This week cybersecurity educators get taken to school by bad actors, the ancestral home of cybersecurity gets hit with a third-party data breach, credential stuffing rocks Canada’s Revenue Authority, and unexpected risks effect businesses as kids head back to school and parents continue working remotely.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Aerospace & Defense
- Top Employee Count: 11-50
The Week in Breach News – United States
United States – Michigan State University
https://apnews.com/876fddc3c0b7dc1cc4ad0a7d6a19fb23
Exploit: Malware
Michigan State University: Institution of Higher Learning
Risk to Small Business: 2.171 = Severe
Just in time for back to school, attackers were able to steal credit card and personal information from roughly 2,600 users of Michigan State University’s online store. Cybercriminals used malicious scripts designed to harvest and exfiltrate customers’ payment cards between Oct. 19, 2019, and June 26, 2020.
Individual Risk: 2.311 = Severe
MSU is notifying all potentially affected customers of the data breach and is offering free identity protection and credit monitoring.
Customers Impacted: 2,600
How it Could Affect Your Business: Magecart or skimming attacks are a regular tool of the trade for cybercriminals and the data that they collect often ends up for sale on the Dark Web.
United States – Brown-Forman
https://www.infosecurity-magazine.com/news/jack-danielsmaker-suffers-revil/?&web_view=true
Exploit: Ransomware
Brown-Forman: Wine and Spirits Conglomerate
Risk to Small Business: 1.979 = Severe
REvil ransomware strikes again, this time at beverage giant Brown-Forman, the maker of Jack Daniel’s and other spirits. Although the company has been mum on the details of the attack aside from claiming it successfully prevented attackers from encrypting its files, the cybercriminal gang says that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches.
Individual Risk: No individual data has been reported as compromised in this breach.
Customers Impacted: Unknown
How it Could Affect Your Business Ransomware often makes its way into company inboxes in the form of a phishing email. Phishing resistance training must be a crucial component of any company’s cybersecurity strategy.
United States – FHN
Exploit: Email Account Compromise
FHN: Healthcare System
Risk to Small Business: 1.870 = Severe
In a just disclosed incident, an unspecified “email account compromise” of “several” employee accounts resulted in a data breach that impacted patient PII at FHN healthcare facilities in Illinois. An unauthorized party was detected accessing employee email accounts on February 12 and 13. Information that may have been exposed in the breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some instances, patients’ health insurance information and/or Social Security numbers were also identified as exposed in the compromised email accounts.
Individual Risk: 1.821 = Severe
Not all patients of FHN were impacted, and FHN has contacted those patients were as well as offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Not only will this cause customer anger, this breach will also incur a potentially substantial HIPPA violation penalty. Placing better protections, including multi-factor authentication, on systems that handle sensitive data can prevent incidents like this from happening.
United States – SANS Institute
https://www.infosecurity-magazine.com/news/sans-phishing-attack/?&web_view=true
Exploit: Phishing/Accidental Data Sharing
SANS Institute: Cybersecurity Education and Certification
Risk to Small Business: 1.875 = Severe
Somebody needs to stay after class for extra tutoring at SANS Institute after an accidental data sharing incident led to a data breach that exposed over 28,000 PII records. The information was apparently mistakenly forwarded to an outside party. The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. One phishing email resulted in 513 emails full of PII being forwarded to the external address and malicious Office 365 add-on was also installed on the infected machine as part of the attack.
Individual Risk: No sensitive data or financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.
The Week in Breach News – Canada
Canada – Canadian Revenue Authority
https://globalnews.ca/news/7281074/cra-hack-online-services/
Exploit: Credential Stuffing
Canadian Revenue Authority: Government Agency
Risk to Business: 1.412 = Extreme
A series of cybersecurity incidents have rocked then Canadian Revenue Authority, leading to a complete shutdown of services that may take some time to restore. In three credential stuffing attacks, hackers compromised the usernames and passwords of thousands of accounts. Over the course of several days, the first and largest attack targeted GCKey accounts, the second attack took advantage of a “vulnerability in security software”, and the third resulted in the CRA suspending online services while it assessed the breach and attempted mitigation.
Individual Risk: 2.511 = Moderate
About 15,000 accounts are known to have been compromised, but the investigation is complex and ongoing. Service is expected to be restored for online users this week.
Customers Impacted: 15 million
How it Could Affect Your Business: Credential stuffing attacks are so successful because password reuse and recycling are endemic. Even though most people know that it’s dangerous, it’s still incredibly common – and incredibly risky for businesses who fail to secure their access points.
The Week in Breach News – United Kingdom & European Union
United Kingdom – Bletchley Park Trust
https://www.bbc.com/news/technology-53771942
Exploit: Third Party Breach Exposure
Bletchley Park Trust – Non-Profit Organization
Risk to Small Business: 2.707 = Moderate
Another victim of the Blackbaud breach, the Bletchley Park Trust announced that its donor information has been compromised. It’s just the latest addition to a huge list of universities, trusts, charities, and non-profit organizations that have been impacted by the massive breach at fundraising giant Blackbaud in July.
