This week Baltimore County Public Schools learn a lesson about ransomware, healthcare targets worldwide take security hits, and the importance of cyber risk literacy.
The Week in Breach News – United States
United States – Baltimore County Public Schools
Exploit: Ransomware
Baltimore County Public Schools: School System
Risk to Business: 1.222 = Extreme
Ransomware attacks on school systems around the country have grown exponentially, and that lesson was driven home for Baltimore County Public Schools last week. A ransomware attack forced the system to shut down completely for three days, disrupting online learning for K – 12 students. The district has 115,000 students.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Approximately 115,000 students and 7,300 teachers
How it Could Affect Your Business: Ransomware can unleash extreme devastation, going beyond stealing data to shutting down an organization’s operations completely.
United States – Belden
https://www.securityweek.com/belden-discloses-data-breach-affecting-employee-business-information
Exploit: Unauthorized Database Access
Belden: Signal Transmission Solutions Manufacturer
Risk to Business: 1.992 = Severe
An unauthorized user gained access to at least one database full of employee and client information. The company noted in a statement that attackers apparently accessed a “limited number” of Belden’s file servers, but the firm said the breach did not have any impact on production in manufacturing plants, quality control, or shipping.
Individual Risk: 1.990 = Severe
The company went on to state that filched employee information may have included names, birthdates, government-issued identification numbers (for example, social security / national insurance), bank account information of North American employees on the Belden payroll, home addresses, and email addresses. potentially compromised information for business partners includes bank account data and tax ID numbers.
Customers Impacted: Unknown
How it Could Affect Your Business Password compromise is often the culprit behind an intrusion like this, and that’s a matter that needs to be taken seriously in order to prevent this kind of drama.
United States – Spotify
Exploit: Credential Stuffing
Spotify: Digital Music Streaming Service
Risk to Business: 1.992 = Severe
Spotify ended up with egg on its face last week after security researchers uncovered an unsecured Elasticsearch database containing more than 380 million records. The exposed data contained login credentials and other information belonging to Spotify users. The researchers in concert with Spotify investigators determined that whoever owned the database had probably obtained the login credentials from an external site and used them on Spotify accounts in a credential stuffing operation.
Individual Risk: 2.801 = Moderate
The data that was exposed includes customers’ usernames and passwords for Spotify, as well as email addresses and countries of residence. Information like this could be used to fuel spear phishing attempts. Spotify users should reset their passwords.
Customers Impacted: 80,000
How it Could Affect Your Business: Credential stuffing is a threat that becomes more serious every day as new dumps of passwords hit the Dark Web. If you’re not watching for potential trouble, you’re leaving your business open to disaster.
United States – LSU Health New Orleans
https://www.infosecurity-magazine.com/news/louisiana-hospitals-report-data/
Exploit: Unauthorized Systems Access
LSU Health New Orleans: Medical System
Risk to Business: 1.802 = Severe
A major attack on another healthcare target, LSU Health New Orleans disclosed that an unauthorized intrusion into an employee email inbox occurred on September 15, 2020. The mailbox access was discovered and disabled on September 18, 2020, but not before sensitive information was potentially snatched about patients who received care at Lallie Kemp Regional Medical Center in Independence; Leonard J. Chabert Medical Center in Houma; W. O. Moss Regional Medical Center in Lake Charles; the former Earl K. Long Medical Center in Baton Rouge; Bogalusa Medical Center in Bogalusa; University Medical Center in Lafayette; and Interim LSU Hospital in New Orleans.
Individual Risk: 1.616 = Severe
Data exposed in the attack may have included patients’ names, medical record numbers, account numbers, dates of birth, Social Security numbers, dates of service, types of services received, phone numbers and/or addresses, and insurance identification numbers. The type and amount of patient information compromised in the incident varied and a limited number of exposed emails may have contained a patient’s bank account number and health information including a diagnosis. Patients treated by LSU health New Orleans should be alert to potential identity theft and spear phishing risks.
Customers Impacted: Unknown
How it Could Affect Your Business: Controlling access to your company’s systems and data is even more important when the data that you’re storing is especially sensitive and its exposure could incur major penalties.
United States – Sophos
Exploit: Misconfiguration
Sophos: Cybersecurity Provider
Risk to Business: 2.336 = Severe
A misconfigured database with access permission issues is to blame for the exposure of client data at Sophos. The company stated that the exposed database was used to store information on customers who have contacted Sophos Support. This is the second major security incident Sophos has dealt with this year.
Individual Risk: 2.772 = Moderate
The database did not contain any sensitive information. Sophos disclosed that the exposed information included details such as customer first and last names, email addresses, and phone numbers. Clients should be alert to potential spear phishing risk using this data.
