The Week in Breach: 05/22/19 – 05/28/19 | CloudSmart IT

The Week in Breach: 05/22/19 – 05/28/19

This week, the tech unicorn Canva endures a significant data breach, local government agencies are under attack, and Canada sees a spike in malicious emails. 

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry: 
Manufacturing
Top Employee Count: 
11 – 50 Employees


Exploit: Unauthorized database access
The George Institute of Technology: Public research university based in Atlanta, Georgia

United States – The Georgia Institute of Technology (Georgia Tech)
https://finance.yahoo.com/news/georgia-tech-notifies-community-security-140000215.html

Exploit: Unauthorized database access
The George Institute of Technology: Public research university based in Atlanta, Georgia

 Risk to Small Business: 1.555 = Severe: Hackers were able to infiltrate the Institute’s databases that were storing sensitive personal information on current and former students and employees. After identifying an unauthorized user sending queries through an Institute web server, Georgia Tech began an investigation and executed a few countermeasures to secure their ecosystem. Not only will Tech be on the hook for providing credit and identity monitoring services to affected individuals, but they will also deal with scrutiny from current students, employees, and even alumni.
                                             Individual Risk: 2.285 = Severe: According to an official statement from Georgia Tech, the information accessed varies by individual, but it could include names, addresses, Institute ID numbers, dates of birth, and social security numbers. This breach could extend to students, faculty, staff, alumni, applicants, and affiliates. Anyone with ties to Georgia Tech should enroll in identity theft protection services and stay vigilant for potential compromises or fraud attempts.

Customers Impacted: 1,265
How it Could Affect Your Customers’ Business: Failing to understand your organization’s threat landscape can have significant consequences in today’s digital environment. In this case, hackers had access to the university’s database for nearly four months, making it evident that their security standards were not adequate to address relevant threats. Particularly when your university is seen as a premier technological institution, failure in this regard is entirely preventable, embarrassing, and unacceptable.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United States – Louisville Regional Airport Authority
https://www.scmagazine.com/home/security-news/louisville-regional-airport-authority-grounded-by-ransomware-attack/

Exploit: Ransomware
Louisville Regional Airport Authority: Municipal corporation responsible for owning, operating, and developing Louisville International Airport and Bowman Field

 Risk to Small Business: 2.111 = Severe: Hackers were able to install ransomware on the airport’s network system, encrypting localized files for two airports, the Louisville Muhammad Ali International Airport and Bowman Field. Fortunately, the organization was prepared for such an incident, and they are restoring their files from backups rather than paying the ransom. While the ransomware was restricted to localized files that are unaffiliated with the organization’s operations or security systems, it’s always concerning when critical infrastructure is tangentially impacted by security vulnerabilities.
 Individual Risk: 3 = Moderate: There is no indication that personal information was compromised as part of this breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a growing threat among SMBs. Since it is often injected into a company’s network through phishing scams or other employee errors, consider partnering with an MSP that has the tools to train employees and prevent phishing attacks.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United States – Perceptics
https://www.vice.com/en_us/article/qv7zxx/perceptics-license-plate-readers-hacked

Exploit: Network compromise
Perceptics: Maker and distributor of license plate readers, under-vehicle cameras, and driver cameras

 Risk to Small Business: 1.444 = Extreme:A hacker using the pseudonym “Boris Bullet-Dodger” gained access to the company’s database and exfiltrated hundreds of gigabytes of data, which he subsequently published on the Dark Web. In total, more than 65,000 files were stolen including data directly from employee laptops. In total, the data breach included information from the access databases, ERP databases, HR records, Microsoft SQL Server data stores, business plans, financial figures, and personal information.
 Individual Risk: 2.142 = Severe: The trove of data released by this hack compromised personal information, and the extent of the hack makes it difficult to know precisely what data was taken. However, evidence that hackers accessed employees’ desktops, denoted through the presence of music stored on user computers, suggests that the information exposed could be extensive.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Responding to a breach of this scope is complicated. Managing the PR fallout is a significant responsibility, but an organization’s most important function is to support those whose information is posted on the Dark Web. In the event of a data breach, knowing what happens to your data is critical, and partnering with a qualified MSP can make all the difference.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United States – Shubert Organization
https://www.forbes.com/sites/marchershberg/2019/05/23/shubert-organization-suffers-data-breach/

Exploit: Employee email account breach
Shubert Organization: Theatrical producing organization and owner of theaters in Manhattan and New York City

 Risk to Small Business: 1.777 = Severe: Hackers gained access to several employee email accounts containing sensitive personal information. The data breach occurred last February, and it’s unclear why the company either took so long to identify the intrusion or to communicate the incident with stakeholders. Regardless, it underscores the importance of strong defenses, as the company is now responsible for providing credit monitoring services for 24 months. However, this pales in comparison to the incalculable reputational damages that can occur with the magnitude of this breach.
 Individual Risk: 2.285 = Severe: Although the company can’t confirm that the intruder accessed personal information, the affected accounts included customers’ names, credit card numbers, and credit card expiration dates.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While every company is responsible for putting up strong defenses again cybercriminals, bad actors are highly motivated and continually operate with an advantage. Therefore, it’s crucial for companies to differentiate themselves through their support services to help impacted individuals in the wake of a data disaster.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more:https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United Kingdom – Sunderland City Council Library
https://cyware.com/news/sunderland-city-council-library-database-suffered-cyber-attack-compromising-customer-data-9c191d58

