The Week in Breach: 09/09/20-09/15/20 | CloudSmart IT

The Week in Breach: 09/09/20-09/15/20

This week Staples leaves a door open for cybercriminals, Razer misclicks a database failing to secure user information, and ransomware and skimming are causing trouble worldwide.

Dark Web ID’s Top Threats


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Service Provider
  • Top Employee Count: 11- 50

The Week in Breach – United States 


United States –  American Payroll Association

https://www.infosecurity-magazine.com/news/skimming-attack-hits-american/?&web_view=true

Exploit: Skimming

American Payroll Association: Professional Organization  

cybersecurity news represented by a gauge showing severe risk & Breach News This Week

Risk to Business: 2.087 = Severe

The American Payroll Association just notified its members that it has suffered a breach. Threat actors installed skimming malware on both the login web page of the APA website and the checkout section of the association’s online store by exploiting a vulnerability in the APA’s content management system. It was discovered around July 13, but before it could be removed unauthorized individuals gained access to information including first and last names, email address, job title/role, primary job function, company structure, gender; date of birth, address (either business or personal), including country, province or state, city, and postal code, company name and size, industry details, and the types of payroll and attendance software used at the member’s company.

cybersecurity news represented by a gauge showing severe risk & Breach News This Week

Individual Risk: 2.404 = Severe

Information like job title, company structure, personal contact details, and more from this breach can be used to construct spear phishing attacks. Victims of the data breach have been offered 12 months of free credit monitoring and $1,000,000 in identity theft insurance by APA.

Customers Impacted: 21,000

How it Could Affect Your Business: Malware is commonly delivered via a phishing email, but can also directly infect systems, stealing credit card data and PII that impacts large swathes of customers. Cutting off access from infection points is a vital defense.


United States – Staples

https://www.bleepingcomputer.com/news/security/staples-discloses-data-breach-exposing-customer-info/?&web_view=true

Exploit: Unauthorized Access

Staples: Office Supply Retailer 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.702 = Moderate

Staples has notified some customers of a cybersecurity incident that occurred earlier this month around 9/02 and consisted of unauthorized access to a system. Little information is available, but the event. The letter notes that “a limited amount” of order data for customers of Staples.com was obtained, and may contain names, addresses, email addresses, phone numbers, last four credit card digits, details about the order (delivery, cost, product), and other non-sensitive information.

Individual Risk: No information about whether the customers impacted were corporate accounts or consumer retail purchasers is available.

Customers Impacted: Unknown

How it Could Affect Your Business Unauthorized access to data can be a deliberate inside attack or an employee accident, but it’s always a problem that opens you up to a cascade of potential headaches.


United States – SeaChange International

https://www.bleepingcomputer.com/news/security/leading-us-video-delivery-provider-confirms-ransomware-attack/?&web_view=true

Exploit: Ransomware

SeaChange International: Video on Demand Provider 

cybersecurity news represented by a gauge showing severe risk  Breach News This Week

Risk to Business: 2.133 = Severe

Video on demand provider SeaChange is the latest victim of REvil ransomware. The gang posted a claim for an attack earlier this year that included a US Department of Defense video on demand proposal. The attack is believed to have occurred in April 2020, and included sensitive business information about contracts, proposals, and other proprietary data.

Individual Risk: No individual or consumer data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Corporate secrets are a huge market, and attacks like this are on the rise with the growth of “as a service” cybercrime. Extra protection must be provided for proprietary data, especially when a company handles sensitive information.


United States – Magento 

https://www.bleepingcomputer.com/news/security/magento-stores-hit-by-largest-automated-hacking-attack-since-2015/?&web_view=true

Exploit: Skimming (MageCart) 

Magento: eCommerce Platform 

cybersecurity news represented by a gauge showing severe risk  &  Breach News This Week

 

Risk to Business: 1.775 = Severe

Adobe’s Magento platform experienced a nasty skimming attack last weekend that compromised almost 2,000 online stores this with MageCart malware to steal credit cards. The attack started Friday when ten stores were infected with a credit card skimming script, then ramped up on Saturday with 1,058 sites hacked, 603 more on Sunday, and an additional 233 on Monday to finish out a long weekend of cybercrime. The hacked shops were using Magento version 1, which ended support in June.

cybersecurity news represented by a gauge showing severe risk  &  Breach News This Week

 

Individual Risk: 1.872 = Severe

No details have been provided about which stores were impacted. Anyone who made a purchase over the weekend from a store powered by Adobe Magento should be alert for credit card fraud

Customers Impacted: Unknown

How it Could Affect Your Business: When you’re running a hosting platform, especially one that empowers financial transactions, clients expect you to have cybersecurity under control, and will be less likely to do business with a company that fails at that basic requirement.


