This week ransomware was an unwelcome holiday gift for a plastic surgery group, a trucking company, and other organizations.
The Week in Breach News – United States
United States – Forward Air
Exploit: Ransomware
Forward Air: Trucking & Logistics Company
Risk to Business: 2.113 = Severe
Another trucking company gotbhit with ransomware this week, as attacks on shipping and logistcs targets continue to surge. Forward Air toook the hit this time from a ransomware gang that’s just coming on the scene, Hades. Operations and we services were disrupted, and recovery is ongoing.
Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is increasingly being used to disrupt business operations instead of just snatch business data, and that’s equally bad news for every company.
United States – TennCare
https://www.wkrn.com/news/tenncare-announces-privacy-breach-impacting-3300-members/
Exploit: Insider Incident (Accidental)
TennCare: Medicaid Services Agency
Risk to Business: 2.602 = Moderate
A blunder at TennCare has led to the exposure of personally identifiable information for about 3,300 Medicaid patients in Tennesee. Employees at an information processing vendor mistakenly sent out misaddressed mailers that may have contained protected health information to the wrong recipients.
Individual Risk: 2.771 = Moderate
The state has set up a hotline for members to find out if they’re at risk by calling (833) 754-1793. The state will also be providing free credit monitoring for breach victims. TennCare users should be wary of potential spear phishing and financial scams using this information.
Customers Impacted: 3.300
How it Could Affect Your Customers’ Business To err is human…unfortunately. But increased security awareness training can help reduce a company’s chance of experiencing a damaging security incident by up to 70%.
United States – TaskRabbit
Exploit: Credential Stuffing
TaskRabbit: Microlabor Marketplace
Risk to Business: 2.803 = Moderate
Users of the Boston-based gig work platform TaskRabbit were surprised to get forced password reset notices when they logged in over the weekend. The company says it stopped a credential stuffing attack and did not suffer a breach or intrusion, but is having users reset their passwords “out of an abundance of caution”. The incident is still under investigation.
Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing attacks can be devastating. In this case, TaskRabbit got lucky, but they may not be as fortunate next time.
The Week in Breach News – Canada
Canada – Sangoma Technologies
Exploit: Ransomware
Sangoma Technologies: VoIP Technology Provider
Risk to Business: 2.317 = Severe
FreePBX developer Sangoma Technologies received an unpleasant gift this holiday season – Conti ransomware. The gang published over 26 GB of Sangoma’s stolen data on their ransomware data leak site includes files containing information on accounting, financials, acquisitions, employee benefits and salary, and legal documents. The incident did not impact products or client data.
Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: More municipalities are finding themselves in the crosshairs of cybercriminals looking to make a quick profit than ever. Your customers need solutions that protect their data from risks today and tomorrow, but tough times and tight budgets may be standing in the way of closing that sale.
The Week in Breach News – United Kingdom & European Union
United Kingdom – The Hospital Group
https://securityaffairs.co/wordpress/112637/cyber-crime/the-hospital-group-revil.html
Exploit: Ransomware
The Hospital Group: Private Cosmetic Surgery Services
Risk to Business: 1.702 = Severe
The REvil ransomware gang is claiming responsibility for a data breach at celebrity plastic surgery clinic chain The Hospital Group. The ransomware operators say that they’ve hacked essential data storage systems and have threatened to release before-and-after pictures of celebrity clients from their stash of more than 600 GB of data if the ransom is not paid, but no word on how much they’re asking for.
Individual Impact: No individual or personal data has yet been exposed, but that may change as events progress.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is no joke, and gangs can damage your business quickly by selectively stealing especially sensitive information about your clients.
United Kingdom – NOW: Pensions
https://www.theregister.com/2020/12/22/data_breach_now_pensions/
Exploit: Insider Incident (Accidental)
NOW:Pensions : Workplace Pension Services
Risk to Business: 1.667 = Severe
NOW: Pensions recently informed clients of a contractor error that led to information exposure. The company explained that user data was “unintentionally” posted on an unnamed public forum, with data exposed between 12/11/20 and 12/14/20, and reportedly accessed by “a small number of third parties. Appropriate authorities have been informed and the incident is under investigation.
Individual Impact: 1.701 = Severe
The exposed records include biographical data for pensioners (names, email addresses, and dates of birth) as well as National Insurance numbers. The company is offering impacted clients credit and identity theft monitoring. Clients should be aware of phishing and fraud attempts mounted using this data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This complex incident will be a nightmare to unravel, even if it was actually an accident. By allowing the wrong person access to client data, that data was compromised and this company faces big bills ahead.
Scotland – Scottish Environmental Protection Agency
https://news.stv.tv/scotland/scottish-environment-protection-agency-targeted-in-cyberattack?top
Exploit: Hacking
Scottish Environmental Protection Agency (SEPA) – National Environmental Regulatory Authority
Risk to Business: 2.107 = Severe
A hacking incident at SEPA has left some services offline but not severely impacted important data or functions. The Christamas Eve attack knocked communication into and across the organization offline, but core regulatory, monitoring, flood forecasting, and warning services continued unimpeded. The incident is under investigation, and complete restoration is anticipated quickly.