Exploit: Unauthorized database access
Sunderland City Council Library: Local city library serving Sunderland

 Risk to Small Business: 2.111 = Severe: Hackers were able to compromise a library database which contained customer account information and was hosted by a third-party vendor. The City Council hired an external cybersecurity firm to investigate the incident and shore up their security posture moving forward. Security measures that are implemented in the wake of a breach are valuable but protecting IT infrastructure from the beginning is the most cost-effective plan for keeping your customer and employee data secure.
 Individual Risk: 2.4286 = Severe: The databases gave intruders access to personal information, including names, phone numbers, and dates of birth. While investigators found that only 45 accounts were accessed, they can’t determine which accounts were compromised. Therefore, all library account holders should be monitoring their accounts for identity theft or fraud.

Customers Impacted: 145,000
How it Could Affect Your Customers’ Business:  Enhancing security standards is an essential next step after a data breach, but organizations are most beholden to those who are impacted by the initial incident. To be vigilant and prepared at all times, every organization should partner with an MSP that can proactively monitor the Dark Web for customer and employee data.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United Kingdom – TalkTalk Group
https://www.bbc.com/news/business-48351900

Exploit: Cyber attack
TalkTalk Group: Telecommunications company providing internet and mobile network services throughout the United Kingdom

 Risk to Small Business: 2.222 = Severe:In 2015, TalkTalk experienced a catastrophic data breach that impacted 4% of their entire customer base. However, a communications failure left the personal information of thousands of victims exposed online since the breach.
 Individual Risk: 2.285 = Severe: Although the company is hedging against the incident by claiming that none of the exposed credentials could individually lead to direct financial loss, the exposed data includes names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers, and bank details. Making matters worse, news organizations were able to identify victims’ banking information with a simple Google search, indicating both the seriousness of the information and the accessibility of the data.

Customers Impacted: 4,545
How it Could Affect Your Customers’ Business: Especially in the E.U., where GDPR mandates make clear communication a veritable must-have for any organization, TalkTalk’s oversight is especially egregious. However, regardless of scope or locale, effective communication and proper incident navigation can go a long way toward regaining customer trust and rebuilding brand reputation.

ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.Germany – TeamViewer
https://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/

Exploit: Malware
TeamViewer: Developer of proprietary software for remote desktop control, desktop sharing, online meetings, web conferencing, and file transfers

 Risk to Small Business:  2.222 = Severe: TeamViewer has acknowledged a malware attack that gave hackers access to the company’s servers, which included their software’s source code. According to an official release by the company, the threat was detected before hackers could steal any data or code. However, this incident took place in 2016, which makes their timing problematic. Consequently, the company will face heightened media scrutiny and reputational damage that could exceed the scope of the actual breach.
 Individual Risk: 3 = Moderate: The company contends that personal information was not compromised during the breach, but users should be mindful of the company’s security posture, especially given the potentially sensitive information conveyed through their services.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Regardless of actual outcomes resulting from the data breach, this episode makes it clear that TeamViewer does not prioritize clear and timely communication when it comes to their cybersecurity initiatives. While data security needs to be a top priority for every organization, communication and customer support are a close second, along with being the most controllable part of any cyber defense plan.

ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.Australia – Canva
https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/

Exploit: Database server compromise
Canva: Graphic design website providing amateur and professional web/media design tools

 Risk to Small Business: 1.555 = Severe: A now-prolific hacking group accessed Canva’s network, compromising information for millions of users. According to the hacker’s message after the breach, the theft includes extensive records up until May 17th. The company’s quick response and high cybersecurity standards will help mitigate the damage of the breach, but they are now responsible for understanding what happens to their users’ data when it’s published on the Dark Web.
 Individual Risk: 2.149 = Severe: The scope of this breach is incredible, but it will impact users differently. Compromised information could include usernames, real names, email addresses, and location information. Fortunately, the passwords for 61 million users were hashed, making them more difficult to decrypt. The company encourages users to change their account passwords and to update passwords from other accounts that may be using redundant credential.

Customers Impacted: 139 million
How it Could Affect Your Customers’ Business: Even companies with the best cybersecurity standards can still fall victim to a devastating data breach. Partner with an MSP that can determine where information ultimately ends up (hint: the Dark Web!) so that your customers, employees, and profit margins are always protected from cybersecurity threats.

ID Agent to the Rescue:  Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web/.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

Mobile Banking Malware Increases by 58% 

According to a recent report by Kaspersky Lab, mobile banking malware is on the rise. The first quarter saw instances of mobile banking malware more than triple, and there was a 58% increase in modifications to banking trojans. 

A single piece of malware, dubbed Asacub malware, accounts for more than half of the banking trojans detected during this time, attacking approximately 8,200 users a day. 

In the first three months of the year, cybersecurity researchers identified 29,841 different modifications of banking trojans, underscoring the complex tasks that companies have when defending their digital infrastructure. 

As more and more financial services are conducted online, it’s a troubling sign to see an uptick in the scope and complexity of mobile-focused malware attempts. It’s also a reminder that companies can’t win this battle alone. They need to partner with skilled MSPs to help them identify and eliminate the latest threats to their businesses.

https://www.infosecurity-magazine.com/news/mobile-banking-malware-rose-58-in-1/

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.