This week ransomware scores at Manchester United and chills Americold, Managed.com gets rocked by REvil, Luxottica’s data breach nightmare continues, and how social engineering sneaks up on remote workers.
The Week in Breach News: Dark Web ID’s Top Threats This Week
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
The Week in Breach News – United States
United States – Managed.com
https://securityaffairs.co/wordpress/111154/cyber-crime/managed-com-revil-ransomware.html
Exploit: Ransomware
Managed.com: Web Hosting Provider
Risk to Business: 1.402 = Extreme
REvil has had a nasty impact at this web hosting provider, causing a complete shutdown of company systems. The company says that a “limited number” of customer sites have been affected. Impacted functions included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers.
Individual Risk: Managed.com has not released any information about potential client impact, although the company did note that they’d taken measures to secure client data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third party risk is a growing problem for every business, especially as cybercriminals target more centralized service and infrastructure companies.
United States – Mercy Iowa City
https://www.kcrg.com/2020/11/18/mercy-iowa-city-reports-data-breach-over-60000-iowans-affected/
Exploit: Unauthorized Access
Mercy Iowa City: Medical Center
Risk to Business: 2.631 = Moderate
An unauthorized user gained access to an employee email account at this Iowa hospital, leading to the potential exposure of sensitive data for thousands of patients. There’s no confirmation that data was stolen, but the hospital is warning patients of the possibility The incident was discovered after the compromised account began sending out spam and phishing messages.
Individual Risk: 2.502 = Moderate
The hospital has not yet confirmed that any data was actually accessed or stolen, but they sent out a letter warning patients of the potential breach. Information that may have been compromised includes patient names, Social Security numbers, driver’s license numbers, dates of birth, medical treatment information and health insurance information.
Customers Impacted: 60,000
How it Could Affect Your Customers’ Business Password compromise leads to major trouble. Even small incidents like this can quickly turn into huge problems if access to sensitive data isn’t carefully controlled.
United States – TronicsXchange
https://www.infosecurity-magazine.com/news/80000-id-cards-fingerprint-exposed/
Exploit: Misconfiguration
TronicsXchange = Used Electronics Dealer
Risk to Business: 1.992 = Severe
A big error at TronicsXchange has led to a big problem, as sensitive customer data was exposed on a misconfigured database. Over 2.6 million files, including ID cards and biometric images, were left open and leaking in a misconfigured AWS S3 bucket. The data appears to be older and is primarily comprised of California residents.
Individual Risk: 1.222 = Extreme
The data that was exposed was seriously sensitive and has the potential for massive troublemaking. Millions of files were leaked including extremely sensitive information like approximately 80,000 images of personal identification cards such as driver’s licenses, and 10,000 fingerprint scans. The leaked driver’s license photos expose even more information about that individual, including license number, full name, birthdate, home address, gender, hair and eye color, height and weight, and a photo of the individual, among other things.
Customers Impacted: 80,000
How it Could Affect Your Customers’ Business: Leaving a database unsecured or misconfigured is a symptom of a lax cybersecurity culture. Leaving a database unsecured that has this kind of incredibly sensitive data inside is a disaster that will send customers running for the exits.
United States – American Bank Systems
Exploit: Ransomware
American Bank Systems: Software Services Provider
Risk to Business: 1.864 = Severe
Avaddon ransomware made an unwelcome deposit at American Bank Systems, unleashing a ransomware attack that led to the capture and partial publishing of 53 GB of all sorts of highly confidential data. The banking software services company had data snatched from banks around the world including banking names and mortgage companies, such First Federal Community Bank, Rio Bank, Citizens Bank of Swainsboro, First Bank & Trust, and many more. The leaked data in the dump includes files such as loan documents, business contracts, private emails, invoices, credentials for network shares, and other confidential information.
Individual Risk: 1.516 = Severe
Many of the stolen banking records also contain information about the clients of affected banks including, personally identifying information, loan amounts, and Tax ID or Social Security numbers. Some data on employees of banks was also exposed. Clients of impacted backs should be alert to identity theft and fraud possibilities.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third-party service providers may not have the same commitment to data security as you do. It pays to do your homework to avoid these problems whenever possible.
