The Week in Breach: 07/29/20-08/04/20 | CloudSmart IT

The Week in Breach: 07/29/20-08/04/20

This week BlackBaud’s breach woes cause complications worldwide, double extortion ransomware comes calling, and how neglecting basic security awareness training can cost a fortune.


Dark Web ID’s Top Threats


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

Cybersecurity and Breach News – United States 


United States –  National Cardiovascular Partners

https://healthitsecurity.com/news/national-cardiovascular-partners-email-hack-impacts-78k-patients?&web_view=true

Exploit: Unauthorized Account Access

National Cardiovascular Partners: Healthcare Provider

cybersecurity and breach news represented by a gauge showing severe risk

Risk to Small Business: 2.232 = Severe

Patient data was exposed after hackers were able to gain access to the Excel spreadsheet where it was stored through an employee account compromise. Undetected for over 3 weeks, the spreadsheet contained patient information, including names, contact information, and a host of other sensitive data that varied by patient. No word on what else the hackers may have obtained.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.377 = Severe

Impacted patients are being notified and offered a one-year membership in Experian IdentityWorks, an identity theft protection service. These patients should also take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.

Customers Impacted: 78,070

How it Could Affect Your Business: Handling sensitive medical data is a proposition that requires excellent security training as well as a strong suite of cybersecurity solutions. Not only was this incident preventable, but it was also expensive – and it will not just cost a fortune in recovery, it will also invite regulatory penalties.


United States – IndieFlix

https://cybernews.com/security/indieflix-leaks-thousands-of-filmmaker-ssns-confidential-agreements-videos/?web_view=true

Exploit: Unsecured Database

IndieFlix: Streaming Service

cybersecurity & breach news represented by a gauge showing severe risk

Risk to Small Business: 1.603 = Severe

Another unsecured data bucket on a publicly accessible Amazon Simple Storage (S3) server is the culprit for a data breach at the streaming platform IndieFlix. The exposed data includes over 90,000 files. Some of the data includes scans of confidential motion picture acquisition agreements, tax ID requests that include filmmaker social security numbers and employer identification numbers, and detailed contact information of thousands of film professionals – plus thousands of unlocked video files of short films, movie clips, and trailers that can be accessed and downloaded by anyone with a direct link to the files.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.599 = Severe

3,217 scans of requests for tax identification numbers that include addresses, signatures, as well as social security numbers and/or employer identification numbers of the filmmakers or their distribution agents were compromised. Film industry professionals and organizations that have signed agreements with IndieFlix or given the company their contact details between 2013 and 2016, should be aware of the potential for their data, including financial information, to be used for fraud and spear phishing attacks.

Customers Impacted: Unknown

How it Could Affect Your Business Sloppy storage causes big problems that can have a huge impact on a company’s reputation client confidence. By improving security awareness training, employees will develop better handling habits for data and passwords.


United States – Athens Independent School District

https://www.easttexasmatters.com/news/education/athens-isd-pays-50k-for-release-of-data-in-ransomware-attack/?web_view=true

Exploit: Ransomware

Athens Independent School District: Public School System

cybersecurity and breach news  gauge indicating extreme risk

Risk to Small Business: 1.207 = Extreme

A school system in East Texas has paid cybercriminals a ransom of $50K for the key to unencrypt its data. The school board noted that it had no choice but to pay the ransom because it could not complete recovery in time to start the new school year. The report also noted that other school systems in East Texas have been hit with ransomware attacks recently as well. The district has cyberattack insurance.

Individual Risk: No personal or financial data about students or staff was reported as compromised at this time.

Customers Impacted: Unknown

How it Could Affect Your Business:  Ransomware is today’s biggest cybersecurity headache, and it’s usually delivered through a poisoned phishing email. A well-timed ransomware attack can create a big payday for cybercriminals as impacted victims are left with little recourse when they’re on a tight schedule.

