This week Egregor ransomware is flying high in retail, manufacturing & staffing around the world, and Amazon phishing scams are even more of a holiday menace than usual to businesses this year.
The Week in Breach News – United States
United States – Greater Baltimore Medical Center
https://www.securityweek.com/greater-baltimore-medical-center-hit-ransomware-attack
Exploit: Ransomware
Greater Baltimore Medical Center: Hospital
Risk to Business: 1.622 = Severe
A ransomware attack left Greater Baltimore Medical Center (GBMC) scrambling after many of its systems were knocked offline, impacting patient care. Procedures scheduled for 12/07/20 had to be rescheduled. Backups and workarounds enabled the hospital to keep functioning as the attack was investigated and mitigated. Recovery is ongoing.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is increasingly being used as a way to cause operational disruptions instead of just snatching data, complicating its impact.
United States – AspenPointe
Exploit: Unauthorized Database Access
AspenPointe: Healthcare Non-Profit
Risk to Business: 1.613 = Severe
AspenPointe has disclosed a large data breach that exposed personally identifying information (PII) of patients working with non-profit organizations that it manages including participants in its mental health and substance misuse programs. The unauthorized access took place in early September 2020 and it’s unclear how much data was stolen. AspenPointe is a nonprofit funded by Medicaid, state, federal, and local government contracts, as well as donations, that manages 12 organizations providing care and counseling in Colorado.
Individual Risk: 1.820 = Severe
Patients may have had extensive personal and private information exposed including PPI like their date of birth, Social Security number, Medicaid ID number, date of the last visit (if any), admission date, discharge date, and/or diagnosis code. AspenPointe is providing those affected by the data breach IDX identity theft protection services including “12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.”
Customers Impacted: 295,617
How it Could Affect Your Customers’ Business Data breaches at any business are bad news, but at a business like this, it’s a nightmare. Not only will AspenPointe have to deal with the corporate fallout, but regulators are also going to come calling with fines as well, making this incident extra expensive.
United States – Philabundance
https://www.phillyvoice.com/philabundance-cyberattack-theft-1-million-dollars/
Exploit: Business Email Compromise
Philabundance: Hunger Relief Non-Profit
Risk to Business: 2.017 = Severe
Hunger relief charity Philabundance got bilked by BEC scammers at the worst possible time. The charity, which fed 54,700 Philadelphians weekly in 2019, is now feeding 134,800 people each week. This incident occurred when the organization paid a construction bill of over $923,000 for a new $12 million facility built in North Philly for its Community Kitchen program, only to discover that they’d paid scammers instead. It’s believed that the con was enabled by a hack on the charity’s computer systems in July that enabled scammers to divert legitimate email from the construction company and replace it with their own fakes. Philabundance says that daily operations will not be impacted by the incident, but it remains a huge problem for this organization at a time when so many Americans rely on programs like this to keep their families fed.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: 134,800 Philadelphians daily
How it Could Affect Your Customers’ Business: Business email compromise scams are some of the thorniest problems that every business faces. Good regularly refreshed security awareness training will help employees spot and stop BEC scams.
United States – Kmart
https://threatpost.com/kmart-egregor-ransomware/161881/
Exploit: Ransomware
Kmart: Retail Store Chain
Risk to Business: 1.802 = Severe
Already beleaguered retailer Kmart did not need the extra complications that came with the Egregor ransomware attack that was delivered to their door. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services and corporate operations functions. Retail stores are operating normally and no consumer impact has been reported.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a disaster for any business, but it’s an especially cruel problem for a non-profit these days.
ID Agent to the Rescue: Many Business Email Compromise scams arrive as the cargo of a phishing attack, like this one. Learn how to defend your organization against them with BullPhish ID in our new eBook Phish Files. READ IT>>
United States – Alaska Division of Elections
https://www.juneauempire.com/news/113000-alaskan-voter-ids-exposed-in-data-breach/
Exploit: Hacking
Alaska Division of Elections: State Agency
Risk to Business: 2.336 = Severe
An election-time data breach involving voter registration information was recently disclosed in Alaska. State and federal officials say that the election process was not impacted, but voter data was obtained for more than 100K Alaskan voters. Officials suspect nation-state hackers may be involved.
