This week ransomware sails a major shipping company into trouble, Microsoft makes a rare flub, Luxottica fails to see a threat, and malicious insiders shop for data at Shopify.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 1 – 10
The Week in Breach – United States
United States – Arbiter Sports
Exploit: Ransomware
Arbiter Sports: Sports Software and Services Provider
Risk to Business: 1.301 = Extreme
Arbiter Sports, a software provider for many athletic associations including the NCAA (National Collegiate Athletic Association) experienced a ransomware attack that led to significant data loss. The shifting story ultimately crystallized into the company paying the ransom to have data freed from what it classifies as a backup server containing a database of more than 540,000 540,000 of its registered members — consisting of referees, league officials, and school representatives. The data was from several applications and records including ArbiterOne, ArbiterGame, and even ArbiterWorks.
Individual Risk: 1.816 = Severe
Arbiter Sports said the backups contained sensitive information about users who registered on these web apps, such as account usernames, passwords, real names, addresses, dates of birth, email addresses, and Social Security numbers. Social Security numbers and passwords were encrypted. The company paid the ransom, but the data could have still been copied. Users should be aware of the potential for identity theft or spear phishing using this information.
Customers Impacted: 540,000+
How it Could Affect Your Business: Ransomware is every company’s worst nightmare. Even when a company pays the ransom, there’s no guarantee that the encrypted data wasn’t copied or resold before it was released by the cybercriminals.
United States – IPG Photonics
Exploit: Ransomware
IP Photonics: Laser Developer
Risk to Business: 2.305 = Severe
Defense contractor and laser developer IP Photonics was hit with a nasty ransomware attack using the RansomExx strain of ransomware, sometimes also dubbed Ransom X. IPG Photonics IT operations were affected worldwide, including internal IT, phones, manufacturing, parts, and shipping.
Individual Risk: No individual information was reported as compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Business Manufacturers that get shut down from ransomware don’t just lose data – they also lose production time, fulfillment capability, access to maintenance or operations technology, and other business essentials that can be hard to quantify yet devastating.
United States – Microsoft
https://www.zdnet.com/article/microsoft-secures-backend-server-that-leaked-bing-data/
Exploit: Unsecured Database
Microsoft: Technology Conglomerate
Risk to Business: 2.781 = Moderate
In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.
Individual Risk: No individual data is believed to have been impacted in this breach.
Customers Impacted: Unknown
How it Could Affect Your Business: Elementary security failures are embarrassing, and may lead your company’s customers to take their business elsewhere because if you’re forgetting the basics, how are you handling the more serious stuff?
United States – Town Sports International
Exploit: Unsecured Database
Town Sports International: Sports Club Operator
Risk to Business: 1.753 = Severe
Cybersecurity researchers discovered an unsecured database owned by Town Sports International that was unprotected for nearly one year, leaving room for unauthorized individuals to browse and steal customer information. The Amazon S3 bucket contained full names, addresses, contact information, credit card last 4 digits and expiry dates, billing histories, and other sensitive information for 60,000 members of health clubs along the East Coast, including clubs in Boston and New York. Employee records were also stored in this database, and their personal information was also likely exposed.
Individual Risk: 1.601 = Severe
This database was left wide open for at least a year, giving cybercriminals and databrokers ample time to harvest it for fuel to empower phishing attacks, identity theft, and other cybercrime.
Customers Impacted: 600,000
How it Could Affect Your Business: Minor security errors happen, but colossal blunders like this speak to a culture of sloppy security and lack of regard for data privacy across an organization.
United States – Universal Health Services
Exploit: Ransomware
Universal Health Services: Healthcare System Operator
Risk to Business: 1.442 = Extreme
Ryuk Ransomware did massive damage at Universal Health Services (UHS), resulting in damage that left UHS hospitals in the US including those from California, Florida, Texas, Arizona, and Washington D.C. without access to computers and phone systems. The healthcare giant operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees, and provides healthcare to approximately 3.5 million patients each year. The affected systems are still not fully restored, but patient care impacts are reported as minimal.
Individual Risk: No personal data has been reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services – and attacks are escalating.
