This week has certainly been one for the books! Nation-state hackers mount a huge campaign against cybersecurity companies and several US federal agencies, the EU’s drug regulator takes a hit, and fake Zoom invite pitfalls abound.
Major attacks by suspected Russian nation-state hackers on US Federal agencies have rocked the public and defense cybersecurity sectors.
The Week in Breach News – United States
United States – SolarWinds
https://www.newsweek.com/solarwinds-hack-customer-list-suspected-russian-cyberattack-1554467
Exploit: Hacking (Nation-State)
SolarWinds: Cybersecurity Software Developer
Risk to Business: 1.122 = Extreme
An incursion by suspected Russian nation-state hackers at this major cybersecurity solutions provider was the suspected starting point of a massive hacking incident impacting a number of federal agencies and defense assets. The hackers were able to obtain authentic credentials that enabled them to inject code into a routine software patch, opening backdoors into client files and systems. SEE MORE ABOUT THIS STORY>>
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: 3,000
How it Could Affect Your Customers’ Business: Nation-state hacking is a growing problem that can lead to damaging, nightmarish consequences. One tool that was used in this hack was that old favorite – phishing.
United States – FireEye
https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
Exploit: Hacking (Nation-State)
FireEye: Cybersecurity Solutions Development and Testing
Risk to Business: 1.411 = Severe
FireEye was also impacted in this week’s suspected Russian hacking operation. Hackers were able to penetrate FireEye’s systems security to obtain several of their vaunted Red Team tools. FireEye immediately detected the hack and released a statement exposing it. That was the first domino in the cybersecurity disaster cascade. SEE MORE ABOUT THIS STORY>>
Customers Impacted: Unknown
Individual Risk: No personal or consumer information was reported as impacted in this incident.
How it Could Affect Your Customers’ Business Even the biggest kids on the block can be taken down by determined hackers. Reviewing and updating cybersecurity and incident response plans has to be a top priority in 2020.
United States – Netgain
Exploit: Ransomware
Netgain: Data Hosting Provider
Risk to Business: 2.127 = Severe
A ransomware incident led to shutdowns and slowdowns across Netgain’s data hosting environment. The company was forced to completely shut down all systems on 12/4 for containment and remediation. Service has been restored to customers but they may still experience performance issues.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can have damaging consequences for businesses that go beyond the initial hit causing huge operational headaches and long recovery operations.
United States – Dental Care Alliance
https://www.infosecurity-magazine.com/news/1m-us-dental-patients-impacted-by/
Exploit: Hacking
Dental Care Alliance: Dental Practice Support Organization
Risk to Business: 2.336 = Severe
Dental Care Alliance, a professional support organization that includes more than 320 dentists in 20 states, has discovered that it experienced a data breach. The incident began on 09/18/20 and was ameliorated on 10/13/20. No cause has yet been specified and the incident is still under investigation.
Individual Risk: 2.114 = Severe
The stolen information included patient names, addresses, dental diagnosis and treatment information, patient account numbers, billing information, bank account numbers, the name of the patient’s dentist, and health insurance information. potentially 10% of patients also had bank account information exposed. Impacted patients are being notified by mail and should be wary of spear phishing attempts using this information.
Customers Impacted: 1 million patients
How it Could Affect Your Customers’ Business: When protecting sensitive information like medical data, it’s essential to maintain strong access point protection to avoid expensive breaches and expensive fines.
The Week in Breach News – Canada
Canada – Parkland Corp.
https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack
Exploit: Ransomware
Parkland Corp.: Motor Fuel Distributor
Risk to Business: 2.229 = Severe
Trucking fuel services company Parkland is investigating a cybersecurity incident that has resulted in the Clop ransomware gang claiming responsibility for an attack on the company. Parkland disclosed that it suffered some loss of functionality in an incident that impacted its IT infrastructure in mid-November that affected “a subset of its Canadian network”. Freight transporters and associated services have experienced an unusual spate of cyberattacks in recent months.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a huge threat to infrastructure targets right now, and it has been especially impactful in the transportation sector. Agencies need to be using their resources wisely to combat it.
The Week in Breach News – United Kingdom & European Union
United Kingdom – Marriage Tax Refund
https://www.infosecurity-magazine.com/news/tax-biz-exposed-personal-info/
Exploit: Misconfiguration
Marriage Tax Refund: Tax Relief Advisory Firm
Risk to Business: 1.662 = Severe
Human error is the culprit in a data breach at a British tax relief advisory service. The error left the personally identifiable information of 100,000 clients exposed after it misconfigured its WordPress CMS, leaving a directory listing of PDF documents available for public view, with no password protection.
Individual Risk: 1.912 = Severe
PII was definitely exposed, but there’s no telling who accessed it. Customers of the firm beginning in October 2016 should be alert to phishing and fraud attempts.
