The Week in Breach: 11/27/19 – 12/03/19 | CloudSmart IT

The Week in Breach: 11/27/19 – 12/03/19

This week, ransomware costs companies on multiple fronts, phishing scams have extensive data security consequences, and companies fail to adequately evaluate their third-party data sharing standards.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: 
Domain
Top Industry: 
Medical & Healthcare 
Top Employee Count: 
1 – 10 Employees 


United States – DeBella’s Subs 

https://www.democratandchronicle.com/story/news/2019/11/26/dibellas-subs-customers-your-credit-card-may-have-been-breached-rochester/4308295002/

Exploit: Malware attack
DeBella’s Subs: Rochester-based restaurant chain

extreme gauge Risk to Small Business: 2 = Severe: Credential stealing malware was discovered in the restaurant chain’s information systems almost a year after the initial incident. However, the company acknowledged that the breach investigation was completed well before the company notified the public, a misstep that will undoubtedly mar the recovery process. The company is taking steps to ensure that this type of attack won’t be successful in the future, but that won’t help the hundreds of thousands impacted by this data breach.
twib-severe Individual Risk: 2.428 = Severe: Customers’ personal and financial data may have been compromised in the breach. This includes names, payment card numbers, expiration dates, and CVV numbers. The breach is limited to customers in Connecticut, Indiana, Michigan, Ohio, New York, and Pennsylvania between March 22, 2018 and December 28, 2018. Although the damage resulting from the data exposure may already been inflicted, those impacted should still take necessary precautions such as contacting their financial institutions and reviewing card histories to check for unauthorized charges.

Customers Impacted: 305,000
How it Could Affect Your Customers’ Business: Reputation management and restoration is a critical component of an effective data breach response plan. Although it’s more difficult to quantify than direct financial losses, reputational damage can be extremely problematic for any company and even place their ability to recover in jeopardy. Instead, providing timely communications and a comprehensive overview of what happens to customer data after it’s stolen can help companies demonstrate that they are serious about data security, helping restore customer confidence along the way. 


United States – Great Plains Health

https://www.usnews.com/news/best-states/nebraska/articles/2019-11-27/north-platte-hospital-reports-ransomware-attack

Exploit: Ransomware
Great Plains Health: Local hospital

twib-severe Risk to Small Business: 2.333 = Severe: A ransomware attack disrupted many services at Great Plains Health, including email and other internal communication technologies. As a result, the healthcare provider has cancelled some procedures and appointments, while continuing to provide emergency services as needed. Whether Great Plains Health ultimately decides to pay the ransom or to attempt a recovery from backups, the result will undoubtedly be expensive. Especially when coupled with the opportunity cost and reputational damage that accompanies a data breach, the consequences of a ransomware attack can be financially devastating and long-lasting.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Healthcare providers are increasingly caught in the crosshairs of ransomware attacks, as cybercriminals capitalize on the critical nature of their services and the quality of information stored. The industry as a whole already faces strong regulatory oversight that can have costly consequences for healthcare companies that succumb to a breach. Even more importantly, a disruption in care services or communication can have even more severe implications for patients and put their lives at risk. Therefore, a robust cyber defense should be considered a staple to any healthcare service provider in the digital age. 


United States – Magellan Rx Management 

https://www.marketwatch.com/press-release/magellan-rx-management-statement-regarding-security-incident-2019-11-27

Exploit: Phishing scam
Magellan Rx Management: Full-service pharmacy benefit manager

extreme gauge Risk to Small Business: 1.777 = Severe: An employee fell for a phishing scam that provided hackers with access to his account, which contained health plan member data. The breach occurred back on May 28th, and it wasn’t identified until July 5th. However, it’s unclear why the company waited until November before disclosing the breach to the public. Officials haven’t found any evidence that the data was misused, but the lengthy response time makes it more difficult for those impacted by the breach to secure their information before it’s used for nefarious purposes.
twib-severe Individual Risk: 2 = Severe: The breach included member information, including names, dates of birth, health plan member ID numbers, health plan names, providers, diagnoses, and other healthcare-related information. This information is often used to facilitate additional cybercrimes like spear phishing attacks, so those impacted by the breach should be critical of digital communications, especially those requesting personal information.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Despite advanced security practices and other defensive efforts, phishing scams will inevitably make their way into employees’ inboxes. Fortunately, such messages can be rendered harmless, unless they are acted upon by an employee. Every business can enhance its defensive posture by providing comprehensive awareness training to keep employees abreast of the latest threats and the best practices for protecting company data. 


Canada – Waterloo Catholic District

https://www.cbc.ca/news/canada/kitchener-waterloo/waterloo-catholic-district-school-board-responding-to-significant-malware-incident-1.5375226

Exploit: Ransomware attack
Waterloo Catholic District: Local academic institution

twib-severe Risk to Small Business: 2.111 = Severe: A ransomware attack has significantly disrupted services at Waterloo Catholic School District, forcing the academic institution to hire a third-party IT security firm to try and restore their network’s functionality. Nearly a week after the attack, the district still hadn’t fully restored network functionality, which will curtail its ability to provide adequate student services. It underscores the opportunity cost that always accompanies a ransomware attack, which only compounds the rising expenses of this devastating attack vector.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Academic institutions are frequently seen as soft targets for cybercrimes. Given their modest resources for cyber defense and the critical nature of their services, many hackers see this as an opportunity to cash in. Unfortunately, once ransomware takes root, there are no good or affordable solutions, and costs can quickly escalate to catastrophic levels. Simply put, a proactive defense is the only response that can actually make a meaningful difference toward protecting the IT infrastructure and the bottom line. 