United States – Tyler Technologies
https://dfw.cbslocal.com/2020/09/23/texas-company-software-local-governments-schools-data-breach/
Exploit: Ransomware
Tyler Technologies – Public and Defense Sector Software Provider
Risk to Business: 1.779 = Severe
North Texas company Tyler Technologies, provider of software services for everything from jail and court management systems to payroll, human resources, tax, and bill collection and land records, experienced a devastating ransomware attack. The company says that the impact of the incident is limited to internal corporate network and phone systems and that there has been no impact on hosted client environments, including its election results reporting software, although some clients are reporting escalating login problems since the attack.
Individual Risk: No personal data was reported as part of this incident.
How it Could Affect Your Business: An event like this at a technology provider is not a good look, especially for a contractor that handles both defense sector jobs and election reporting software.
The Week in Breach – Canada
Canada – Shopify
Exploit: Malicious Insider
Shopify: e -Commerce Platform
Risk to Business: 2.314 = Severe
The data of customers for an estimated 200 merchants on Shopify was exposed in an insider incident at the e-commerce giant. Two employees who were working a scheme to steal transaction data are to blame. The data exposed includes client details like email, name, and street address, as well as order details, but does not involve complete payment card numbers or financial information. The company hosts over one million businesses across more than 175 countries on its platform.
Individual Risk: 2.603 = Moderate
The rogue staffers were only able to expose a small amount of information from a few businesses. Merchants on the platform are being informed by Shopify as the investigation continues. Users who think they may be at risk should be alert for spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Business: The economy in the rest of the world may be challenged, but the Dark Web data markets are thriving, and staffers who need a little extra cash can be tempted to expose company data, sell their logins, or dip their feet into the cybercrime as-a-service market.
The Week in Breach – United Kingdom & European Union
France – CMA CGM
https://gcaptain.com/shipping-giant-cma-cgm-hit-by-cyber-attack/
Exploit: Ransomware
CMA CGM: Maritime Shipping and Logistics
Risk to Business: 1.702 = Severe
Ragnar Locker ransomware sailed into the systems of French cargo giant CMA CGM, leaving havoc in its wake. The company’s website and external access to all applications was taken offline. This is the latest in a series of attacks against logistics targets, including major shipping and trucking companies. No ransom has been named in the attack, and CMA CGMis still experiencing outages.
Individual Risk: No personal information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: The number one cause of ransomware flooding your systems is a phishing email. Increasing security awareness training including phishing resistance training with BullPhish ID can prevent these types of cybersecurity disasters.
Italy- Luxottica
Exploit: Ransomware
University Hospital Dusseldorf: Healthcare Provider
Risk to Business: 1.752 = Severe
Ransomware definitely blindsided Italian eyewear giant Luxottica, producer of popular brands including Ray-Ban, Oakley, Armani, Bulgari, Chanel, Prada, Ferrari, Giorgio Armani, Michael Kors, Burberry, Versace, Dolce and Gabbana, Miu Miu, and Tory Burch. The company’s brand websites and service provider websites for Ray-Ban, EyeMed, Pearle Vision, and Sunglass Hut went down after a ransomware attack disrupted operations worldwide. Investigation and restoration is ongoing.
Individual Risk: No individual information has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware can shut an organization down entirely, and these days bad actors are just as interested in disrupting business and manufacturing operations as stealing data.
Poland – BrandBQ
https://www.infosecurity-magazine.com/news/fashion-retailer-brandbq-seven/
Exploit: Unsecured Database
BrandBQ – Fashion Retailer
Risk to Business: 1.667 = Severe
An unsecured Elasticsearch database spelled trouble for Krakow-based fashion retailer BrandBQ. Security researchers uncovered the unencrypted Elasticsearch server on June 28 and BrandBQ finally secured it around a month later, but not before records for millions of clients were exposed. Observers reported one billion entries in the exposed database including 6.7 million records related to online customers, with each entry featuring personally identifiable information (PII) including full names, email and home addresses, dates of birth, phone numbers, and payment records (although not card details). Also available on the server were 50,000 records relating to local contractors in certain jurisdictions including VAT numbers and purchase information
Individual Risk: 2.863 = Severe
Information contained in this database sat unguarded and available to cybercriminals for at least a month. Clients of BrandBQ or any of its retail stores including online stores and operations in Poland, Romania, Hungary, Bulgaria, Slovakia, Ukraine, and the Czech Republic should be wary of spear phishing attempts using this data.
Customers Impacted: 7,000,000
How it Could Affect Your Business: An exposed database of this magnitude is shocking, and it definitely indicates that your company isn’t following cybersecurity best practices like securing sensitive customer data with multi-factor authentication.