United States – Americold
Exploit: Ransomware
Americold: Cold Storage and Logistics
Risk to Business: 2.236 = Severe
Ransomware definitely chilled business at Americold, causing major disruptions to operations. The cyberattack impacted their operations across the board, causing partial or complete shutdowns in phone systems, email, inventory management, and order fulfillment. This attack may be related to a recent spate of attacks against healthcare targets. Cold storage and temperature-controlled transportation will be a huge component in the distribution of any COVID-19 vaccine.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware isn’t just stealing data anymore. Its also being used as a tool to disrupt infrastructure and logistics to devastating effect.
United States – Port of Kennewick
Exploit: Ransomware
Port of Kennewick: Municipal Agency
Risk to Business: 2.322 = Severe
Ransomware severely impacted operations at this inland port in Washington. Cybercriminals encrypted the port’s systems and demanded $200,000 in ransom to restore access to the port’s servers and files. The port authority, FBI, and an outside contractor have been working to restore full operations.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a huge threat to infrastructure targets as well as businesses, and nation-state actors are most likely to use ransomware in their attacks.
ID Agent to the Rescue: Don’t let phishing shut your operations down. Train staffers to spot and stop phishing before an attack becomes a disaster. LEARN MORE>>
United States – Kenneth Copeland Ministries
Exploit: Ransomware
Kenneth Copeland Ministries: Televangelism
Risk to Business: 2.306 = Severe
The REvil ransomware gang strikes again, this time at televangelist Kenneth Copeland’s operations. The gang is threatening to release 1.2 terrabytes of sensitive data if he fails to pay their unspecified ransom demands. Evidence of the hack has been displayed on REvil’s information website.
Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware gangs like REvil can see juicy paydays in targeting prominent people in any industry – or releasing potentially embarrassing stolen data if those people decide not o pay the ransom.
The Week in Breach News – United Kingdom & European Union
United Kingdom – Manchester United
https://securityaffairs.co/wordpress/111231/hacking/manchester-united-cyber-attack.html
Exploit: Ransomware
Manchester United: Football (Soccer) Club
Risk to Business: 2.122 = Severe
A ransomware attack briefly shut down business operations at Manchester United. The team reports “Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers.” The cyberattack is not expected to impact play and matches will remain ongoing as scheduled.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware and phishing go hand in hand and as social engineering tactics improve it’s always going to be the fastest, easiest way for cybercriminals to strike.
Italy – Luxottica
https://healthitsecurity.com/news/luxottica-data-leaked-by-hackers-after-ransomware-attack-breach
Exploit: Ransomware
Luxottica: Eyewear Manufacturer
Risk to Business: 2.237 = Severe
After suffering a nasty cyberattack a few months ago that severely impacted operations, eyewear giant Luxottica is in hot water again. Newly uncovered data from Dark Web sources that protected health information and PII for thousands of consumers who patronize common eyewear retailers. Sensitive company data was also stolen including contract information, financial information, and human resource documents. hackers have already begun releasing this data.
Individual Risk: 2.379 = Severe
The leaked data contained customer contact details, health insurance policy numbers, and appointment notes related to treatment, such as health conditions, procedures, and prescriptions, as well as other sensitive data, including the credit card information and Social Security information of some patients that patronize major eyewear retailers including LensCrafters, Sunglass Hut, and Pearle Vision, along with users of the EyeMed vision care plan. Consumers stay alert to identity theft and spear phishing possibilities.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Failure to adequately protect medical data is an expensive proposition and will undoubtedly draw the wrath of regulators in the US and EU. It pays to remember that one employee interacting with one phishing email can always be a recipe for disaster.
The Week in Breach News – Asia Pacific
South Korea – E-Land
https://www.koreatimes.co.kr/www/tech/2020/11/694_299692.html
Exploit: Ransomware
Press Trust of India: News Reporting Service
Risk to Business: 2.169 = Severe
A cyberattack walloped Korean retail giant E-Land, forcing it to suspend operations at 23 of its 50 branches of NC Department Store and NewCore Outlet stores. Some stores have reopened, but they’re still facing significant operational delays Investigation and recovery is ongoing.
Individual Impact: No personal data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Operational impacts from ransomware can be devastating even if bad actors don’t steal your data, especially for daily goods and services businesses like retail stores.
