The Week in Breach: 12/23/20-12/29/20

This week ransomware was an unwelcome holiday gift for a plastic surgery group, a trucking company, and other organizations.


The Week in Breach News – United States 


United States – Forward Air

https://www.bleepingcomputer.com/news/security/trucking-giant-forward-air-hit-by-new-hades-ransomware-gang/ 

Exploit: Ransomware

Forward Air: Trucking & Logistics Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.113 = Severe

Another trucking company gotbhit with ransomware this week, as attacks on shipping and logistcs targets continue to surge. Forward Air toook the hit this time from a ransomware gang that’s just coming on the scene, Hades. Operations and we services were disrupted, and recovery is ongoing.

Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is increasingly being used to disrupt business operations instead of just snatch business data, and that’s equally bad news for every company.


United States – TennCare

https://www.wkrn.com/news/tenncare-announces-privacy-breach-impacting-3300-members/

Exploit: Insider Incident (Accidental) 

TennCare: Medicaid Services Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.602 = Moderate

A blunder at TennCare has led to the exposure of personally identifiable information for about 3,300 Medicaid patients in Tennesee. Employees at an information processing vendor mistakenly sent out misaddressed mailers that may have contained protected health information to the wrong recipients.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.771 = Moderate

The state has set up a hotline for members to find out if they’re at risk by calling (833) 754-1793. The state will also be providing free credit monitoring for breach victims. TennCare users should be wary of potential spear phishing and financial scams using this information.

Customers Impacted: 3.300

How it Could Affect Your Customers’ Business To err is human…unfortunately. But increased security awareness training can help reduce a company’s chance of experiencing a damaging security incident by up to 70%.


United States – TaskRabbit

https://latesthackingnews.com/2020/12/26/taskrabbit-reset-passwords-after-credential-stuffing-attack/

Exploit:  Credential Stuffing

TaskRabbit: Microlabor Marketplace

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.803 = Moderate

Users of the Boston-based gig work platform TaskRabbit were surprised to get forced password reset notices when they logged in over the weekend. The company says it stopped a credential stuffing attack and did not suffer a breach or intrusion, but is having users reset their passwords “out of an abundance of caution”. The incident is still under investigation.

Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Credential stuffing attacks can be devastating. In this case, TaskRabbit got lucky, but they may not be as fortunate next time.


The Week in Breach News – Canada


Canada – Sangoma Technologies

https://www.bleepingcomputer.com/news/security/freepbx-developer-sangoma-hit-with-conti-ransomware-attack/

Exploit: Ransomware

Sangoma Technologies: VoIP Technology Provider 

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.317 = Severe

FreePBX developer Sangoma Technologies received an unpleasant gift this holiday season – Conti ransomware. The gang published over 26 GB of Sangoma’s stolen data on their ransomware data leak site includes files containing information on accounting, financials, acquisitions, employee benefits and salary, and legal documents. The incident did not impact products or client data.

Individual Impact: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: More municipalities are finding themselves in the crosshairs of cybercriminals looking to make a quick profit than ever. Your customers need solutions that protect their data from risks today and tomorrow, but tough times and tight budgets may be standing in the way of closing that sale.

The Week in Breach News – United Kingdom & European Union


United Kingdom – The Hospital Group

https://securityaffairs.co/wordpress/112637/cyber-crime/the-hospital-group-revil.html

Exploit: Ransomware

The Hospital Group: Private Cosmetic Surgery Services

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.702 = Severe

The REvil ransomware gang is claiming responsibility for a data breach at celebrity plastic surgery clinic chain The Hospital Group. The ransomware operators say that they’ve hacked essential data storage systems and have threatened to release before-and-after pictures of celebrity clients from their stash of more than 600 GB of data if the ransom is not paid, but no word on how much they’re asking for.

Individual Impact: No individual or personal data has yet been exposed, but that may change as events progress.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is no joke, and gangs can damage your business quickly by selectively stealing especially sensitive information about your clients.


United Kingdom – NOW: Pensions

https://www.theregister.com/2020/12/22/data_breach_now_pensions/

Exploit: Insider Incident (Accidental) 

NOW:Pensions : Workplace Pension Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.667 = Severe

NOW: Pensions recently informed clients of a contractor error that led to information exposure. The company explained that user data was “unintentionally” posted on an unnamed public forum, with data exposed between 12/11/20 and 12/14/20, and reportedly accessed by “a small number of third parties. Appropriate authorities have been informed and the incident is under investigation.

cybersecurity news represented by agauge showing severe risk

Individual Impact: 1.701 = Severe

The exposed records include biographical data for pensioners (names, email addresses, and dates of birth) as well as National Insurance numbers. The company is offering impacted clients credit and identity theft monitoring. Clients should be aware of phishing and fraud attempts mounted using this data.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This complex incident will be a nightmare to unravel, even if it was actually an accident. By allowing the wrong person access to client data, that data was compromised and this company faces big bills ahead.


Scotland – Scottish Environmental Protection Agency

https://news.stv.tv/scotland/scottish-environment-protection-agency-targeted-in-cyberattack?top

Exploit: Hacking

Scottish Environmental Protection Agency (SEPA) – National Environmental Regulatory Authority 

cybersecurity news represented by a gauge indicating moderate risk

 

Risk to Business: 2.107 = Severe

A hacking incident at SEPA has left some services offline but not severely impacted important data or functions. The Christamas Eve attack knocked communication into and across the organization offline, but core regulatory, monitoring, flood forecasting, and warning services continued unimpeded. The incident is under investigation, and complete restoration is anticipated quickly.

