The Week in Breach: 02/10/21-02/16/21

 

This week a Florida municipal water plant breach raises alarm and ransomware impacts hospital care in France.


 

United States – Syracuse University

http://dailyorange.com/2021/02/names-social-security-numbers-of-syracuse-university-students-exposed-in-data-breach/ 

Exploit: Unauthorized Access to Email

Syracuse University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.379 = Severe

An unknown party gained unauthorized access to an employee’s email account at Syracuse University. The university launched an investigation with a third party firm that determined in early January that emails and attachments in the account that had been improperly accessed did contain names and Social Security numbers of students, and those affected who have been informed by letter.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.347 = Severe

Impacted students may have had names and Social Security numbers exposed. officials aren’t clear on how much data was stolen or who may have taken it. Students should be alert to potential identity theft or spear phishing attempts

Customers Impacted: 10,000

How it Could Affect Your Customers’ Business: Data like this is a currency on the Dark Web, and it can hang around for years acting as fuel for future cybercrime like phishing.

United States – Chess.com

https://www.hackread.com/vulnerability-chess-com-50-million-user-records-accessed/

Exploit: Security Vulnerability

Chess.com: Gaming and Resource Site 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe

Security researchers found a critical bunch of vulnerabilities in chess.com’s API. The flaws could have been exploited to access any account on the site. They could also be used to gain full access to the site through its administrator panel. The website quickly fixed the problem after they were informed. There’s no current evidence that it was accessed by bad actors before it was patched.

Customers Impacted: 50 million

How it Could Affect Your Customers’ Business Security vulnerabilities can lead companies down dangerous paths and expose them to unexpected risks. Building a strong security culture helps make sure everyone is on the same page when it comes to data protection.


United States – Nebraska Medicine

https://apnews.com/article/technology-data-privacy-nebraska-94d8a76d2b772a3014773023c989d71a

Exploit:  Malware

Nebraska Medicine: Health System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.663 = Severe

Nebraska Medicine and the University of Nebraska Medical Center have begun notifying patients and employees whose personal information may have been compromised in a breach in late 2020. Bad actors gained access to Nebraska Medicine and UNMC’s shared network using unnamed malware. The breach led to the interruption of some services including the postponement of patient appointments and required staff in the system’s hospitals and clinics to chart by hand.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.101 = Severe

Nebraska Medicine officials say that the incident did not result in unauthorized access to the health system’s shared electronic medical record application. However, an unspecified number of records that included information such as names, addresses, health insurance data, Social Security numbers and clinical information was compromised. Patients and employees should carefully watch for identity theft, spear phishing or fraud attempts using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware isn’t the only kid on the block when it comes to causing a data breach – many types of malware are available for bad actors to use, and they can do devastating damage without the ransom.


United States – Oldsmar Water Treatment Plant

https://threatpost.com/florida-water-plant-hack-credentials-breach/163919/

Exploit: Credential Compromise

Oldsmar Water Treatment: Municipal Water System Plant 

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.022 = Severe

In an attack that made national headlines, bad actors are suspected of using stolen credentials to access operational systems at a Florida wastewater treatment plant. The attackers likely used remote access software to enter the operations system with the intent of changing the level of sodium hydroxide, more commonly known as lye, in the water from 100 parts per million to 11,100 parts per million. Other systems detected the chemical change and stopped it before anyone was hurt. Officials suspect that the compromised credentials may have been part of a huge 2017 data dump.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Recycled, reused, and weak passwords can cause trouble for years, and that’s especially dangerous when they give access to critical infrastructure like this.



Canada – Canadian Discount Car and Truck Rentals

https://securereading.com/darkside-ransomware-gang-hits-canadian-rental-car-company/ 

Exploit: Ransomware

Canadian Discount Car and Truck Rentals: Vehicle Rental Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.668 = Severe

The DarkSide ransomware gang claims to have stolen 120 GB of data from Canadian Discount Car and Truck Rentals. The snatched data includes marketing, finance, account, banking and franchisee information. The company’s clients are also unable to book or manage rentals online.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware usually means phishing, today’s top threat to businesses. Every company can be hit by ransomware at any time. Employee training is vital to guard against this threat.


 


France – Dax-Cote de Argent Hospital

https://portswigger.net/daily-swig/dax-cote-dargent-hospital-in-france-hit-by-ransomware-attack 

Exploit: Ransomware

Dax-Cote de Argent Hospital: Medical Center 

cybersecurity news gauge indicating extreme risk

 

Risk to Business: 1.413 = Severe

A suspected Egregor ransomware attack has caused significant operational disruption at French medical center Dax-Cote de Argent Hospital. Staff were resorting to pen and paper for records, phone systems were knocked out of operation and critical departments including radiotherapy care were severely disrupted. Officials at the hospital system, which has six sites and around 1,000 beds, were quoted as saying that restoration of normal operations could be several weeks away.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is lurking around every corner, and it can have severe impacts on every organization, resulting in everything from stolen data to near-complete operational shutdown.


France – Mutuelle Nationale des Hospitaliers (MNH)

https://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/

Exploit: Ransomware

Mutuelle Nationale des Hospitaliers (MNH): Insurance Company 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.062 = Severe

RansomExx ransomware is to blame for an attack at French health insurance company Mutuelle Nationale des Hospitaliers (MNH) that has severely disrupted the company’s operations. The company’s website displays a notice stating that it has been affected by a cyberattack that started on February 5th. This attack has caused their websites, customer portal and telephone platform to go down. The attack is ongoing and under investigation, but operations are severely limited for clients.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware does more than just steal data these days, it is frequently used to halt operations altogether and bring companies to their knees as cybercriminals try for a fast payment from a simple phishing attack.

