This week hackers scale The North Face, ransomware rocks eCommerce, an in-depth look at the importance of cyber resilience, and how remote work increases ransomware danger.
The Week in Breach News: Dark Web ID’s Top Threats This Week
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
The Week in Breach News – United States
United States – Delaware Division of Public Health
Exploit: Accidental Data Sharing
Delaware Division of Public Health: State Health Agency
Risk to Business: 2.311 = Severe
The Delaware Division of Public Health announced that in mid-September, a temp sent two emails containing COVID-19 test results for approximately 10,000 individuals to the wrong party. The August 13, 2020, email included test results for individuals tested between July 16, 2020, and August 10, 2020. The August 20, 2020, email included test results for individuals tested on August 15, 2020. Investigators have determined that these emails were sent by mistake, as the information was supposed to be sent to a member of the call center staff to assist individuals in obtaining their test results.
Individual Risk: 2.824 = Moderate
The information mistakenly released in this foul-up included the date of the test, test location, patient name, patient date of birth, phone number if provided, and test result.
Customers Impacted: 10,000
How it Could Affect Your Customers’ Business: Human error remains the number one cause of a data breach. Security awareness training is the most effective way to prevent unfortunate employee errors.
United States – Vertafore Inc.
Exploit: Unsecured Database
Vertafore Inc.: Insurance Company
Risk to Business: 1.702 = Severe
Information about 27.7 million Texas drivers has been exposed online and stolen from an unsecured database belonging to insurance company Vertafore Inc. after someone put three major company files on an unsecured storage server.
Individual Risk: 2.662 = Moderate
The company says that no identification misuse has been determined, but they’re also offering free credit monitoring and identity restoration services to all Texas driver’s license holders potentially affected by the data breach.
Customers Impacted: $27.7 million
How it Could Affect Your Customers’ Business Bad data handling is a symptom of poor cybersecurity hygiene, and it can easily lead to bigger problems like ransomware and password compromise.
United States – X-Cart
Exploit: Third Party Software
X-Cart: eCommerce Platform Creator
Risk to Business: 2.003 = Severe
X-cart discovered the danger of vetting errors when attackers exploited a vulnerability in a third-party software tool to gain access to X-Cart’s store hosting systems. Some stores went down completely, while others reported issues with sending email alerts. The incident is under investigation and service has been restored for clients.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cyberattacks can come from unexpected quarters, like a vulnerability in third-party software that you rely on.
United States – Wildworks (Animal Jam)
Exploit: Third Party Data Breach
Wildworks: Video Game Developer
Risk to Business: 1.664 = Severe
Wildworks, the developer of the online kid’s playground Animal Jam, announced a data breach involving a third-party vendor that exposed the information of millions of children on the Dark Web. The information appeared on the Dark Web as the booty of cybercrime gang ShinyHunters.
Individual Risk: 1.902 = Severe
Exposed information includes 46 million player usernames, which are human moderated to make sure they do not contain a child’s proper name, 46 million SHA1 hashed passwords and approximately 7 million email addresses of parents whose children registered for Animal Jam.
Customers Impacted: 46 million
How it Could Affect Your Customers’ Business: Third-party service providers may not have the same commitment to data security as you do. It pays to do your homework to avoid these problems whenever possible.
United States – Pluto TV
Exploit: Hacking
Pluto TV: Online Television Service
Risk to Business: 2.166 = Severe
Hackers from the cybercrime gang ShinyHunters have announced the acquisition of 3.2 million Pluto TV user records that were purportedly stolen during a data breach. The data appears to be somewhat out of date, and Pluto TV has not confirmed the breach.
Individual Risk: 2.611 = Moderate
Exposed information includes a member’s display name, email address, bcrypt hashed password, birthday, device platform, and IP address. The data is estimated to be about two years old.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Protecting your client records and other sensitive data from thieves has to be a top priority, no matter how old it is. Customers expect that you’ll keep it safe with reasonable security precautions in place.
United States – The North Face
https://chainstoreage.com/report-hackers-may-have-obtained-north-face-customer-data
Exploit: Credential Stuffing
The North Face: Outdoor Apparel Retailer
Risk to Business: 2.322 = Severe
Hackers mounted a successful attack against outdoor retailer The North Face, capturing an unknown amount of client data in the process. While retail operations were not disrupted, the company has released a caution to customers about the incident.
