The Week in Breach News: 12/01/21 – 12/07/21

Thursday, 09 December 2021

Planned Parenthood

https://www.washingtonpost.com/nation/2021/12/01/los-angeles-planned-parenthood-hack/
Exploit: Ransomware

Planned Parenthood: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616= Severe
Bad actors gained access to the personal information of an estimated 400,000 patients of Planned Parenthood in Los Angeles this past October in a probable ransomware attack. A spokesperson said that someone gained access to Planned Parenthood Los Angeles’ network between October 9 and 17, deployed and exfiltrated an undisclosed number of files. The breach is limited to the Los Angeles affiliate and an investigation is underway.

Risk to Business: 1.703= Severe
PPLA told clients that PII and PHI had been exposed including the patient’s name, address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescriptions.

Customers Impacted: 400,000

How It Could Affect Your Business: Medical information is valuable, especially sensitive information like this that can be used for both cybercrime and blackmail, and patients expect that healthcare providers will protect it.

Gale Healthcare Solutions

https://www.zdnet.com/article/sensitive-information-of-30k-florida-healthcare-workers-exposed-in-unprotected-database/
Exploit: Misconfiguration

Gale Healthcare Solutions: Healthcare Job Placement

Risk to Business: 1.611=Severe
More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password-protected database owned by Gale Healthcare Solutions, a Florida-based healthcare staffing provider. Files containing the PII of healthcare workers that the company placed were hosted on an unsecured AWS cloud server that was uncovered by security researchers in September. Gale Health Solutions says that the environment has been deactivated and secured. The company also says that there is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused.

Individual Risk: 1.813=Severe
Researchers reported that the files they saw contained a healthcare worker’s face image or ID badge, full name and a number consistent with an SSN. Other personal data about the impacted workers may also have been exposed.

Customers Impacted: 300,000

How It Could Affect Your Business: This mistake will be expensive and coveted healthcare workers may be inclined to choose a different staffing agency because of this carelessness.

MonoX

https://www.hackread.com/hackers-steal-badger-defi-monox/
Exploit: Hacking

MonoX: Cryptocurrency Finance

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.318=Extreme
The MonoX DEX platform has experienced a breach that did damage to the tune of $31 million. The breach took place after hackers exploited a vulnerability in smart contract software, then exploited the vulnerability to increase the price of MONO through smart contracts and bought assets with MONO tokens. DeFi platform Badger was also reportedly hit by hackers for $120 million last week after they gained access by targeting a protocol on the Ethereum network.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: In an ultra-competitive sector like crypto, customers will be watching every move a company makes, especially if it could potentially cost them money.

DNA Diagnostics Center

https://www.zdnet.com/article/dna-testing-center-admits-to-breach-affecting-ssns-banking-info-of-more-than-2-million-people/

Exploit: Ransomware

DNA Diagnostics Center: Healthcare Services

Risk to Business: 1.819= Severe
DNA Diagnostics Center said that on August 6, the company discovered that there had been unauthorized access to its network that enabled someone to access and exfiltrate an archived database that contained patient PII collected between 2004 and 2012. The Ohio-based company says that 2,102,436 people had their information exposed. Victims may have been ordered to undergo genetic testing as part of a legal matter.

Individual Risk 1.617= Severe
The company is sending letters to impacted individuals warning them that they may have had their PII and sensitive data such as Social Security number or payment information exposed. Anyone whose personal information was accessed is being offered Experian credit monitoring.

Customers Impacted: 2,102,436

How it Could Affect Your Business: Companies that store two kinds of valuable data like this are at high risk for an expensive and damaging ransomware incident that will have lasting financial results.

United Kingdom – BitMart

https://portswigger.net/daily-swig/crypto-exchange-bitmart-reports-150-million-theft-following-hack
Exploit: Hacking

BitMart: Cryptocurrency Exchange

Risk to Business: 1.212= Extreme
Cryptocurrency trading platform BitMart has been hacked resulting in the loss of an estimated $150 million in funds. Portswigger reports that Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain. BitMart said n a statement that it was temporarily suspending withdrawals until further notice after detecting a large-scale security breach centered on two ‘hot’ wallets. BitMart claims that it has more than nine million customers across more than 180 countries.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Crypto platforms have been squarely in cybercriminals’ sights in the last few months and consumers are watching to see which ones are able to avoid trouble.

Japan – Panasonic

https://www.securitymagazine.com/articles/96615-panasonic-discloses-data-breach

Exploit: Hacking

Panasonic: Electronics Manufacturer

Risk to Business: 1.919 = Severe
Panasonic has confirmed that it’s had a security breach after unauthorized users accessed its network on November 11. The company says that an internal investigation revealed that some data on a file server had been accessed by intruders. No information was given about what data was accessed or how much. Panasonic says that it is working with an outside firm to get to the bottom of the matter and expressed its apologies for the incident.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Large companies are treasure troves for data-hungry cybercriminals looking for a quick, low-risk score to turn over for fast profit.

Australia – CS Energy

https://www.itpro.co.uk/security/ransomware/361687/cs-energy-ransomware-attack
Exploit: Ransomware

CS Energy: Energy Company

Risk to Business: 1.723 = Severe
CS Energy confirmed it experienced a ransomware attack on November 27. The company said the incident was limited to its corporate network and did not impact operations at its Callide and Kogan Creek power stations. CS Energy’s CEO said that the company contained the ransomware attack by segregating the corporate network from other internal networks and enacting business continuity processes. CS Energy is owned by the Queensland government.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Utility companies and other critical infrastructure businesses are tempting targets for cybercriminals because their essential nature makes the owners more likely to pay a ransom.

4 Reasons to Refresh Your Technology Infrastructure in 2022

Tuesday, 07 December 2021

Bruce Groen

Uncategorized

After the ups and downs of the last year and a half, the business world is making its way into 2022 with renewed optimism. Business executives are contemplating strategies to start the year with a strong quarter by adapting to the new normal. Do you have the best technology infrastructure to help you kick off the new year with a bang? If not, it's time to consider a technology refresh.

Every company wants to grow, but if you treat your technological infrastructure as an afterthought, you may be severely limiting your company's potential.

Remember that your IT infrastructure is a critical component of your business. An up-to-date and high-quality IT infrastructure is an asset that enables you to do business without falling prey to cyberthreats and helps you achieve your goals.

A technology refresh enables a company to analyze the current state of its IT infrastructure and weigh the merits of trying something better. For a company's long-term success, it's best to review the present IT infrastructure — hardware, software and other technology solutions — and determine what additional solutions are available that would better suit its needs.

Reasons Worth Considering Before Refreshing Your IT Infrastructure

The following are the top four reasons to refresh your technology infrastructure:

Increased Security

The threat landscape is constantly evolving. We know this because of the projected increase in the cybersecurity market size from around 217 billion in 2021 to about 240 billion in 2022.¹ If you want to keep cybercriminals out of your business, you must understand where your technology and security measures fall short, leaving you vulnerable.

Some of the threats that small and midsized business’ (SMBs) IT infrastructure must defend against are:

Targeted ransomware attacks
Phishing attacks
Insider threats
DDoS attacks

Assurance That You’re Meeting Compliance Requirements

Regardless of your industry, you're probably subject to compliance regulations that your company must follow. If you use outdated technology that no longer receives software patches and is no longer supported, you may jeopardize your compliance status. Finding these gaps in your infrastructure as early as possible allows you to close them, thereby avoiding reputational damage and getting into hot water with regulators.

Never take compliance lightly since failure to comply can result in:

Hefty penalties
Uninvited audits
Criminal charges
Denial of insurance claims
Forced closure or even imprisonment

Reliable Backup

If you don't have a backup solution, you should find one that will work for your business because you could lose all your critical data in the blink of an eye. If you currently have a backup solution, you should check on it regularly to ensure that it is still functional. If it isn’t working, and your organization wants to access your backups, you’ll be in a tough spot.

In addition, some cyberattacks specifically target backups. As a result, it is critical to review and refresh your backup solution regularly.

Stay Competitive Using Artificial Intelligence (AI) and Other Emerging Technologies

According to Gartner, 33% of technology and service provider organizations intend to invest $1 million or more in AI over the next two years. AI and other emerging technologies are rapidly altering the landscape of every industry. If you want to stay ahead of your competitors, you must use the most up-to-date technology that is appropriate for your industry and goals. This could explain why around 60% of SMBs have invested in emerging technologies.²

Collaborate for Success

A timely technology refresh could act as an energy boost for your company, enabling it to be more resilient. Begin your IT infrastructure refresh journey with a partner like us. Knowing that the process is in expert hands gives you peace of mind and allows you to focus on building your business. Get in touch with us today.

Sources:

Statista
Adobe Digital Trends Report

4 Reasons to Refresh Your Technology Infrastructure in 2022

Tuesday, 07 December 2021

Bruce Groen

Uncategorized

After the ups and downs of the last year and a half, the business world is making its way into 2022 with renewed optimism. Business executives are contemplating strategies to start the year with a strong quarter by adapting to the new normal. Do you have the best technology infrastructure to help you kick off the new year with a bang? If not, it's time to consider a technology refresh.

Every company wants to grow, but if you treat your technological infrastructure as an afterthought, you may be severely limiting your company's potential.

Remember that your IT infrastructure is a critical component of your business. An up-to-date and high-quality IT infrastructure is an asset that enables you to do business without falling prey to cyberthreats and helps you achieve your goals.

A technology refresh enables a company to analyze the current state of its IT infrastructure and weigh the merits of trying something better. For a company's long-term success, it's best to review the present IT infrastructure — hardware, software and other technology solutions — and determine what additional solutions are available that would better suit its needs.

Reasons Worth Considering Before Refreshing Your IT Infrastructure

The following are the top four reasons to refresh your technology infrastructure:

Increased Security

The threat landscape is constantly evolving. We know this because of the projected increase in the cybersecurity market size from around 217 billion in 2021 to about 240 billion in 2022.¹ If you want to keep cybercriminals out of your business, you must understand where your technology and security measures fall short, leaving you vulnerable.

