The Week in Breach: 08/05/20-08/11/20 | CloudSmart IT

The Week in Breach: 08/05/20-08/11/20

This week ransomware hits everywhere from small towns to multinational corporations and tech giants, how to add protection against nation state actors, and a new FBI warning about ransomware targeting US companies.


Cybersecurity News: Dark Web ID’s Top Threats


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

Cybersecurity and Breach News – United States 


United States –  UberEats

https://securityaffairs.co/wordpress/106770/deep-web/ubereats-data-leaked-dark-web.html?web_view=true

Exploit: Unauthorized Database Access

Uber Eats: App-Based Food Delivery Service

cybersecurity news represented by a gauge indicating moderate risk & New Breach News

Risk to Small Business: 2.691 = Moderate

Security analysts doing routine Dark Web and Deep Web monitoring uncovered a data dump containing details about customers, delivery drivers, and delivery partners for UberEats. The 9 TXT files leaked by the threat actor include login credentials of 579 UberEATS customers and details of 100 delivery drivers. The data includes login credentials, full name, contact number, trip details, bank card details, and, account creation dates.

cybersecurity news represented by agauge showing severe risk & New Breach News

Individual Risk: 2.377 = Severe

No details about how affected customers and drivers will be informed or any remediationn offered have been released. UberEats customers, drivers, and partners should reset their account credentials and be alert for credit card fraud, spear phishing, and identity theft dangers.

Customers Impacted: 679

How it Could Affect Your Business: This breach is especially troubling because it is unacknowledged and it was discovered by Dark Web analysts instead of internal IT, putting in question the company’s transparency about security and attention to small security issues.


United States – Summit Medical Associates

https://hotforsecurity.bitdefender.com/blog/summit-medical-associates-discloses-ransomware-attack-patient-and-affiliate-information-potentially-impacted-23874.html?web_view=true

Exploit: Ransomware

Summit Medical Associates: Healthcare Provider 

cybersecurity & breach news represented by a gauge showing severe risk & New Breach News

Risk to Small Business: 1.979 = Severe

A data breach has come to light at Summit Health after the Tennessee-based practice group reported that it had experienced an “inability to access certain records” in early June. A tired arty investigator determined that not only was it a ransomware incident, but the cybercriminals had also been able to access to their systems for nearly six months before the breach.

cybersecurity news represented by a gauge indicating moderate risk & New Breach News

Individual Risk: 2.799 = Moderate

There has been no reported no evidence that patient information was compromised, the affected server did contain patient PII including names, medical information, and Social Security numbers.

Customers Impacted: Unknown

How it Could Affect Your Business Cybercriminals had access to this server for six months before anyone noticed. Security awareness, data handling, credential monitoring, and phishing resistance training keep eyes on the ball for cybersecurity, lowering the chance that something like this happens (or persists).


United States – The Blacklist Alliance 

https://krebsonsecurity.com/2020/08/robocall-legal-advocate-leaks-customer-data/?web_view=true

Exploit: Unauthorized Database Access

The Blacklist Alliance: Robocall Legal Advocate

cybersecurity news represented by agauge showing severe risk & New Breach News

Risk to Small Business: 1.717 = Severe

In an ironic turn of events, The Blacklist Alliance, a company that helps telemarketers dodge lawsuits from violations of the Telephone Consumer Protection Act, has experienced a data breach that leaked the phone numbers, email addresses and passwords of all its customers, as well as mobile phone numbers and data on people who have hired lawyers to go after telemarketers. Thousands of documents, emails, spreadsheets, images, and the names tied to a huge number of mobile phone numbers were freely accessible from the domain theblacklist.click. The directory also included all 388 Blacklist customer API keys, as well as each customer’s phone number, employer, username, and password ( hashed using the MD5 algorithm).

cybersecurity news represented by agauge showing severe risk & New Breach News

Individual Risk: 1.912 = Severe

Individuals and companies who have done business with The Blacklist Alliance should consider their information at risk for fraud, identity theft, blackmail, or spear phishing attempts.