Individual Risk: 2.711 = Moderate
The company noted that the breach includes “products you have purchased on our website, products you have saved to your ‘favorites,’ your billing address, your shipping address(es), your VIPeak customer loyalty point total, your email preferences, your first and last name, your birthday (if you saved it to your account), and your telephone number (if you saved it to your account)”. Payment information was stored separately and more securely and not impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing attacks have gained new fuel from a bountiful harvest of Dark Web data dumps adding fresh ammo for cybercrime.
The Week in Breach News – Canada
Canada – The City of Saint John, N. B.
Exploit: Ransomware
The City of Saint John, N. B.: Municipal Government
Risk to Business: 1.222 = Extreme
A massive cyberattack has ground many municipal operations to a halt in Saint John, New Brunswick. The suspected ransomware attack on the city government caused havoc. Government officials said in a statement that while its 911 communications network is open, the cyberattack has shut the city’s website, email, online payment system, and customer service applications.
Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.
Customers Impacted: 68,000
How it Could Affect Your Customers’ Business: Ransomware isn’t just about capturing data anymore, it can also be intended to shut down your business. Security awareness training prevents up to 70% of cybersecurity incidents.
The Week in Breach News – United Kingdom & European Union
United Kingdom – Sandcliffe Motor Group
Exploit: Ransomware
Sandcliffe Motor Group: Automobile Retailer
Risk to Business: 1.802 = Severe
A ransomware attack has exposed the information of employees and customers of Sandcliffe Motor Group. The chain of 10 dealerships around the UK has traced the source to an employee clicking a link in a phishing email.
Individual Risk: 1.613 = Severe
The company noted that bank account details and medical histories may be included in the information that was snatched. Clients and employees should be aware of the possibility that their personally identifiable or financial data was compromised and be alert to spear phishing and identity theft attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing never goes away, and it’s always the fastest, easiest way for cybercriminals to strike.
Germany – Miltenyi Biotec
https://www.securityweek.com/biotech-company-miltenyi-biotec-discloses-malware-attack
Exploit: Malware
Miltenyi Biotec: Cell and Therapy Research Solutions Provider
Risk to Business: 2.322 = Severe
Malware is to blame for a recent spate of order processing snafus at Miltenyi Biotec, a major manufacturer and distributor of essential solutions used in scientific research and medical therapies. The company noted that it has been able to control the problem and does not anticipate a significant future impact.
Customers Impacted: Unknown
Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.
How it Could Affect Your Customers’ Business: Malware can arrive on your doorstep in many ways, but it’s most likely to come attached to a phishing email.
The Week in Breach News – Australia & New Zealand
Australia – Nexia Australia and New Zealand
https://www.itwire.com/security/melbourne-firm-denies-data-stolen-during-ransomware-attack.html
Exploit: Ransomware
Nexia Australia and New Zealand: Accounting Firm
Risk to Business: 1.806 = Severe
REvil ransomware strikes again, this time at major accounting firm Nexia. The company informed regulators of an attack on November 3, 2020. While the REvil gang had up until recently boasted of the score on its website, the information has since disappeared, leading to speculation that the ransom was paid. The firm has not confirmed what if any data was stolen, although the REvil group did confirm that it had data in its initial posting.
Individual Impact: No information is available about any personal or financial data that was exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a menace that every company must be on guard for at every turn to avoid messy and damaging incidents like this, with correspondingly expensive results.
The Week in Breach News – Asia Pacific
India – Press Trust of India
Exploit: Ransomware
Press Trust of India: News Reporting Service
Risk to Business: 2.169 = Severe
Major Indian news agency Press Trust of India was shut down for several hours over the weekend after a ransomware attack disrupted its operations, leaving millions of subscribers including major news sources in the dark. Service was restored by the next day and an investigation is underway, but the suspected culprit is ransomware.
Individual Impact: No personal data was exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Snarling systems and impacting production are two goals that we’re seeing on the rise on cybercriminal hit lists, and frequently ransomware is the tool that they prefer to shut down businesses.
Singapore – RedDoorz
Exploit: Unauthorized Database Access
RedDoorz: Hotel Management and Booking Platform
Risk to Business: 2.070 = Severe
The bad guys slipped through the door at the hotel and travel booking platform RedDoorz, and they took home some souvenirs. A threat actor is selling a RedDoorz database containing 5.8 million user records on a Dark Web forum.
Individual Risk: 2.037 = Severe
In the information exposed on the Dark Web, cybercriminals showed that they had obtained user records that included the member’s email, bcrypt hashed passwords, full name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation as well as miscellaneous personal details. Users of the platform should be wary of spear phishing attempts using this data.