Individual Risk: No sensitive data or financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Third party risks are a constant in today’s business world, as more companies rely on online transactions to do business, and organizations contract outside providers to deliver specialty services like accounting or fundraising.
France – SPIE Group
https://securityaffairs.co/wordpress/106969/malware/nefilim-ransomware-spie-group.html?web_view=true
Exploit: Ransomware
SPIE Group: Energy and Communications Services
Risk to Small Business: 2.137 = Severe
Nefilim ransomware operators claim to have infiltrated SPIE Group, a major European technical services provider and exfiltrated a large amount of proprietary data. In an initial ransom post on their website, the cybercriminals released 65,042 files contained in 18,551 data folders as a “first installment” and have promised more if their demands aren’t met.
Individual Risk: No personal information was reported as stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Although we can’t be sure how it happened, ransomware is almost inevitably the result of a phishing attack that successfully lured in a staffer. Phishing attacks aren’t just email attachments anymore – they can be delivered through SMS, text, and messaging too.
The Week in Breach News – Asia
Japan – Konica-Minolta
Exploit: Ransomware
Konica Minolta: Optical Products Company
Risk to Business: 2.335 = Severe
The Japanese technology giant fell victim to a ransomware attack in late July that impacted business services and operations. Cybercriminals were able to deploy RansomEXX malware, a new variety of human-operated ransomware that encrypts systems but does not exfiltrate data. No other information has been made available about the attack.
Individual Risk: No data was reported stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Most ransomware attacks are the result of a phishing, and no company is immune to the impact of today’s biggest cybersecurity menace.
The Week in Breach News – Australia & New Zealand
Australia – ACT Education Directorate
Exploit: Credential Stuffing
ACT Education Directorate – Government Agency
Risk to Small Business: 2.301 = Severe
ACT Education was forced to block all public school students from accessing their Google email accounts after a spamming and credential stuffing incident led to students being exposed to lewd material – and the exposure of some students’ personal data. The educational authority is investigating the incident, and conflicting reports attribute the incident to either credential stuffing or internal hacking, possibly by a student.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybersecurity awareness is more important than ever for people of every age. Without updated, consistent security awareness and phishing resistance training, standards can slip and incidents like this can become major headaches.
Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Week in Breach Spotlight
Email Security Training Has Never Been More Important – or Worse.
A recent report from Mimecast on the state of email security raised some interesting data points. Although most companies are aware of the risk to their organization from email-based threats, many of them are still failing at doing anything to effectively stem the tide of dangers.
One of the most disturbing statistics of note is that only 1 in 5 companies provide regular email security and phishing resistance training to their employees. Even with 57% of the companies surveying saying that they had been impacted by a ransomware attack, and a hugely publicized 600% increase in phishing attack attempts since the start of the global pandemic, companies are still failing to take security awareness training seriously.
FAILURE TO PREPARE IS AN EMERGENCY
Don’t allow your customers to make the same mistakes. Cybersecurity and phishing awareness training sounds like something that can be put off until they have more time or more money, but it isn’t – it’s crucial for maintaining their data security.
With 80% of the survey respondents agreeing that email volume is only going to increase, and that fact being borne out by current events like the Great Work From Home and distance learning pitfalls, regularly updated email security training has to be a high priority for every organization.
Need to Know:
IoT and Home Router Vulnerabilities Can Spell Trouble For Businesses
As kids start heading back to class, colleges begin another year, and parents work to find a new home/life balance, things have changed a bit from the usual back-to-school routine. Unlike in past years, most everyone is doing their thing by logging in from home – and that can create an unexpected danger for your business.
While we’ve been at home during the pandemic, many people realized that their homes could use a little sprucing up. Maybe they had time that they didn’t usually have to research new devices, or they decided to treat themselves at a dark time. For many folks, that translated into fun conveniences like smart plugs, a digital assistant, or a robot vacuum that can be controlled by an app.
Internet of Things (IoT) devices have never been more popular – 5.8 billion home and auto IoT devices are expected to connect to the internet this year. While these small creature comforts may not seem like a source of harm for your business, they can be – 57% of IoT devices are vulnerable to medium or high severity attacks.
That means that if a cybercriminal hacks into your employee’s smart plug, then uses that opening to get into their smartphone, then slips through another opening to get into their business email account – you’ve been hacked, and the resulting danger to your systems and data is no different than it would be if the same thing happened from a hacker penetrating your enterprise security directly.
So how can companies combat this danger? The fastest way is to add a secure identity and access management solution. Multifactor Authentication (MFA) provides a crucial extra layer of security between hazards like this and your data. Adding MFA means that you can rest a little easier knowing that no matter how a cybercriminal manages to sneak past your security, they won’t be able to affect your business severely – helping alleviate one source of stress in uncertain times.
Follow us on social media to find out about breach news, new blog posts, updates, and other cybersecurity news!