This week ransomware shuts down production of cars and beer and phishing lands a professional haul.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: Insurance
- Top Employee Count: 1 – 10
United States – ST Engineering
https://securityaffairs.co/wordpress/104351/cyber-crime/st-engineering-maze-ransomware.html
Exploit: ransomware
ST Engineering: aeronautics contractor
Risk to Small Business: 1.732 = Severe
The San Antonio, Texas branch of defense, aeronautics, and space contracting conglomerate ST Engineering was hit with a MAZE ransomware attack disrupting operations and putting data at risk for a second time. This division of the international flight equipment services giant was also hit with a MAZE ransomware attack in May 2020 to the same effect. In an industry that expects top-notch security standards to be maintained by any company that wants to be a player, this is problematic and dangerous.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware like MAZE is commonly delivered to vulnerable businesses through phishing attacks, including the use of fake websites and dodgy attachments to infect systems. Phishing has grown exponentially in 2020, and COVID-19 related attacks are on track to be the biggest phishing scam driver in history.
United States – Kentucky Employee Health Plan
https://www.govtech.com/security/Two-Data-Breaches-Hit-Kentucky-Employees-Health-Plan.html
Exploit: unauthorized database access
Kentucky Employee Health Plan: health insurance provider
Risk to Small Business: 1.462 = Severe
Two data breaches compromised plan members’ personal data and enabled bad actors to steal more than $100,000 in gift cards. Hackers used valid login information to access the system in the first breach and were able to compound the damage of that breach in a second breach. The second breach accessed member programs to redeem reward points for gift cards. The two breaches created scrutiny and drew calls for further investigation as to whether the “bad actors” were from outside the office or if insider threats were the root cause.
Individual Risk: 2.703 = Moderate
Hackers accessed users’ account portals containing their screening and health assessment data. Although this attack appears to be financially motivated, healthcare-related data often makes its way to the Dark Web, where it can be used to execute additional fraud attempts. Those impacted by the breach should immediately update their account passwords while monitoring their accounts for suspicious activity.
Customers Impacted: 2,700
How it Could Affect Your Business: whatever the results of this investigation show, it raises the question of insider threats. Whether staffers are accidentally or deliberately giving information and passwords to bad actors, insider threats have to be a top concern for every business.
Canada – Chartered Professional Accountants of Canada
Exploit: phishing
Chartered Professional Accountants of Canada: professional membership organization
Risk to Small Business: 1.317 = Severe
The organization recently disclosed that personal information for its members had been compromised following a successful phishing attack in April. CPA Canada announced the results of its completed investigation, determining that the compromised information primarily affected subscribers of its CPA Canada magazine and an indeterminate number of website users. Impacted members were sent a phishing email asking them to change their user information on the organization’s online platform.
Individual Risk: 2.238 = Moderate
The security alert sent to all users of the CPA Canada website or magazine subscribers notes that members should be wary of spear phishing emails using industry-specific details from CPA Canada and change their login credentials on the website as a safety precaution.
Customers Impacted: 329,000
How it Could Affect Your Business: A data breach caused by a human error like phishing is a sign to an organization’s membership that it doesn’t take those members’ information security seriously, making it harder to retain members and sell professional resources.
Canada – Fitness Depot
Exploit: ransomware
Fitness Depot: fitness equipment retailer
Risk to Small Business: 1.871 = Severe
Fitness Depot’s online store was infected with card-skimming malware that stole customers’ personal and financial data at checkout. It took the retailer more than three months to identify the breach, giving cybercriminals ample time to capitalize on the surge of online sales since the COVID-19 pandemic began. The data breach, which began on February 18th, will likely cause online shoppers to think twice before buying from their platform, potentially disrupting a vital lifeline while many in-person shops remain closed.
Risk to Small Business: 1.764 = Severe
Payment card skimming malware captures all information entered at checking. This information can allow hackers to commit identity or financial fraud. Those impacted by the breach need to notify their financial institutions and to carefully monitor their accounts for misuse. In many cases, victims should enroll in credit or identity monitoring services to ensure their data’s long term integrity.
Customers Impacted: Unknown
How it Could Affect Your Business: For most consumers, cybersecurity is a critical component of their buying decisions when shopping online. Card skimming malware represents a growing threat to online stores, and companies counting on digital sales to drive revenue need to account for this risk and many others presented by online shopping. In 2020, it’s a bottom-line issue that retailers can’t afford to ignore.
United Kingdom – Inventory Hub
Exploit: accidental data sharing
Inventory Hub: property management inventory platform
Risk to Small Business: 2.209 = Severe
A recently unearthed flaw in the security of this property management platform made members’ names and addresses, internal and external property images, inventories of each property’s contents, and information about physical security including photos of alarms, cameras, and locks available for an indeterminate amount of time. According to the researcher who discovered the vulnerability, the opening allowed would-be burglars to access exact layouts of all the listed properties, plus inventories of the contents, and user records back to 2017.
Individual Risk: 2.607 = Moderate
User information including names, physical addresses, and lists of contents for properties listed on the platform since 2017 were compromised. Users should remain on guard for potential spear phishing attacks using these details.
Customers Impacted: 8,871
How it Could Affect Your Business: Data breaches that leak personal information can be dangerous and lead to other types of criminal activity. Users of a service like Data Hive expect that even their most basic personal information will be kept safe when they choose a partner company, and increasingly reject service providers that fail them.