Canada – Waterloo Brewing Company 

https://www.cbc.ca/news/canada/kitchener-waterloo/waterloo-brewing-cyberattack-1.5367658

Exploit: Spear phishing attack
Waterloo Brewing Company: Ontario-based brewing company

twib-severe Risk to Small Business: 1.666 = Severe: Cybercriminals executed a social engineering cyber-attack that tricked an employee into responding to fraudulent wire transfer requests totaling more than $2 million. The brewer doesn’t believe that their systems were breached, but bad actors were able to use readily available information to generate authentic-looking, incredibly effective invoices. The company is trying to recover the funds, but those efforts may ultimately be fruitless, making this an expensive learning experience for the employee and the company.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals have an ever-evolving arsenal of attack methodologies all aimed at separating businesses from their money. Not only do SMBs need to stay abreast of these tactics, but the services that provide Dark Web monitoring can give them a head start toward addressing potential vulnerabilities, giving them a chance to respond before that information is used to dupe unsuspecting employees into willingly facilitating significant monetary losses. 


United Kingdom – Datrix 

https://www.theregister.co.uk/2019/11/28/datrix_phishing_attack/

Exploit: Phishing attack
Datrix: Network services and cloud solutions provider

twib-severe Risk to Small Business: 2.111 = Severe: While reading emails on a smartphone, an employee accidentally clicked on a phishing email that provided hackers with access to his entire email account, which was used to send additional phishing messages to the company’s accounting department and customer-base. The company shut down the affected account in 15 minutes, but not before hundreds of malicious emails were sent, potentially spreading the damage even further.
twib-severe Individual Risk: 2.285 = Severe: Approximately 300 Datrix customers received phishing emails purportedly originating from the company. Datrix is encouraging everyone impacted by the breach to permanently delete the malicious communications and to be wary of any future communications from the company.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: It only takes a single compromised account to wreak havoc on your company’s reputation and bottom line. This data disaster was contained in fifteen minutes, but the repercussions will be far-reaching and wide-spread. Employee awareness training can help mitigate this threat by transforming potential vulnerabilities into a robust defense against cybercrime. 


Netherlands – Vistaprint

https://techcrunch.com/2019/11/25/vistaprint-security-lapse/

Exploit: Exposed database
Vistaprint: Small business marketing product provider

extreme gauge Risk to Small Business: 1.888 = Severe: Vistaprint left an unencrypted database exposed, allowing anyone to access information related to customer service calls, chats, and emails. After the company was publicly alerted to the oversight on Twitter, they brought the database offline. The database has been exposed since November 5th, giving cybercriminals extensive access to sensitive customer data. At the very least, the episode was embarrassing for Vistaprint, which was exposed in a public forum and forced to issue a public notification of their poor data management standards. This hard-to-quantify reputational damage can be an impediment to businesses operating in competitive, digital spaces where customers are increasingly unwilling to do business with companies that can’t protect their data.
twib-severe Individual Risk: 2.285 = Severe: In addition to information related to users’ customer service interactions, the data breach compromised personally identifiable information, including names, email addresses, phone numbers. The company can’t guarantee that this information wasn’t accessed by bad actors. Since personally identifiable information has a robust market on the Dark Web, those impacted by the breach should closely monitor their online accounts for suspicious activity, and some users may want to enroll in identity monitoring services.

Customers Impacted: 51,000
How it Could Affect Your Customers’ Business: Today’s customers are increasingly unwilling to do business with companies that can’t protect their personal data. That reality makes an unforced error, like an exposed database, especially egregious. In today’s tech-centered business environment, expansion and advanced features can’t be implemented at the expense of data security, a reality that privacy regulators and ordinary consumers are ready to enforce. 


Spain – Prosegur 

https://www.zdnet.com/article/security-firm-prosegur-weve-shut-our-it-network-after-ryuk-ransomware-attack/

Exploit: Ransomware
Prosegur: Cash logistics and private security company

twib-severe Risk to Small Business: 2.333 = Severe: A ransomware attack brought the company’s website offline and disrupted client services. To prevent the malware’s continued spread, Prosegur ultimately brought its entire IT infrastructure offline, compounding the customer-facing problems and forcing the company to issue a public statement. At the same time, many employees were sent home because their computers and account access were unavailable. These opportunity and productivity costs have become one of the most prominent complications of ransomware attacks, which have grown in prominence and cost in 2019.

Individual Risk: No personal data was compromised in the breach, but client security services were unavailable during the ransomware attack.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In addition to the potential for multimillion-dollar ransom payments, these malware attacks inflict significant opportunity costs that can sometimes be the proverbial financial nail in the coffin for many companies. Fortunately, malware always needs an entry point, and SMBs can protect their infrastructure through simple measures like protecting employee accounts and providing phishing scam training.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.