United States – Ledger

https://portswigger.net/daily-swig/ledger-data-breach-impacts-one-million-users-hardware-wallet-funds-are-safe

Exploit: Unauthorized Database Access 

Ledger: Cryptocurrency Storage Hardware Developer

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.993 = Severe

Cryptocurrency wallet maker Ledger has announced that they experienced a data breach that exposed contact information for many clients. The breach was discovered by a participant in a bug bounty program. A marketing database containing email addresses for approximately one million users was unsecured, and a subset of 9,500 customers also had other contact information including first and last name, mailing addresses, and phone numbers exposed.

cybersecurity and breach news represented by a gauge indicating moderate risk

Individual Risk: 2.775 = Moderate

Only basic information like email addresses was exposed for a majority if the affected clients, but some customers’ addresses and phone numbers were compromised as well. Clients should be suspicious of potential spear phishing attacks.

Customers Impacted: 1 million 

How it Could Affect Your Business: Simple security failures like thismoneor the data breach caused by phishing at Twitter don’t increase client confidence in companies that promise secure technology.


United States – Havenly

https://www.bleepingcomputer.com/news/security/havenly-discloses-data-breach-after-13m-accounts-leaked-online/?&web_view=true

Exploit: Unauthorized Database Access

Havenly: Interior Design Collaboration Website 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.302 = Severe

As part of last week’s ShinyHunters data dump, the account details of millions of Havenly users were leaked on the Dark Web. The leaked data included affected users’ login name, full name, hashed password, email address, phone number, zip, and other data related to the usage of the site. Havenly noted that it does not store credit card numbers and no financial data was involved in this incident

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.503 = Moderate

No financial data was reported as compromised in this breach, but users should be aware of the personal details that were stolen being used to conduct spear phishing attempts.

Customers Impacted: 13 million

How it Could Affect Your Business: Data dumps from major players in the data selling business are becoming more common. These dumps often include email addresses and login credentials for work accounts that staffers may be using (or reusing) for convenience.


United States – Drizzly

https://techcrunch.com/2020/07/28/drizly-data-breach/

Exploit: Unauthorized Database Access

Drizzly: Alcohol Delivery Service

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.101 = Severe

Online booze startup Drizzly just announced that it suffered a data breach. Hackers were able to snatch customer email addresses, DOBs, hashed passwords, and some delivery addresses. The company says that no financial information was taken, but researchers noticed that hackers trying to sell Drizzly’s data claim to also have credit card numbers.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.661 = Moderate

No financial information was reported stolen, by the company, but cybersecurity reports put that claim in question. Users of the service should change their passwords immediately and monitor their credit accounts for fraud.

Customers Impacted: 2.5 million

How it Could Affect Your Business: As more competition pops up in online delivery service spaces, customers will be inclined to choose to do business with companies that can protect their data.


Cybersecurity and Breach News – Canada

Canada – Pivot Technology Solutions

https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/?&web_view=true

Exploit: Ransomware 

Pivot Technology Solutions – Managed Services Provider

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.513 = Severe

A ransomware attempt at Canadian MSP Pivot Technology Solutions was ultimately foiled, but not before the attackers were able to access and copy sensitive company data for some US employees and consultants. Compromised staff and associate data included names, addresses, dates of birth, gender, disability status, and type of insurance coverage. Cybercriminals also stole payroll data including details about deductions, 401k forms, income, and benefits as well as scooping up, banking details like routing and account numbers, and Social Security numbers.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.074 = Severe

The company is offering free monitoring solutions to affected staffers and advises anyone who suspects that their information may have been involved to monitor accounts for financial and identity compromise.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the bane of cybersecurity professionals around the world. It is typically used to encrypt data, but even an attempt that fails to encrypt data can still expose sensitive information.