Individual Risk: 2.114 = Severe
The database snatched included some PII like birth dates, driver’s license or state identification numbers, the last four digits of social security numbers, full legal names, party affiliation, and official mailing addresses.
Customers Impacted: 113,000 voters
How it Could Affect Your Customers’ Business: Nation-state hacking is an especially serious problem for government agencies and infrastructure targets. Adding extra security with MFA and similar tools helps combat this risk.
The Week in Breach News – Canada
Canada – Metro Vancouver
https://securityaffairs.co/wordpress/111513/data-breach/ransomware-hits-us-fertility.html
Exploit: Ransomware
Metro Vancouver: Public Transportation Authority
Risk to Business: 2.229 = Severe
Egregor ransomware had a busy week as it disrupted operations for Metro Vancouver, impacting causing disruptions in services and payment systems for its TransLink payment service. Transportation service for riders was not otherwise impacted. The Egregor gang published a ransom demand and the incident is being investigated.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a huge threat to infrastructure targets right now, and it has been especially impactful in the transportation sector. Agencies need to be using their resources wisely to combat it.
The Week in Breach News – United Kingdom & European Union
Switzerland – Kopter Group
https://securityaffairs.co/wordpress/111998/cyber-crime/lockbit-ransomware-kopter.html
Exploit: Ransomware
Kopter Group: Helicopter Manufacturer
Risk to Business: 1.662 = Severe
LockBit ransomware struck Swiss helicopter maker Kopter, disrupting operations. The attackers compromised its internal network and encrypted the company’s files. The ransomware gang revealed that it was able to access the company’s systems by utilizing a poorly protected VPN. Kopter manufactures civilian aircraft. Investigation and recovery are ongoing.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the fastest, easiest way for cybercriminals to score a big payday, and it’s only growing more popular – and more disruptive.
The Netherlands – Randstad
Exploit: Ransomware
Randstad: Staffing Agency
Risk to Business: 2.237 = Severe
The Egregor ransomware gang is getting its work done before the holidays, with yet another major strike this week, this time on the world’s largest staffing company. Randstad states that only a limited number of servers were impacted and that their network and business operations continued to operate without disruption. The company is still assessing what data exactly was stolen, but doesn’t expect that any client or employee data was impacted.
Individual Impact: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: No matter how big a company is, one ransomware-laden phishing email can bring it to its knees in a hurry. Phishing is the biggest risk every business faces today.
The Netherlands – Royal Dutch Cycling Union
Exploit: Ransomware
Royal Dutch Cycling Union: Sport Governing Body
Risk to Business: 2.869 = Moderate
The ransomware gang that decided to strike the Royal Dutch Cycling Union struck out this week after stealing a database from the agency and publishing their ransom demand with sample data as proof. It turns out that the governing body had already transferred that information to a new, more secure system and they aren’t interested in having the old data returned. There’s been no impact on operations, and no sensitive membership data was involved.
Individual Impact: No personal data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data theft is the most typical goal of ransomware gangs. Even in a low-impact incident like this, data could still be exposed that could harm your business, like account credentials.
The Week in Breach News – Australia & New Zealand
Australia – Loch Rannoch Highland Club
Exploit: Insider Threat (Employee Error)
Loch Rannoch Highlands Club: Private Resort
Risk to Business: 1.227 = Extreme
Administrators at the Lake Rannoch Highland club are in hot water after a suspected employee error exposed information about 2,400 members and visitors, including some very prominent people. Detailed personal information about people who don’t like that data circulating around was made available publically after it was posted to a publicly accessible portion of the club’s website in what the resort notes was an “employee error”.