USA – Equinix 

https://securityboulevard.com/2020/09/netwalker-ransomware-operators-want-4-5-million-from-data-center-giant-equinix/   

Exploit: Ransomware

Equinix: Data Center Operator

cybersecurity news represented by a gauge showing severe risk  & Breach News This Week

 

Risk to Business: 2.816 = Severe

Netwalker ransomware made itself at home at data center giant Equinix, and the cybercriminals gang responsible is asking for $4.5 million to move out. The  attack occurred over the US Labor Day holiday weekend, and appears to impact Equinix’s Australian clients most heavily. An accompanying screenshot showing a sample of the encrypted/stolen data includes folders of financial information, payroll, accounting, audits, and data center reports.

Individual Risk: No individual information was reported as compromised, but that could be a future consequence as events unfold.

Customers Impacted: Unknown

How it Could Affect Your Business: Once again, a professional services provider fails to protect customer information by failing to resist a phishing attack – and this time they’re in the information business. That could put future clients off.


United States – Razer

https://www.infosecurity-magazine.com/news/razer-gaffe-exposes-customer-data/?&web_view=true

Exploit: Unsecured Database

Razer: Gaming Hardware and eServices Company 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.307 = Severe

An unsecured Elasticsearch cluster is the culprit in a sloppy data leak at gaming equipment leader Razer. More than 100K customers had data including their full name, email, phone number, customer internal ID, order number, order details, and billing and shipping address exposed in the incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.347 = Severe

While no financial information was exposed, the data that was leaked could be used in spear phishing attacks.

Customers Impacted: 100,000

How it Could Affect Your Business: An unlocked database like this is a treasure trove for cybercriminals – and a rookie mistake by a tech company. It’s a ding on Razer’s reputation.


United States – Digital Point

https://www.zdnet.com/article/webmaster-forum-database-exposed-data-of-800000-users/#ftag=RSSbaffb68?&web_view=true

Exploit: Unsecured Database

Digital Point: Webmaster Community Platform 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.303 = Severe

in July 2020, an internet researcher found an unsecured Elasticsearch database containing over 62 million records. In total, data belonging to 863,412 Digital Point users was included in the leak. Names, email addresses, and internal user ID numbers for forum users were made publicly available. The leak also exposed details for thousands of internal records and reported user posts.

cybersecurity news represented by agauge showing severe risk

 

Individual Risk: 2.787 = Severe

While no financial information was exposed, but the data that was exposed, especially the post data, could be used in spear phishing attacks.

Customers Impacted: 863,412

How it Could Affect Your Business: An unsecured database points to sloppy data handling practices at a company, making customers or users less likely to want to trust that company with their personal information in the future.


The Week in Breach – Canada


Canada – Manitoulin Transport 

https://www.freightwaves.com/news/canada-trucking-company-manitoulin-hit-by-ransomware-attack

Exploit: Ransomware

Manitoulin Transport: Freight Transport and Logistics Provider 

cybersecurity news represented by agauge showing severe risk & New Breach News Week in Breach New This Week in Cybersecurity News Breach News This Week

 

Risk to Business: 2.314 = Severe

Another Canadian freight company has fallen victim to ransomware. In the latest incident, the Ontario-based carrier became aware of the attack on July 31, when some of its personnel reported systems access issues. The group claiming responsibility is Contee and they’ve also claimed responsibility for several other hacks against Canadian trucking companies – Manitoulin Transport is the sixth Canadian supply chain company to see its data posted by ransomware groups in less than a month.

Individual Risk: No consumer data has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware typically comes calling as part of a phishing attack. Improving your defense against today’s biggest risk is essential. Businesses need to add strong protection from phishing attacks and improve phishing resistance training.


The Week in Breach – United Kingdom & European Union


United Kingdom – Virtual Mail Room

https://www.infosecurity-magazine.com/news/northumbria-uni-campus-closed/?&web_view=true  

Exploit: Unsecured Database

Virtual Mail Room: Communications Firm

cybersecurity news represented by agauge showing severe risk & New Breach News Week in Breach New This Week in Cybersecurity News Breach News This Week

 

Risk to Business: 1.661 = Severe

More than 50,000 letters and financial statements sent by Councils and banks to people in the UK, US, EU, and Canada were left exposed in an unsecured database in a blunder by London-based Virtual Mail Room. A database of letters sent by local authorities reveals the names and addresses of 2,300 people living in Croydon. Councils in Eastbourne, Reigate, North Tyneside, Ashford, North East Derbyshire and West Lindsey. Also exposed were letters to 6,500 customers of Aldermore Bank, 250 Metro Bank customers, and royalty statements for the publishing firm Pearson. The names, email addresses, and telephone numbers of staff with access to Virtual Mail Room’s systems were also visible.

cybersecurity news represented by agauge showing severe risk & New Breach News Week in Breach New This Week in Cybersecurity News Breach News This Week

 

Individual Risk: 1.721 = Severe

The data exposed included personal financial information and sensitive data. This kind of information can be used for cybercrime including impersonation scams, identity theft, and spear phishing.