Cybersecurity and Breach News – United Kingdom & European Union


United Kingdom – Avon

https://www.infosecurity-magazine.com/news/cosmetics-giant-avon-leaks-19/?&web_view=true

Exploit: Unsecured Database

Avon: Cosmetics Manufacturer and Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.883 = Severe

A misconfigured cloud server at global cosmetics powerhouse Avon was the culprit of a 7GB data breach at the cosmetics giant after it was discovered by researchers. The Elasticsearch database on an Azure server was publicly exposed with no password protection or encryption for nine days. The treasure trove of information available included personally identifiable information of both customers and employees, including full names, phone numbers, dates of birth, emails, and home addresses with GPS coordinates. Also included in the haul were an eye-popping 40,000+ security tokens and OAuth tokens plus internal logs, account settings, and technical server information.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.339 = Severe

While no financial data was reported as exposed, the personal information that was available to cybercriminals opens Avin customers and staffers up to spear phishing attempts and potential identity theft.

Customers Impacted: 19 million

How it Could Affect Your Business: Basic security failures are unacceptable at companies of any size. Consumers are becoming more aware of the potential risk that comes from having their personal data exposed and will be less likely to do business with companies that fail to secure it.


Germany – Dussmann Group

https://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/?&web_view=true

Exploit: Ransomware

Dussmann Group: Services Conglomerate

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.827 = Severe

Nefilim Ransomware is responsible for a data breach at Dresdner Kühlanlagenbau GmbH (DKA), a subsidiary of the Dussmann Group. The attackers began the sale of 14 GB of sensitive data including archives contain numerous documents, including Word documents, images, accounting documents, and AutoCAD drawings before encrypting systems. In total, the gang claims to have encrypted four domains and stolen approximately 200GB of archived data.

Individual Risk: No personal or financial information was reported as stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Dark Web data brokers aren’t just looking for password lists and credit card numbers. They also want proprietary data and business secrets like formulas and schematics like the ones stolen in this incident.


Cybersecurity and Breach News – Middle East & Africa


Israel – Promo.com

https://portswigger.net/daily-swig/promo-com-data-breach-impacts-23-million-content-creators

Exploit: Third Party Data Breach

Promo.com: Marketing Video Creation

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.092 = Severe

The Israeli-based marketing video creation site has disclosed a data breach after a database containing 22 million user records was leaked for free on a hacker forum. The exposed data includes content creators’ first name, last name, email address, IP address, approximated user location based on their IP address, and gender, as well as encrypted, hashed passwords. Promo.com says that the information was stolen as part of a third party data breach involving one of their service providers.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

No financial data was stolen in this incident, but the personal information stolen may open creators that use the site up to identity theft and spear phishing attempts.

Customers Impacted: 23 million

How it Could Affect Your Business: A data breach at a third party provider is almost as dangerous to a company’s security and reputation as an in-house incident.


Cybersecurity and Breach News – Australia & New Zealand


Australia – Regis Healthcare

https://www.smh.com.au/business/companies/aged-care-operator-s-sensitive-data-stolen-in-foreign-cyberattack-20200803-p55hxl.html?&web_view=true

Exploit: Ransomware

Regis Healthcare: Aged Home Operator

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.002 = Severe

Care home operator Regis is reporting that it suffered a cyberattack leading tom a data breach that was allegedly perpetrated by “foreign attackers” using Maze ransomware. The stolen data from 2 servers includes the personal information of a small number of residents at Regis facilities and a staff member

cybersecurity news gauge indicating extreme risk

Individual Risk: 2.705 = Moderate

While no financial information was reported stolen, a great deal of very specific and highly sensitive personal health data has been compromised. This is especially troubling as COVID-19 anxiety runs high, and may lead to public personal ramifications for patients that were affected as well as lending itself to spear phishing and blackmail attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: The ripple effect of one breach can sometimes be felt throughout an industry, as many services and companies are intertwined. By adding a solid digital risk protection platform to their security plan, businesses can gain a more holistic view of their risks to start patching up holes in security before a problem becomes a disaster.


