The Week in Breach: 03/03/21-03/09/21

 
 

This week a hack at SITA with a wide ripple effect, nation-state actors sliding in through a Microsoft flaw, and how the pandemic has changed phishing for the worse.


United States – CallX 

https://www.infosecurity-magazine.com/news/telemarketing-biz-exposes-114000/

Exploit: Unsecured Server 

CallX: Telemarketing Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727 = Severe

An unsecured AWS S3 bucket has been leaking information gathered by CallX, whose analytics services are utilized by a wide array of companies including LendingTree, Liberty Mutual Insurance and Vivint to improve their media buying and inbound marketing. Discovered by researchers, 114,000 files were left publicly accessibly in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.447 = Extreme

Personally identifiable information (PII) contained in these files included full names, home addresses, phone numbers and call details. The leaked data can be used to launch spear phishing attacks and other fraud.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Information like this makes its way quickly to the bustling data markets and dumps on the dark web, seeding future trouble.


United States – Qualys

https://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks/

Exploit: Third-Party Breach (Ransomware)

Qualys: Cybersecurity & Cloud Development 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.412 = Extreme

Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. The Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm including purchase orders, invoices, tax documents and scan reports.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business It’s especially damaging for a cybersecurity company to fall victim to something like ransomware. Unfortunately, this problem came through a third-party partner, but potential customers may see a cybersecurity firm that can’t protect itself.


United States – PrismHR

https://www.bleepingcomputer.com/news/security/payroll-giant-prismhr-outage-likely-caused-by-ransomware-attack/

Exploit: Ransomware

PrismHR: Payroll Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.212 = Severe

A suspected ransomware attack has brought trouble to payroll giant Prism HR and its clients. PrismHR’s platform is experiencing a service outage as a result, which has led to smaller accountants, and their clients, to lose access to PrismHR’s customer portals.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can strike anytime, anywhere and companies of any size are vulnerable. Smart companies take proper precautions like increased security awareness training.


United States – Microsoft 

https://www.nytimes.com/2021/03/06/technology/microsoft-hack-china.html

Exploit: Nation-State Hacking 

Microsoft: Software Developer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

Microsoft is reporting a that suspected Chinese nation-state actors have exploited a flaw in Exchange that has given them some access to data or email accounts. The company estimates that 30,000 or so customers were affected. This flaw impacts a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers were able to steal emails and install malware to continue surveillance of their targets. Patches are available and should be installed immediately.

Individual Impact: No sensitive personal or financial information was announced as part of this incident from Microsoft directly, but organizations around the world will be conducting assessments with potentially wide-ranging fallouts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This is a tremendous problem for businesses of every size, and something that will be lingering for years for impacted organizations.


United Kingdom – Nova Education Trust

https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/

Exploit: Hacking

 Nova Education Trust: School System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

15 schools in the United Kingdom have been unable to provide online learning due to a cyberattack. According to Nova Education Trust, a threat actor was able to access the trust’s central network infrastructure and while an investigation took place, all existing phone, email and website communication was stalled. The 15 schools impacted by the central cybersecurity incident were not able to provide typical remote learning and teachers have been unable to upload learning materials. Alternative access is being used to keep schools open.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hackers have been a continued source of trouble for educational institutions as the pandemic forced learning online. Threat actors have used this opportunity to attack a sector with traditionally weak security and profit handsomely.


The Netherlands – Ticketcounter

https://www.bleepingcomputer.com/news/security/european-e-ticketing-platform-ticketcounter-extorted-in-data-breach/

Exploit: Hacking

Ticketcounter: Ticketing Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.603 = Severe

Ticketcounter, a platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue, suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.673 = Moderate

The data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords. People who use Ticketcounter should be aware of potential spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Unsecured servers are a rookie move. It pays to make sure that you’re following basic security procedures when storing or moving data.


France – European Banking Authority (EBA)

https://www.bbc.com/news/technology-56321567

Exploit: Third-Party Breach

European Banking Authority: Regulatory Agency

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.993 = Severe

The first dominos to fall in the massive Microsoft breach (see above) will be government entities in the US and Europe. Starting that trend, the European Banking Authority has announced that it’s been impacted. EBA officials say that personal data may have been accessed from its servers. The agency has taken its email system offline temporarily as part of its investigation and remediation process.

Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third-party and supply chain risk is amping up for every business as an interconnected world creates new openings for danger.


Switzerland – Adecco Group 

https://cybernews.com/security/5-million-adecco-com-users-data-leaked/

Exploit: Unsecured Database

Adecco Group: Staffing Firm 

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.913 = Severe

Security researchers visiting a hacking forum uncovered bad actors purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second-largest human resources and temp staffing provider in the world. About 5 million records were stolen from accounts in Peru, Brazil, Argentina, Colombia, Chile and Ecuador.

Individual Impact: No details about the type of information is available and an investigation is ongoing.