Some of the threats that small and midsized business’ (SMBs) IT infrastructure must defend against are:

Targeted ransomware attacks
Phishing attacks
Insider threats
DDoS attacks

Assurance That You’re Meeting Compliance Requirements

Regardless of your industry, you're probably subject to compliance regulations that your company must follow. If you use outdated technology that no longer receives software patches and is no longer supported, you may jeopardize your compliance status. Finding these gaps in your infrastructure as early as possible allows you to close them, thereby avoiding reputational damage and getting into hot water with regulators.

Never take compliance lightly since failure to comply can result in:

Hefty penalties
Uninvited audits
Criminal charges
Denial of insurance claims
Forced closure or even imprisonment

Reliable Backup

If you don't have a backup solution, you should find one that will work for your business because you could lose all your critical data in the blink of an eye. If you currently have a backup solution, you should check on it regularly to ensure that it is still functional. If it isn’t working, and your organization wants to access your backups, you’ll be in a tough spot.

In addition, some cyberattacks specifically target backups. As a result, it is critical to review and refresh your backup solution regularly.

Stay Competitive Using Artificial Intelligence (AI) and Other Emerging Technologies

According to Gartner, 33% of technology and service provider organizations intend to invest $1 million or more in AI over the next two years. AI and other emerging technologies are rapidly altering the landscape of every industry. If you want to stay ahead of your competitors, you must use the most up-to-date technology that is appropriate for your industry and goals. This could explain why around 60% of SMBs have invested in emerging technologies.²

Collaborate for Success

A timely technology refresh could act as an energy boost for your company, enabling it to be more resilient. Begin your IT infrastructure refresh journey with a partner like us. Knowing that the process is in expert hands gives you peace of mind and allows you to focus on building your business. Get in touch with us today.

Sources:

Statista
Adobe Digital Trends Report

3 Benefits of Conducting a Technology Audit

Friday, 03 December 2021

Bruce Groen

Uncategorized

When was the last time you conducted a comprehensive technology audit? If it's been a while or hasn't happened at all, you're probably vulnerable to a cyberattack. Cybercrime shows no signs of slowing down and is expected to cost the world $10.5 trillion per year by 2025.^*

Are you confident that your organization is secure with the current remote and hybrid work environments? This is where a technology audit can give you peace of mind. An IT audit is a thorough analysis and assessment of an organization's IT infrastructure, policies and procedures.

Importance of Technology Audits

Here are some reasons why a technology audit is essential to organizational resilience and overall success:

Detects security vulnerabilities
Ensures that the organization is up to date on security measures
Establishes the foundation for the organization's new security policies
Prepares the organization to respond quickly and effectively in the event of a cyberattack
Helps maintain compliance with various security regulations

Benefits of Technology Audits

Comprehensive technology audits have three key benefits:

No Surprises

IT components that we use and trust every day may have hidden threats that we can easily overlook. If not addressed early on, such threats can quickly escalate into a full-fledged data breach. An IT audit is extremely beneficial when it comes to addressing this particular concern.

A properly planned auditing process creates a map of your IT environment that helps you understand how everything connects and which areas expose you to threats. This allows you to focus your remediation efforts where they are needed the most.

Consider this: What if one of your top executives was secretly selling all your intellectual property ideas to your main competitor? That could sink your company or significantly reduce your profit potential. Unmapped and unaccounted-for technology landscapes can lead to similar outcomes.

To avoid this, regularly monitor, update, patch and clean up the proverbial dust in your infrastructure. You might soon discover that someone intentionally or unintentionally downloaded a piece of malicious code that's spreading like wildfire across your network, waiting for the perfect moment to demand a ransom or continue spying and stealing your best ideas.

Data-Driven Decision Making

A properly conducted audit will provide you with valuable data that you can use to make core business decisions. Its value extends to security budgeting as well. A data-driven approach to developing cybersecurity strategies can assist you in making more informed budget decisions. You'll have a better idea of where to spend your money.

An audit can also help you prioritize your goals based on what's most pressing, exposing vulnerabilities or what’s causing productivity loss.

A Vision for the Future

An audit can lay the groundwork for a SWOT analysis. A SWOT analysis is a technique for evaluating the Strengths, Weaknesses, Opportunities and Threats of your business. It's a powerful tool that can assist you in determining what your company excels at right now and formulating an effective strategy for the future.

Armed with a thorough understanding of your technology's strengths, weaknesses, opportunities and threats, you can begin planning years in advance and share the vision with team members to keep them motivated.

Are you ready to start planning your technology audit? Contact us for a free assessment.

Source:

* Cybersecurity Ventures

3 Benefits of Conducting a Technology Audit

Friday, 03 December 2021

Bruce Groen

Uncategorized

When was the last time you conducted a comprehensive technology audit? If it's been a while or hasn't happened at all, you're probably vulnerable to a cyberattack. Cybercrime shows no signs of slowing down and is expected to cost the world $10.5 trillion per year by 2025.^* Are you confident that your organization is secure with the current remote and hybrid work environments? This is where a technology audit can give you peace of mind. An IT audit is a thorough analysis and assessment of an organization's IT infrastructure, policies and procedures.

Importance of Technology Audits

Here are some reasons why a technology audit is essential to organizational resilience and overall success:

Detects security vulnerabilities
Ensures that the organization is up to date on security measures
Establishes the foundation for the organization's new security policies
Prepares the organization to respond quickly and effectively in the event of a cyberattack
Helps maintain compliance with various security regulations

Benefits of Technology Audits

Comprehensive technology audits have three key benefits:

No Surprises

IT components that we use and trust every day may have hidden threats that we can easily overlook. If not addressed early on, such threats can quickly escalate into a full-fledged data breach. An IT audit is extremely beneficial when it comes to addressing this particular concern.

A properly planned auditing process creates a map of your IT environment that helps you understand how everything connects and which areas expose you to threats. This allows you to focus your remediation efforts where they are needed the most.

Consider this: What if one of your top executives was secretly selling all your intellectual property ideas to your main competitor? That could sink your company or significantly reduce your profit potential. Unmapped and unaccounted-for technology landscapes can lead to similar outcomes.

To avoid this, regularly monitor, update, patch and clean up the proverbial dust in your infrastructure. You might soon discover that someone intentionally or unintentionally downloaded a piece of malicious code that's spreading like wildfire across your network, waiting for the perfect moment to demand a ransom or continue spying and stealing your best ideas.

Data-Driven Decision Making

A properly conducted audit will provide you with valuable data that you can use to make core business decisions. Its value extends to security budgeting as well. A data-driven approach to developing cybersecurity strategies can assist you in making more informed budget decisions. You'll have a better idea of where to spend your money.

An audit can also help you prioritize your goals based on what's most pressing, exposing vulnerabilities or what’s causing productivity loss.

A Vision for the Future

An audit can lay the groundwork for a SWOT analysis. A SWOT analysis is a technique for evaluating the Strengths, Weaknesses, Opportunities and Threats of your business. It's a powerful tool that can assist you in determining what your company excels at right now and formulating an effective strategy for the future.

Armed with a thorough understanding of your technology's strengths, weaknesses, opportunities and threats, you can begin planning years in advance and share the vision with team members to keep them motivated.

Are you ready to start planning your technology audit? Contact us for a free assessment.

Source:

* Cybersecurity Ventures

The Week in Breach News: 11/24/21 – 11/30/21

Thursday, 02 December 2021

Bruce Groen

Breach News

Cronin

https://www.websiteplanet.com/blog/cronin-leak-report/

Exploit: Misconfiguration

Cronin: Digital Marketing Firm

Risk to Business: 1.917= Severe
Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords and some unspecified PII and financial data were also exposed.

Individual Impact: Reports of this breach include mention of exposed employee financial data and PIIbut no details were available as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Information security is challenging enough without the complications of sloppy and dangerous mistakes like this.

Supernus Pharmaceuticals

https://www.securityweek.com/ransomware-operators-threaten-leak-15tb-supernus-pharmaceuticals-data
Exploit: Ransomware

Supernus Pharmaceuticals: Pharmaceutical Company

Risk to Business: 1.702=Severe
Maryland-based Supernus Pharmaceuticals fell prey to a ransomware attack that resulted in a large amount of data being exfiltrated from its networks in mid-November. The Hive ransomware group claimed responsibility for the attack over the Thanksgiving holiday weekend. The group claims to have breached Supernus Pharmaceuticals’ network on November 14 and exfiltrated a total of 1,268,906 files, totaling 1.5 terabytes of data. Supernus Pharmaceuticals says it did not plan to pay a ransom. In a statement, Supernus Pharmaceuticals also disclosed that it did not experience a significant impact on its business, they were quickly able to restore lost data and the company has enacted stronger security measures.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Companies in the healthcare and pharma sectors have been the favorite targets of ransomware gangs since the start of the global pandemic.

Butler County Community College

https://www.wtae.com/article/butler-county-community-college-closed-ransomware-attack/38374651
Exploit: Ransomware

Butler County Community College: Institution of Higher Learning

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.728=Moderate
Butler County Community College in Pennsylvania was forced to suspend classes for at least two days in the wake of a ransomware attack that has crippled the college’s systems. The college says it is working to restore databases, hard drives, servers and other devices. In a release, the college also announced the cancellation of all remote and online credit classes as it works to restore data, servers and other systems affected by the attack. Noncredit courses are canceled as well for November 29 and 30. The college will not provide services on its main campus or at its additional locations on those days. The incident is under investigation and the college is being assisted in recovery by a local cybersecurity firm.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware gangs have been taking aim at schools, colleges, school districts and similar education sector targets thanks to the it historically poor security and profit opportunities created by the adoption of widespread distance learning.

Brazil – WSpot

https://www.hackread.com/wifi-software-firm-exposed-users-data/

Exploit: Misconfiguration

WSpot: WiFi Security Software Provider

Risk to Business: 2.109= Severe
Researchers uncovered a misconfigured Amazon Web Services S3 bucket containing 10 GB worth of data that belonged to Wi-Fi software services company WSpot. The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The company stated that they are in the process of notifying legal authorities including the National Data Protection Authority regarding the incident. WSpot, estimated that 5% of its customer base was impacted by this leak.

Individual Risk 2.811= Severe
An estimated 226,000 files were exposed including the personal details of at least 2.5 million users who connected to WSpot’s client’s public Wi-Fi networks.