Customers Impacted: 388+

How it Could Affect Your Business:  A failure to secure PII and other sensitive data in an industry that handles secretive personal matters like this can be disastrous. Not only does it open the company up to legal and reputational risk, but it also risks the company’s ability to keep doing business in an industry that prizes anonymity.


United States – CWT

https://uk.reuters.com/article/uk-cyber-cwt-ransom/payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to-cyber-criminals-idUKKCN24W26P?&web_view=true

Exploit: Ransomware

CWT: Travel Management 

cybersecurity news represented by agauge showing severe risk & New Breach News

Risk to Small Business: 1.882 = Severe

CWT reportedly paid an eye-popping $4.5 million to cybercriminals using Ragnar Locker ransomware to decrypt reams of sensitive corporate files and restore 30,000 company computers that were knocked offline. Reportedly, the hackers initially demanded $10 million. Reuters included details and screenshots of the negotiation in a story filed last week. The ransom note left by the hackers claimed to have stolen two terabytes of files, including financial reports, security documents, and employees’ personal data such as email addresses and salary information. 

Individual Risk: No personally identifiable information or financial information was reported as stolen/  

Customers Impacted: Unknown

How it Could Affect Your Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.


United States – Boyce Technologies 

https://cointelegraph.com/news/ransomware-threatens-production-of-300-ventilators-per-day?web_view=true

Exploit: Ransomware

Boyce Technologies: Medical Equipment Manufacturer 

cybersecurity news gauge indicating extreme risk & New Breach News

Risk to Small Business: 1.407 = Extreme

Essential medical equipment producer Boyce Technologies was attacked with DoppelPaymer ransomware. The company produces about 300 low-cost ventilators per day using human and robotic labor. Microsoft noted that this type of ransomware uses “brute force” against a target company’s systems management server. It has extensively targeted the healthcare sector since the start of the COVID-19 crisis.

Individual Risk: No personal or financial information was reported as compromised.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware attacks have grown more sophisticated and more dangerous in 2020, and corporate-level espionage that impacts production has become more prevalent – meaning that companies have to be more cautious about closing security loopholes.


United States – City of Lafayette, Colorado 

https://www.securityweek.com/colorado-city-pays-45000-ransom-after-cyber-attack?&web_view=true

Exploit: Ransomware

City of Lafayette, CO: Municipal Government

cybersecurity news represented by agauge showing severe risk & New Breach News

Risk to Small Business: 2.101 = Severe

The City of Lafayette, CO paid $45k to cybercriminals to restore access to municipal computers after a successful ransomware attack shut municipal networks down including city emails, phones, online payments, and reservation systems. The cost of restoration and the impact of the shutdown on city services impacted the city’s calculations when choosing to pay the ransom or restore from backups.

cybersecurity news represented by a gauge indicating moderate risk & New Breach News

Individual Risk: 2.801 = Moderate

City officials say that credit card information was not compromised, and there was no evidence that personal data was stolen either, residents should monitor their accounts for suspicious activity as a precaution.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware can be so damaging that paying the ransom is less than the cost of recovery. Without adequate protections in place including updates security awareness training and access controls, organizations (and their budgets) can take a big hit from ransomware.


Cybersecurity and Breach News – Canada

Canada – Nova Scotia Health Authority

https://www.canadiansecuritymag.com/two-security-breaches-affects-health-information-of-211-people-in-nova-scotia/

Exploit: Unauthorized Database Access

Nova Scotia Health Authority: Healthcare System 

cybersecurity news represented by a gauge indicating moderate risk & New Breach News

Risk to Small Business: 2.662 = Moderate

Not one but two security breaches at the Nova Scotia Health Authority have been reported as patient data was accessed by unauthorized individuals. The information was reported as “viewed”, but no details were given on how or by whom. The Nova Scotia Health Authority said it had notified the province’s Office of the Information and Privacy Commissioner.

cybersecurity news represented by a gauge indicating moderate risk & New Breach News

Individual Risk: 2.874 = Moderate

The Authority said that it has notified the small number of patients affected, and did nor report ant financial information as stolen in either incident.

