone numbers were compromised as well. Clients should be suspicious of potential spear phishing attacks.
Customers Impacted: 1 million
How it Could Affect Your Business: Simple security failures like thismoneor the data breach caused by phishing at Twitter don’t increase client confidence in companies that promise secure technology.
United States – Havenly
Exploit: Unauthorized Database Access
Havenly: Interior Design Collaboration Website
Risk to Small Business: 2.302 = Severe
As part of last week’s ShinyHunters data dump, the account details of millions of Havenly users were leaked on the Dark Web. The leaked data included affected users’ login name, full name, hashed password, email address, phone number, zip, and other data related to the usage of the site. Havenly noted that it does not store credit card numbers and no financial data was involved in this incident
Individual Risk: 2.503 = Moderate
No financial data was reported as compromised in this breach, but users should be aware of the personal details that were stolen being used to conduct spear phishing attempts.
Customers Impacted: 13 million
How it Could Affect Your Business: Data dumps from major players in the data selling business are becoming more common. These dumps often include email addresses and login credentials for work accounts that staffers may be using (or reusing) for convenience.
United States – Drizzly
https://techcrunch.com/2020/07/28/drizly-data-breach/
Exploit: Unauthorized Database Access
Drizzly: Alcohol Delivery Service
Risk to Small Business: 2.101 = Severe
Online booze startup Drizzly just announced that it suffered a data breach. Hackers were able to snatch customer email addresses, DOBs, hashed passwords, and some delivery addresses. The company says that no financial information was taken, but researchers noticed that hackers trying to sell Drizzly’s data claim to also have credit card numbers.
Individual Risk: 2.661 = Moderate
No financial information was reported stolen, by the company, but cybersecurity reports put that claim in question. Users of the service should change their passwords immediately and monitor their credit accounts for fraud.
Customers Impacted: 2.5 million
How it Could Affect Your Business: As more competition pops up in online delivery service spaces, customers will be inclined to choose to do business with companies that can protect their data.
Cybersecurity and Breach News – Canada
Canada – Pivot Technology Solutions
Exploit: Ransomware
Pivot Technology Solutions – Managed Services Provider
Risk to Small Business: 1.513 = Severe
A ransomware attempt at Canadian MSP Pivot Technology Solutions was ultimately foiled, but not before the attackers were able to access and copy sensitive company data for some US employees and consultants. Compromised staff and associate data included names, addresses, dates of birth, gender, disability status, and type of insurance coverage. Cybercriminals also stole payroll data including details about deductions, 401k forms, income, and benefits as well as scooping up, banking details like routing and account numbers, and Social Security numbers.
Individual Risk: 2.074 = Severe
The company is offering free monitoring solutions to affected staffers and advises anyone who suspects that their information may have been involved to monitor accounts for financial and identity compromise.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the bane of cybersecurity professionals around the world. It is typically used to encrypt data, but even an attempt that fails to encrypt data can still expose sensitive information.
Cybersecurity and Breach News – United Kingdom & European Union
United Kingdom – Avon
https://www.infosecurity-magazine.com/news/cosmetics-giant-avon-leaks-19/?&web_view=true
Exploit: Unsecured Database
Avon: Cosmetics Manufacturer and Distributor
Risk to Small Business: 1.883 = Severe
A misconfigured cloud server at global cosmetics powerhouse Avon was the culprit of a 7GB data breach at the cosmetics giant after it was discovered by researchers. The Elasticsearch database on an Azure server was publicly exposed with no password protection or encryption for nine days. The treasure trove of information available included personally identifiable information of both customers and employees, including full names, phone numbers, dates of birth, emails, and home addresses with GPS coordinates. Also included in the haul were an eye-popping 40,000+ security tokens and OAuth tokens plus internal logs, account settings, and technical server information.
Individual Risk: 2.339 = Severe
While no financial data was reported as exposed, the personal information that was available to cybercriminals opens Avin customers and staffers up to spear phishing attempts and potential identity theft.
Customers Impacted: 19 million
How it Could Affect Your Business: Basic security failures are unacceptable at companies of any size. Consumers are becoming more aware of the potential risk that comes from having their personal data exposed and will be less likely to do business with companies that fail to secure it.
Germany – Dussmann Group
Exploit: Ransomware
Dussmann Group: Services Conglomerate
Risk to Small Business: 1.827 = Severe
Nefilim Ransomware is responsible for a data breach at Dresdner Kühlanlagenbau GmbH (DKA), a subsidiary of the Dussmann Group. The attackers began the sale of 14 GB of sensitive data including archives contain numerous documents, including Word documents, images, accounting documents, and AutoCAD drawings before encrypting systems. In total, the gang claims to have encrypted four domains and stolen approximately 200GB of archived data.
Individual Risk: No personal or financial information was reported as stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Dark Web data brokers aren’t just looking for password lists and credit card numbers. They also want proprietary data and business secrets like formulas and schematics like the ones stolen in this incident.
Cybersecurity and Breach News – Middle East & Africa
Israel – Promo.com
https://portswigger.net/daily-swig/promo-com-data-breach-impacts-23-million-content-creators
Exploit: Third Party Data Breach
Promo.com: Marketing Video Creation
Risk to Small Business: 2.092 = Severe
The Israeli-based marketing video creation site has disclosed a data breach after a database containing 22 million user records was leaked for free on a hacker forum. The exposed data includes content creators’ first name, last name, email address, IP address, approximated user location based on their IP address, and gender, as well as encrypted, hashed passwords. Promo.com says that the information was stolen as part of a third party data breach involving one of their service providers.