Customers Impacted: 2.5 million users

How it Could Affect Your Business: These days consumers and businesses are paying attention to who has data security in mind when choosing business partners and service providers.

United Kingdom – BTC-Alpha

https://www.techtarget.com/searchsecurity/news/252509877/Cryptocurrency-exchange-BTC-Alpha-confirms-ransomware-attack
Exploit: Ransomware

BTC-Alpha: Cryptocurrency Exchange

Risk to Business: 1.512= Severe
This week’s most bizarre breach saga belongs to BTC-Alpha. The UK-based cryptocurrency exchange was hit with a ransomware attack in early November. The Lockbit ransomware group claimed responsibility and posted a threat to its leak site to expose BTC-Alpha’s data if a ransom was not paid by December 1. Here’s where it gets strange. Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm in a press release on the same day that Lockbit’s announcement was made. The release goes on to state that a rival was launching a cryptocurrency exchange on the same day as the attack and may be involved in the incident. The full text of the release is available here: https://www.prleap.com/pr/282919/vitaliy-bodnar-founder-of-btc-alpha-comments-on-the-pressure-and-threats The company disclosed that although hashed passwords were compromised, users’ balances were not impacted, and the company and its users lost no money. The company also advised users to avoid password reuse, update or reinstall their apps, and employ MFA. The odd incident is under investigation.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Companies that provide financial services need to provide and enforce strong security measures like the universal adoption of MFA.

Sweden – IKEA

https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/ikea-cyberattack-details/

Exploit: Phishing

IKEA: Furniture & Home Goods Retailer

Risk to Business: 1.595 = Extreme
IKEA is battling a nasty phishing attack on its employee email accounts that is using reply chains to try to trick employees. A reply-chain email attack is a type of spoofing in which the bad guys steal legitimate corporate email messages and send links to malicious documents to the chain as a reply. The messages seem legit and can be hard to catch. Malicious messages are being sent from inside the main IKEA organization as well as from other compromised IKEA organizations and business partners. The fight is ongoing and no direct cause has been announced, although analysts are saying that signs point to a Microsoft Exchange on-premises server compromise.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Phishing is the top risk for a data breach in organizations of any size and has been for the last 3 years.

Singapore – Swire Pacific Offshore

https://portswigger.net/daily-swig/maritime-giant-swire-pacific-offshore-suffers-data-breach-following-cyber-attack
Exploit: Ransomware

Swire Pacific Offshore: Maritime Services

Risk to Business: 1.595 = Extreme
Singapore-based shipping giant Swire Pacific Offshore has announced a data breach after it fell victim to a possible ransomware attack. The company’s press release stated that unauthorized access had resulted in the loss of some confidential proprietary commercial information and some personal data. No further specifics were given about the type or amount of data stolen. The statement went on to note that appropriate authorities have been notified. Singapore has mandatory data breach notification laws that require organizations to report incidents like this to the government. The company also announced that it is working with data security experts to investigate the incident and implement stricter security measures.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Shipping has been beleaguered by cybercrime since the start of the global pandemic with maritime firms especially at risk. At least four other major maritime services or shipping companies have been hit by ransomware in recent months.

The Week in Breach News: 11/24/21 – 11/30/21

Thursday, 02 December 2021

Bruce Groen

Breach News

Cronin

https://www.websiteplanet.com/blog/cronin-leak-report/

Exploit: Misconfiguration

Cronin: Digital Marketing Firm

Risk to Business: 1.917= Severe
Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords and some unspecified PII and financial data were also exposed.

Individual Impact: Reports of this breach include mention of exposed employee financial data and PIIbut no details were available as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Information security is challenging enough without the complications of sloppy and dangerous mistakes like this.

Supernus Pharmaceuticals

https://www.securityweek.com/ransomware-operators-threaten-leak-15tb-supernus-pharmaceuticals-data
Exploit: Ransomware

Supernus Pharmaceuticals: Pharmaceutical Company

Risk to Business: 1.702=Severe
Maryland-based Supernus Pharmaceuticals fell prey to a ransomware attack that resulted in a large amount of data being exfiltrated from its networks in mid-November. The Hive ransomware group claimed responsibility for the attack over the Thanksgiving holiday weekend. The group claims to have breached Supernus Pharmaceuticals’ network on November 14 and exfiltrated a total of 1,268,906 files, totaling 1.5 terabytes of data. Supernus Pharmaceuticals says it did not plan to pay a ransom. In a statement, Supernus Pharmaceuticals also disclosed that it did not experience a significant impact on its business, they were quickly able to restore lost data and the company has enacted stronger security measures.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Companies in the healthcare and pharma sectors have been the favorite targets of ransomware gangs since the start of the global pandemic.

Butler County Community College

https://www.wtae.com/article/butler-county-community-college-closed-ransomware-attack/38374651
Exploit: Ransomware

Butler County Community College: Institution of Higher Learning

Risk to Business: 2.728=Moderate
Butler County Community College in Pennsylvania was forced to suspend classes for at least two days in the wake of a ransomware attack that has crippled the college’s systems. The college says it is working to restore databases, hard drives, servers and other devices. In a release, the college also announced the cancellation of all remote and online credit classes as it works to restore data, servers and other systems affected by the attack. Noncredit courses are canceled as well for November 29 and 30. The college will not provide services on its main campus or at its additional locations on those days. The incident is under investigation and the college is being assisted in recovery by a local cybersecurity firm.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware gangs have been taking aim at schools, colleges, school districts and similar education sector targets thanks to the it historically poor security and profit opportunities created by the adoption of widespread distance learning.

Brazil – WSpot

https://www.hackread.com/wifi-software-firm-exposed-users-data/

Exploit: Misconfiguration

WSpot: WiFi Security Software Provider

Risk to Business: 2.109= Severe
Researchers uncovered a misconfigured Amazon Web Services S3 bucket containing 10 GB worth of data that belonged to Wi-Fi software services company WSpot. The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The company stated that they are in the process of notifying legal authorities including the National Data Protection Authority regarding the incident. WSpot, estimated that 5% of its customer base was impacted by this leak.

Individual Risk 2.811= Severe
An estimated 226,000 files were exposed including the personal details of at least 2.5 million users who connected to WSpot’s client’s public Wi-Fi networks.

Customers Impacted: 2.5 million users

How it Could Affect Your Business: These days consumers and businesses are paying attention to who has data security in mind when choosing business partners and service providers.

United Kingdom – BTC-Alpha

https://www.techtarget.com/searchsecurity/news/252509877/Cryptocurrency-exchange-BTC-Alpha-confirms-ransomware-attack
Exploit: Ransomware

BTC-Alpha: Cryptocurrency Exchange

Risk to Business: 1.512= Severe
This week’s most bizarre breach saga belongs to BTC-Alpha. The UK-based cryptocurrency exchange was hit with a ransomware attack in early November. The Lockbit ransomware group claimed responsibility and posted a threat to its leak site to expose BTC-Alpha’s data if a ransom was not paid by December 1. Here’s where it gets strange. Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm in a press release on the same day that Lockbit’s announcement was made. The release goes on to state that a rival was launching a cryptocurrency exchange on the same day as the attack and may be involved in the incident. The full text of the release is available here: https://www.prleap.com/pr/282919/vitaliy-bodnar-founder-of-btc-alpha-comments-on-the-pressure-and-threats The company disclosed that although hashed passwords were compromised, users’ balances were not impacted, and the company and its users lost no money. The company also advised users to avoid password reuse, update or reinstall their apps, and employ MFA. The odd incident is under investigation.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Companies that provide financial services need to provide and enforce strong security measures like the universal adoption of MFA.

Sweden – IKEA

https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/ikea-cyberattack-details/

Exploit: Phishing

IKEA: Furniture & Home Goods Retailer

Risk to Business: 1.595 = Extreme
IKEA is battling a nasty phishing attack on its employee email accounts that is using reply chains to try to trick employees. A reply-chain email attack is a type of spoofing in which the bad guys steal legitimate corporate email messages and send links to malicious documents to the chain as a reply. The messages seem legit and can be hard to catch. Malicious messages are being sent from inside the main IKEA organization as well as from other compromised IKEA organizations and business partners. The fight is ongoing and no direct cause has been announced, although analysts are saying that signs point to a Microsoft Exchange on-premises server compromise.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Phishing is the top risk for a data breach in organizations of any size and has been for the last 3 years.

Singapore – Swire Pacific Offshore

https://portswigger.net/daily-swig/maritime-giant-swire-pacific-offshore-suffers-data-breach-following-cyber-attack
Exploit: Ransomware

Swire Pacific Offshore: Maritime Services

Risk to Business: 1.595 = Extreme
Singapore-based shipping giant Swire Pacific Offshore has announced a data breach after it fell victim to a possible ransomware attack. The company’s press release stated that unauthorized access had resulted in the loss of some confidential proprietary commercial information and some personal data. No further specifics were given about the type or amount of data stolen. The statement went on to note that appropriate authorities have been notified. Singapore has mandatory data breach notification laws that require organizations to report incidents like this to the government. The company also announced that it is working with data security experts to investigate the incident and implement stricter security measures.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Shipping has been beleaguered by cybercrime since the start of the global pandemic with maritime firms especially at risk. At least four other major maritime services or shipping companies have been hit by ransomware in recent months.

The Week in Breach News: 11/17/21 – 11/23/21

Wednesday, 24 November 2021

Bruce Groen

Breach News

GoDaddy

https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/

Exploit: Credential Compromise

GoDaddy: Web Hosting Provider

Risk to Business: 1.527= Severe
GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 1.2 million

How It Could Affect Your Business: Third-party security risk is increasingly common in an interconnected world and building strong defenses helps protect against this unexpected danger.

California Pizza Kitchen

https://techcrunch.com/2021/11/18/california-pizza-kitchen-data-breach/

Exploit: Hacking

California Pizza Kitchen: Fast Casual Restaurant Chain

Risk to Business: 2.212=Severe
US casual dining chain California Pizza Kitchen has had a data security breach that impacts current and past employees. In a statement, the company disclosed that its systems were infiltrated by an unauthorized user on September 15. Those cybercriminals gained access to an undisclosed amount of data including employee records that contained at least employee names and SSNs.