Customers Impacted: 100,000
How it Could Affect Your Customers’ Business: The number one cause of a cybersecurity incident remains human error. Added security awareness training and automation of processes can help reduce that risk.
The Netherlands – European Medicines Agency (EMA)
https://www.zdnet.com/article/eu-agency-in-charge-of-covid-19-vaccine-approval-says-it-was-hacked/
Exploit: Hacking (Nation-State)
EMA: International Drug Regulation Authority
Risk to Business: 1.775 = Severe
German biotech firm BioNTech announced that data related to regulation and approval for the COVID-19 vaccine it has developed with Pfizer were “unlawfully accessed” after a cyber-attack on Europe’s medicines regulator. EMA confirmed the incident and noted that it suspects that nation-state hackers are to blame.
Individual Impact: No personal data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Security awareness training is a key component of protecting businesses from nation-state hackers. Regularly updated training helps employees spot and stop suspicious activity to defend against attacks.
The Week in Breach News – Australia & New Zealand
Australia – Epicor Software
https://www.arnnet.com.au/article/685092/epicor-software-hit-by-cyber-attack/
Exploit: Hacking
Epicor Software: Software Developer
Risk to Business: 2.101 = Severe
Business software solutions provider Epicor Software has disclosed a breach that may have exposed business data but did not impact daily operations. The incident had been reported to relevant authorities and is currently under investigation.
Customers Impacted: Unknown
Individual Impact: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.
How it Could Affect Your Customers’ Business: Any hacking intrusion endangers your business, no matter how small or inconsequential it may seem. Don’t wait to add sensible, affordable protection to keep data in and bad actors out.
The Week in Breach News – Asia-Pacific
Taiwan – Foxconn
Exploit: Ransomware
Foxconn: Electronics Manufacturer
Risk to Business: 1.802 = Severe
DoppelPaymer ransomware is to blame for an incident at electronics giant Foxconn. The gang published files belonging to Foxconn NA on their ransomware data leak site, including generic business documents and reports but no financial information or employee personal details. Their ransom demand is $34 million.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a disaster for any business, but it’s an especially dangerous situation for a company that manufacturers critically needed technology.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Briefing
Are Your Clients Prepared for Incident Response and Recovery?
As this week’s cascade of breach news showed us, every organization is at risk of a cyberattack at anytime. While your ultimate goal is to protect your clients from cyberattacks, in the event that a successful attack lands, do your clients have the tools and plans in place to successfully mitigate it? Earlier this year we talked about incident response planning, and now’s the perfect time to revisit the subject.
Just because your client is a small business doesn’t mean that they’re not at risk of damage from a cyberattack. Whether that attack is directly on their business or a dangerous ripple effect from an incident at a third-party vendor or partner, it’s inevitable that a cybersecurity incident will impact your clients at some point. Here are a few things that you and your clients should know when considering an incident response plan:
- 41% of respondents in a survey of business owners had a cybersecurity mishap related to COVID-19
- 94% of executives say their firms have experienced a business-impacting cyber-attack or compromise within the past 12 months
- 47% of businesses reported experiencing five or more attacks in the last 12 months
- 78% of respondents said they expect an increase in cyber-attacks over the next two years
- 63% of security leaders admit it’s likely their systems suffered an unknown compromise over the past year
- 65% of attacks involved operational technology assets
- 21% of companies have adopted formal, enterprise-wide security response plans
- 74% have ad-hoc plans or no plans at all for any type of incident
- Only 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan
- Having a tested incident response plan can save 35% of the cost of an incident.
- The Week in Breach: A Note for Your Customers
Fake Zoom Invites Bring Real Trouble
Is that Zoom invite from a new client or a cybercriminal? As many companies continue working from home, fake Zoom invites, bogus password reset messages, and social media ploys are just the latest tool that bad actors are exploiting to get their foot in the door at your business.
Scams like this are abundant this time of year, as people get busy with holiday activities or take time off and many offices are a little more lax. Without IT experts to turn to, your staffers could be at risk of falling for a malicious Zoom invite, a malware-laden LinkedIn message, or other unexpected phishing threat without knowing what to do about it.
Email attachments have become so notorious that cybercriminals are hunting for new ways to launch phishing attacks. But if you’re keeping your security awareness and phishing resistance training up to date, your staffers probably won’t fall for the ploy. Businesses that engage in regular security awareness training that includes phishing resistance reduce their chance of having a cybersecurity incident by up to 70%.
As long as it’s regularly refreshed, that is. Studies show that staffers retain the knowledge and skill developed through phishing resistance training for about 3 months. By instituting quarterly training at minimum, you’re not only keeping your staff on their toes to encourage good cybersecurity habits, but you’re also making sure they’re up to date on the latest threats.
Don’t wait until the newest phishing scam like fake Zoom invites or maladvertising is rocking your business, disrupting your operations, and draining your budget – commit to a dynamic security awareness training program now and save yourself a raft of headaches later.