The Week in Breach: 02/12/20 – 02/18/20 | CloudSmart IT

The Week in Breach: 02/12/20 – 02/18/20

This week, companies are slow to stop phishing attacks, ransomware disrupts productivity, and IBM’s latest threat analysis outlines trends for 2020.

 

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: 
Domain
Top Industry: 
High-Tech & IT
Top Employee Count: 
501+ Employees 


United States – Altice USA 

https://www.newsday.com/business/altice-data-breach-employees-customers-1.41718432

Exploit: Phishing Attack
Altice USA: Cable and internet provider

extreme gaugeRisk to Small Business: 2 = Severe: A phishing scam tricked an employee into providing hackers with email credentials that were used to access and download inbox content remotely. Although the breach was announced on February 5th, the phishing scam was executed in November 2019. It wasn’t discovered until December 2019, which raises questions about the company’s data security capabilities and notification strategy. As a result, Altice USA will have a difficult time restoring customer confidence, which will be critical to recovering from this preventable data breach.
extreme gaugeIndividual Risk: 2.285 = Severe: Customers’ personal information was compromised in the breach. This includes Social Security numbers, birth dates, and other personal details. The company claims that financial information was untouched by the breach and is offering free identity and credit monitoring services for affected victims to protect compromised data.

Customers Impacted: 12,000
How it Could Affect Your Customers’ Business: Phishing attacks are easy to deploy, and they are devastating to companies compromised by malicious messages. Although security processes are unlikely to keep all phishing emails out of their employees’ inboxes, they can render the attacks useless by providing comprehensive awareness training that teaches and trains employees to identify phishing scams. 


United States – St. Louis Community College

https://edscoop.com/phishing-attack-exposes-personal-information-of-5000-at-community-college/

Exploit: Phishing Attack
St. Louis Community College: Public academic institution

twib-severeRisk to Small Business: 2.111 = Severe: Several employees fell for a phishing scam that compromised students’ personal information. The phishing scam, which took place on January 13th, happened just weeks before the school implemented two-factor authentication on January 31st. If this effective defensive measure was in place sooner, hackers would not have been able to access employee accounts, even after they provided their credentials on a phishing form. In response, the college is retraining employees who clicked on a phishing email, and they are updating their procedures to prevent a similar event in the future.
extreme gaugeIndividual Risk: 2.428 = Severe: Students’ personal data was compromised in the breach, including names, ID numbers, dates of birth, addresses, phone numbers, and email addresses. In addition, 71 students had their Social Security numbers stolen. This information can be used to execute identity fraud or to target victims with spear-phishing campaigns that could provide hackers with even more damaging personal data. Those impacted by the breach should enroll in credit and identity monitoring services to oversee the responsibility of identifying misuse, and they should carefully evaluate online communications for signs of a phishing scam.

Customers Impacted: 5,000
How it Could Affect Your Customers’ Business: This incident is a tragic reminder that, when it comes to data security, timing is everything. Phishing scam awareness training and two-factor authentication can go a long way toward protecting the company and customer data, but they need to be in place before an attack occurs. Therefore, installing proactive measures should be a top priority in the days and weeks ahead. 


Canada – eHealth 

https://www.cbc.ca/news/canada/saskatchewan/ransomware-ehealth-update-suspicious-ip-1.5455764

Exploit: Ransomware
eHealth: Private online health insurance marketplace

extreme gaugeRisk to Small Business: 2 = Severe: An IT forensic investigation of a ransomware attack targeting eHealth found that patients’ personal health data could have been compromised in the event. The ransomware attack, which we reported in early January, was originally thought to be limited to traditional data encryption. However, investigators discovered that some files were sent to an IP address unaffiliated with the company. Initially, the company announced that patient data was secure, making their latest announcement a troubling addendum to an already disastrous situation.
twib-severeIndividual Risk: 2 = Severe: eHealth declined to specify the types of personal data that could have been compromised in the breach, but PHI typically contains the most sensitive information. Therefore, those impacted by the breach should update their account credentials, monitor their accounts for unusual activity, and evaluate digital communications for signs of a phishing attack, which often follow a data breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Increasingly, cybercriminals are elevating the already-steep consequences of a ransomware attack by stealing company data before encrypting it. Not only does this provide bad actors with an insurance policy in case companies don’t pay the ransom, but it leaves businesses with even fewer options in the wake of an attack. When it comes to ransomware, the only real solution is to prevent these attacks before they occur. 


