The Week in Breach: 10/23/19 – 10/29/19 | CloudSmart IT

The Week in Breach: 10/23/19 – 10/29/19

This week, ransomware stops a business from shipping products, spear phishing campaign costs a local government thousands, and executives continue to ignore spooky cybersecurity risks.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: 
Domain
Top Industry: 
Education & Research
Top Employee Count: 
11 – 50 Employees 


United States – Billtrust 

https://krebsonsecurity.com/2019/10/ransomware-hits-b2b-payments-firm-billtrust/

Exploit: Ransomware attack
Billtrust: B2B billing service provider

twib-severeRisk to Small Business: 2.333 = Severe: A ransomware attack crippled Billtrust’s customer-facing systems, forcing them to bring all infrastructure offline to stop the malware’s spread. The company discovered the attack on October 17th, and it’s taken nearly a week just to begin recovery efforts. Fortunately, Billtrust maintained backups that were unaffected by the attack, which made it possible to avoid paying the ransom demand. Nevertheless, the lost revenue, reputational damage, and recovery expenses will definitely chip away at the company’s bottom line.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Whether in the form of ransomware payments to regain access to their networks or interrupted processes due to downed servers, the costs associated with ransomware can quickly escalate. With such attack vectors on the rise, businesses must take responsibility and protect their valuable IT infrastructure.


United States – Kalispell Regional Healthcare

https://www.krh.org/news/kalispell-regional-healthcare-provides-notification-of-data-security-event/

Exploit: Phishing attack
Kalispell Regional Healthcare: Family healthcare provider

twib-severeRisk to Small Business: 1.555 = Severe: Several employees fell for a phishing campaign that compromised their login credentials and patients’ personally identifiable information. Hackers accessed the data between May 24, 2019 and August 28, 2019. As a result, the company will bear the cost of identity and credit monitoring services for all victims, and they will face intense regulatory scrutiny. Brand reputation is also jeopardized, as the hospital was formerly recognized as a highly-ranked healthcare provider for their cybersecurity practices.
twib-severe Individual Risk: 2 = Severe: Personally identifiable information that may have been compromised includes their names, Social Security numbers, addresses, medical record numbers, dates of birth, phone numbers, email addresses, and medical history. The healthcare provider is offering victims a year of free credit and identity monitoring services, and those impacted by the breach should enroll in these programs. Cybercriminals can use the data to facilitate additional attacks, so they should carefully scrutinize unusual or unexpected messages or account activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Before the breach, Kalispell Regional Healthcare was acknowledged for its distinguished data security readiness standards. Unfortunately, the lack of employee awareness training led to a phishing scam that made the entire network vulnerable. In today’s digital landscape, comprehensive phishing scam awareness training should be a routine requirement for any employee with an email address. 


United States – Ocala City

https://www.ocala.com/news/20191024/ocala-gets-scammed-in-spear-phishing-attack

Exploit: Spear phishing attack
Ocala City: Local municipality

twib-severeRisk to Small Business: 1.666 = Severe: A spear phishing attack convinced an Ocala City employee to transfer $640,000 to a fraudulent bank account. The account still had $110,000 left when the city identified the scam, but cybercriminals still walked away with over $500,000. To trick the employee, cybercriminals sent an email purportedly from one of the city’s construction contractors and requested payment to a bank account that did not belong to the contractor. While the email and bank account were fraudulent, the invoice was legitimate, which made this incident especially difficult to detect.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Spear phishing attacks are highly targeted and can be difficult for employees to identify. However, as more data becomes available to bad actors, businesses need to plan for this reality, training employees to spot small differences that often reveal a threat. The Ocala City tells a cautionary tale that failing to adjust to today’s threats can be an expensive mistake. 


Czech Republic – Avast

https://www.zdnet.com/article/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile/

Exploit: Credential stuffing attack
Avast: Antivirus software provider

twib-severe Risk to Small Business: 2.111 = Severe Hackers used an employee’s compromised VPN credentials to gain access to his network account. Although the employee did not have domain admin privileges, hackers were able to escalate their network access. The company believes that the bad actors intended to inject malware into the antivirus software. Fortunately, the company identified the threat and monitored its progress through the system while they issued a new update for their customers. Avast dodged a bullet, but it’s still possible that this attack will have a significant impact on the company’s reputation, especially given their stature as a cybersecurity business.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: There are several ways that this attack could have been prevented. First, the company could have identified compromised credentials before they were used against them in a credential stuffing attack. In addition, the employee failed to enact two-factor authentication, which would have prevented hackers from accessing the account without permission. In total, the lesson is simple: proactivity is not expensive when compared to the costs of a cybersecurity incident. 