Individual Risk: 1.433 = Extreme
243 pages of sensitive information about the owners of holiday homes or timeshares at the club and their guests were exposed, including the personal emails and phone numbers of more than 2,400 members plus timeshare owners’ email addresses and phone numbers, alongside their club reference numbers.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Insider threats are always lurking just around the corner, ready to spring messy cybersecurity incidents on every business that can have terrible consequences for your company’s reputation and client goodwill.
The Week in Breach News – South America
Brazil – Embraer
https://www.securityweek.com/brazilian-plane-maker-embraer-targeted-cyberattack
Exploit: Ransomware
Embraer: Airplane Manufacturer
Risk to Business: 1.227 = Extreme
Embraer, the world’s third-largest manufacturer of commercial, executive, military, and agricultural aircraft, was grounded by a suspected ransomware attack. The company was able to limit the spread of the malware and recover quickly with only minimal disruptions to operations.
Individual Impact: No personal data was reported as exposed in this incident.
How it Could Affect Your Customers’ Business: Corporate data that includes plans and schematics for things like airplanes or security systems can fetch a pretty penny for criminals on the Dark Web. That kind of data needs extra protection.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Briefing
Are Your Clients Getting the Results That They Need from Phishing Resistance Training?
Phishing is today’s biggest cybersecurity threat, bringing everything from malware to business email compromise in its wake. More than 90% of incidents that end in a data breach start with a phishing email. The precipitate increase in phishing messages that’s occurred this year has made headlines, with Google announcing that it’s blocked over 600% more phishing messages in 2020. The impact of ransomware has made headline news as it’s used to disrupt critical operations worldwide.
For the most part, companies are aware that security awareness training matters. Since engaging in regularly updated security awareness training that includes phishing resistance can reduce their chances of having a cybersecurity incident by up to 70%, regularly engaging in training programs is a business essential. But how effective is their security awareness training program, especially when it comes to phishing?
For some companies, the answer to that question is “not really”. Employees believe all sorts of odd things about phishing, and many training programs don’t disabuse them of those fallacies. Some employees believe that only big corporations get hit by phishing. Many know that causing a cybersecurity incident like a data breach could get them fired, but they aren’t sure what to look for to spot one and that lack of confidence can be their undoing.
In some cases, training is so lackluster that it’s completely ineffective. Companies that are regularly engaging in security awareness training that includes phishing resistance are still having cybersecurity incidents that involve phishing. The training is simply not doing any good, and staffers are just checking off the boxes to complete requirements without the content having any effect on their cybersecurity practices.
In a recent survey of employee behavior around cybersecurity, a few facts stick out. A survey of 1,000 employees found that while 96% of employees are aware of digital threats, 45% still interact with emails that they consider suspicious. In just the surveyed US worker pool, more than 75% of respondents said they’d taken security awareness training, yet 60% were still opening emails that they knew were probably phishing attempts.
Just engaging in security awareness training alone isn’t enough to provide real protection. A shocking 96% of respondents responded that they were aware that links in email, on social media sites, and on websites can carry danger, but it still wasn’t stopping them from engaging in unsafe behavior. Effective security awareness and phishing resistance training has to hit home for staffers because even one phished password can be an epic disaster. Training content needs to connect with people in a way that makes the message sink in: phishing is a big problem, and you can stop it.
The Week in Breach: Need to Know
Amazon Brings Unwanted Holiday Gifts to Businesses
Everyone loves giving and getting gifts – it’s part of what makes this season special. It’s the most wonderful time of the year for cybercriminals too. As you and your staffers buy everything from business essentials to toys on Amazon this holiday season, you’re opening your business up to extreme risk from phishing.
While an increase in holiday-time phishing attacks isn’t unusual, the combination of people shopping from home because of the pandemic plus a huge increase in overall cybercrime spells trouble for your company in 2020. A recent report shows that Amazon-related phishing messages have more than doubled this year, and they’re continuing to climb, with a more than 60% increase in November alone.
So how can you protect your business? By making sure that all of your employees are well-versed in the types of phishing schemes that cybercriminals are bringing to the table this year. Up-to-date training that’s regularly refreshed can lower your incidence of a cybersecurity problem by up to 70%, making it a smart investment in your business.