This Week in Breach News:
It may be a new year, but cybercriminals are up to the same old tricks around the world. Old-fashioned hacking nails Kawasaki, T-Mobile and Promutuel.
The Week in Breach News – United States
United States – Whirlpool
Exploit: Ransomware
Whirlpool: Appliance Manufacturer
Risk to Business: 2.311 = Severe
The Nefilim ransomware gang struck at Whirlpool, stealing data but not impacting manufacturing operations. The gang claims that the files it published were obtained from Whirlpool during a ransomware attack in December 2020. The leaked data appeared to be proprietary and staff information including documents related to employee benefits, accommodation requests, medical information requests, background checks, and more.
Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While using ransomware to disrupt manufacturing or operations has been in vogue recently, it’s still a favored tool for cybercriminals to use in a classic data grab.
United States – GetSchooled
Exploit: Unsecured Database
GetSchooled: Education Non-Profit
Risk to Business: 2.302 = Severe
An unsecured database at education charity operation GetSchooled left personally identifiable information exposed for more than 900K students, ranging from 10-year-olds to college students. GetSchooled is an arm of the Bill and Melinda Gates Foundation that encourages educational achievement for students in need through gamification, personalized support, and content development. The database was left open and exposed for approximately one month.
Individual Risk: 2.271 = Severe
The exposed information includes personally identifiable information of students including children, teenagers and young adults. Some of the information left exposed in this incident was very detailed including full addresses, schools, phone numbers and emails, graduation details, ages, genders.
Customers Impacted: 930,000
How it Could Affect Your Customers’ Business Failing to secure a database is a rookie mistake, and especially embarrassing (and dangerous) for a charity that primarily serves minors.
United States – Door Controls USA
Exploit: Ransomware
Door Controls USA: Door Parts Distributor
Risk to Business: 2.083 = Severe
Hackers have leaked more than 140 GB of confidential and proprietary information from Texas-based Door Controls USA after the company failed to pay a requested ransom. The information is sorted into two categories, with one containing assorted documents related to company financials and accounting information including credit card statements, while the other is dedicated to sensitive research and development data, blueprints, schematics, product plans, and manufacturing instructions for a variety of door parts.
Individual Impact: No personal data was reported as exposed in the incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Information like this can live forever on the Dark Web. Manufacturing data like blueprints spec sheets, research and development files, schema, product plans and similar specific product information is a hot seller in Dark Web markets
United States – T-Mobile
Exploit: Hacking
T-Mobile: Mobile Device Network Provider
Risk to Business: 2.383 = Severe
T-Mobile has found itself embroiled in a “malicious hacking incident” that has resulted in data exposure for an estimated 200,000 clients. The company said in a statement that Customer proprietary network information (CPNI) was accessed and may have included phone numbers, the number of lines on the account and call-related information.
Individual Risk: 2.280 = Severe
T-Mobile maintains that only a small fraction of its clients were impacted in the incident, and the company has sent text messages to the affected account holders. T-Mobile customers should be cautious about potential phishing attempts through text or email using this data.
Customers Impacted: 200,000 estimated
How it Could Affect Your Customers’ Business: It’s not all ransomware these days – good old-fashioned hacking is still a risk that every business faces. When information like this makes its way to the Dark Web, it makes hackers’ jobs easier.
United States – Aetna
Exploit: Malicious Insider
Aetna: Insurance Company
Risk to Business: 1.928 = Severe
Aetna is in hot water after a debacle that involved a contractor BEC and phishing in an explosive insider incident. On Sept. 28, Aetna was informed that an EyeMed email account was accessed by an unauthorized individual and that phishing emails were sent to addresses contained in the mailbox. The email account contained information about individuals who previously or currently receive vision-related services through EyeMed, including Aetna customers.
Risk to Business: 2.122 = Severe
The information that may have been accessed included names, addresses, dates of birth and vision insurance accounts/identification numbers. In some cases, full or partial Social Security numbers, birth or marriage certificates, medical diagnoses and conditions, treatment information or financial information may have been accessed. Customers of Aetna that use EyeMed should be wary of potential spear phishing and identity theft. EyeMed is mailing letters to affected individuals and has established a dedicated call center to answer any questions and concerns. It is also offering free credit monitoring and identity protection services for two years.