Japan – Mitsubishi Electric
http://www.asahi.com/ajw/articles/13948123
Exploit: Hacking
Mitsubishi Electric: Electrical Equipment Manufacturer
Risk to Business: 2.470 = Severe
Security improvements at Mitsubishi Electric didn’t go far enough, because bad actors have penetrated security again. This time, instead of machine and operations data, client data impacting more than 8,500 corporate accounts was stolen. This is the second successful attack on Mitsubishi in the last 6 months.
Individual Risk: 2.474 = Severe
Information for 8,653 business accounts has been exposed. The company is working to determine if information related to bank accounts of the other parties as well as other information leaked. No personal or consumer data has been reported as affected in this incident.
Customers Impacted: 8,653
How it Could Affect Your Customers’ Business: Putting extra security between your client records and hackers is a smart move to avoid having your data become a new asset in the booming Dark Web data economy.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Briefing
Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back.
Cybercriminals these days are a lot smarter than you might think. Just like any other business, cybercrime gangs are always looking for ways to break through with a slick new attack style that scores them a big payday before cybersecurity professionals even have it on their radar. One of the most successful areas of expansion for cybercrime in 2020 has been social engineering.
A major component of phishing-related cybercrime, the premise behind social engineering is very simple: to influence the target to take an action. Whether that action is to buy a certain brand of coffee, share a news story, or click on a link in a phishing email, social engineering is a common tactic in all sorts of business operations for one simple reason: it works.
Recent examples illustrate some of today’s craftiest social engineering tactics. For example, take a dull, routine subject like compliance. It’s both complicated and constantly changing, with huge penalties for violations. Cybercriminals know that GDPR fines are a specter that haunts most European businesses – and detailed information about many businesses is an easy score on the Dark Web.
So why not try out a cleverly disguised social engineering trick by creating an email that’s designed to look like it’s from a consultancy helpfully informing you that there are new regulations about email security that you might not be compliant with. Of course, their company can help. They may “already be working with you to resolve the problem”, and they just need a little bit more information. You know the rest of this story.
Or, at larger companies, the classic access scam. A contractor or service for your corporation contacts you, maybe even by phone. He is trying to repair something crucial that’s just broken fast. It’s a big problem, the bosses are mad, and they have a quick fix to temporarily patch it until they can fix it. They just need a password that gives them access to a certain system, and they were told that you’re the person to talk to. Password sharing is so endemic, most staffers will hand theirs right over.
This may not sound like a plausible scenario to you, and you’d probably be inclined to ask for more proof – and you’d be right, it’s a scam. But many employees won’t recognize it, even at big tech companies where you’d expect them to know better. After all, this sequence of events is exactly what happened to cause the giant Twitter breach earlier this year.
Fighting back against social engineering means fighting back against cybercriminal trickery with education. Security awareness training, especially phishing resistance training, is every company’s best bet for teaching employees to spot and stop social engineering attacks. Companies that engage in regular security awareness training have up to 70% fewer cybersecurity flubs.
Research indicates that employees retain the skills that they gain from training for about 4 months before they disappear, but don’t lose skills if their training is regularly updated.
The Week in Breach: Need to Know
To Err is Human, But Preventing Expensive Disasters is Divine.
Making mistakes is part of being human. Even your most conscientious employees are bound to screw up at some point. But employee mistakes don’t have to be a gateway to cybersecurity disaster. Putting fail safes in place between your data and cybercriminals can mitigate the risk of employee errors.
While errors like misconfiguration and failure to patch software are dangerous, one particular source of employee error definitely tops the trouble list: passwords. In a recent survey, an outrageous 91% of employees admitted to reusing nor recycling passwords at work and between their work and home accounts, and password sharing is endemic.
Password compromise is by far the fastest, easiest way for cybercriminals to gain access to your systems and data. A password alone, even if it is updated regularly, will not provide strong protection for your systems and data – over 80% of breaches can be attributed to password hacking or password compromise.
Put extra protection between your business and employee errors like poorly made passwords by adding a secure identity and access management solution.
Securing the access gateways to your company’s systems and data is the fastest, most effective way to prevent a small mistake from becoming an expensive cybersecurity disaster.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!