Individual Impact: No personal data was reported as exposed in this incident
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybersecurity incidents can come in all shapes and sizes, and may even only impact part of your business as cybercriminals refine their attacks to continue the trend of becoming more precise in the future.
Spain – 21 Buttons
https://www.hackread.com/fashion-marketplace-21-buttons-expose-users-data/
Exploit: Misconfiguration
21 Buttons: Fashion Social Network
Risk to Business: 1.511 = Severe
A misconfigured AWS bucket has led to the exposure of personal data for hundreds of influencers and fashion industry fans after security researchers discovered a gaping hole in the platform. The app, which has been downloaded more than 5 million times, allows users to trade and share content as well as enabling e-commerce. This security issue wasn’t fixed for at least a month, exposing the personal and financial data of the platform’s users to anyone who cared to see it.
Risk to Business: 1.762 = Severe
Over 50 million files were available and exposed in this incident including payment data for influencers, company invoices, users’ full names and addresses, financial information such as bank account numbers, PayPal email addresses, photos, and videos.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This kind of information is valuable, and cybercriminals know that they can make a pretty penny on it in the booming Dark Web data markets.
The Week in Breach News – Asia-Pacific
Japan – Koei Tecmo
https://securereading.com/koei-tecmo-suffers-data-breach-stolen-data-exposed/
Exploit: Spear Phishing
Koei Tecmo: Videogame and Anime Studio
Risk to Business: 1.802 = Severe
Japanese game and media company Koei Tecmo experienced a data breach that impacted users of its European and American sites. The company’s stable includes Hyrule Warriors, Nioh 2, Atelier Ryza, Dead or Alive, and others. An unnamed threat actor claims to have stolen a forum database through Koei Tecmo’s European user portal with 65,000 users and implanted a web shell on the site for continuous access. The company confirmed that the breach only affected the forum and not any other parts of the site, and that no financial data was involved.
Individual Risk: 2.771 = Moderate
Users of the European and American potals to the company’s forums should be aware of potential phishing attempts or fraud using information from stolen forum user accounts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: From the biggest companies to the smallest, phishing is a threat that doesn’t discriminate. It’s a beloved tool for cybercriminals because it works.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Briefing
Data Harvesting Increases Dark Web Threat Pool
While the biggest cybersecurity news stories have been about phishing and nation-state hacking this year, It’s never wise for any cybersecurity professional to take their eyes of the Dark Web for long. As splashy stories like the Twitter hack and the recent Federal hacking scandal have absorbed every one’s attention, the Dark Web has remained active, and it’s been growing at a strong pace – which s definitely bad news for businesses.
One major factor that has contributed to the growth of the Dark Web in 2020 and the corresponding growth in Dark Web threats is an explosive increase in data harvesting. China has been in the lead of these operations, gathering and exposing data about everything from social media posts made by prominent Americans and US military officials to contact information for the children and relatives of people who work in influential positions in government or the arts.
This kind of information is widely leveraged by cybercriminals to conduct precisely targeted spear phishing operations. The goal of these data miners is to find ways to push their targets’ buttons without raising suspicion. By gathering very detailed information about these folks’ likes, dislikes, patterns, locations, families, and other aspects of their lives, data harvesting operations enable bad actors to socially engineer successful attacks.
That’s why it’s essential to remember that just because it’s not in the spotlight, that doesn’t mean that the Dark Web is less of a threat. Information like this is traded in Dark Web markets every day, and deals are constantly being brokered for valuable personal information about the targets of cybercrime. More than 80% of businesses have seen an increase in cybercrime in 2020, especially phishing and spear phishing threats (which shot up by more than 600% in 2020).
Your clients need reliable, affordable, professional Dark Web monitoring. While many businesses are looking for ways to trim their budgets and save money by decreasing their reliance on outside service providers, it’s critical to their overall cybersecurity posture that your clients understand that Dark Web monitoring is not a DIY proposition – only highly trained analysts and cybersecurity experts know where to look for Dark Web danger and how to interpret the data that they find there.
The Week in Breach: Need to Know
2021 Trend Watch: Ransomware Never Goes Out of Style
Ransomware is the monster under the bed that every company should be worried about these days. From stealing data to disrupting operations and even nation-state hacking, ransomware was a favored tool of cybercriminals worldwide in 2020 – and that looks set to continue in 2021.
Ransomware surged at the start of the pandemic, with an incredible 148% increase in attacks in March 2020alone. In Q3 2020, researchers estimate that cybercriminals successfully completed at least 1 new ransomware attack every day. That’s not a trend that your business wants to get in on.
Protecting your business from cybercrime like ransomware starts with building a strong cybersecurity culture. It’s important to make sure that every one of your staffers is up to date on the latest threats and following cybersecurity best practices – after all, they’re part of your security team too.
Take smart precautions now to ensure that your business isn’t a trendsetter because no company can afford to be a part of the expected wave of continued growth in ransomware attacks in 2021.