Netherlands – University of Maastricht

https://news.yahoo.com/university-maastricht-says-paid-hackers-163608508.html

Exploit: Ransomware
University of Maastricht: Public academic institution

twib-severeRisk to Small Business: 2.333 = Severe: The University of Maastricht paid a $220,000 ransom to unlock their email and network servers that had been encrypted since December 24th. Ultimately, university officials decided that paying the ransom would be more affordable than other alternatives, which included replacing the school’s entire IT system from scratch. Noting the deep damages to the school’s academic records, scientific work, and other data, authorities concluded that paying the significant sum was the only viable recovery option.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are searching for soft targets, organizations with weak or outdated cybersecurity standards, to target with ransomware. As this incident reveals when successful, ransomware attacks have costly implications. Simply put, every company has hundreds of thousands of reasons to prepare their defensive posture and address this increasingly potent threat.


Ireland – Translink 

https://www.irishnews.com/news/northernirelandnews/2020/02/07/news/translink-it-systems-targeted-in-suspected-ransomware-cyber-attack-1836604/

Exploit: Ransomware
Translink: Transportation network

twib-severeRisk to Small Business: 2 = Severe: A ransomware attack has disabled the company’s internal computer systems, causing communication and productivity loss throughout the organization. The network has been offline for more than a week as cybersecurity experts look for solutions that could enable the company to sidestep paying the ransom. However, even if the company can avoid paying cybercriminals to decrypt their network, productivity loss, reputational damage, and other IT expenses will ensure that this is a costly incident for the company.

Individual Risk: No personal information was compromised in the breach,

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are a common occurrence in today’s digital environment. Cybercriminals can easily purchase malware strains on the Dark Web and deploy their attacks with little impunity at a low cost. However, companies are not powerless in this regard. Closing off accessing points like outdated software and securing company accounts with two-factor authentication are both meaningful steps that any organization can take to avoid a costly ransomware attack. 


United Kingdom – London & Surrey Cycling Partnership 

https://www.bbc.com/news/uk-england-london-51456778

Exploit: Accidental data exposure
London & Surrey Cycling Partnership: Joint venture partnership

twib-severeRisk to Small Business: 2 = Severe: Some participants in the Ride London cycling event had their personal data compromised when their ballot results were sent to other participants. The popular event is typically oversubscribed, and the organization uses the ballots to select the participants. Unfortunately, this data breach brought considerable confusion to the event, leaving riders unsure if they were able to participate. In response, victims are speaking out in interviews with media outlets and across social media channels. While the company worked to minimize the fallout, this incident is an irrefutable black eye on an otherwise well-regarded event.
extreme gaugeIndividual Risk: 2.285 = Severe: The ballot information contained riders personally identifiable information, including their names, addresses, and dates of birth. This information can be used for a variety of nefarious purposes, and those impacted by the breach should consider enrolling in identity monitoring services while also carefully evaluating their online accounts and communications for evidence of fraud.

Customers Impacted: 2,100
How it Could Affect Your Customers’ Business: In today’s regulatory environment, even accidental data breaches can have serious consequences for any organization. With the possibility of financial penalties and other repercussions looming, every company needs to prioritize compliance by ensuring that they are taking every step to secure their users’ personal data. 


New Zealand – Generate

https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12308117

Exploit: Unauthorized database access
Generate: Voluntary, work-based savings initiative

extreme gaugeRisk to Small Business: 1.888 = Severe: Hackers accessed and downloaded customers’ personal data in a holiday heist that wasn’t identified until January 27th. The data breach, which did not include investor funds, is a serious privacy violation for its users, and the company’s slow identification and delayed response will only make matters worse. Now, the company faces an uphill battle to restore customer trust, which will be crucial to maintaining a competitive edge in an already crowded marketplace.
extreme gaugeIndividual Risk: 2 = Severe: Customers’ personal data was compromised in the breach. This includes photographic ID images, tax document numbers, names, and addresses. This information puts victims at risk of identity theft or financial fraud, and victims should enroll in credit and identity monitoring services to protect their credentials’ long-term integrity. Moreover, Generate is asking all users to reset their account passwords.

Customers Impacted: 26,000
How it Could Affect Your Customers’ Business: Customers are growing weary of working with companies that can’t protect their personal data. Since they often have many options to choose from, a data security incident could be the differentiator that encourages customers to take their business elsewhere. In today’s digital landscape, data security is a bottom-line issue that companies can’t take seriously enough. 