Customers Impacted: 20,000+

How it Could Affect Your Business: This egregious mistake highlights the risk of third-party exposure that many businesses face from service providers or work that’s farmed out. Not only can your data be stolen through carelessness with cybersecurity practices, but your customers’ can also be stolen too, reflecting poorly on you.


The Week in Breach – Australia & New Zealand


Australia – K7 Maths

https://portswigger.net/daily-swig/service-nsw-confirms-186-000-customers-data-breached-in-cyber-attack

Exploit: Unsecured Database

K7 Maths: Education Services Provider 

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.077 = Severe

The Australian Computer Emergency Response Team (AusCERT) determined that The Department of Education, Skills, and Employment (DoE), was not to blame in a breach incident after researchers downloaded the personal details of more than one million students, teachers, and staff from a Dark Web site. Instead, the breach was traced to education services provider K7 Maths and an unsecured Elasticsearch cluster, likely as part of a March 2020 incident. The leaked data contained details such as first names, emails, password strings, and K7Maths site settings.

cybersecurity news represented by a gauge indicating moderate risk

 

Individual Risk: 2.837 = Moderate

The leaked information could be used to launch spear phishing attacks and credential stuffing attempts. Users of the system should use caution in handling suspicious messages.

Customers Impacted: 1,000,000

How it Could Affect Your Business: Failing to keep information secure as a service provider could mean that your business loses contracts and opportunities. It can also damage your business reputation as a reliable partner because it creates an impression of carelessness.


The Week in Breach – South America


Chile – BancoEstado 

https://www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack/?&web_view=true

Exploit: Ransomware

BancoEstado: Financial Institution 

 
cybersecurity news gauge indicating extreme risk

 

Risk to Business: 1.421 = Extreme

Ransomware was able to shut down all branches of Chilean bank BancoEstado, one of the largest banks in the country, after an audacious ransomware attack rocked it. The incident was caused by REvil ransomware, and impacted the bank for several days, putting a stop to all of its business. The ransomware caused extensive damage and encrypted the vast majority of internal servers and employee workstations.

Individual Risk: No individual data has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware has a devastating impact on any organization, causing service disruptions and lost business plus an expensive recovery even if no information is stolen or it can be retrieved from backups.


The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


The Week in Breach: Featured Threat


Remote Workers Change A Company’s Risk Calculus


The rapid transition to a fully remote workforce was an unexpected twist to the story of cybersecurity in 2020, but most companies were able to successfully make the shift, even during a disaster. Unfortunately, many companies also found out that their cybersecurity plans, solutions stack, and user training didn’t always keep up, leaving remote workforce vulnerabilities.

Tessian’s Psychology of Human Error Report surveyed 1,000 workers in the UK and 1,000 workers in the US at the height of the coronavirus outbreak in April 2020, to reveal how the effects of the increased stress, distraction, and workplace disruption led to cybersecurity danger.

Key Statistics

  • 52% of respondents said they were more error-prone due to stress
  • 41% said they made more mistakes when they felt tired
  • 42% said their mistakes were often caused by distraction
  • 43% of employees reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company
  • 57% of workers noted that they were more distracted when working from home
  • 1 in 4 said they’d fallen for a phishing attack
  • 47% of respondents cited distraction as the reason why they fell for a phishing attack
  • 44% cited fatigue as a top reason for sending an email to the wrong person

The big takeaway: New circumstances, like suddenly supporting a remote workforce, bring new cybersecurity challenges that IT teams need to be able to respond to quickly to proactively mitigate potential risks.


The Week in Breach: Need to Know


Hackers for Hire are Here to Steal Corporate Secrets 

As the rise of “as a service” cybercrime continues, some hackers aren’t just involved in ransomware and PII theft. They’re focused on specialized spying, like stealing trade secrets – and keeping them out of your business is easier than you think.  

Corporate espionage is a growing industry in a world where information can be currency. From state-backed actors trying to filch technology to data thieves who want the results of COVID-19 testing, thriving cottage industries have grown up around specialized corporate cybercrime.

These bad actors aren’t just focusing on global corporations or well-known institutions anymore – companies of every size are at risk of attack. But you can quickly and efficiently add safeguards to your systems and data to reduce your risk of corporate espionage.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.