Cybersecurity and Breach News Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach Cybersecurity and Breach News are calculated using a formula that considers a wide range of factors related to the assessed breach.


Added Intelligence


Insider Threats Caused Major Problems – But You Can Fight Back.

Insider threats are the biggest potential cybersecurity pitfall that any business faces. While we often think of saboteurs, thieves, criminals, and spies as the threats that businesses need to be concerned about, malicious insiders are only a small fraction of the problem.

The most potentially devastating threats to cybersecurity are intentional. Well-intentioned but careless or poorly trained employees can open businesses up to a data breach, ransomware, credential compromise, or another security incident quickly.

Learn to spot and stop insider threats to protect businesses from both malicious actors and sloppy staffers in our eBook, “Combating Insider Threats”, a free download that’s available now as part of our “Stop Insider Threats” resource package – plus take a deeper dive into insider threats with our “6 Things You Need to Know About Insider Threats” whitepaper, perfect for giving to customers who want to learn more about this problem an how you can solve it for them!


The BlackBaud Breach Fallout Continues to Pile Up

The recent data breach at fundraising technology provider BlackBaud is an object lesson in how third party risks can compromise cybersecurity and cause huge problems for other businesses, leading to a cascade effect that keeps the damage rolling.

Initially, BlackBaud obfuscated the details it released about the breach, including insinuating that the initial ransomware attack was unsuccessful. BlackBaud had actually paid the ransom demanded for the encryption key. The company also claimed that very little user data was stolen and the breach would only impact a small subset of its users.

Once again, that wasn’t necessarily the case. As the ripple effect of the initial breach became more apparent,large universities and institutions around the world began disclosing that information including details about their alumni, donors, and fundraising efforts had been compromised in the BlackBaud breach, Including The National Trust (UK), Texas Tech, the University of York, the University of South Wales, Aberystwyth University, and UK Charities including The Wallich, Crisis, Sue Ryder, and Young Minds.

The UK’s Information Commissioner’s Office (ICO) told the BBC that 125 organizations had reported that they were impacted by the event, including dozens of universities and 33 charities. Internationally, the breach is expected to impact many more universities, trusts, museums, schools, churches, and food banks. 

So how can you protect your clients’ sensitive data and systems from breach danger or exposure because of third party service providers? We’ll be coming out with a new book addressing that problem soon, but here’s a sneak peek at our advice – and you can put this into practice right now.

Start employing single sign-on (SSO) and multifactor authentication (MFA) immediately. Those two tools combines add a strong barrier between cybercriminals and sensitive data and systems by giving IT staffers more control. MFA is often the star of the show when considering secure identity and access management solutions, but single-sign-on is the unsung hero.

SSO allows for the creation of a unique Launchpad for every user, giving IT staff the opportunity to control each user’s access to applications and data with one action. If someone’s account is compromised, instead of figuring out what they ad access to and turning each one off individually, IT staffers can cauterize the bleeding quickly by simply deactivating that user’s Launchpad, eliminating their access to everything.


Need to Know:


Double Extortion Ransomware is in Fashion This Summer

In a tough economy, everybody’s looking for a way to make a little more money and increase profitability – even cybercriminals. Why should a cybercriminal only benefit once from the hard work of hacking into systems and deploying ransomware, when they could benefit twice?

Double extortion ransomware is becoming more trendy as a means of cybercrime because it opens up extra opportunities for profit as cybercriminals not only attempt to get paid by selling you the encryption key to unlock your systems and data, they also try to extort a little extra by threatening to release especially sensitive information on the Dark Web.

The majority of ransomware infections are delivered via phishing- and phishing isn’t just an email threat these days. Instead of the proverbial malware-laced attachment, phishing has expanded to include attack attempts through malicious links, SMS messages, texts, chats, and more.

By implementing and updated regular phishing resistance training, companies can improve their defense against ransomware.


Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.