This week Warner Music sings the blues after a skimming attack surfaces and data breach costs (and risks) are soaring for businesses in every sector.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1 – 10
Breach News This Week – United States
United States – Telmate
Exploit: Unsecured Database
Telmate: Correctional Facility Communications
Risk to Business: 2.014 = Severe
An a misconfigured Amazon S3 Bucket is to blame for a nasty data breach involving Telnet, makers of the Getting Out app used for inmate communications. The app, (which charges an exorbitant fee of up to $0.50 per minute for families to communicate with their incarcerated loved ones), is commonly monitored by prison officials, but the data that has been leaked is the kind of highly sensitive personal information like whether an inmate identifies as transgender, their relationship status, prescription medication they take, and their religion. The company, part of the Global Tel Link family, blames a third party vendor for the incident. Experts say that 11,210,948 inmate records and 227,770,157 messages were exposed.
Individual Risk: 2.314 = Severe
While Telnet maintains that no medical data, passwords, or consumer payment information were affected, the information that has been widely available through this unsecured bucket is potentially personally damaging and opens prisoners and their families up to identity theft and blackmail risks, as well as targeting for hate crime.
Customers Impacted: 2.3 million inmates and their families
How it Could Affect Your Business: Failing to secure simple data storage tools like this is indicative of a lax attitude toward security throughout a company, and can turn off customers and potential partners. This is Telnet’s second security incident this year.
United States – Cygilant
https://techcrunch.com/2020/09/03/cygilant-ransomware/?web_view=true
Exploit: Ransomware
Cygilant: Information Security Firm
Risk to Business: 1.337 = Extreme
Cybersecurity startup Cygilant finds itself in hot water after falling victim to a ranasomware attack. Cygilant is believed to be the latest victim of NetWalker ransomware. A site on the Dark Web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant. It is unknown if they paid the ransom, but the Dark Web listing has disappeared.
Individual Risk: No personal information was disclosed as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business Ransomware is most commonly delivered through a phishing email, today’s most common vector for cyberattacks. Preventing phishing email from landing in employee inboxes is a strong defense against ransomware.
United States – Roper St. Francis Hospital
Exploit: Unauthorized Database Access (Phishing)
Roper St. Francis Hospital: Medical Center
Risk to Business: 2.354 = Severe
A newly-announced security breach occurred at Roper St. Francis Hospital between June 13 and June 17. An attacker was able to gain access to a treasure trove of healthcare data by compromising an an employee’s email in a suspected phishing incident at the Charleston, SC hospital. The patient information that was compromised contained names, birth dates, detailed medical records, insurance information, and Social Security numbers.
Individual Risk: 2.004 = Severe
Patients and former patients can determine if attackers got their data by calling a toll-free call center for more information at 1-888-498-0916
Customers Impacted: 6,000
How it Could Affect Your Business: Health care information is at a premium right now because it is a hot seller on the Dark Web – and with an exponential increase in phishing, every healthcare sector organization is high on the hit list for bad actors.
United States – The Jewish Federation of Greater Washington
Exploit: Hacking Instrusion
The Jewish Federation of Greater Washington: Non-Profit
Risk to Business: 1.211 = Extreme
A cyberattack at The Jewish Federation of Greater Washington gave cybercriminals a solid payday. Bad actors were able to hack in through an employee’s home WiFi to a privileged user account and snatch an estimated $7.5 million.The hack was discovered on August 4 by a security contractor who noticed unusual activity in an employee’s email account. That assessment indicates that the hacker had access to the system long before stealing the money, as early as the first months of summer. The organization has 52 employees.
Individual Risk: No personal information or donor financial data was reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: This is an enormous blow to any business, but especially a non-profit that needs funding to continue doing good work in hard times. Notoriously unsafe home WiFi and device or network sharing between parents and children creates opportunities for hackers to slip through.
USA – View Media
Exploit: Unsecured Database
View Media: Online Marketing Firm
Risk to Business: 2.201 = Severe
A publicly accessible Amazon Web Services (AWS) server that belongs to View Media was discovered by cybersecurity researchers, overflowing with more than 38 million US user records, including their full names, email and street addresses, phone numbers, and ZIP codes. The data included 700 statement of work documents for targeted email and direct mail advertising campaigns stored in PDF files, and 59 CSV and XLS files that contained 38,765,297 records of US citizens in total, of which 23,511,441 records were unique. The bucket also contained thousands of files for various marketing materials, such as banner advertisements, newsletters, and promotional flyers sorted by locations and ZIP codes that the marketing company’s campaigns targeted.
Individual Risk: 2.919 = Moderate
While this is a huge trove of information, no financial or protected personal information was involved, although this information will make its way into Dark Web data dumps.
Customers Impacted: 38 million +
How it Could Affect Your Business: Failing to undertake a simple bit of maintenance like this doesn’t look good in front of potential partners, who may become concerned that your business is a third party security risk and reconsider hiring you.
United States – Warner Music
Exploit: Malware (Magecart)
Warner Music: Entertainment Company
Risk to Business: 2.307 = Severe
In a just disclosed breach, Magecart skimming was in action at Warner Music from April 25 and August 5. Warner Music said hackers compromised “a number of US-based e-commerce sites” that were “hosted and supported by an external service provider.” The details that the cybercriminals checked out with include names, email addresses, telephone numbers, billing addresses, shipping addresses, and payment card details (card number, CVC/CVV and expiration date) for account holders and guests who placed items into shopping carts or made purchases in that timeframe.
Individual Risk: 2.297 = Severe
The company did not specify in it’s filing exactly which parts of it’s retail operations were impacted. Warner Music is offering free credit monitoring through Kroll for victims.