Australia – Ashley Madison 

https://www.dailymaverick.co.za/article/2020-02-13-nedbank-client-records-stolen-in-online-heist/

Exploit: Unauthorized database access
Ashley Madison: Adult romance website

extreme gaugeRisk to Small Business: 2 = Severe: Cybercriminals are redeploying data from Ashley Madison’s 2016 data breach to target Australian users with sextortion emails. These messages contain intimate and highly personal information gleaned from the breach, and cybercriminals are threatening to publicly release the information if victims don’t pay a Bitcoin ransom. The emails are highly personalized and include sensitive personal details derived from the initial data breach. While it’s easy to write-off a data breach at an adult website, it reflects the IT environment experienced by any company that collects personal data, and the many ways that hackers exploit that information to make money.
extreme gaugeIndividual Risk: 2.142= Severe: The personalized emails include users’ names, bank account numbers, phone numbers, addresses, and dates of birth. It also contains private content and communications conducted on the website.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches impact more than just a company’s bottom-line. They often have tangible consequences for each individual compromised in a breach, and even years after a breach, they can continually reappear, causing personal, psychological, and financial trouble for victims. It should encourage every company to take every step possible to protect personal data. 


Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.




In Other News:

IBM Threat Report Presents Risks for 2020 

The latest IBM threat report examines the most prescient threats facing business in 2020, and its findings should alarm cybersecurity leaders. Notably, the report found that hackers are not turning to overly sophisticated techniques to access company IT. Rather, they are relying on the deluge of personal data already available to access an organization’s infrastructure. When those methods fail, many are deploying phishing scams as a cheap, relatively safe way to compromise employee credentials.

According to IBM, phishing attacks and unauthorized credential use were two of the most prominent attack methodologies, with the exploitation of vulnerabilities completing a risk triumvirate for companies to address in the year ahead.

The report’s silver lining is that companies are not powerless against these threats. Employee awareness training can render these attacks useless, and integrated two-factor authentication can prevent unauthorized account access even when credentials are compromised. Together, they present a meaningful way for every company to protect itself against the most likely threats in the year ahead.

https://securityintelligence.com/posts/x-force-threat-intelligence-index-reveals-top-cybersecurity-risks-of-2020/

 



Ransomware Attacks Are Driving Up Cyber Insurance Rates 

Ransomware attacks were one of the defining cybersecurity threats of 2019, and just one month into 2020, it’s clear that bad actors will continue to deploy this malware to capitalize on their criminality. As companies grapple with the implications of this new reality, many are turning to cybersecurity insurance as a way to offset the cost and consequences of an attack. Unfortunately, ransomware attacks have become so common that cyber insurance rates have soared in response.

According to some reports, cybersecurity insurance has increased by as much as 25% in the past year. At the same time, insurance companies are expanding their offerings, adapting their business model for shifting data security and regulatory landscape. However, companies relying on cyber insurance will likely be disappointed as payouts rarely cover the cost of an attack, and increasingly high premiums make it an affordable option to begin with.

Instead, many organizations would be better off investing in a robust defense strategy that can defend against a ransomware attack before it happens. It’s the only way to truly avoid the escalating costs and consequences of a ransomware attack.

https://www.cpomagazine.com/cyber-security/ransomware-attacks-are-causing-cyber-insurance-rates-to-go-through-the-roof-premiums-up-as-much-as-25-percent/ 


Data Breach Lists by State:

There are a lot of U.S. state agencies that publish lists of reported data breaches in their respective states. We created a chart of published lists and will keep this updated:

STATEBREACHES
California1,806 (2012-present)
Delaware47 (2018-present)
Hawaii61 (2007-present)
Indiana5,207 (2014-present)
Iowa223 (2011-present)
Maine2,653 (2010-present)
Maryland4,487 (2015-present)
Massachusetts14,298 (2007-present)
Montana1,695 (2015-present)
New Hampshire2,786 (2007-present)
New Jersey152 (2017-present)
North Carolina6,230 (2005-present)
North Dakota56
Oregon377 (2015-present)
South Carolina568
Vermont536 (2017-2020)
Virginia3,244 (2012-2018)
Washington342 (2015-2019)
Wisconsin166 (2012-2019)
View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.