South Africa – Life Health Care
https://www.iol.co.za/business-report/companies/life-healthcare-hit-by-cyber-attack-49149807
Exploit: unauthorized database access
Life Health Care: healthcare provider
Risk to Small Business: 2.605 = Extreme
The healthcare provider, which operates 49 hospitals and dozens of other healthcare facilities across South Africa and Botswana, was hit with an attack that compromised its data storage and intake systems. The attack affected its admissions systems, business processing systems, and email servers, although investigators have not yet determined how much patient data (if any) has been compromised. The healthcare provider said that patient service and care were not impacted, although patients could expect longer wait times for the resolution of administrative requests.
Risk to Small Business: 2.230 = Severe
Patients who have been treated at any of Life Health Care’s facilities should expect that their personal information and health information has been compromised and take appropriate measures to protect their identities.
Customers Impacted: Unknown
How it Could Affect Your Business: Healthcare facilities that fall victim to cyberattacks aren’t just facing the costs of a standard breach recovery – they’re also facing potentially hefty regulatory fines, as well as the negative impact on patient trust.
Australia – Lion Beer Australia
https://www.thedrinksbusiness.com/2020/06/australian-brewer-lion-suffers-major-cyber-attack/
Exploit: ransomware
Lion Beer Australia: brewing conglomerate
Risk to Small Business: 1.302 = Extreme
At Lion Brewing Australia, operations were disrupted by a ransomware attack as it began to reopen and restaff its 8 breweries in Australia and New Zealand. The attack came just as the company was able to resume operations after a period of closure caused by COVID-19 restrictions. The company has been forced to shut down its key systems entirely, reverting to manual systems to operate and process orders in this devastating incident that has still not been fully resolved.
Individual Risk: No employee or customer information was reported affected by this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: A successful ransomware attack can be catastrophic for a business at any time, and its typically powered by information obtained from the Dark Web. Ransomware is especially problematic right now, and a nasty surprise as businesses try to start recovering lost revenue in the wake of the COVID-19 pandemic.
Japan – Honda Motor Company Inc.
https://www.computerweekly.com/news/252484389/Honda-investigates-suspected-Snake-ransomware-attack
Exploit: ransomware
Honda Motor Company Inc.: automotive and equipment Manufacturer
Risk to Small Business: 1.308 = Extreme
Honda was recently walloped by a huge cyberattack that briefly shut down production at its factories worldwide. The attackers are suspected of using SNAKE/EKANS ransomware to infiltrate equipment and computer systems connected to operations and production in every Honda facility, leading to delayed post-pandemic reopenings at some factories. Honda is undertaking restoration operations at its factories, sales centers, and business units and has successfully restored most functionality.
Individual Risk: No individual data was reported as compromised in this breach, nor does Honda believe that individual data was affected.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a powerful foe, and even unsophisticated ransomware like SNAKE/EKAN can bring a mighty company like Honda to its knees fast. Without a comprehensive digital risk protection strategy in place, companies are at a higher risk of attack by bad actors looking to steal data or disrupt operations.
Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Threat Spotlight
Ransomware is Everywhere, and Every Company is At Risk
Ransomware is a growing menace to companies of every size and has surged to become even more popular as a means of attack. During the global pandemic, researchers reported that ransomware attacks have skyrocketed, increasing by more than 140% over 2019.
Ransomware has not only become more pervasive; it’s also become more expensive. The expected cost of a ransomware attack, (including recovery, remediation, and ransoms), is expected to increase to $20 billion in 2021. One U.S. oil and gas company lost a whopping $30 million to a single ransomware attack in 2019, and ransomware related downtime can also cost a fortune.
Healthcare is an especially popular and juicy target for bad actors, and cyberattacks against healthcare industry targets have increased fivefold in 2020. Ransomware has ravaged healthcare organizations providing essential COVID-19 care in the US, Canada, the UK, and other regions impacted by the pandemic.
The most common method of delivery for ransomware is through a phishing attack, and they’ve jumped over 600% since the start of the COVID-19 pandemic. Don’t wait until ransomware makes an impact on your bottom line – start training every staffer thoroughly to make them the strongest possible defense against the phishing attacks that aim to deliver ransomware.
Need to Know
Are You Staying Remote? Update Your IT Security Plan.
Although many companies were accustomed to supporting a remote workforce at least part of the time before the global pandemic, every company that’s still operating had to quickly transition to a fully remote workforce as the pandemic took hold of the world – and some of them discovered that they liked it.
Many companies used to only allow limited remote work, convinced that their staffers would be less productive at home without supervision. As remote work became a necessity during the COVID-19 restrictions imposed around the world, companies that braced for decreased productivity from their newly remote workforce were in for a surprise. Instead of diminishing production, remote work was boosting it, with one study reporting that remote workers on average worked 1.4 more days in a month than they did in the office.
This has led to a sea change in the thinking about remote work. Myriad companies in a broad range of industries have already adopted or are beginning to adopt permanent remote work as a norm for staff. The enticement of smaller facility costs and more flexibility combined with the added staff productivity and satisfaction is encouraging progressive companies to stay fully remote – but remote work brings its own cybersecurity risks.
If you’re considering never going back to the office or even just keeping your staff flexible with extended remote capability, you’ll need to reconsider your cybersecurity posture. Remote work may bring many benefits, but it also brings new cybersecurity challenges to the table. Choosing the right cybersecurity stack (including a digital risk protection platform) to support remote work today can save many headaches, and dollars, in the future.