Customers Impacted: Unknown
How it Could Affect Your Business: Skimmers like Magecart are a result of hackers gaining access to parts of a website, often by compromising the weak credentials of a privileged account. Improving credential security is a must for strong cybersecurity.
Breach News This Week – United Kingdom & European Union
United Kingdom – Northumbria University
https://www.infosecurity-magazine.com/news/northumbria-uni-campus-closed/?&web_view=true
Exploit: Ransomware
Northumbria University: Institution of Higher Learning
Risk to Business: 2.717 = Severe
Northumbria University was sent reeling by a suspected ransomware attack which forced it to reschedule exams and close its entire campus. The college announced that it is undertaking a restoration and recovery operation, but that students would not have access to the student portal, blackboard and potentially other university platforms for some time during a particularly important part of the educational year.
Individual Risk: No information has been released about the type of data that may have been impacted, if any.
Customers Impacted: 26,675 students
How it Could Affect Your Business: Ransomware typically comes calling as part of a phishing attack. Adding strong protection from phishing attacks and improving phishing resistance training for every user can lower ransomware risks.
Breach News This Week – Australia & New Zealand
Australia – Service New South Wales
Exploit: Unauthorized Database Access (Phishing)
Service New South Wales: Government Entity
Risk to Business: 2.077 = Severe
Australian government agency Service New South Wales (NSW) confirmed that a recent attack resulted in the personal details of 186,000 customers being compromised. Hackers were able to gain access to 47 staff email accounts, giving them a pass into a huge amount of information. 738GB of data comprised of 3.8 million documents was stolen from the email accounts in April 2020.
Individual Risk: 2.776 = Moderate
Service New South Wales says that the stolen data is made up of internal documents such as handwritten notes and forms, scans, and records of transaction applications. There was no evidence that individual MyServiceNSW account data or Service NSW databases were compromised during the cyber attack.
Customers Impacted: 186,000
How it Could Affect Your Business: Tricking a staffer into giving up a password can be easy, especially at large companies like Twitter. That password can be the key to the kingdom for cybercriminals, giving them access to all sorts of systems and data – and you a new headache.
Breached This Week – South America
Argentina – Dirección Nacional de Migraciones
Exploit: Ransomware
Dirección Nacional de Migraciones: Government Agency
Risk to Business: 2.341 = Severe
Dirección Nacional de Migraciones, Argentina’s border control agency, was hit by a Netwalker ransomware attack that caused the interruption of the border crossing into and out of the country for four hours on August 27th. Systems were shut down after the agency’s tech support began receiving a suspiciously large amount of requests for assistance with irretrievable Office files. Government officials indicated that they will not pay the ransom and will not negotiate with Netwalker ransomware operators, who are currently demanding a $4 million ransom (up from $2 million after the expiration of the cybercriminals’ first deadline).
Individual Risk: No individual data has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware has a devastating impact on any organization, causing service disruptions and lost business plus an expensive recovery even if no information is stolen or it can be retrieved from backups.
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Breach News This Week: Featured Threat
A Ransomware Attack Attempt at Tesla is a Wild Ride That Leaves Questions for Business Owners
In a story with so many twist and turns that it seems like an action movie, Tesla dodged a bullet this week when FBI investigators revealed that it was the target of an audacious insider threat/ransomware/nation state attack .
According to reports, a potentially state-backed Russian cybercrime gang attempted to bribe a Tesla employee $1 million to install malicious ransomware code designed to steal corporate secrets and lock down Tesla’s operations at its Gigafactory near Reno, Nevada.
So, what’s the big takeaway from this sensational cybersecurity incident? Every company must consider insider threats in its cybersecurity plan.
Insider Threats
Money talks, and there is always a danger that someone could fall prey to the siren song of a bribe. A malicious insider can have many motivators. Sometimes it’s simple greed, sometimes its extortion – and sometimes it’s just a staffer in a bad spot trying to pay for something their family needs. No matter why that employee is willing to take a cybercrime gang’s money, it’s your business that suffers.
These staffers were specifically recruited to do this job by bad actors that were trying to steal Tesla’s proprietary secrets, disrupt their business, score a big payday, and make a splash in the hacking world. While the company was fortunate that its staffers weren’t taken in by the cybercriminals’ sales pitch, relying on employee satisfaction to prevent insider threats isn’t a strong defensive strategy – you need to do a little bit more.
Three Tools to Help You Fight Back Against Insider Threats
Learn what to look for to learn to spot and stop insider threats. Knowing how to read the signs of a problem, whether it’s a potentially malicious insider or a careless employee, can save your business.
Take steps now to reduce your risk of a business catastrophe caused by insider threats – because while no one wants to think that they can’t trust their staffers to do right by their business unfortunately, it’s the truth.
Need to Know:
Cyberattack Risks and Data Breach Costs are on the Rise in 2020
There’s no doubt that 2020 has been an expensive year for businesses in every way – and 2021 is just around the corner. What can you expect to need to consider in your 2021 cybersecurity budget? How about a few cost-effective upgrades, since both cyberattack risks and data breach costs are climbing (especially for government entities and healthcare providers), with no end in sight.
Reviewing the annual Ponemon Institute “Cost of a Data Breach” report, one figure sticks out: 70% of respondents expect remote working could increase the cost (and danger) of a data breach.
We’re finding that this is the case. From this week’s hacking attack on an employee’s home WiFi network that led to the theft of $7.5 million to intrusions enabled by IoT gadgets or parents and children sharing networks and devices at home, data breaches will rise from the sheer increase in opportunity afforded to cybercriminals by a remote workforce.
In today’s world, remote working isn’t going anywhere, especially as the COVID-19 pandemic continues to cause worldwide disruptions. But there are a few actions that businesses can take to reduce their risk of a cybersecurity disaster in these circumstances.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!