This week ransomware hits the high seas at the United Nations International Maritime Organization, Aussie Scouts staffers aren’t picking up a “Phishing Resistance” merit badge anytime soon, and a look at rising ransomware costs and rates.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
United States – Arthur J. Gallagher & Co.
https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html
Exploit: Ransomware
Arthur J. Gallagher & Co.: Insurance Brokerage
Risk to Business: 2.119 = Severe
Ransomware struck at insurance giant Arthur J. Gallagher last week, according to the company’s Untied States Securities and Exchange Commission filing. The report went on to note that a limited portion of its internal systems were impacted and its operations were able to continue. Security researchers suspect that bad actors were able to exploit a known security flaw in the company’s servers to gain entry.
Individual Risk: So far, no personal data from clients or employees was noted as exposed in the breach, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Nowadays, ransomware operators aren’t just seeking ways to steal data – they also want to disrupt operations to cause damage.
United States – Cache Creek Casino
https://www.dailydemocrat.com/2020/09/30/cyberattack-shuts-down-cache-creek-casino/
Exploit: Ransomware
Cache Creek Casino: Resort
Risk to Business: 1.492 = Extreme
Ransomware cleaned up at Cache Creek Casino in California, shutting down operations at the popular gambling destination just as it began recovering from a COVID-19 closure earlier this year. No reopening date has been set as the investigation and recovery continues. Other businesses including a golf club and shopping at the complex remain open. Cache Creek Casino is part of Cache Creek Casino Resort, one of Northern California’s largest casino-resort destinations, is owned and operated by the Yocha Dehe Wintun Nation.
Individual Risk: No individual information was reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business More than 60% of businesses that experience a damaging cyberattack close – and it’s even more dangerous now as businesses try to recover from COVID-19 closures.
United States – District of Columbia Bar Association
https://techcrunch.com/2020/09/30/district-columbia-bar-exposed-personal-data/
Exploit: Unsecured Database
District of Columbia Bar Association: Regulatory Body
Risk to Business: 2.077 = Severe
An unsecured Elasticsearch server appears to be at fault for a data breach involving the personal data of new lawyers applying to test before the bar at the District of Columbia Bar Association. A whistleblower complaint was first submitted to the association in August, but resolution was slow, and applicant data may have leaked for some time before it was fixed. The DC Bar claims that only one record was exposed, but researchers and applicants who discovered the breach dispute that claim.
Individual Risk: 2.206 = Severe
Documents uploaded by applicants that may have been exposed include documents containing personal information like names, phone numbers, email addresses, Social Security numbers, the applicant’s full employment history, previous home addresses, and any disciplinary records provided.
Customers Impacted: Unknown
How it Could Affect Your Business: Serious personal information deserves serious security. Any company that collects sensitive information about clients or applicants needs to do due diligence to determine that the information is properly secured.
United States – Clark County School District
Exploit: Ransomware
Clark County School District: Education System
Risk to Business: 1.871 = Severe
Cybercriminals have followed through on their threats to release the information that they’d snatched about students after officials refused to pay the ransom demanded to release it. Students in the Clark County School District, Las Vegas, Nevada discovered over the weekend that their school records had been dumped on the Dark Web,
Risk to Individual: 1.660 = Severe
The leak included detailed personal and student record information including students’ names, social security numbers, addresses, and some financial information as well as grades, testing, awards, and disciplinary reports. Impacted students should be wary of spear phishing or identity theft attempts.
Customers Impacted: 320,000
How it Could Affect Your Business: Failing to institute regular security awareness training including phishing resistance leaves organizations ripe for ransomware – and cybercriminals are more than willing to double down on ransom demands.
United States – eResearch Technology
Exploit: Ransomware
eResearch Technology: Medical Research Technology Provider
Risk to Business: 1.330 = Extreme
In a disturbing turn of events, eResearch Technology was severely impacted by a ransomware attack that slowed down progress on COVID-19 vaccine and treatment research. The provider of technology that enables clinical trials and data sharing at organizations including AstraZeneca, Oxford University, and Bristol Myers Squibb, reported that its employees could not access many systems. That in turn affected clinical trials in progress as researchers were forced to track patient data manually using pen and paper. Systems were down for several days for repair.