Customers Impacted: Unknown
How it Could Affect Your Business: Nocomany can avoid occasional problems like this, whether they’re caused by malfunctioning software or an employee misclick. Putting extra layers of security in place helps mitigate the damage of these troublesome security incidents.
United States – US Fertility
https://securityaffairs.co/wordpress/111513/data-breach/ransomware-hits-us-fertility.html
Exploit: Ransomware
US Fertility: Specialty Medical Clinic Operator
Risk to Business: 2.229 = Severe
Ransomware disrupted operations at the largest provider of fertility services in the US after a number of servers and workstations became encrypted by ransomware. While US Fertility was able to restore operations quickly, the healthcare company determined that some patient data had been exfiltrated in the incident.
Individual Risk: 2.312 = Severe
Cybercriminals were able to steal an indeterminate number of files containing patient information including names, addresses, dates of birth, MPI numbers, and for some individuals Social Security numbers. Clients should be alert to the possibility of spear phishing and identity theft using this data.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a huge threat to healthcare targets right now, as was disclosed in a recent CISA alert. Healthcare sector businesses need to be alert to the danger and using their resources wisely to combat it.
The Week in Breach News – United Kingdom & European Union
United Kingdom – National Health Service
https://www.infosecurity-magazine.com/news/nhs-error-exposes-data-hundreds/
Exploit: Insider Threat (Employee Error)
National Health Service: National Healthcare System
Risk to Business: 2.706 = Severe
An employee error at NHS Highland earlier this month led to the personal information of 284 patients with diabetes becoming exposed after a spreadsheet was accidentally shared via email with 31 NHS staffers who weren’t authorized to access it.
Individual Risk: 2.812 = Severe
The spreadsheet of data was limited to just patients treated at the affected location. Information on the spreadsheet included names, dates of births, contact information, and hospital identification numbers for the 284 patients.
Customers Impacted: 284
How it Could Affect Your Business: Human error will always be a factor in cybersecurity. But adding extra locks on sensitive information can prevent incidents like this one.
Holland – Endemol Shine Group
Exploit: Ransomware
Endemol Shine Group: Television Production & Distribution
Risk to Business: 1.662 = Severe
DoppelPaymer came calling at the Amsterdam-based production and distribution giant behind hits like Big Brother, Master Chef, and The Voice. The gang added sample data to its leak site last week, but no determination has been made about the scope or variety of information stolen. Investigation and recovery are ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware and phishing go hand in hand and as social engineering tactics improve it’s always going to be the fastest, easiest way for cybercriminals to strike.
Denmark – Ritzau
https://au.news.yahoo.com/ritzau-news-agency-hit-cyber-attack-150448121–spt.html
Exploit: Hacking
Ritzau: News Wire Service
Risk to Business: 2.237 = Severe
An unspecified hacking attack knocked out the email and telephone capabilities at Ritzau. The bureau was forced to resort to sending out news updates via an emergency email system. Sevice remains impacted with no timeline for recovery.
Individual Impact: No personal data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks like this one are typically caused by ransomware. It has been an increasingly popular tool for nation-state hackers and other bad actors looking to disrupt infrastructure and official service targets.
The Week in Breach News – Asia Pacific
India – IIAM Jobs
https://inc42.com/buzz/data-of-1-4-mn-users-on-iimjobs-allegedly-leaked-on-dark-web/
Exploit: Data Theft
IIAM Jobs: Job Search & Listing Provider
Risk to Business: 1.569 = Severe
A security researcher uncovered a huge trove of information likely stolen from Indian jobs service IAM Jobs on the Dark Web. The data of more than 1 million users was exposed including passwords, names, phone numbers, email addresses, the location of users, their industry, and links to their LinkedIn profiles. The data appears to be about a year old.
Individual Risk: 1.779 = Severe
Users of IIAM should be alert to the potential of identity theft or spear phishing created by this exposed information.
Customers Impacted: 1.4 million
How it Could Affect Your Business: Data theft is even more problematic when it’s not noticed until far afterward by someone else. It shows your customers that you don’t take cybersecurity seriously and can make them take their business elsewhere in a hurry.
The Week in Breach News – Australia & New Zealand
Australia – Law In Order
https://www.itnews.com.au/news/law-in-order-hit-by-ransomware-attack-558197
Exploit: Ransomware
Law In Order: Legal Document Services Provider
Risk to Business: 1.770 = Severe
Netwalker ransomware is the culprit of a cyberattack at Law In Order, a leading processor of legal services documents. The company is still determining the scope of the attack. While originally claiming that no data was exfiltrated, Law In Order backtracked to say that it was determining exactly what data has been stolen after the cybercrime gang posted samples of the purloined information on its leak site. Recovery is ongoing and operations are experiencing a lasting impact.
Individual Risk: The company is unable to provide information about what data was stolen and to whom that data pertains.