Customers Impacted: 500,000 estimated
How it Could Affect Your Customers’ Business: Insider threats are one of the most overlooked high-damage cybersecurity threats. No one wants to believe that their employees are out to get them, but even non-malicious insiders can do massive damage fast.
The Week in Breach News – Canada
Canada – Promutuel Assurance
https://www.atlas-mag.net/en/article/cyber-attack-on-promutuel-insurance-a-canadian-company
Exploit: Hacking
Promutuel Assurance: Insurance Company
Risk to Business: 2.771 = Extreme
A convoluted hacking incident has done so much damage at Promutuel Assurance that it is still impacting operations. The company has disclosed that this incident has widely affected its IT environment leading to a total shutdown of systems. Restoration, recovery and investigation efforts are underway, and some services have already been revived.
Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: It only takes one cyberattack to bring a business to a screeching halt. Make sure all of your cybersecurity bases are covered and don’t leave anything to chance.
The Week in Breach News – United Kingdom & European Union
Belgium – General Medical Laboratory (AML)
Exploit: Ransomware
General Medical Laboratory (AML): Medical Testing Laboratories
Risk to Business: 1.702 = Severe
Ransomware came calling at Antwerp’s AML, bringing testing operations to a halt at a very bad time. AML is the largest COVID-19 testing laboratory in Belgium, handling thousands of tests daily as well as other medical laboratory work. The company chose to pursue shutdown and restoration instead of paying the ransom.
Individual Impact: No individual or personal data has been reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is no joke, and gangs can do massive damage to strategic targets in order to create maximum disruption to encourage payment. They’ve been especially disruptive throughout the pandemic to healthcare targets.
Germany – Funke Media Group
https://www.euroweeklynews.com/2020/12/30/massive-cyber-attack-takes-down-major-german-newsgroup/
Exploit: Ransomware
Funke Media Group: News Reporting Organization
Risk to Business: 1.827 = Severe
A devastating ransomware attack limited operations at one of Germany’s biggest news outfits. Funke Media Group publishes more than 100 newspapers, magazines, and news reports. The company was reduced to offering only limited editions of some publications and eliminate others completely for the publishing window as it begins investigation and restoration efforts.
Individual Impact: No individual or personal data has been reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can shut you down in no time. Don’t take chances, take precautions against the number 1 delivery system of ransomware: Phishing.
The Week in Breach News – Asia-Pacific
India – IndiGo
https://archives.nseindia.com/corporate/INDIGO_31122020213848_Disclosurereg30PressRelease311220.pdf
Exploit: Ransomware
IndiGo: Airline
Risk to Business: 2.311 = Severe
Low-cost airline IndiGo has announced that it was hit by an unnamed ransomware gang in December 2020, and the gang was able to exfiltrate company data. No specifics have been given on exactly what data was taken, although the company maintains that only corporate information was accessed, not customer data.
Individual Impact: No individual or personal data has yet been reported as exposed, but that may change as events progress.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even one click on one malicious phishing link can spell disaster for your company. Make sure every staffer is onboard to guard your business from phishing.
Japan – Kawasaki Heavy Industries Aerospace Co.
http://techgenix.com/kawasaki-reports-data-breach/
Exploit: Hacking
Kawasaki Heavy Industries Aerospace Co.: Aerospace Technology Manufacturing
Risk to Business: 1.802 = Severe
Kawasaki Heavy Industries Aerospace Co., the maker of defense systems, aircraft and space exploration components, uncovered a data breach that impacted its information storage. The company is investigating the incident but inclined to attribute the attack to sophisticated, nation-state hackers.
Individual Impact: No individual or personal data has been reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Nation-state hacking is an increasingly pernicious problem for major defense players as hacking operations grow more precisely targeted.