Individual Risk: No personal data has been reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services and attacks in the medical sector have been escalating – just last week healthcare giant Universal Health Services was walloped by ransomware and is still recovering.
United States – Oaklawn Hospital
Exploit: Phishing
Oaklawn Hospital: Medical Care Provider
Risk to Business: 2.126 = Severe
Multiple successful phishing forays at Michigan’s Oaklawn Hospital netted a wealth of information for cybercriminals. After gaining access to several employee email accounts, cybercriminals were able to exfiltrate patient data. The attack is believed to have occurred in April 2020 but was just disclosed in a filing.
Individual Risk: 1.811 = Severe
Patient information exposed as a result of the incident included names, passwords, dates of birth, addresses, phone numbers, medical and health insurance numbers, Social Security numbers, financial account information, and driver’s license numbers. Impacted patients should be alert to potential phishing and fraud attempts.
Customers Impacted: 26,861
How it Could Affect Your Business: Not only does a data breach leave a huge mess of expensive cleanup behind, in many industries like healthcare, a data breach can also mean your organization will be paying big regulatory penalties and fines too.
United States – Piedmont Cancer Institute
Exploit: Phishing
Piedmont Cancer Institute: Specialty Medical Clinic
Risk to Business: 2.234 = Severe
Atlanta-based Piedmont Cancer Institute experienced a data breach exposing patient records and other sensitive information after an employee fell for a phishing attack. the incident occurred in a window stretching from mid April to early May and was just disclosed.
Individual Risk: 2.206 = Severe
Patient information exposed due to the email hack includes names, dates of birth, financial account information, and credit/debit card information. Patients who have been affected have been informed and should be alert for identity theft since payment card information was part of this breach.
Customers Impacted: 5,226
How it Could Affect Your Business: Securing access to sensitive data is essential. Piedmont Cancer Institute is adding multi-factor authentication to combat future incursions, a must-have for every business.
Canada – Telus/Medisys
https://globalnews.ca/news/7367127/medisys-data-breach/
Exploit: Ransomware
Medisys: Healthcare Provider
Risk to Business: 2.391 = Severe
Medisys just disclosed that it had been impacted by ransomware, exposing 60,000 patient records. A division of Telus, Medisys operates clinics in British Columbia and Alberta providing preventive health-care services under the name Copeman Clinics. The company chose to retrieve the stolen data by paying the ransom.
Individual Risk: 1.866 = Severe
The company estimates that the breach disclosed information for about 5% of its clients, but the investigation continues. Stolen information for impacted patients includes names, contact information, provincial health numbers, and test results. Clients’ financial information and social insurance numbers were not affected.
Customers Impacted: 60,000
How it Could Affect Your Business: Phishing-based email threats are a danger for any company, and they’re only increasing as cybercriminals take advantage of a wealth of cheap data and software for conducting these attacks on the Dark Web.
United Kingdom – International Maritime Organization (UN IMO)
https://www.infosecurity-magazine.com/news/un-shipping-agency-offline/
Exploit: Ransomware
UN IMO: Shipping Safety Regulatory Authority
Risk to Business: 2.071 = Severe
Ransomware chose UN IMO as it’s newest port of call last week, taking several key systems offline at the regulatory organization. in an announcement, UN IMO reported that its Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its Virtual Publications service had been knocked down by the attack. Restoration and recovery is underway, and most systems have been restored.
Individual Risk: No personal information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: The number one way for ransomware to land at your business is through a phishing email. Increasing security awareness training including phishing resistance training is essential for preventing cybercrime like ransomware from impacting your organization.
Switzerland – Swatch
Exploit: Ransomware
Swatch: Watchmaker
Risk to Business: 2.301 = Severe
World-renowned watchmaker Swatch was hit with ransomware that impacted several of its systems, causing disruptions throughout its operations for several days. Some systems weren’t directly affected but were shut down to mitigate damage and stem the tide of the infection. The company did not identify the exact type of ransomware used but indicated in a statement that it was aware of the culprit and would be pursuing legal action accordingly.
Individual Risk: No individual information has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware doesn’t always allow thieves to steal data – sometimes cybercriminals want to shut a business down by stopping production or impacting other business operations to cause disruption.