Individual Risk: 1.907=Severe
In a filing with the Maine attorney general’s office, the company reported that 103,767 current and former employees had their names and Social Security numbers exposed.

Customers Impacted: 103,767

How It Could Affect Your Business: A failure to secure employee data can be just as damaging and expensive as a failure to secure consumer data.

Lake County Board of Commissioners

https://www.washingtonpost.com/politics/attempted-breach-ohio-election/2021/11/19/12417a4c-488c-11ec-b8d9-232f4afe4d9b_story.html
Exploit: Insider Incident

Lake County Board of Commissioners: Election Regulator

Risk to Business: 1.502=Severe
The Washington Post is reporting that a data security incident occurred at the Lake County, Ohio Board of Elections. The attempted breach occurred on May 4 inside the county office of John Hamercheck (R), president of the Lake County Board of Commissioners. In this incident, a private laptop was plugged into the county network in Hamercheck’s office, capturing routine network traffic. That information was then distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell. Officials say that no sensitive data was obtained. This is substantially similar to an incident in Colorado earlier this year. Data from the Colorado incident was circulated at the same event. The FBI is investigating the incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Insider threats can pop up anywhere and real havoc on an organization when they least expect it.

Cyprus – StripChat

https://therecord.media/adult-cam-site-stripchat-exposes-the-data-of-millions-of-users-and-cam-models/
Exploit: Misconfiguration

StripChat: Adult Content Platform

Risk to Business: 1.615= Severe
StripChat, one of the world’s top 5 adult cam sites, has suffered a data breach that exposed more than its usual fare, including the personal data of millions of users and adult models. In a blunder discovered by security researchers, StripChat failed to properly configure an ElasticSearch database cluster, leaving data exposed for at least 3 days.

Individual Risk 1.802= Severe
Researchers listed the exposed data pertaining to 65 million users registered on the site including their username, email, IP address, ISP details, tip balance, account creation date, last login date and account status. Data for 421,000 models broadcasting on the site was also exposed including username, gender, studio ID, live status, tip menus/prices and strip scores. Other transaction data was also exposed.

Customers Impacted: Unknown

How it Could Affect Your Business: The company hasn’t just failed at data security, at press time they had also failed to publicly disclose or acknowledge the incident, a sure path to a hefty GDPR fine.

Denmark – Vestas

https://portswigger.net/daily-swig/wind-turbine-giant-vestas-confirms-data-breach-following-cybersecurity-incident
Exploit: Ransomware

Vestas: Wind Turbine Manufacturer

Risk to Business: 1.512= Severe
The world’s largest supplier of wind turbines Vestas has announced that it has experienced a suspected ransomware incident. The company says that its initial investigation has determined that data has been compromised, although no specifics about that data were given. The company says that the incident forced the shutdown of IT systems and has damaged parts of Vestas’ internal IT infrastructure. Recovery has begun, and the company has stressed that the impact on its manufacturing, construction and service arms has been minimal.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware and infrastructure components are going hand in hand these days, creating an elevated risk level for companies in infrastructure-related sectors.

Australia – Copyright Agency

https://www.itnews.com.au/news/australias-copyright-agency-investigates-cyber-incident-572982

Exploit: Hacking

Copyright Agency: Royalty Collection Agency

Risk to Business: 1.595 = Extreme
Australia’s Copyright Agency has suffered a data breach The agency which distributes royalties to authors, photographers and other creators for the reuse of their text and images, notified members of the incident last Friday. No information is yet available about what data may have been impacted, but there’s a possibility that extensive personal and financial data may have been exposed for the 37,000 creators that it services.

Customers Impacted: 37,000

The Week in Breach News: 11/17/21 – 11/23/21

Wednesday, 24 November 2021

Bruce Groen

Breach News

GoDaddy

https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/

Exploit: Credential Compromise

GoDaddy: Web Hosting Provider

Risk to Business: 1.527= Severe
GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 1.2 million

How It Could Affect Your Business: Third-party security risk is increasingly common in an interconnected world and building strong defenses helps protect against this unexpected danger.

California Pizza Kitchen

https://techcrunch.com/2021/11/18/california-pizza-kitchen-data-breach/

Exploit: Hacking

California Pizza Kitchen: Fast Casual Restaurant Chain

Risk to Business: 2.212=Severe
US casual dining chain California Pizza Kitchen has had a data security breach that impacts current and past employees. In a statement, the company disclosed that its systems were infiltrated by an unauthorized user on September 15. Those cybercriminals gained access to an undisclosed amount of data including employee records that contained at least employee names and SSNs.

Individual Risk: 1.907=Severe
In a filing with the Maine attorney general’s office, the company reported that 103,767 current and former employees had their names and Social Security numbers exposed.

Customers Impacted: 103,767

How It Could Affect Your Business: A failure to secure employee data can be just as damaging and expensive as a failure to secure consumer data.

Lake County Board of Commissioners

https://www.washingtonpost.com/politics/attempted-breach-ohio-election/2021/11/19/12417a4c-488c-11ec-b8d9-232f4afe4d9b_story.html
Exploit: Insider Incident

Lake County Board of Commissioners: Election Regulator

Risk to Business: 1.502=Severe
The Washington Post is reporting that a data security incident occurred at the Lake County, Ohio Board of Elections. The attempted breach occurred on May 4 inside the county office of John Hamercheck (R), president of the Lake County Board of Commissioners. In this incident, a private laptop was plugged into the county network in Hamercheck’s office, capturing routine network traffic. That information was then distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell. Officials say that no sensitive data was obtained. This is substantially similar to an incident in Colorado earlier this year. Data from the Colorado incident was circulated at the same event. The FBI is investigating the incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Insider threats can pop up anywhere and real havoc on an organization when they least expect it.

Cyprus – StripChat

https://therecord.media/adult-cam-site-stripchat-exposes-the-data-of-millions-of-users-and-cam-models/
Exploit: Misconfiguration

StripChat: Adult Content Platform

Risk to Business: 1.615= Severe
StripChat, one of the world’s top 5 adult cam sites, has suffered a data breach that exposed more than its usual fare, including the personal data of millions of users and adult models. In a blunder discovered by security researchers, StripChat failed to properly configure an ElasticSearch database cluster, leaving data exposed for at least 3 days.

Individual Risk 1.802= Severe
Researchers listed the exposed data pertaining to 65 million users registered on the site including their username, email, IP address, ISP details, tip balance, account creation date, last login date and account status. Data for 421,000 models broadcasting on the site was also exposed including username, gender, studio ID, live status, tip menus/prices and strip scores. Other transaction data was also exposed.

Customers Impacted: Unknown

How it Could Affect Your Business: The company hasn’t just failed at data security, at press time they had also failed to publicly disclose or acknowledge the incident, a sure path to a hefty GDPR fine.

Denmark – Vestas

https://portswigger.net/daily-swig/wind-turbine-giant-vestas-confirms-data-breach-following-cybersecurity-incident
Exploit: Ransomware

Vestas: Wind Turbine Manufacturer

Risk to Business: 1.512= Severe
The world’s largest supplier of wind turbines Vestas has announced that it has experienced a suspected ransomware incident. The company says that its initial investigation has determined that data has been compromised, although no specifics about that data were given. The company says that the incident forced the shutdown of IT systems and has damaged parts of Vestas’ internal IT infrastructure. Recovery has begun, and the company has stressed that the impact on its manufacturing, construction and service arms has been minimal.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware and infrastructure components are going hand in hand these days, creating an elevated risk level for companies in infrastructure-related sectors.

Australia – Copyright Agency

https://www.itnews.com.au/news/australias-copyright-agency-investigates-cyber-incident-572982

Exploit: Hacking

Copyright Agency: Royalty Collection Agency

Risk to Business: 1.595 = Extreme
Australia’s Copyright Agency has suffered a data breach The agency which distributes royalties to authors, photographers and other creators for the reuse of their text and images, notified members of the incident last Friday. No information is yet available about what data may have been impacted, but there’s a possibility that extensive personal and financial data may have been exposed for the 37,000 creators that it services.

Customers Impacted: 37,000

How to Become a Resilient Organization

Tuesday, 23 November 2021

Bruce Groen

Uncategorized

How to Become a Resilient Organization

The last year and a half have taught us that the world can experience a tremendous change in a short time. Whether it’s rapid technological advancements, cyberattacks, stalling economies or even a global pandemic, only resilient organizations can weather these storms.

That’s why the concept of organizational resilience is now more relevant than ever before. Organizational resilience is all about how well a company anticipates, plans for and responds to gradual change and unexpected disruptions in its business environment so that it can continue to operate and thrive.

Organizations and individuals that discovered meaningful ways to practice resilience in the face of change, from remote and hybrid working to digital acceleration, proved to have an enormous strategic advantage. Cultivate a resilient culture so that you aren’t caught off guard when disruptions occur.

Remember, if your people, processes and technologies aren’t resilient, your business will have a tough time recovering from setbacks such as downtime-induced financial loss as well as dissatisfied employees.

What Does a Resilient Organization Look Like?

Organizations that recover quickly from setbacks typically do the following:

Create an environment for innovation

An organization’s employees are among its most valuable assets. You can encourage innovation among your employees by creating a work culture that supports creative thinking and effective communication. This will empower them to contribute their knowledge, abilities and suggestions.

An innovative work culture ensures that everyone in the company works towards improving business practices, productivity and overall resilience. An innovative organization can quickly come up with multiple strategies to deal with a crisis.

Adapt to meet changing customer needs

Consumer demands and behavior are influenced by global events. With that in mind, if a customer-focused company wants to survive and prepare for the future, it must understand and adapt to changes.

Asking these three questions will provide organizations with perspective:

What are our customers’ behaviors?
Why do our customers behave that way?
What do we need to alter to cater to a new set of demands and behaviors?

Overcome reputational and organizational setbacks

Almost every firm will face reputational or organizational setbacks at some point during its life span. Some businesses may crumble as a result of their inability to prepare for and recover from change and challenges. However, the resilient ones will do everything in their power to identify the source of the setback, rectify the damage caused and make communication with stakeholders transparent.

Rise to the challenge

While it’s impossible to control what challenges your business encounters, you can certainly control how you deal with them. A resilient organization will be better equipped to stand firm in the face of severe adversity and will have the means to recover as quickly as possible.