Individual Impact: No personal data was reported as exposed in this incident

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybersecurity incidents can come in all shapes and sizes, and may even only impact part of your business as cybercriminals refine their attacks to continue the trend of becoming more precise in the future.


Spain – 21 Buttons

https://www.hackread.com/fashion-marketplace-21-buttons-expose-users-data/

Exploit: Misconfiguration

21 Buttons: Fashion Social Network 

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.511 = Severe

A misconfigured AWS bucket has led to the exposure of personal data for hundreds of influencers and fashion industry fans after security researchers discovered a gaping hole in the platform. The app, which has been downloaded more than 5 million times, allows users to trade and share content as well as enabling e-commerce. This security issue wasn’t fixed for at least a month, exposing the personal and financial data of the platform’s users to anyone who cared to see it.

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.762 = Severe

 Over 50 million files were available and exposed in this incident including payment data for influencers, company invoices, users’ full names and addresses, financial information such as bank account numbers, PayPal email addresses, photos, and videos.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This kind of information is valuable, and cybercriminals know that they can make a pretty penny on it in the booming Dark Web data markets.


The Week in Breach News – Asia-Pacific


Japan – Koei Tecmo 

https://securereading.com/koei-tecmo-suffers-data-breach-stolen-data-exposed/

Exploit: Spear Phishing

Koei Tecmo:  Videogame and Anime Studio

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.802 = Severe

Japanese game and media company Koei Tecmo experienced a data breach that impacted users of its European and American sites.  The company’s stable includes Hyrule Warriors, Nioh 2, Atelier Ryza, Dead or Alive, and others.  An unnamed threat actor claims to have stolen a forum database through Koei Tecmo’s European user portal with 65,000 users and implanted a web shell on the site for continuous access. The company confirmed that the breach only affected the forum and not any other parts of the site, and that no financial data was involved.

cybersecurity news represented by a gauge indicating moderate risk

 

Individual Risk: 2.771 = Moderate

Users of the European and American potals to the company’s forums should be aware of potential phishing attempts or fraud using information from stolen forum user accounts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: From the biggest companies to the smallest, phishing is a threat that doesn’t discriminate. It’s a beloved tool for cybercriminals because it works.


The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Featured Briefing


Data Harvesting Increases Dark Web Threat Pool


While the biggest cybersecurity news stories have been about phishing and nation-state hacking this year, It’s never wise for any cybersecurity professional to take their eyes of the Dark Web for long. As splashy stories like the Twitter hack and the recent Federal hacking scandal have absorbed every one’s attention, the Dark Web has remained active, and it’s been growing at a strong pace – which s definitely bad news for businesses.

One major factor that has contributed to the growth of the Dark Web in 2020 and the corresponding growth in Dark Web threats is an explosive increase in data harvesting. China has been in the lead of these operations, gathering and exposing data about everything from social media posts made by prominent Americans and US military officials to contact information for the children and relatives of people who work in influential positions in government or the arts.

This kind of information is widely leveraged by cybercriminals to conduct precisely targeted spear phishing operations. The goal of these data miners is to find ways to push their targets’ buttons without raising suspicion. By gathering very detailed information about these folks’ likes, dislikes, patterns, locations, families, and other aspects of their lives, data harvesting operations enable bad actors to socially engineer successful attacks.

That’s why it’s essential to remember that just because it’s not in the spotlight, that doesn’t mean that the Dark Web is less of a threat. Information like this is traded in Dark Web markets every day, and deals are constantly being brokered for valuable personal information about the targets of cybercrime. More than 80% of businesses have seen an increase in cybercrime in 2020, especially phishing and spear phishing threats (which shot up by more than 600% in 2020).

Your clients need reliable, affordable, professional Dark Web monitoring. While many businesses are looking for ways to trim their budgets and save money by decreasing their reliance on outside service providers, it’s critical to their overall cybersecurity posture that your clients understand that Dark Web monitoring is not a DIY proposition – only highly trained analysts and cybersecurity experts know where to look for Dark Web danger and how to interpret the data that they find there.


The Week in Breach: Need to Know


2021 Trend Watch: Ransomware Never Goes Out of Style


Ransomware is the monster under the bed that every company should be worried about these days. From stealing data to disrupting operations and even nation-state hacking, ransomware was a favored tool of cybercriminals worldwide in 2020 – and that looks set to continue in 2021.

Ransomware surged at the start of the pandemic, with an incredible 148% increase in attacks in March 2020alone. In Q3 2020, researchers estimate that cybercriminals successfully completed at least 1 new ransomware attack every day. That’s not a trend that your business wants to get in on.

Protecting your business from cybercrime like ransomware starts with building a strong cybersecurity culture. It’s important to make sure that every one of your staffers is up to date on the latest threats and following cybersecurity best practices – after all, they’re part of your security team too.

Take smart precautions now to ensure that your business isn’t a trendsetter because no company can afford to be a part of the expected wave of continued growth in ransomware attacks in 2021.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!
View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.