Australia – Scouts Victoria
Exploit: Phishing
Scouts Victoria: Youth Organization
Risk to Business: 2.227 = Severe
Someone needs to spend more time working on their “Phishing Defense” merit badge at Scouts Victoria after an employee fell for a phishing attack exposing the personally identifiable data of thousands of members. The youth organization provides empowerment, community support, and job training for young people. The incident happened in late July and August 2020. Scouts Victoria said it has notified the victims of the breach and has contacted relevant government authorities, including the Office of the Australian Information Commissioner (OAIC) and the Department of Human Resources.
Individual Risk: 2.317 = Severe
Sensitive information including names, phone numbers, credit card information, ID documents including passport information and driver’s license details, and bank details were exposed ion the breach, but it’s unclear if that data belongs to youth members, parents of members, or adult volunteers.
Customers Impacted: 900 estimated at this time, but the organization’s full membership includes 17,000 youth members and 5,000 adult volunteers.
How it Could Affect Your Business: Phishing is a dangerous proposition that every business faces daily, but businesses who store sensitive information, especially about children, need to be sure that their data is protected even if a staffer falls for a phishing attack.
India – Edureka
https://inc42.com/buzz/edureka-suffers-server-breach-data-of-2-mn-users-exposed/
Exploit: Unsecured Database
Edureka: Education Technology Provider
Risk to Business: 1.866= Severe
Cybersecurity researchers discovered an unsecured Elasticsearch server belonging to Indian education technology service Edureka that was overflowing with information for bad actors to savor – 25 gigabytes of fresh data, containing more than 45 million breached records of personal data from users. Many of the records were duplicates or fragments, obfuscating the real impact. After informing the company and not receiving a response, the researchers informed the Indian Computer Emergency Response Team (CERT-In) and the server was secured.
Individual Risk: 2.661 = Moderate
The exposed server contained names, addresses, and phone numbers for users primarily located in India, although some US users were also impacted.
Customers Impacted: 2 million estimated
How it Could Affect Your Business: Failing to secure a server is a rookie move and an indication that a company may not be using cybersecurity best practices elsewhere in the organization.
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Briefing
Cybersecurity Awareness Training is a Win for You and Your Clients
In a challenging economy, every client is looking for a way to save money – and every corner of the budget is on the table. That makes it hard to convince them of the importance of things like security awareness and phishing resistance training when intangibles always look like a good place to economize.
In 2020, 80% of firms have seen an increase in cyberattacks, and phishing attempts have increased by more than 660% since March 1, 2020. In these tumultuous times, companies can’t afford to ignore the benefits of training to save money. Businesses that engage in regular security awareness training like phishing resistance training have up to 70% fewer expensive, damaging cybersecurity incidents, making security awareness training a clear cost-benefit proposition.
Phishing resistance training definitely provides measurable value. Today, 90% of incidents that end in a data breach start with a phishing email. It’s just smart to increase phishing resistance training to mitigate that risk. Plus, since more than 80% of all reported cybercrime is phishing-based, it’s a smart bet to invest resources in phishing resistance training.
The damage related to cybercrime is projected to hit $6 trillion annually by 2021, and the average cost of a data breach in 2020 is $3.86 million. Anything that a company can do to avoid similar costs should be right at the top of their essential expenses list, and that includes security awareness and phishing resistance training.
The Week in Breach: A Note for Your Customers
Ransomware Incidents and Expenses Are on the Rise – and No Business is Safe
Ransomware is a terrifying threat that every business is facing these days and a favored tool of cybercriminals. Ransomware incidents are becoming more frequent, and both ransoms and recoveries are growing more expensive. Here are our best tips for avoiding getting caught up by expensive, damaging ransomware.
Add an automated phishing defense solution: Your employees can’t click on a ransomware-laden email if they never get it.
Never stop training: Cybercriminals are constantly updating their phishing attack playbooks. Shouldn’t you be constantly updating your phishing resistance training to fight back?
Lock your doors: Take the sting out of a stolen, phished, or cracked password by adding secure identity and access management to your defenses. It’s a recommended mitigation for cybercrime by the FBI.
By making a few simple and affordable tweaks to your defensive security plan, you can add several shields to protect your systems and data (and your bottom line) from the devastating effect of a ransomware disaster.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!