Tactics of Resilient Organizations

Prioritize the following tactics to nurture a resilient organization:

Proactive cybersecurity planning

This may require implementing guidelines from The International Standards Organization (ISO), The British Standards Institute (BSI) or the National Institute of Standards and Technology's (NIST) Cyber Security Framework, depending on your industry and location.

Protection of intellectual property (IP)

This is more of a legal and operational task, and includes having the right employee, contractor and partnership agreements in place to avoid critical organizational IP from being disclosed.

Implementation of uptime safeguards

This requires being able to restore service via automatic failover or backup and recovery.

Contingency plan mapping

Build a business continuity and disaster recovery plan that lays out contingency plans for events like downtime, evacuations and so on, in order to be prepared for tricky situations.

Trying to build a resilient organization on your own is a massive commitment in terms of time and resources, especially while running a business. Partnering with an expert like us takes all the worry and responsibility off your shoulders. Contact us today to schedule a consultation and we’ll do the heavy lifting for you.

How to Become a Resilient Organization

Tuesday, 23 November 2021

Bruce Groen

Uncategorized

How to Become a Resilient Organization

The last year and a half have taught us that the world can experience a tremendous change in a short time. Whether it’s rapid technological advancements, cyberattacks, stalling economies or even a global pandemic, only resilient organizations can weather these storms.

That’s why the concept of organizational resilience is now more relevant than ever before. Organizational resilience is all about how well a company anticipates, plans for and responds to gradual change and unexpected disruptions in its business environment so that it can continue to operate and thrive.

Organizations and individuals that discovered meaningful ways to practice resilience in the face of change, from remote and hybrid working to digital acceleration, proved to have an enormous strategic advantage. Cultivate a resilient culture so that you aren’t caught off guard when disruptions occur.

Remember, if your people, processes and technologies aren’t resilient, your business will have a tough time recovering from setbacks such as downtime-induced financial loss as well as dissatisfied employees.

What Does a Resilient Organization Look Like?

Organizations that recover quickly from setbacks typically do the following:

Create an environment for innovation

An organization’s employees are among its most valuable assets. You can encourage innovation among your employees by creating a work culture that supports creative thinking and effective communication. This will empower them to contribute their knowledge, abilities and suggestions.

An innovative work culture ensures that everyone in the company works towards improving business practices, productivity and overall resilience. An innovative organization can quickly come up with multiple strategies to deal with a crisis.

Adapt to meet changing customer needs

Consumer demands and behavior are influenced by global events. With that in mind, if a customer-focused company wants to survive and prepare for the future, it must understand and adapt to changes.

Asking these three questions will provide organizations with perspective:

What are our customers’ behaviors?
Why do our customers behave that way?
What do we need to alter to cater to a new set of demands and behaviors?

Overcome reputational and organizational setbacks

Almost every firm will face reputational or organizational setbacks at some point during its life span. Some businesses may crumble as a result of their inability to prepare for and recover from change and challenges. However, the resilient ones will do everything in their power to identify the source of the setback, rectify the damage caused and make communication with stakeholders transparent.

Rise to the challenge

While it’s impossible to control what challenges your business encounters, you can certainly control how you deal with them. A resilient organization will be better equipped to stand firm in the face of severe adversity and will have the means to recover as quickly as possible.

Tactics of Resilient Organizations

Prioritize the following tactics to nurture a resilient organization:

Proactive cybersecurity planning

This may require implementing guidelines from The International Standards Organization (ISO), The British Standards Institute (BSI) or the National Institute of Standards and Technology's (NIST) Cyber Security Framework, depending on your industry and location.

Protection of intellectual property (IP)

This is more of a legal and operational task, and includes having the right employee, contractor and partnership agreements in place to avoid critical organizational IP from being disclosed.

Implementation of uptime safeguards

This requires being able to restore service via automatic failover or backup and recovery.

Contingency plan mapping

Build a business continuity and disaster recovery plan that lays out contingency plans for events like downtime, evacuations and so on, in order to be prepared for tricky situations.

Trying to build a resilient organization on your own is a massive commitment in terms of time and resources, especially while running a business. Partnering with an expert like us takes all the worry and responsibility off your shoulders. Contact us today to schedule a consultation and we’ll do the heavy lifting for you.

Password Danger is Escalating with No Ceiling in Sight

Friday, 19 November 2021

Bruce Groen

Uncategorized

A Combo of Bad Employee Behavior and Dark Web Data Spells Trouble for Businesses

The struggle to get users to make good, strong, unique passwords and actually keep them secret is real for IT professionals. It can be hard to demonstrate to users just how dangerous their bad password can be to the entire company, even though an estimated 60% of data breaches involved the improper use of credentials in 2020. There’s no rhyme or reason to why employees create and handle passwords unsafely, no profile that IT teams can quickly look at to determine that someone might be an accidental credential compromise risk. Employees of every stripe are unfortunately drawn to making awful passwords and playing fast and loose with them – and that predilection doesn’t look like it’s going away anytime soon.

Everyone is Managing Too Many Passwords

The average adult has an estimated 100 passwords floating around that they’re using. That’s a bewildering tangle of passwords to manage. About 300 billion passwords are currently in use by humans and machines worldwide. The global pandemic helped put even more passwords into circulation as people on stay-at-home orders created an abundance of new online accounts. According to the conclusions of a global study conducted by Morning Consult for IBM, people worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic.

Many of those logins were compromised from the start thanks to abundant dark web data. An estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, security professionals had to contend with a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. That dramatic increase in risk per user comes back to haunt businesses. The average organization is now likely to have about 17 sets of login details available on the dark web for malicious actors to enjoy. That number is only going to continue to grow thanks to events like this year’s giant influx of fresh passwords from the RockYou 2021 leak.

Employees Are Dedicated to Making Bad Passwords

Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password every time. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member,13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favorite sports team as their password. That makes cybercriminals’ jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles.

US companies aren’t any better off. In fact, their bad password problems are just a little bit worse. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. We can’t chalk that blizzard of bad passwords up to ignorance of good password habits, because even employees who know better are slacking on password safety. Over 90% of participants in a password habits survey understood the risk of poor password hygiene, but 59% admitted to still engaging in unsafe password behaviors at work anyway.

Worse yet, employees are also sharing their passwords with other people at an alarming rate, even if the people they’re sharing a password with don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their organization had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies.

43% of survey respondents have shared their password with someone in their home
22% of employees surveyed have shared their email password for a streaming site
17% of employees surveyed have shared their email password for a social media platform
17% of employees surveyed have shared their email password for an online shopping account

Based on our analysis of the top 250 passwords that we found through the application of Dark Web ID’s dark web search function that uncovers exposed credentials, these categories of information were used to generate the weakest passwords in 2020 were: Names, Sports, Food, Places, Animals and Famous People/Characters. Here’s a breakdown of people’s dreadful passwords.

The Most Common Passwords Spotted by Dark Web ID by Category

Names: maggie
Sports: baseball
Food: cookie
Places: Newyork
Animals: lemonfish
Famous People/Characters: Tigger

Top 20 Most Common Passwords That Dark Web ID Found on The Dark Web in 2020

123456
password
12345678
12341234
1asdasdasdasd
Qwerty123
Password1
123456789
Qwerty1
:12345678secret
Abc123
111111
stratfor
lemonfish
sunshine
123123123
1234567890
Password123
123123
1234567

Every Organization in Every Industry is in Password Trouble

No industry is immune to the powerful lure of terrible password habits, especially that perennial favorite password recycling and iteration. In a study of password proclivities, researchers determined that some sectors did have a little more trouble with passwords than others though. The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%).Security firms stacked with IT professionals don’t get off the hook any more easily than any other business – a staggering 97% of cybersecurity companies have had their passwords leaked on the dark web.

From SMBs to giant multinationals, it doesn’t matter how high-flying a company is either. Password problems will still plague them. A trove of exposed data about Fortune 1000 companies on the dark web was uncovered by researchers earlier this year, including passwords for 25.9 million Fortune 1000 corporate user accounts. Digging deeper, they also unearthed an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Altogether, they were able to determine that 25,927,476 passwords that belong to employees at Fortune 1000 companies are hanging out on the dark web. That’s an estimated 25,927 exposed passwords per Fortune 1000 company, marking a 12% increase in password leaks from 2020.

Busted Credentials Are Plentiful on the Dark Web

If data is a currency on the dark web, then credentials are solid gold. Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and bad actors didn’t hesitate to grab batches of credentials from all over the world. Cybercriminals snatched them up in about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every IT professional chills.

An abundance of records on the dark web has spawned an abundance of passwords for cybercriminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. That giant dump of of data is estimated to contain 8.4 billion passwords. Bad actors make use of that bounty quickly and effectively. In the aftermath an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cybercriminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.

Password Danger is Escalating with No Ceiling in Sight

Friday, 19 November 2021

Bruce Groen

Uncategorized

A Combo of Bad Employee Behavior and Dark Web Data Spells Trouble for Businesses

The struggle to get users to make good, strong, unique passwords and actually keep them secret is real for IT professionals. It can be hard to demonstrate to users just how dangerous their bad password can be to the entire company, even though an estimated 60% of data breaches involved the improper use of credentials in 2020. There’s no rhyme or reason to why employees create and handle passwords unsafely, no profile that IT teams can quickly look at to determine that someone might be an accidental credential compromise risk. Employees of every stripe are unfortunately drawn to making awful passwords and playing fast and loose with them – and that predilection doesn’t look like it’s going away anytime soon.

Everyone is Managing Too Many Passwords

The average adult has an estimated 100 passwords floating around that they’re using. That’s a bewildering tangle of passwords to manage. About 300 billion passwords are currently in use by humans and machines worldwide. The global pandemic helped put even more passwords into circulation as people on stay-at-home orders created an abundance of new online accounts. According to the conclusions of a global study conducted by Morning Consult for IBM, people worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic.

Many of those logins were compromised from the start thanks to abundant dark web data. An estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, security professionals had to contend with a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. That dramatic increase in risk per user comes back to haunt businesses. The average organization is now likely to have about 17 sets of login details available on the dark web for malicious actors to enjoy. That number is only going to continue to grow thanks to events like this year’s giant influx of fresh passwords from the RockYou 2021 leak.