Poland – CD Projekt Red

https://www.theverge.com/2021/2/11/22278121/cd-projekt-red-ransomware-hack-cyberpunk-2077-the-witcher-3-auction-sale

Exploit: Ransomware

CD Projekt Red: Videogame Developer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.667 = Severe

Beleaguered game developer CD Projekt Red faces a new challenge as cybercriminals have obtained and auctioned off part or all of the source code for its biggest game properties including Thronebreaker: The Witcher Tales spinoff, The Witcher 3, a ray-traced version of The Witcher 3Cyberpunk 2077, virtual card game Gwent and copies of the company’s internal documents. Experts suspect HelloKitty ransomware is behind the attack.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can give cybercriminals access to your corporate secrets like source code of schematics that they can sell to enrich themselves and hurt your business.



Australia – QIMR Berghofer Medical Research Institute 

https://portswigger.net/daily-swig/australian-research-institute-confirms-likely-data-breach-after-third-party-accellion-hack

Exploit: Third Party Data Breach

QIMR Berghofer Medical Research Institute: Medical Research Facility 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Investigators handling a breach at QIMR Berghofer Medical Research Institute have announced that certain data stored in a file-sharing system from third-party service provider Accellion has been improperly accessed. Officials say that they were told that their data had been impacted by a breach at Accellion in December 2020, and subsequently discovered that around 4% of their data held by Accellion had been compromised. QIMR Berghofer said that it used Accellion’s services to share data related to clinical trials of anti-malaria drugs.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third party risk is everywhere, and as the world grows more interconnected with more outsourcing of things like data storage, every company must be cautious about protecting itself against third party risk.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


 

3 Smart Ways That MSPs & SMBs Can Beat Ransomware Together 


Ransomware threats have been continuing to climb, with a more than 40 percent increase in attacks in Q3 2020 alone. In a recent survey,  70 percent of MSPs report ransomware as the most common malware threat that they’re facing when working to secure to SMBs. The good news for recession-battered MSPs 50 percent of survey respondents said thattheir clients have increased their budget for IT security including solutions and training in 2020, but how can you utilize that spending power to maximize protection against threats like ransomware?

Educate


Encourage your clients to engage in increased and augmented security awareness and phishing resistance training. Far too many employees still get taken in by phishing. Proper security awareness training can reduce their chances of falling victim to phishing-based cyberattacks by up to 70 percent, as long as that training is updated every 3 – 4 months. Ransomware is commonly the poisoned cargo of a phishing email, and increasing phishing resistance is crucial for stopping it. Every business of every size in every industry is at risk of a damaging phishing attack. No one is immune.

Secure


Sometimes, even the most security-conscious employees make a mistake and click on a dodgy email or follow a bad link. Human error is a fact of life for every business. In a recent survey, common accidental employee behaviors cited as likely to result in cyberattacks include clicking on a malicious link or downloading a compromised file (43%), falling victim to phishing emails (39%) and unauthorized use of devices and applications (35%). Those are the kind of mistakes that can open the door to ransomware nightmares.

Make sure that you share that data with your clients. It’s important that they understand that no solution or plan is perfect – the biggest threat to any cybersecurity plan is people! So you and your client should work together to find and fill security gaps to add extra protection against human error. Secure identity and access management with Passly is the ideal jack-of-all-trades solution for budget-minded clients. Multifactor authentication alone mitigates against many of today’s most dangerous cyberattacks, and single sign-on plus remote management tools provide an excellent means to both increase access point security (something more than 75 percent of companies need to do), and quickly respond to attacks.


Prepare


What should your client do if they experience a ransomware attack? Having a plan in place for incident response is just as important as having the right solutions in securing systems and data against ransomware. Have you created an emergency response plan for each of your clients and reviewed it with them? Having a solid security response plan can save more than 30 percent of the cost of an incident, but only 21 percent of companies have one in place.

In today’s explosive cybersecurity world, your clients need to be ready for anything. Work with them to make sure that everyone is on the same page by building a solid cybersecurity incident response plan that fits their needs and update it as their business evolves. Part of building that plan should start with increasing their cyber resilience. It’s not good enough just to build defenses anymore, companies have to be ready to pivot to respond to today’s sophisticated cyberattacks and keep working.



Protect Against the Number One Cause of a Data Breach – Human Error


CISOs around the world agree – human error is the most dangerous threat that any cybersecurity plan can face. In a recent study, 55% of survey respondents noted that human error and lack of cybersecurity awareness is their top concern. Even though they were concerned, 44% of the survey respondents stated they did not know how to discover who should be counted among the most at-risk employees for a major mistake.

So how can an organization add protection that helps guard against damage done by employee cybersecurity mistakes if it doesn’t know who might be in line to make those mistakes? By adding a strong guardian that protects your systems and data from all sorts of cybersecurity disasters that’s both effective and cost-effective.

Every employee makes errors. Security awareness training and building a strong cybersecurity culture are important to reducing the incidence of mistakes, but you’ll never stop them all. By taking the proper precautions against damage caused by human error, you can keep your systems and data safe even when staffers aren’t on their toes.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 844.200.0549 today for your no-cost, no-obligation consultation.