Customers Impacted: 211

How it Could Affect Your Business: Sensitive information, especially medical data, requires an extra level of care for protection – or the company that mishandles it will find themselves paying large fines in addition to other remediation costs.


Cybersecurity and Breach News – United Kingdom & European Union


United Kingdom – British Dental Association 

https://www.bbc.com/news/technology-53652254?&web_view=true

Exploit: Unauthorized Database Access

British Dental Association: Trade Union 

cybersecurity news represented by a gauge showing severe risk & New Breach News

Risk to Small Business: 1.866 = Severe

The British Dental Association informed its members that data on a “small fraction” of its membership was exfiltrated in late July. The statement was vague about the cause or impact, and the organization’s website has been down since the attack was reported on 7/30/20. The association is still working to restore its web, telephone, and internal networks following the security breach, and has notified the Information Commissioner’s Office.

cybersecurity news represented by agauge showing severe risk & New Breach News

Individual Risk: 2.219 = Severe

The organization does not store members’ card details but does hold account numbers and sort codes to collect direct debit payments. The BDA has urged its members to remain vigilant against identity theft or spear phishing attempts.

Customers Impacted: 22,000

How it Could Affect Your Business: When an organization stores the financial information of its members in any capacity, that information needs to be protected – and members need to have confidence in the security of their personal and financial data on file, especially in professional groups or trade unions.


France – Forsee Power

https://securityaffairs.co/wordpress/106833/malware/forsee-power-netwalker-ransomware.html?web_view=true

Exploit: Ransomware

Forsee Power: Electromobility Battery Manufacturer  

cybersecurity news represented by agauge showing severe risk & New Breach News

Risk to Small Business: 1.113 = Severe

Netwalker ransomware is to blame for the leak of extensive business data at the Paris-based battery manufacturer, a world leader in electric mobility device power.  Cybercriminals exposed a directory containing folders such as Accounts Receivable, Finance, Collection Letters, Expenses, and Employees in an image posted to the Netwalker group blog.

Individual Risk: No personal or financial information was reported as stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Sensitive business data is valuable – and it sells for a pretty penny on the Dark Web. Smart companies use Dark Web monitoring to stay on guard against the exposure of sensitive credentials and information on the Dark Web.


Cybersecurity and Breach News – Asia


Japan – Canon

https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/

Exploit: Ransomware

Canon: Optical and Imaging Products Manufacturer 

cybersecurity news represented by agauge showing severe risk & New Breach News

Risk to Small Business: 2.231 = Severe

International equipment behemoth Canon reported in a letter to staffers that it had been the victim of a ransomware attack that Canon impacted numerous services, including Canon’s internal email, Microsoft Teams, USA website, and other essential business applications. The Maze ransomware group has claimed credit for the successful attack and disruption of Canon’s business systems. Maze operators stated that they extracted 10 terabytes of data on private databases in the attack. Canon notes that some users’ still image and video image data stored in its image.canon cloud photo platform involving the 10GB long-term storage option was missing but offered no details as to the type of images that were taken.

Individual Risk: At this time, there is no available information about the nature or provenance of the stolen data.

Customers Impacted: Unknown

How it Could Affect Your Business: Maze ransomware attacks typically start with gaining access to an average employee account and using that to gain access to accounts with greater privilege – and the vast majority of ransomware attacks start off as phishing.