Employees Are Dedicated to Making Bad Passwords

Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password every time. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member,13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favorite sports team as their password. That makes cybercriminals’ jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles.

US companies aren’t any better off. In fact, their bad password problems are just a little bit worse. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. We can’t chalk that blizzard of bad passwords up to ignorance of good password habits, because even employees who know better are slacking on password safety. Over 90% of participants in a password habits survey understood the risk of poor password hygiene, but 59% admitted to still engaging in unsafe password behaviors at work anyway.

Worse yet, employees are also sharing their passwords with other people at an alarming rate, even if the people they’re sharing a password with don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their organization had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies.

43% of survey respondents have shared their password with someone in their home
22% of employees surveyed have shared their email password for a streaming site
17% of employees surveyed have shared their email password for a social media platform
17% of employees surveyed have shared their email password for an online shopping account

Based on our analysis of the top 250 passwords that we found through the application of Dark Web ID’s dark web search function that uncovers exposed credentials, these categories of information were used to generate the weakest passwords in 2020 were: Names, Sports, Food, Places, Animals and Famous People/Characters. Here’s a breakdown of people’s dreadful passwords.

The Most Common Passwords Spotted by Dark Web ID by Category

Names: maggie
Sports: baseball
Food: cookie
Places: Newyork
Animals: lemonfish
Famous People/Characters: Tigger

Top 20 Most Common Passwords That Dark Web ID Found on The Dark Web in 2020

123456
password
12345678
12341234
1asdasdasdasd
Qwerty123
Password1
123456789
Qwerty1
:12345678secret
Abc123
111111
stratfor
lemonfish
sunshine
123123123
1234567890
Password123
123123
1234567

Every Organization in Every Industry is in Password Trouble

No industry is immune to the powerful lure of terrible password habits, especially that perennial favorite password recycling and iteration. In a study of password proclivities, researchers determined that some sectors did have a little more trouble with passwords than others though. The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%).Security firms stacked with IT professionals don’t get off the hook any more easily than any other business – a staggering 97% of cybersecurity companies have had their passwords leaked on the dark web.

From SMBs to giant multinationals, it doesn’t matter how high-flying a company is either. Password problems will still plague them. A trove of exposed data about Fortune 1000 companies on the dark web was uncovered by researchers earlier this year, including passwords for 25.9 million Fortune 1000 corporate user accounts. Digging deeper, they also unearthed an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Altogether, they were able to determine that 25,927,476 passwords that belong to employees at Fortune 1000 companies are hanging out on the dark web. That’s an estimated 25,927 exposed passwords per Fortune 1000 company, marking a 12% increase in password leaks from 2020.

Busted Credentials Are Plentiful on the Dark Web

If data is a currency on the dark web, then credentials are solid gold. Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and bad actors didn’t hesitate to grab batches of credentials from all over the world. Cybercriminals snatched them up in about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every IT professional chills.

An abundance of records on the dark web has spawned an abundance of passwords for cybercriminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. That giant dump of of data is estimated to contain 8.4 billion passwords. Bad actors make use of that bounty quickly and effectively. In the aftermath an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cybercriminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.

What to Include in Your Incident Response Plan

Thursday, 18 November 2021

Bruce Groen

Uncategorized

What to Include in Your Incident Response Plan

A security incident can topple an organization's reputation and revenue in a short amount of time. As billionaire Warren Buffet once said, "it takes 20 years to develop a reputation and five minutes to ruin it." Keeping that in mind, it’s ideal to have an incident response plan in place before a security breach occurs.

An incident response plan is a set of instructions intended to facilitate an organization in detecting, responding to and recovering from network security incidents such as cybercrime, data loss and service disruptions. Having a plan in place contributes to the development of cybersecurity as well as overall organizational resilience.

Since most small and medium-sized businesses (SMBs) have limited resources and funds, incident response is usually given less attention. However, failing to respond swiftly and effectively when a cyberattack occurs can cost far more than putting an incident response plan in place.

Essential Elements of an Incident Response Plan

Every incident response plan should include the following five key elements in order to successfully address the wide range of security issues that an organization can face:

Incident Identification and Rapid Response

It’s critical to evaluate the threat effectively and decide whether to implement the incident response plan. This requires two prerequisites:

An authorized person to initiate the plan
An online/offline place for the incident response team to meet and discuss

The sooner the incident is detected and addressed, the less severe the impact.

Resources

In case of a cyber event, an incident response team will usually have emergency kits on hand and have the following resources to help navigate through the event:

Tools to take all machines offline after forensic analysis
Solutions to regulate access to the organization’s IT environment and keep hackers out of the network
Measures to employ standby machines to ensure operational continuity

Roles and Responsibilities

An incident could occur in the middle of the night or at an unexpected time. That’s why it’s critical to establish the roles and responsibilities of your incident response team members. They could be called in at any time. You must also have a reserve team in case any of the primary contacts are unavailable.

In the event of a cyber incident, time is critical and everyone must know what to do.

Detection and Analysis

This is, without a doubt, one of the most crucial elements of an incident response plan. It emphasizes documenting everything, from how an incident is detected to how to report, analyze and contain the threat. The aim is to create a playbook that includes approaches for detecting and analyzing a wide range of risks.

Containment, Eradication and Recovery

Containment specifies the methods for restricting the incident's scope. A ransomware attack, for example, must be tackled very differently compared to an insider threat.
Eradication is all about techniques to eliminate a threat from all affected systems.
Because incidents cannot always be prevented, recovery efforts concentrate on reducing potential harm and resuming operations as quickly as possible.

Considerations for an Incident Response Plan

An incident response plan must address any concerns that arise from an evolving threat landscape. Before you start crafting your plan, there are several considerations to be made, including:

Building an incident response plan should not be a one-off exercise. It should be reviewed on a regular basis to ensure that it considers the most recent technical and environmental changes that may influence your organization.
Your incident response plan and the team working on it must be supported and guided by top management.
It's critical to document the contact information of key personnel for emergency communication.
Every person in the incident response team must maintain accountability.
Deploy the appropriate tools and procedures to improve the effectiveness of the incident response.
Your security, backup and compliance postures must all be given the same attention.

We live in an era where only resilient organizations can navigate through all the complexities created by technological advancements and other unexpected external influences. That’s why having an incident response plan is essential.

Trying to develop and deploy an incident response plan on your own might be more than you can handle while running an organization. Partnering with a specialist like us can take the load off your shoulders and give you the advantage of having an expert on your side. Contact us today to schedule a no-obligation consultation.

What to Include in Your Incident Response Plan

Thursday, 18 November 2021

Bruce Groen

Uncategorized

What to Include in Your Incident Response Plan

A security incident can topple an organization's reputation and revenue in a short amount of time. As billionaire Warren Buffet once said, "it takes 20 years to develop a reputation and five minutes to ruin it." Keeping that in mind, it’s ideal to have an incident response plan in place before a security breach occurs.

An incident response plan is a set of instructions intended to facilitate an organization in detecting, responding to and recovering from network security incidents such as cybercrime, data loss and service disruptions. Having a plan in place contributes to the development of cybersecurity as well as overall organizational resilience.

Since most small and medium-sized businesses (SMBs) have limited resources and funds, incident response is usually given less attention. However, failing to respond swiftly and effectively when a cyberattack occurs can cost far more than putting an incident response plan in place.

Essential Elements of an Incident Response Plan

Every incident response plan should include the following five key elements in order to successfully address the wide range of security issues that an organization can face:

Incident Identification and Rapid Response

It’s critical to evaluate the threat effectively and decide whether to implement the incident response plan. This requires two prerequisites:

An authorized person to initiate the plan
An online/offline place for the incident response team to meet and discuss

The sooner the incident is detected and addressed, the less severe the impact.

Resources

In case of a cyber event, an incident response team will usually have emergency kits on hand and have the following resources to help navigate through the event:

Tools to take all machines offline after forensic analysis
Solutions to regulate access to the organization’s IT environment and keep hackers out of the network
Measures to employ standby machines to ensure operational continuity

Roles and Responsibilities

An incident could occur in the middle of the night or at an unexpected time. That’s why it’s critical to establish the roles and responsibilities of your incident response team members. They could be called in at any time. You must also have a reserve team in case any of the primary contacts are unavailable.

In the event of a cyber incident, time is critical and everyone must know what to do.

Detection and Analysis

This is, without a doubt, one of the most crucial elements of an incident response plan. It emphasizes documenting everything, from how an incident is detected to how to report, analyze and contain the threat. The aim is to create a playbook that includes approaches for detecting and analyzing a wide range of risks.

Containment, Eradication and Recovery

Containment specifies the methods for restricting the incident's scope. A ransomware attack, for example, must be tackled very differently compared to an insider threat.
Eradication is all about techniques to eliminate a threat from all affected systems.
Because incidents cannot always be prevented, recovery efforts concentrate on reducing potential harm and resuming operations as quickly as possible.

Considerations for an Incident Response Plan

An incident response plan must address any concerns that arise from an evolving threat landscape. Before you start crafting your plan, there are several considerations to be made, including:

Building an incident response plan should not be a one-off exercise. It should be reviewed on a regular basis to ensure that it considers the most recent technical and environmental changes that may influence your organization.
Your incident response plan and the team working on it must be supported and guided by top management.
It's critical to document the contact information of key personnel for emergency communication.
Every person in the incident response team must maintain accountability.
Deploy the appropriate tools and procedures to improve the effectiveness of the incident response.
Your security, backup and compliance postures must all be given the same attention.

We live in an era where only resilient organizations can navigate through all the complexities created by technological advancements and other unexpected external influences. That’s why having an incident response plan is essential.

Trying to develop and deploy an incident response plan on your own might be more than you can handle while running an organization. Partnering with a specialist like us can take the load off your shoulders and give you the advantage of having an expert on your side. Contact us today to schedule a no-obligation consultation.