Customers Impacted: up to 5 million

How it Could Affect Your Customers’ Business: Make sure that you’re covering the easy baases by making sure that basic security protocols are being followed throughout your organization because embarrassing, damaging incidents like this can happen to you.


Switzerland – SITA Société Internationale de Télécommunications Aéronautiques (SITA) 

https://heimdalsecurity.com/blog/outspread-sita-security-breach-exposes-more-airlines/

Exploit: Hacking

SITA: Aviation IT 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.116 = Extreme

Aviation IT giant SITA has announced that it has experienced a hacking-related security breach that impacts airlines in the Star Alliance and the One World alliance. Those airlines include Singapore Airlines, Air New Zealand, British Airways, American Airlines, Lufthansa, Malaysia Airlines, Finnair, Japan Airlines, United Airlines, SAS, Cathay Pacific, and South Korean airline Juju Air. Customers were unable to access many functions within carriers’ online platforms including frequent flyer and ticketing information.

Individual Impact: The investigation is ongoing, but there is an expectation that cybercriminals may have been able to access some basic PII through various airlines’ accounts. No real detail is available.

Customers Impacted: Over 2 million

How it Could Affect Your Customers’ Business: Third-party incidents are unfortunate. They’re also a reality of the modern business world. Taking precautions on your side of the relationship by adding security measures like multifactor authentication (MFA) to blunt the impact of relationship risk.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Escalating Phishing Threats Are Still Capitalizing on Pandemic Pressure and Remote Workers 


Many things in the world have slowed down or are still stopped as we navigate the back end of the global COVID-19 pandemic. But one thing is having a major growth spurt with no end in sight: phishing. Across the board, phishing threats are the top cybersecurity menace that businesses face today and that threat meter is only going up.

Phishing increased 42% overall in 2020, while some categories and attack types like ransomware experienced triple-digit growth. That constantly growing menace rose 148% in March 2020 alone. Phishing threats took their biggest jump in Q2 2020, escalating an eye-popping 660% according to Google. Even in Q4 2020, the increase was lower but still epic: phishing was up more than 220%. Experts agree that phishing will continue to dominate the threat lanscape in 2021.

Cybercriminals are still milking the public’s thirst for information about COVID-19. In the early months of lockdowns and public health emergencies, bad actors grew adept at using pandemic lures and other crafty, socially-engineered tricks to take advantage of stress and anxiety, especially when it comes to targeting remote workers. More than 30% of the email sent overall in 2020 was a pandemic-themed phishing attempt, and a whopping 72% of all phishing email was COVID-19 themed.

Don’t Dismiss Increased Risk. These Solutions Can Help.


Securing systems and data against phishing is a multi-pronged operation. Combining multiple solutions for overlapping protection is important for ensuring that security gaps don’t appear for cybercriminals to exploit. Here are our recommendations for dealing with escalating phishing risk sensibly and affordably to secure your business and your clients.


Start Using Multifactor Authentication Now


The power of MFA to mitigate risk cannot be overstated. A major goal of cybercriminals who go phishing is capturing passwords and credentials – which they can do with great success. In the event that a staffer coughs up a password to cybercriminals, MFA can save an organization a world of hurt. On its own, MFA stops 99% of password-related cybercrime.


Upgrade Security Hygiene To Build Cyber Resilience


Prevent organizations from experiencing a cyberattack altogether is no longer a realistic option. Even a well-protected business is going to land in cybercriminal sights at some point in today’s elevated threat atmosphere. Not to mention constantly growing third-party and supply chain risk. The better goal to pursue for businesses is to prevent cybercriminals from gaining access to important data or gravely impacting business operations.

That’s why building cyber resilience is so important. By combining smart solutions, quality training, and savvy cybersecurity disaster planning, organizations can remain agile and able to function under adverse conditions, while experiencing a cyberattack. Malware like ransomware is often used to disrupt operations rather than stealing data, and a cyber resilient organization is ready to deal with that. 

Drill Phishing Resistance Constantly


No anti-phishing strategy is complete without fostering an improved security awareness culture, and that includes phishing resistance training. No matter how much anyone thinks that employees have been trained to spot and stop phishing, it’s not enough.  More than 60% of businesses do not do enough cybersecurity awareness or phishing resistance training, and that’s a problem – especially for remote workers.


Phishing Isn’t Slowing Down


This is definitely not going to be the year when phishing threats decrease. Cybercrime growth will continue to be explosive as the pandemic’s impact continues to squeeze the world economy. In Q4 2020, phishing threats were up 220% over Q42019, and similar growth is expected when Q1 2021 numbers come in. Don’t put off getting your customers in a strong position to overcome the challenges brought by this tidal wave of phishing. By taking the initiative to get ahead of the risk, they’ll be in a better place to ride out phishing trends throughout the year.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 844.200.0549 today for your no-cost, no-obligation consultation.