This week Staples leaves a door open for cybercriminals, Razer misclicks a database failing to secure user information, and ransomware and skimming are causing trouble worldwide.
Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Service Provider
- Top Employee Count: 11- 50
The Week in Breach – United States
United States – American Payroll Association
https://www.infosecurity-magazine.com/news/skimming-attack-hits-american/?&web_view=true
Exploit: Skimming
American Payroll Association: Professional Organization
Risk to Business: 2.087 = Severe
The American Payroll Association just notified its members that it has suffered a breach. Threat actors installed skimming malware on both the login web page of the APA website and the checkout section of the association’s online store by exploiting a vulnerability in the APA’s content management system. It was discovered around July 13, but before it could be removed unauthorized individuals gained access to information including first and last names, email address, job title/role, primary job function, company structure, gender; date of birth, address (either business or personal), including country, province or state, city, and postal code, company name and size, industry details, and the types of payroll and attendance software used at the member’s company.
Individual Risk: 2.404 = Severe
Information like job title, company structure, personal contact details, and more from this breach can be used to construct spear phishing attacks. Victims of the data breach have been offered 12 months of free credit monitoring and $1,000,000 in identity theft insurance by APA.
Customers Impacted: 21,000
How it Could Affect Your Business: Malware is commonly delivered via a phishing email, but can also directly infect systems, stealing credit card data and PII that impacts large swathes of customers. Cutting off access from infection points is a vital defense.
United States – Staples
Exploit: Unauthorized Access
Staples: Office Supply Retailer
Risk to Business: 2.702 = Moderate
Staples has notified some customers of a cybersecurity incident that occurred earlier this month around 9/02 and consisted of unauthorized access to a system. Little information is available, but the event. The letter notes that “a limited amount” of order data for customers of Staples.com was obtained, and may contain names, addresses, email addresses, phone numbers, last four credit card digits, details about the order (delivery, cost, product), and other non-sensitive information.
Individual Risk: No information about whether the customers impacted were corporate accounts or consumer retail purchasers is available.
Customers Impacted: Unknown
How it Could Affect Your Business Unauthorized access to data can be a deliberate inside attack or an employee accident, but it’s always a problem that opens you up to a cascade of potential headaches.
United States – SeaChange International
Exploit: Ransomware
SeaChange International: Video on Demand Provider
Risk to Business: 2.133 = Severe
Video on demand provider SeaChange is the latest victim of REvil ransomware. The gang posted a claim for an attack earlier this year that included a US Department of Defense video on demand proposal. The attack is believed to have occurred in April 2020, and included sensitive business information about contracts, proposals, and other proprietary data.
Individual Risk: No individual or consumer data was reported as exposed in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Corporate secrets are a huge market, and attacks like this are on the rise with the growth of “as a service” cybercrime. Extra protection must be provided for proprietary data, especially when a company handles sensitive information.
United States – Magento
Exploit: Skimming (MageCart)
Magento: eCommerce Platform
Risk to Business: 1.775 = Severe
Adobe’s Magento platform experienced a nasty skimming attack last weekend that compromised almost 2,000 online stores this with MageCart malware to steal credit cards. The attack started Friday when ten stores were infected with a credit card skimming script, then ramped up on Saturday with 1,058 sites hacked, 603 more on Sunday, and an additional 233 on Monday to finish out a long weekend of cybercrime. The hacked shops were using Magento version 1, which ended support in June.
Individual Risk: 1.872 = Severe
No details have been provided about which stores were impacted. Anyone who made a purchase over the weekend from a store powered by Adobe Magento should be alert for credit card fraud
Customers Impacted: Unknown
How it Could Affect Your Business: When you’re running a hosting platform, especially one that empowers financial transactions, clients expect you to have cybersecurity under control, and will be less likely to do business with a company that fails at that basic requirement.