Cybersecurity and Breach News – Australia & New Zealand


Australia – ProctorU

https://www.itnews.com.au/news/australian-universities-investigate-online-exam-tool-data-breach-551373?&web_view=true

Exploit: Unauthorized Database Access

ProctorU: Online Test Monitoring Service

cybersecurity news represented by agauge showing severe risk & New Breach News

Risk to Small Business: 1.667 = Severe

A number of Australian universities have been affected by a breach at testing services provider ProctorU. Hackers from the Shiny Hunters group published the stolen database from ProctorU online. The affected universities include the Group of Eight’s University of Sydney, University of NSW, University of Queensland, University of Melbourne, University of Western Australia, and the University of Adelaide, as well as Swinburne University, James Cook University, and Curtin University. The stolen data reportedly contains The data contains usernames, unencrypted passwords, legal names, and full residential addresses of students at the impacted schools.

cybersecurity news represented by a gauge indicating moderate risk & New Breach News

Individual Risk: 2.871 = Moderate

No financial information was stolen, but student PII was impacted. Students should be cautious of spear phishing attempts using the stolen data

Customers Impacted: 444,267

How it Could Affect Your Business: Ransomware has become the bane of most cybersecurity planners’ existence. By increasing investment in essential security awareness training tools, companies can better protect their data ( and their budgets) from ransomware.


Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach Cybersecurity and New Breach News are calculated using a formula that considers a wide range of factors related to the assessed breach.


Added Intelligence

Nation State Actors Threaten Companies Worldwide

Cybersecurity threats and attacks involving nation state actors have been all over the news. From a pattern of suspected state-sponsored cyberattacks in Australia to suspected cyberthreats targeting critical infrastructure in the United States, high-level hacking has become a worldwide concern.

While this may not seem like a problem that could affect MSPs and small to medium-sized businesses, it is. These hackers aren’t just going for the biggest kid on the block. Smarter, more sophisticated hackers are starting from the ground up in a concerted effort to capture credentials and access to providers of essential business services in their webs.

KNOW YOUR HACKERS

By far, the most dangerous cybercrime environment right now is in medical research and development, as companies around the globe race to develop treatments and an eventual vaccine for COVID-19. Recent attempts to steal vaccine research from Moderna can be traced to known Chinese hacking groups. Additional attacks against pharmaceutical companies and researchers can be traced to Russian hacking groups, according to the U.S. National Security Agency.

Your customers are reading about these attacks in major publications and seeing growing concern from governments around the world in the media. That’s why you should develop a plan now to offer them options to increase their data protection – and using that plan to start conversations about increased security with other clients who you think might be at risk. 

SECURE GATEWAYS TO DATA

The bane of every IT team, insecure or stolen passwords are a constant menace. Multifactor Authentication provides a crucial extra security check between bad actors and a company’s data and systems, and Single sign-on lets administrators quickly and efficiently turn on and off access to applications. Secure Central Password Storage Vaults also keep administrator credentials protected yet accessible by the right people when needed. Improving password security is vital to guarding against cyberattacks like these.

STOP RANSOMWARE ATTACKS FROM LANDING

Encourage customers to boost their phishing resistance training immediately. One of the most devastating tools that cybercriminals including nation state actors are using these days is ransomware – and the number one way that ransomware is delivered is through a phishing email. About 50% of businesses were affected by ransomware last year – but 50% of IT professionals don’t believe that their organization is ready to defend against a ransomware attack. 

INFORMATION IS POWER

Giving your customers these essential protection tools can help guard against many of the major attack vectors that nation state hackers like to use, like credential stuffing and ransomware. 

Staying updated on new technologies and cost-effective solutions, gathering good intelligence, and staying informed about new threats is your best bet for providing effective protection to your clients and your MSP in a tumultuous world.


Need to Know


FBI Warns Against Increased Danger From Netwalker Ransomware

Ransomware attacks are the monster in the closet that keeps IT teams up at night – and they’re only getting worse. Recently, the US Federal Bureau of Investigation released a new Flash Alert warning about the danger of Netwalker ransomware to businesses and infrastructure, as attacks with this tool ramp up against US-based targets.

Companies of all sizes are at risk for ransomware attacks of this nature, especially in the healthcare, infrastructure, defense, or technology sectors. Netwalker ransomware has also been used to disrupt production lines, as unfortunately happened to a manufacturer of respirators urgently needed in the fight against COVID-19.

Follow us on social media to find out more about breach news, new blog posts, updates, and other cybersecurity news!
View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.