The Week in Breach News Guide to Our Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Briefing
5 Cybersecurity Trends to Expect in 2021
As we recover from the tumultuous year that was 2020, it’s time to take a look forward at what we expect to see in 2021. Have you been working on your 2021 cybersecurity plan? Do you have a handle on what cybersecurity pitfalls might lie ahead? Here are our predictions for five cybersecurity trends that we expect to see front and center in 2021, and how you can protect your business and your clients from trouble.
Ransomware
PREDICTION: Ransomware risk will continue to climb as it remains to be the favorite tool of cybercriminals everywhere. It’s easy to operate, financially rewarding, and devastatingly effective. This year’s ransomware trend will be a bigger focus on disrupting operations instead of just stealing data.
SOLUTION: Whether it’s being deployed by a cybercrime gang or nation-state hackers, the top delivery system for ransomware is through a malicious phishing email. Enlist every staffer in the fight against ransomware by training them to spot and stop phishing attacks.
Cybercrime as a Service
PREDICTION: As economic challenges continue around the world, that squeeze will translate into more people looking for more ways to make money on the Dark Web. Malicious insiders, cybercriminals, data brokers, hackers and all manner of folks will propel the cybercrime-as-a-service industry to new heights this year.
SOLUTION: It pays to watch for Dark Web danger from both inside and outside your business. Not only does monitoring your business credentials 24/7/365 with Dark Web ID give businesses an essential early warning system against credential compromise, but it also gives businesses a way to make sure none of their staffers are making extra money by selling their credentials on the Dark Web.
Nation-State Hacking
PREDICTION: Not only will nation-state hackers continue to be a menace to government and public sector organizations worldwide, but it will also become a bigger problem for average businesses, especially companies that provide essential services. Innovations like extremely precise spear phishing and weaponized ransomware will lead to more nation-state hacking incidents.
SOLUTION: Add protection against the favored tools of nation-state hackers: ransomware, phishing, credential compromise and malware deployment.
Phishing
PREDICTION: Phishing will continue to be the king of cyberattacks, serving as a launching pad for everything from ransomware to business email compromise. Cybercriminals will increasingly branch out from traditional phishing vectors, although the classics will remain popular. Expect increases in phishing via messaging and chat app, SMS, text, and even by phone as cybercriminals search for security gaps to exploit.
SOLUTION: Every business must make phishing resistance training a top priority. Regular training, at least quarterly, prevents up to 70% of cybercrime incidents. BullPhish ID not only includes 4 new plug and play simulated phishing campaigns a month to keep staffers up to date about the latest threats, we’re upgrading the training to include smishning, vishing and more starting soon.
Remote Work
PREDICTION: Slow vaccine rollouts, disease outbreaks, and movement issues will extend the reliance on a remote workforce. Some companies will decide that saving money and increased employee satisfaction means they’re never transitioning back to full-time in-office operations. This means that every company needs to invest in secure identity and access management to formalize its support of a remote workforce instead of relying on ad hoc systems spawned at the start of the pandemic.
SOLUTION: We can help you get started with multifactor authentication, single sign-on, secure shared password vaults, easy remote management and seamless integration.
The Week in Breach: Need to Know
Your Staff’s IoT Holiday Bounty Can Put Your Security at Risk
As we head into a new year, everyone’s starting to show off the exciting Internet of Things (IoT) gadgets that they got during the holiday season. Voice-controlled lightbulbs! Digital assistants! Smart speakers! While all of these devices are fun and convenient, they’re not just bringing futuristic flair to your employees’ lives – they’re also bringing risks to your business that you may not be expecting.
How? IoT devices are connected to each other and the outside world via WiFi. This gives hackers an opportunity to strike by exploiting vulnerabilities in these devices to gain access to the network that they’re connected to – and eventually your network.
Many IoT devices are helpful and even necessary, like video doorbells that allow movement-impaired folks to see who is at the door. Explosive growth in the IoT market also means that these devices aren’t going away anytime soon, and that more IoT devices will be entering our lives regularly.
It’s not feasible to avoid having any IoT devices connect to a network that connects to your company’s data and systems, especially as many companies continue working remotely because of the ongoing global pandemic. But it is feasible to add safeguards that will stand between your business and the danger presented by IoT devices.