USA – Equinix
Exploit: Ransomware
Equinix: Data Center Operator
Risk to Business: 2.816 = Severe
Netwalker ransomware made itself at home at data center giant Equinix, and the cybercriminals gang responsible is asking for $4.5 million to move out. The attack occurred over the US Labor Day holiday weekend, and appears to impact Equinix’s Australian clients most heavily. An accompanying screenshot showing a sample of the encrypted/stolen data includes folders of financial information, payroll, accounting, audits, and data center reports.
Individual Risk: No individual information was reported as compromised, but that could be a future consequence as events unfold.
Customers Impacted: Unknown
How it Could Affect Your Business: Once again, a professional services provider fails to protect customer information by failing to resist a phishing attack – and this time they’re in the information business. That could put future clients off.
United States – Razer
https://www.infosecurity-magazine.com/news/razer-gaffe-exposes-customer-data/?&web_view=true
Exploit: Unsecured Database
Razer: Gaming Hardware and eServices Company
Risk to Business: 2.307 = Severe
An unsecured Elasticsearch cluster is the culprit in a sloppy data leak at gaming equipment leader Razer. More than 100K customers had data including their full name, email, phone number, customer internal ID, order number, order details, and billing and shipping address exposed in the incident.
Individual Risk: 2.347 = Severe
While no financial information was exposed, the data that was leaked could be used in spear phishing attacks.
Customers Impacted: 100,000
How it Could Affect Your Business: An unlocked database like this is a treasure trove for cybercriminals – and a rookie mistake by a tech company. It’s a ding on Razer’s reputation.
United States – Digital Point
Exploit: Unsecured Database
Digital Point: Webmaster Community Platform
Risk to Business: 2.303 = Severe
in July 2020, an internet researcher found an unsecured Elasticsearch database containing over 62 million records. In total, data belonging to 863,412 Digital Point users was included in the leak. Names, email addresses, and internal user ID numbers for forum users were made publicly available. The leak also exposed details for thousands of internal records and reported user posts.
Individual Risk: 2.787 = Severe
While no financial information was exposed, but the data that was exposed, especially the post data, could be used in spear phishing attacks.
Customers Impacted: 863,412
How it Could Affect Your Business: An unsecured database points to sloppy data handling practices at a company, making customers or users less likely to want to trust that company with their personal information in the future.
The Week in Breach – Canada
Canada – Manitoulin Transport
https://www.freightwaves.com/news/canada-trucking-company-manitoulin-hit-by-ransomware-attack
Exploit: Ransomware
Manitoulin Transport: Freight Transport and Logistics Provider
Risk to Business: 2.314 = Severe
Another Canadian freight company has fallen victim to ransomware. In the latest incident, the Ontario-based carrier became aware of the attack on July 31, when some of its personnel reported systems access issues. The group claiming responsibility is Contee and they’ve also claimed responsibility for several other hacks against Canadian trucking companies – Manitoulin Transport is the sixth Canadian supply chain company to see its data posted by ransomware groups in less than a month.
Individual Risk: No consumer data has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware typically comes calling as part of a phishing attack. Improving your defense against today’s biggest risk is essential. Businesses need to add strong protection from phishing attacks and improve phishing resistance training.
The Week in Breach – United Kingdom & European Union
United Kingdom – Virtual Mail Room
https://www.infosecurity-magazine.com/news/northumbria-uni-campus-closed/?&web_view=true
Exploit: Unsecured Database
Virtual Mail Room: Communications Firm
Risk to Business: 1.661 = Severe
More than 50,000 letters and financial statements sent by Councils and banks to people in the UK, US, EU, and Canada were left exposed in an unsecured database in a blunder by London-based Virtual Mail Room. A database of letters sent by local authorities reveals the names and addresses of 2,300 people living in Croydon. Councils in Eastbourne, Reigate, North Tyneside, Ashford, North East Derbyshire and West Lindsey. Also exposed were letters to 6,500 customers of Aldermore Bank, 250 Metro Bank customers, and royalty statements for the publishing firm Pearson. The names, email addresses, and telephone numbers of staff with access to Virtual Mail Room’s systems were also visible.
Individual Risk: 1.721 = Severe
The data exposed included personal financial information and sensitive data. This kind of information can be used for cybercrime including impersonation scams, identity theft, and spear phishing.