The Week in Breach – Australia & New Zealand
Australia – Trading Reference Australia
Exploit: Unauthorized Database Access
Trading References Australia: Digital Real Estate Services
Risk to Business: 2.077 = Severe
The Office of the Australian Information Commissioner is investigating a data breach at the keeper of one of Australia’s largest tenant information databases, Trading Reference Australia. In addition to real estate services, the company also maintains a legendary blacklist of tenants. No word yet on what data was stolen and the matter is in current litigation.
Individual Risk: No personal or financial data has been reported as compromised in this breach so far, but it remains under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Failing to keep information secure, especially damaging information like a tenant blacklist has the potential to be very messy as both a recovery operation and a regulatory headache. Data like this sells fast in the Dark Web data markets.
The Week in Breach – Asia & Pacific
Singapore – ShopBack
https://www.marketing-interactive.com/shopback-says-consumer-cashback-is-safe-despite-data-breach
Exploit: Unauthorized Database Access
ShopBack: Digital Coupon Company
Risk to Business: 2.203= Moderate
Cashback reward app ShopBack has reported a data breach as a result of unauthorized access to company systems that contained customers’ personal data. Investigation of the incident is ongoing, but the company says that the damage included an extensive amount of exposed customer records that contained data such as users’ names, contact information, gender, date of birth, and bank account numbers. Singapore’s Personal Data Protection Commission is investigating.
Individual Risk: 2.419 = Severe
The possibility of bank account information becoming compromised as well as PII opens consumers up to a variety of nasty potential consequences including identity theft, fraud, and dangerous spear phishing attacks.
Customers Impacted: Unknown
How it Could Affect Your Business: Unauthorized access to systems containing consumer financial data like bank information is not just a PR disaster, it’s also a potential fine and compliance nightmare that can cost a fortune to clean up.
Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Threat
Business Email Compromise is a Messy, Expensive, Preventable Disaster
Securing highly privleged executive and administrator accounts has to be a high priority for every business
Business email compromise is a nightmare proposition for any company. Trading firm Virtu Financial learned that lesson the hard way in May 2020 when it lost it lost $6.9 million in a nasty incident.
The scam took off when a hacker accessed the email account of one of its executives, reading and analyzing that account’s email for at least two weeks. In phase two, the hacker altered the account’s settings and started sensing out their own fraudulent emails.
The cybercriminals involved then moved into phase 3 of the scam. After monkeying with the inbox rules to hide certain messages from being seen by the account owner they sprung the most important phase of their plan: sending a series of emails to the company’s accounting department asking it to issue two wire transfers to banks in China.
The accounting department didn’t see any red flags, and the two transfers, totaling about $10.8 million, were sent in due course in late May 2020. Shortly after the transfers were made, a routine audit clued accounting staffers into possible trouble but the damage was done, and Virtu Financial was only able to freeze $3.8 million of the money.
This whole nightmare stemmed from a single compromised executive email account. While the integrity of every credential is important to maintain security, executive and administrator credentials can cause the most damage to a company, as Virtu Financial learned to their peril.
It’s essential that every account for every user is under the umbrella of a strong secure identity and access management solution to prevent these incidents. Account compromise like this is frequently the result of a password compromise.
No matter how it’s obtained, whether it’s through spear phishing or it’s a lucky break from a credential stuffing attack, that compromised executive password can be neutralized when a second credential is needed to login to the endangered account. Plus, secure shared password vaults enable companies and IT teams to keep passwords for essential systems and access points especially protected.
The Week in Breach: Need to Know
Malicious Insiders Could Be Just Around the Corner
Cybersecurity risks don’t just come from outside your business. Sometimes, it’s the new staffer in payroll or the disgruntled clerk in receiving that pose your biggest cybersecurity threat and you may not even notice them until it’s too late, like Shopify this week.
But it’s not difficult or expensive to take sensible precautions against potentially malicious employees and you should do that right away – because it will happen to you. Insider threats like this are a never-ending source of worry for business owners, and that’s why secure identity and access management should be at the top of your list for solutions that help prevent malicious insiders from stealing sensitive information.
Security experts at companies around the globe agree – secure identity and access management is a key component of a strong cybersecurity defense that acts as a major deterrent to malicious insiders.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!