The Week in Breach News: 11/10/21 – 11/16/21

Wednesday, 17 November 2021

Bruce Groen

Breach News

Federal Bureau of Investigation (FBI)

https://www.washingtonpost.com/nation/2021/11/14/fbi-hack-email-cyberattack/

Exploit: Account Takeover

Federal Bureau of Investigation (FBI): Federal Government Agency

Risk to Business: 1.417= Severe
A shocking email security breach at the US Federal Bureau of Investigation (FBI) led to the takeover of a user account. The cybercriminals that accomplished the feat were able to use that compromised email account to send tens of thousands of fraudulent emails warning recipients of impending cyberattacks. Messages reached celebrities like Jay Z and journalists including investigative reporter Brian Krebs. The Bureau later confirmed that its Law Enforcement Enterprise Portal (LEEP) was compromised in a cyberattack Friday. FBI officials were quick to stress the fact that the malicious emails originated from an FBI-operated server that was solely dedicated to pushing notifications for LEEP and not part of the FBI’s corporate email service.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: This incident shows that no organization is immune to a cyberattack, and even the best defenses can fail.

West Virginia Parkways Authority

https://wvmetronews.com/2021/11/12/parkways-authority-reports-cyber-attack-turnpike-traffic-not-impacted/

Exploit: Ransomware

West Virginia Parkways Authority: State Government Agency

Risk to Business: 1.822=Severe
A suspected ransomware attack snarled operations at the West Virginia Parkways Authority last Friday. Officials announced that a cyberattack had hit the agency’s internal computer systems, knocking out email, telephones, and various non-critical applications for several hours. According to the statement, no data was extracted or exposed in the incident which only impacted operational technology. Systems have since been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Using ransomware against infrastructure targets to shut down their operations has become much more common.

Robinhood

https://solutionsreview.com/security-information-event-management/robinhood-discloses-data-breach-seven-million-customers-affected/

Exploit: Phishing (Vishing)

Robinhood: Financial Services Platform

Risk to Business: 1.542=Extreme
Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.

Individual Risk: 1.312=Extreme
The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.

Customers Impacted: Unknown

How It Could Affect Your Business: Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.

Hewlett Packer Enterprise (HPE)

https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/

Exploit: Credential Compromise

Hewlett Packer Enterprise: Business Technology Services

Risk to Business: 1.615= Severe
Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.

United Kingdom – Simplify Group

https://www.itpro.co.uk/security/cyber-attacks/361510/property-firm-cyber-attack-leaves-customers-in-the-lurch

Exploit: Hacking

Simplify Group: Conveyancing & Property Services

Risk to Business: 1.512= Severe
UK property services giant Simplify Group has been experiencing a cyberattack that impacted operations at many of its divisions. The company operates brands like Premier Property Lawyers, My Home Move and DC Law. The outage was a spanner in the works for new and prospective homebuyers, including some that were mid-move, and they were quick to take to social media. Some systems have been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.

Spain – S.A. Damm

https://gadgets.ndtv.com/internet/news/cyberattack-damm-beer-barcelona-estrella-brewery-shut-down-llobregat-2609233
Exploit: Ransomware

S.A. Damm: Brewing

Risk to Business: 1.595 = Extreme
Operations went flat at Spanish brewer S.A. Damm after a ransomware attack crippled production. The company disclosed that the cyberattack hit the brewery on Tuesday night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”. Operations were partially restored quickly and the rest of the recovery is expected to be completed soon.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware gangs have been stopping production in factories rather than stealing data in the hopes of scoring a quick ransom from desperate businesses.

The Week in Breach News: 11/10/21 – 11/16/21

Wednesday, 17 November 2021

Bruce Groen

Breach News

Federal Bureau of Investigation (FBI)

https://www.washingtonpost.com/nation/2021/11/14/fbi-hack-email-cyberattack/

Exploit: Account Takeover

Federal Bureau of Investigation (FBI): Federal Government Agency

Risk to Business: 1.417= Severe
A shocking email security breach at the US Federal Bureau of Investigation (FBI) led to the takeover of a user account. The cybercriminals that accomplished the feat were able to use that compromised email account to send tens of thousands of fraudulent emails warning recipients of impending cyberattacks. Messages reached celebrities like Jay Z and journalists including investigative reporter Brian Krebs. The Bureau later confirmed that its Law Enforcement Enterprise Portal (LEEP) was compromised in a cyberattack Friday. FBI officials were quick to stress the fact that the malicious emails originated from an FBI-operated server that was solely dedicated to pushing notifications for LEEP and not part of the FBI’s corporate email service.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: This incident shows that no organization is immune to a cyberattack, and even the best defenses can fail.

West Virginia Parkways Authority

https://wvmetronews.com/2021/11/12/parkways-authority-reports-cyber-attack-turnpike-traffic-not-impacted/

Exploit: Ransomware

West Virginia Parkways Authority: State Government Agency

Risk to Business: 1.822=Severe
A suspected ransomware attack snarled operations at the West Virginia Parkways Authority last Friday. Officials announced that a cyberattack had hit the agency’s internal computer systems, knocking out email, telephones, and various non-critical applications for several hours. According to the statement, no data was extracted or exposed in the incident which only impacted operational technology. Systems have since been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Using ransomware against infrastructure targets to shut down their operations has become much more common.

Robinhood

https://solutionsreview.com/security-information-event-management/robinhood-discloses-data-breach-seven-million-customers-affected/

Exploit: Phishing (Vishing)

Robinhood: Financial Services Platform

Risk to Business: 1.542=Extreme
Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.

Individual Risk: 1.312=Extreme
The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.

Customers Impacted: Unknown

How It Could Affect Your Business: Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.

Hewlett Packer Enterprise (HPE)

https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/

Exploit: Credential Compromise

Hewlett Packer Enterprise: Business Technology Services

Risk to Business: 1.615= Severe
Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.

United Kingdom – Simplify Group

https://www.itpro.co.uk/security/cyber-attacks/361510/property-firm-cyber-attack-leaves-customers-in-the-lurch

Exploit: Hacking

Simplify Group: Conveyancing & Property Services

Risk to Business: 1.512= Severe
UK property services giant Simplify Group has been experiencing a cyberattack that impacted operations at many of its divisions. The company operates brands like Premier Property Lawyers, My Home Move and DC Law. The outage was a spanner in the works for new and prospective homebuyers, including some that were mid-move, and they were quick to take to social media. Some systems have been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.

Spain – S.A. Damm

https://gadgets.ndtv.com/internet/news/cyberattack-damm-beer-barcelona-estrella-brewery-shut-down-llobregat-2609233
Exploit: Ransomware

S.A. Damm: Brewing

Risk to Business: 1.595 = Extreme
Operations went flat at Spanish brewer S.A. Damm after a ransomware attack crippled production. The company disclosed that the cyberattack hit the brewery on Tuesday night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”. Operations were partially restored quickly and the rest of the recovery is expected to be completed soon.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware gangs have been stopping production in factories rather than stealing data in the hopes of scoring a quick ransom from desperate businesses.

The Week in Breach News: 11/03/21 – 11/09/21

Thursday, 11 November 2021

Bruce Groen

Breach News

Diamond Comic Distributors

https://bleedingcool.com/comics/diamond-comic-distributors-targeted-by-ransomware-attack/

Exploit: Ransomware

Diamond Comic Distributors: Periodical Distributor

Risk to Business: 1.417= Severe
It’s a bird, it’s a plane, it’s a ransomware attack at Diamond Comic Distributors. The Baltimore-based company, the exclusive distributor of DC and Image Comics and a publishing outlet for dozens of small-press comics publishers, suffered a ransomware attack last Friday that took down the company’s website and customer service platforms all weekend into Monday. Diamond said in a statement that it did not anticipate that any customer financial data had been impacted by this event. Investigation and recovery is underway with some functions already restored.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware can cost companies a fortune from operational disruption alone even if no data is snatched, not to mention incident response costs.

Electronic Warfare Associates (EWA)

https://www.msspalert.com/cybersecurity-news/electronic-warfare-associates-ewa-data-breach-email-phishing-incident-details/

Exploit: Phishing

Electronic Warfare Associates (EWA): Defense Contractor

Risk to Business: 1.822=Severe
A phishing attack that snared an employee is the suspected cause of a breach at defense contractor Electronic Warfare Associates (EWA). The company is a major provider of specialized software for the US defense establishment including the Pentagon, the Department of Defense (DoD), the Department of Justice (DoJ) and the Department of Homeland Security (DHS). EWA’s investigation determined that an attacker broke into an EWA email account in August 2021 after a phishing operation. The intrusion was uncovered when the attacker attempted a wire transfer. Employee PII was exposed and concern remains that sensitive defense information may also have been exposed.

Individual Risk: 1.703=Severe
EWA has admitted that the attackers snatched files with certain personal information including name and Social Security Number and/or drivers’ license number for an undisclosed number of EWA employees, but no further information was given.

Customers Impacted: Unknown

How It Could Affect Your Business: Phishing is an equal opportunity offender and no less likely to be successful against the presumably cybersecurity savvy employees of a tech company as any other business.

Newfoundland and Labrador Health

https://www.securitymagazine.com/articles/96481-canadian-healthcare-system-suffered-cyberattack

Exploit: Ransomware

Newfoundland and Labrador Health: Healthcare System

Risk to Business: 1.442=Extreme
What may be the largest cyberattack in Canadian history crippled the healthcare system of the province of Newfoundland and Labrador on October 30th. The suspected ransomware attack hit scheduling and payment systems, causing widespread interruptions in patient care including the cancellation of all non-urgent imaging and medical appointments well as a reduction in chemotherapy sessions and significant complications the province’s COVID-19 response. Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack. Email and telephone capability has been restored in some locations and an investigation is ongoing.

Individual Impact: No information about the exposure of patient information was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Healthcare has been beleaguered by cyberattacks, especially ransomware, since the start of the global pandemic.

Greece – Danaos Management Consultants

https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/

Exploit: Hacking

Danaos Management Consultants: Maritime IT

Risk to Business: 1.615= Severe
Maritime clients who use the communication systems of Danaos Management Consultants found themselves without some communications capability after a cyberattack blocked their communication with ships, suppliers, agents, charterers and suppliers. Several Greek shipping companies were impacted. The incident also resulted in the loss of an unspecified amount of files and correspondence for the impacted shipping firms.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Cyberattacks have rocked the maritime world in 2021, with major attacks against the world’s four biggest shippers complicating the world’s supply chain woes.