Customers Impacted: 20,000+
How it Could Affect Your Business: This egregious mistake highlights the risk of third-party exposure that many businesses face from service providers or work that’s farmed out. Not only can your data be stolen through carelessness with cybersecurity practices, but your customers’ can also be stolen too, reflecting poorly on you.
The Week in Breach – Australia & New Zealand
Australia – K7 Maths
Exploit: Unsecured Database
K7 Maths: Education Services Provider
Risk to Business: 2.077 = Severe
The Australian Computer Emergency Response Team (AusCERT) determined that The Department of Education, Skills, and Employment (DoE), was not to blame in a breach incident after researchers downloaded the personal details of more than one million students, teachers, and staff from a Dark Web site. Instead, the breach was traced to education services provider K7 Maths and an unsecured Elasticsearch cluster, likely as part of a March 2020 incident. The leaked data contained details such as first names, emails, password strings, and K7Maths site settings.
Individual Risk: 2.837 = Moderate
The leaked information could be used to launch spear phishing attacks and credential stuffing attempts. Users of the system should use caution in handling suspicious messages.
Customers Impacted: 1,000,000
How it Could Affect Your Business: Failing to keep information secure as a service provider could mean that your business loses contracts and opportunities. It can also damage your business reputation as a reliable partner because it creates an impression of carelessness.
The Week in Breach – South America
Chile – BancoEstado
Exploit: Ransomware
BancoEstado: Financial Institution
Risk to Business: 1.421 = Extreme
Ransomware was able to shut down all branches of Chilean bank BancoEstado, one of the largest banks in the country, after an audacious ransomware attack rocked it. The incident was caused by REvil ransomware, and impacted the bank for several days, putting a stop to all of its business. The ransomware caused extensive damage and encrypted the vast majority of internal servers and employee workstations.
Individual Risk: No individual data has been reported as compromised in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware has a devastating impact on any organization, causing service disruptions and lost business plus an expensive recovery even if no information is stolen or it can be retrieved from backups.
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach: Featured Threat
Remote Workers Change A Company’s Risk Calculus
The rapid transition to a fully remote workforce was an unexpected twist to the story of cybersecurity in 2020, but most companies were able to successfully make the shift, even during a disaster. Unfortunately, many companies also found out that their cybersecurity plans, solutions stack, and user training didn’t always keep up, leaving remote workforce vulnerabilities.
Tessian’s Psychology of Human Error Report surveyed 1,000 workers in the UK and 1,000 workers in the US at the height of the coronavirus outbreak in April 2020, to reveal how the effects of the increased stress, distraction, and workplace disruption led to cybersecurity danger.
Key Statistics
- 52% of respondents said they were more error-prone due to stress
- 41% said they made more mistakes when they felt tired
- 42% said their mistakes were often caused by distraction
- 43% of employees reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company
- 57% of workers noted that they were more distracted when working from home
- 1 in 4 said they’d fallen for a phishing attack
- 47% of respondents cited distraction as the reason why they fell for a phishing attack
- 44% cited fatigue as a top reason for sending an email to the wrong person
The big takeaway: New circumstances, like suddenly supporting a remote workforce, bring new cybersecurity challenges that IT teams need to be able to respond to quickly to proactively mitigate potential risks.
The Week in Breach: Need to Know
Hackers for Hire are Here to Steal Corporate Secrets
As the rise of “as a service” cybercrime continues, some hackers aren’t just involved in ransomware and PII theft. They’re focused on specialized spying, like stealing trade secrets – and keeping them out of your business is easier than you think.
Corporate espionage is a growing industry in a world where information can be currency. From state-backed actors trying to filch technology to data thieves who want the results of COVID-19 testing, thriving cottage industries have grown up around specialized corporate cybercrime.
These bad actors aren’t just focusing on global corporations or well-known institutions anymore – companies of every size are at risk of attack. But you can quickly and efficiently add safeguards to your systems and data to reduce your risk of corporate espionage.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!