United Kingdom – Home Group 

https://www.bbc.com/news/uk-england-50132533

Exploit: Unauthorized database access
Home Group: Housing association

twib-severeRisk to Small Business: 2 = Severe: Hackers gained access to a limited subset of customer data that includes personally identifiable information. The breach was detected by a third-party cybersecurity expert, and the company was able to repair the issue in 90 minutes. Unfortunately, the rapid response time wasn’t enough to protect the information for thousands of their customers who now have to grapple with the long-term effects of a data breach. At the same time, Home Group will likely face intense regulatory scrutiny under GDPR’s data protection guidelines.
extreme gauge Individual Risk: 2.28 = Severe: The data breach compromised customer names, addresses, and contact information, but financial data was not accessible to hackers. This information can quickly spread on the Dark Web, and those impacted by the breach should enroll in identity monitoring services that can help detect data misuse.

Customers Impacted: 4,000
How it Could Affect Your Customers’ Business: The cost of a data breach continues to increase, and legal penalties are one of the most significant drivers of these expenses. Since the regulatory landscape is quickly moving towards more stringent requirements along with more costly consequences, every company should ensure that their cybersecurity posture is ready to address today’s threats and tomorrow’s vulnerabilities. 


Germany – Pilz 

https://www.infosecurity-magazine.com/news/german-giant-pilz-down-after/

Exploit: Ransomware attack
Pilz: Producer of automation tools

twib-severeRisk to Small Business: 2 = Severe: A ransomware attack disrupted services, restricted employee productivity, and disrupted business deliverables for Pilz. The attack, which began on October 13th, forced the company to bring all of its PC workstations offline and reduce their external-facing website’s functionality. More than a week after the attack, the company had only partially restored its shipment and communication infrastructure, meaning the total cost of the attack is likely to be extensive.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Although ransomware attacks may seem random or inevitable, they are entirely preventable when businesses take the right steps to stay protected. This includes ensuring that employees’ network credentials aren’t compromised and building defenses against phishing scams that can inject malware into your system. When it comes to mitigating the costs of a ransomware attack, the only good option is to prevent them in the first place. 


Australia – Get

https://www.9news.com.au/technology/get-ticketing-data-privacy/f7343ce6-a8ab-4b19-9604-8503b313b204

Exploit: Exposed database
Get: Online ticketing platform

twib-severe Risk to Small Business: 2.444 = Severe: An error in the platform’s search option allowed all users to access the personal details for thousands of the platform’s customers. Although the company acted quickly to fix this oversight, the error was entirely preventable. This isn’t the company’s first data security incident. This could negatively impact the company’s competitive ability going forward, as consumers are increasingly unwilling to do business with a company that can’t secure their information.
twib-severe Individual Risk: 2.428 = Severe: The exposed data includes names, phone numbers, and email addresses, but financial data was not exposed because Get does not store this information. The compromised details can easily be used in spear phishing campaigns to trick unsuspecting users into providing even more intimate details. Therefore, those impacted by the breach should be especially critical of unusual communications or account activities.

Customers Impacted: 50,000
How it Could Affect Your Customers’ Business: Today’s consumers are becoming vigilant of data breaches, making a preventable exposure especially problematic. Any company looking to compete in today’s digital environment has to be prepared to display a competent data security stance, which means adopting best practices to ensure that customer information is protected. 


New Zealand – Competitive Pest Services 

https://brica.de/alerts/alert/public/1283350/competitive-pest-services-data-breach-what-happened-and-how-we-plan-to-fix-it/

Exploit: Insider data theft
Competitive Pest Services: Pest control service

twib-severe Risk to Small Business: 2.222 = Severe: Before leaving the company, a former employee downloaded customer data and shared it with his new employer. The information was then used to solicit business from Competitive Pest Services’ customers. In response, the company has updated its data security software to restrict access to sensitive company data and notify IT admins when information is downloaded. Unfortunately, reactive responses cannot secure customer data, and it likely won’t help restore consumers’ confidence in their data management practices.
twib-severe Individual Risk: 2.142 = Severe: Personally identifiable information was limited to customer names, addresses, and phone numbers. However, this is more than enough information to perpetuate additional cyber attacks that could compromise even more sensitive data. Therefore, those impacted by the breach should carefully monitor their identity information, and they may want to consider enrolling in identity monitoring software to provide long-term oversight of their information.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Taking proactive measures to protect your customers’ data is the best way to protect against a breach. This requires that companies remain up-to-date on the most prescient threats and take steps to mitigate their exposure before a data loss event takes place. Too many companies choose to update their protocols after a breach, a step that won’t repair the damage that’s already been done.

 

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.