Customers Impacted: 5.9 million
How it Could Affect Your Customers’ Business: Putting extra security between your client records and hackers is a smart move to avoid becoming part of the booming Dark Web data economy.
Malaysia – 123RF
https://www.hackread.com/ransomware-attack-brazil-top-court-encrypts-backups/
Exploit: Unauthorized Database Access
123RF: Stock Photo Provider
Risk to Business: 2.233 = Severe
Popular stock photo source 123RF discovered that someone had stopped by or more than just some free art this week after 8.3 million of its client records appeared on the Dark Web. Based on the dates listed, the information is likely a year or so old.
Risk to Business: 2.427 = Severe
The pilfered data includes user records showing 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no financial information stored in the database. Users should be on the lookout for possible spear phishing emails like fake PayPal notices using this data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Guarding user records is essential in today’s business world because savvy users are likely to take their business elsewhere after a breach.
The Week in Breach – South America
Chile – Cencosud
Exploit: Malware
Cencosud: Retail Conglomerate
Risk to Business: 2.342 = Severe
Cencosud was hit with a ransomware attack that encrypted devices throughout their retail outlets and impacted the company’s operations. Most retail locations of the South American retail giant are operational, but other services including its in-house credit cards have been impacted. Egregor ransomware is suspected as the culprit. Cencosud manages a wide variety of stores in Argentina, Brazil, Chile, Colombia, and Peru.
Individual Risk: While it’s clear that a great deal of information and major systems were encrypted, there are no specifics on any data stolen.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware as a business disruptor is a favored weapon of nation-state hackers, and is being more frequently used to create chaos in retail, healthcare, government, and essential service operations.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Briefing
Cyber Resilience Gets Your Clients Ready to Fight Back Against Innovations in Cbercrime
One of the hottest topics in cybersecurity these days is cyber resilience. In a rapidly evolving threat atmosphere, organizations that are cyber resilient aren’t just following cybersecurity best practices or securing their systems and data with the latest tech, they’re also thinking about the cybersecurity disasters of the future – and that opens up new opportunities for MSPs to increase their MRR.
Many factors have contributed to a fresh buzz around cyber resilience. While it’s not a new concept, it has taken on a greater significance in 2020 as businesses around the globe have had to deal with a perfect storm of cybersecurity challenges. Experts are embracing cyber resilience as a priority at big companies, and it’s really something that every organization of any size should have on their radar.
One major contributor to a new interest in cyber resilience has been the impact of COVID-19. The global pandemic that drove most companies to remote work unveiled just how complex supporting a remote workforce can be. Remote workers are more likely to fall for phishing attacks, and they’re less likely to be working on networks that have the same protection as whet they’re using in the office, sprinkle that with extra anxiety about an invisible killer, and you’ve got a recipe for disaster.
Not to mention, the opportunities for cybercrime that were created by the cycle of attacks and breaches that the pandemic set off. As more data makes its way to Dark Web markets from a wide variety of sources, cybercriminals are spinning it into gold by using it to mount credential stuffing attacks and other brute force hacks that many companies aren’t ready to withstand.
That’s why secure identity and access management is a key component of cyber resilience. Not only do major worldwide authorities like CISA recommend secure identity and access management as a strong mitigation against all types of cybercrime, but it’s also a leading priority of CISOs at major corporations around the globe. why? Because it works.
The Week in Breach: Need to Know
Ransomware Risks Highest for Remote Workers
The global pandemic has changed the way that we work, and that’s been good news for cybercriminals. Remote workers are a juicy target for ransomware attacks since they’re more likely to be drawn in by common lures and less likely to be up to date on current phishing scams. So how can you protect your business from ransomware while your staffers are still working remotely?
While we wish there was a magic bullet, the closest we’ve come is a magical solution: phishing resistance and security awareness training. Companies that engage in regular security awareness training that includes information about the latest phishing threats have up to 70% fewer cybersecurity incidents.
The biggest cybersecurity threat of 2020 is phishing, and ransomware almost always arrives on your doorstep paired up with a phishing email. More than 65% of ransomware is delivered through phishing, which has boomed during the global pandemic – Google reports that it’s measured phishing email as up by more than 600% in 2020.
Regular, easy-to-understand phishing training is essential for protecting your business from dangers like spear phishing attacks designed to deliver ransomware.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!