Individual Risk: 2.802 = Moderate
No financial data was stolen in this incident, but the personal information stolen may open creators that use the site up to identity theft and spear phishing attempts.
Customers Impacted: 23 million
How it Could Affect Your Business: A data breach at a third party provider is almost as dangerous to a company’s security and reputation as an in-house incident.
Cybersecurity and Breach News – Australia & New Zealand
Australia – Regis Healthcare
Exploit: Ransomware
Regis Healthcare: Aged Home Operator
Risk to Small Business: 2.002 = Severe
Care home operator Regis is reporting that it suffered a cyberattack leading tom a data breach that was allegedly perpetrated by “foreign attackers” using Maze ransomware. The stolen data from 2 servers includes the personal information of a small number of residents at Regis facilities and a staff member
Individual Risk: 2.705 = Moderate
While no financial information was reported stolen, a great deal of very specific and highly sensitive personal health data has been compromised. This is especially troubling as COVID-19 anxiety runs high, and may lead to public personal ramifications for patients that were affected as well as lending itself to spear phishing and blackmail attempts.
Customers Impacted: Unknown
How it Could Affect Your Business: The ripple effect of one breach can sometimes be felt throughout an industry, as many services and companies are intertwined. By adding a solid digital risk protection platform to their security plan, businesses can gain a more holistic view of their risks to start patching up holes in security before a problem becomes a disaster.
Cybersecurity and Breach News Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach Cybersecurity and Breach News are calculated using a formula that considers a wide range of factors related to the assessed breach.
Added Intelligence
Insider Threats Caused Major Problems – But You Can Fight Back.
Insider threats are the biggest potential cybersecurity pitfall that any business faces. While we often think of saboteurs, thieves, criminals, and spies as the threats that businesses need to be concerned about, malicious insiders are only a small fraction of the problem.
The most potentially devastating threats to cybersecurity are intentional. Well-intentioned but careless or poorly trained employees can open businesses up to a data breach, ransomware, credential compromise, or another security incident quickly.
Learn to spot and stop insider threats to protect businesses from both malicious actors and sloppy staffers in our eBook, “Combating Insider Threats”, a free download that’s available now as part of our “Stop Insider Threats” resource package – plus take a deeper dive into insider threats with our “6 Things You Need to Know About Insider Threats” whitepaper, perfect for giving to customers who want to learn more about this problem an how you can solve it for them!
The BlackBaud Breach Fallout Continues to Pile Up
The recent data breach at fundraising technology provider BlackBaud is an object lesson in how third party risks can compromise cybersecurity and cause huge problems for other businesses, leading to a cascade effect that keeps the damage rolling.
Initially, BlackBaud obfuscated the details it released about the breach, including insinuating that the initial ransomware attack was unsuccessful. BlackBaud had actually paid the ransom demanded for the encryption key. The company also claimed that very little user data was stolen and the breach would only impact a small subset of its users.
Once again, that wasn’t necessarily the case. As the ripple effect of the initial breach became more apparent,large universities and institutions around the world began disclosing that information including details about their alumni, donors, and fundraising efforts had been compromised in the BlackBaud breach, Including The National Trust (UK), Texas Tech, the University of York, the University of South Wales, Aberystwyth University, and UK Charities including The Wallich, Crisis, Sue Ryder, and Young Minds.
The UK’s Information Commissioner’s Office (ICO) told the BBC that 125 organizations had reported that they were impacted by the event, including dozens of universities and 33 charities. Internationally, the breach is expected to impact many more universities, trusts, museums, schools, churches, and food banks.
So how can you protect your clients’ sensitive data and systems from breach danger or exposure because of third party service providers? We’ll be coming out with a new book addressing that problem soon, but here’s a sneak peek at our advice – and you can put this into practice right now.
Start employing single sign-on (SSO) and multifactor authentication (MFA) immediately. Those two tools combines add a strong barrier between cybercriminals and sensitive data and systems by giving IT staffers more control. MFA is often the star of the show when considering secure identity and access management solutions, but single-sign-on is the unsung hero.
SSO allows for the creation of a unique Launchpad for every user, giving IT staff the opportunity to control each user’s access to applications and data with one action. If someone’s account is compromised, instead of figuring out what they ad access to and turning each one off individually, IT staffers can cauterize the bleeding quickly by simply deactivating that user’s Launchpad, eliminating their access to everything.
Need to Know:
Double Extortion Ransomware is in Fashion This Summer
In a tough economy, everybody’s looking for a way to make a little more money and increase profitability – even cybercriminals. Why should a cybercriminal only benefit once from the hard work of hacking into systems and deploying ransomware, when they could benefit twice?
Double extortion ransomware is becoming more trendy as a means of cybercrime because it opens up extra opportunities for profit as cybercriminals not only attempt to get paid by selling you the encryption key to unlock your systems and data, they also try to extort a little extra by threatening to release especially sensitive information on the Dark Web.
The majority of ransomware infections are delivered via phishing- and phishing isn’t just an email threat these days. Instead of the proverbial malware-laced attachment, phishing has expanded to include attack attempts through malicious links, SMS messages, texts, chats, and more.
By implementing and updated regular phishing resistance training, companies can improve their defense against ransomware.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!