Customers Impacted: Unknown
How it Could Affect Your Business: Putting extra security between your client records and hackers is a smart move to avoid having your data become a new asset in the booming Dark Web data economy.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Briefing
Business Email Compromise Scams Are Evolving to Pose a Nastier Threat Than Ever Before
Business email compromise (BEC) scams have been around for years. While they take more time and effort than other cybercrimes like ransomware or credential stuffing, BEC scams make up for it with a handsome payoff – and in a challenging economy, even cybercriminals are looking for new ways to turn a quick profit.
That’s why BEC has become both more favored and more dangerous. Bad actors are using the opportunities created by chaotic world conditions and an increased amount of information about businesses that’s readily available on the Dark Web to evolve their attacks, creating scams that are harder to spot and more efficient.
One unexpected facet of this uptick in BEC is that the operators of these scams aren’t based in some of the most expected locations for cybercrime gangs. Five US states are the home of more than 50% of BEC scammers: California, Florida, Georgia, New York, and Texas. Researchers note that BEC scams have launched in 45 states across the US in the last 12 months.
BEC scams have also been increasing is profitability for scammers. Analysts have determined that more than $64 million in stolen funds from BEC victims was transferred through 2,900 “money mule” accounts (a common tool of money laundering) in 39 countries. More than 900 US-based money mules were used in BEC scams between May 2019 and July 2020, with at least one mule spotted in every state.
After a booming spring and summer for cybercrime, BEC scams show no signs of slowing down. In Q3 2020 the median number of BEC attacks received per company each week rose by 15% over Q2 2020. Attacks that perpetrated invoice or payment fraud jumped by 155% as well, with COVID-19 themed scams up by 81% during the quarter. A huge increase in Dark Web activity and large quantities of fresh data hitting Dark Web markets and dumps helped fuel the trend.
With this increased activity in BEC scams, your clients need to have their security ducks in a row to avoid potential disasters, and no business is too small to be at risk. By adding a few simple solutions to their cybersecurity mix, your clients can put the extra protection that they need to fight back against BEC in place at an excellent price, boosting their security and your MRR.
First things first: If your clients aren’t already using multi-factor authentication, they need to add it immediately. One of the most widely recommended mitigations for all types of cybercrime, multi-factor authentication as part of a secure identity and access management solution is a vital defensive tool for every business of every size.
The second component of a strategy to mitigate BEC danger is increased security awareness and phishing resistance training. Almost all BEC scams start with a phishing message. Some deploy malware, some steal passwords, but they’re all intended to do the same thing: give cybercriminals access to company systems and data.
Increasing security awareness and phishing resistance training with a solution like BullPhish ID is ideal for guarding against phishing-based cybercrime like BEC scams. Regularly updated training (at least every 4 months) transforms a company’s staff from its largest attack surface into its largest defense asset. As an added benefit, phishing resistance training also helps mitigate ransomware and credential compromise danger.
With such a handsome payoff for their work in a difficult economy, cybercriminals aren’t going to be giving up on BEC scams anytime soon. It’s time to make sure that your clients understand the danger that they face from this growing threat – and we’re here to help.
The Week in Breach: Need to Know
Cyber Risk Literacy is Critical for a Strong Defense
Business cyberattack threats have never been higher. Massive increases in phishing (more than 600%), ransomware (more than 150%) and other cybercrime might keep you up at night, but are your staffers aware of exactly how important cybersecurity really is to your business? Your employees might not be on the same page as you are about cybersecurity risks – and that’s a problem that could end up costing you a fortune.
For most people outside of directly technology-related positions, a cyberattack is a vague, hard to understand threat. It just doesn’t seem possible that one misclick on an email could cost a company millions. That’s why making risk literacy a top priority for every employee is crucial to maintaining a strong defense against cybercrime.
One effective way to increase your employees’ risk literacy is with regular, engaging security awareness training that includes phishing threats since phishing is by far the most common delivery system for cyberattacks. Over 90% of incidents that end in a data breach start with a phishing email and no company can afford that right now.
BullPhish ID is the ideal choice to increase your staff’s risk literacy with memorable, easy-to-understand security awareness and phishing resistance training in 8 languages. Using engaging video lessons, risk information is served to your employees in bite-sized pieces for easy comprehension no matter how tech-savvy they may be.
Online testing measures their retention of the lessons, giving you the information that you need to see who has a handle on security awareness and who needs more help. More than 80 training campaigns are available for you to use right now, and 4 more are added every month, including content about the latest threats like COVID-19 scams.
Training your staff to be aware of potential threats pays handsome dividends for your business – companies that engage in regular security awareness training have up to 70% fewer damaging cybersecurity incidents. By establishing a strong culture of cybersecurity awareness and giving everyone the help that they need to be part of the team, your company gets a huge overall cybersecurity boost that can make the difference between success and failure for cyberattacks now and in the future.