Germany – Media Markt

https://www.bleepingcomputer.com/news/security/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom/
Exploit: Ransomware

Media Markt: Electronics Retailer

Risk to Business: 1.512= Severe
Electronics retailer MediaMarkt has suffered a ransomware attack that caused the company to shut down some IT systems, impacting store operations in Netherlands and Germany. While cash registers and payment card systems in brick-and-mortar locations were disrupted, online sales were not impacted. The attack was purportedly carried out by the Hive ransomware outfit who initially demanded $240 million in ransom.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.

Australia – mySA Gov

https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.html
Exploit: Hacking

mySA Gov: Government Services Platform

Risk to Business: 1.595 = Extreme
South Australia’s Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. Officials went on to say that the hackers gained access to several mySA Gov accounts that were secured with recycled passwords. The department went on to say that there was no evidence of any unauthorized transactions on the impacted accounts while encouraging users to update their passwords.

Individual Risk: 1.595 = Extreme
A report from ABC says that 2,601 mySA Gov accounts were accessed in the attack, with 2,008 of them containing registration and licensing information. It is unclear if any information was exfiltrated.

Customers Impacted: Unknown

How it Could Affect Your Business: Cybercriminals are always hungry for PII, especially identification card or passport data that can help them commit identity theft.

The Week in Breach News: 11/03/21 – 11/09/21

Thursday, 11 November 2021

Bruce Groen

Breach News

Diamond Comic Distributors

https://bleedingcool.com/comics/diamond-comic-distributors-targeted-by-ransomware-attack/

Exploit: Ransomware

Diamond Comic Distributors: Periodical Distributor

Risk to Business: 1.417= Severe
It’s a bird, it’s a plane, it’s a ransomware attack at Diamond Comic Distributors. The Baltimore-based company, the exclusive distributor of DC and Image Comics and a publishing outlet for dozens of small-press comics publishers, suffered a ransomware attack last Friday that took down the company’s website and customer service platforms all weekend into Monday. Diamond said in a statement that it did not anticipate that any customer financial data had been impacted by this event. Investigation and recovery is underway with some functions already restored.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware can cost companies a fortune from operational disruption alone even if no data is snatched, not to mention incident response costs.

Electronic Warfare Associates (EWA)

https://www.msspalert.com/cybersecurity-news/electronic-warfare-associates-ewa-data-breach-email-phishing-incident-details/

Exploit: Phishing

Electronic Warfare Associates (EWA): Defense Contractor

Risk to Business: 1.822=Severe
A phishing attack that snared an employee is the suspected cause of a breach at defense contractor Electronic Warfare Associates (EWA). The company is a major provider of specialized software for the US defense establishment including the Pentagon, the Department of Defense (DoD), the Department of Justice (DoJ) and the Department of Homeland Security (DHS). EWA’s investigation determined that an attacker broke into an EWA email account in August 2021 after a phishing operation. The intrusion was uncovered when the attacker attempted a wire transfer. Employee PII was exposed and concern remains that sensitive defense information may also have been exposed.

Individual Risk: 1.703=Severe
EWA has admitted that the attackers snatched files with certain personal information including name and Social Security Number and/or drivers’ license number for an undisclosed number of EWA employees, but no further information was given.

Customers Impacted: Unknown

How It Could Affect Your Business: Phishing is an equal opportunity offender and no less likely to be successful against the presumably cybersecurity savvy employees of a tech company as any other business.

Newfoundland and Labrador Health

https://www.securitymagazine.com/articles/96481-canadian-healthcare-system-suffered-cyberattack

Exploit: Ransomware

Newfoundland and Labrador Health: Healthcare System

Risk to Business: 1.442=Extreme
What may be the largest cyberattack in Canadian history crippled the healthcare system of the province of Newfoundland and Labrador on October 30th. The suspected ransomware attack hit scheduling and payment systems, causing widespread interruptions in patient care including the cancellation of all non-urgent imaging and medical appointments well as a reduction in chemotherapy sessions and significant complications the province’s COVID-19 response. Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack. Email and telephone capability has been restored in some locations and an investigation is ongoing.

Individual Impact: No information about the exposure of patient information was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Healthcare has been beleaguered by cyberattacks, especially ransomware, since the start of the global pandemic.

Greece – Danaos Management Consultants

https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/

Exploit: Hacking

Danaos Management Consultants: Maritime IT

Risk to Business: 1.615= Severe
Maritime clients who use the communication systems of Danaos Management Consultants found themselves without some communications capability after a cyberattack blocked their communication with ships, suppliers, agents, charterers and suppliers. Several Greek shipping companies were impacted. The incident also resulted in the loss of an unspecified amount of files and correspondence for the impacted shipping firms.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Cyberattacks have rocked the maritime world in 2021, with major attacks against the world’s four biggest shippers complicating the world’s supply chain woes.

Germany – Media Markt

https://www.bleepingcomputer.com/news/security/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom/
Exploit: Ransomware

Media Markt: Electronics Retailer

Risk to Business: 1.512= Severe
Electronics retailer MediaMarkt has suffered a ransomware attack that caused the company to shut down some IT systems, impacting store operations in Netherlands and Germany. While cash registers and payment card systems in brick-and-mortar locations were disrupted, online sales were not impacted. The attack was purportedly carried out by the Hive ransomware outfit who initially demanded $240 million in ransom.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.

Australia – mySA Gov

https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.html
Exploit: Hacking

mySA Gov: Government Services Platform

Risk to Business: 1.595 = Extreme
South Australia’s Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. Officials went on to say that the hackers gained access to several mySA Gov accounts that were secured with recycled passwords. The department went on to say that there was no evidence of any unauthorized transactions on the impacted accounts while encouraging users to update their passwords.

Individual Risk: 1.595 = Extreme
A report from ABC says that 2,601 mySA Gov accounts were accessed in the attack, with 2,008 of them containing registration and licensing information. It is unclear if any information was exfiltrated.

Customers Impacted: Unknown

How it Could Affect Your Business: Cybercriminals are always hungry for PII, especially identification card or passport data that can help them commit identity theft.

Is Your Supply Chain Resilient?

Tuesday, 09 November 2021

Bruce Groen

Uncategorized

Is Your Supply Chain Resilient?

The major upheavals of the last couple of decades, such as the global recession and the COVID-19 pandemic, have demonstrated that firms will suffer severe setbacks if their supply chains are not resilient. An entire supply chain becomes vulnerable if one component is exposed to risk, just like a house of cards will topple if one section is out of balance.

Supply chain resilience refers to an organization's ability to use its resources to handle unanticipated supply network disruptions. In other words, it is the ability to respond to and recover from challenges without disrupting operations or deadlines.

These statistics from last year demonstrate why supply chain resilience is crucial:

The financial impact of supply chain disruptions was substantial. Over 16% of organizations reported severe revenue loss.¹
Over 10% of organizations stated that supply chain disruptions had affected their brand’s reputation.¹
Nearly 10% of organizations lost their regular customers following a bad experience due to a broken supply chain.¹

Despite this, over 70% of organizations don’t have a business operations contingency plan to deal with disruptions lasting more than a few weeks.²

4 Core Elements of a Resilient Supply Chain

A resilient supply chain incorporates the following four essential elements, regardless of industry or geographic location:

End-to-End Monitoring

A resilient supply chain requires continual monitoring. However, today's organizations frequently lack awareness of what's going on with their vendors and consumers at different levels. Vendors that are critical to a company's success should always be closely monitored.

It's critical to identify issues before they become severe impediments, such as ransomware penetrating your network or a computer part being delayed in shipment. Knowing about issues as soon as they arise allows you to seek out other options and update customers quickly.

Sourcing Diversification

Even though eliminating single points of failure is a critical part of risk mitigation, many companies still rely on a single vendor, region or country in their supply chain portfolios. It's ideal to employ a mix of near-shore and offshore vendors for each component so that if one region/vendor goes down, suppliers from other locations can step in.

Incident Tolerance

Security, backup and compliance postures must be strengthened to ensure operations continue even if one of the vendors/regions gets affected. The goal must be to build incident tolerance or the ability to ensure that the supply chain keeps running, regardless of the nature or scope of an incident.

Agility

The most successful organizations operate with an agile mindset. They work hard to keep up with market trends as well as the latest technology developments. They use the best tools and strategies in the industry to gain insights, foresee opportunities and risks, and take aggressive action ahead of their competitors.

The Key Enablers of Supply Chain Resilience

People, processes and technology are the three key enablers of a robust supply chain resilience strategy.

People

When it comes to the supply chain, a crisis management team comprised of the most skilled and resilient people must be established.

By relying on organizational insights, the team must draft a response playbook and acquire appropriate technologies. Additionally, to prepare the entire organization for disruptions, the team must develop and run mock drills.

Processes

Employees perform at their best when efficient and reliable processes support them. As a result, digitizing as many processes as possible is highly recommended. This allows organizations to access large amounts of data and information in real time, which they can utilize to make decisions regarding crucial competencies required to navigate a crisis.

Technology

Technology can fine-tune the processes within an organization accurately. Using proper technologies to construct a centralized incident management system is the best method to detect issues and maintain accountability within the supply chain.

Although making your supply chain resilient is a vital undertaking, it takes time, effort and expertise. Working with a specialist like us to manage resilience matters while you focus on running your organization is ideal. Contact us to schedule a no-obligation consultation.

Sources:

Supply Chain Resilience Report 2021
Accenture - A pragmatic approach to maintaining supply chain resilience in times of uncertainty

Send Us An Email

Give us a call

Headquarters

InTegriLogic Blog

InTegriLogic Blog

Planned Parenthood

Gale Healthcare Solutions

MonoX

DNA Diagnostics Center

United Kingdom – BitMart

Japan – Panasonic

Australia – CS Energy

Reasons Worth Considering Before Refreshing Your IT Infrastructure

Increased Security

Assurance That You’re Meeting Compliance Requirements

Reliable Backup

Stay Competitive Using Artificial Intelligence (AI) and Other Emerging Technologies

Collaborate for Success

Sources:

Reasons Worth Considering Before Refreshing Your IT Infrastructure

Increased Security

Assurance That You’re Meeting Compliance Requirements

Reliable Backup

Stay Competitive Using Artificial Intelligence (AI) and Other Emerging Technologies

Collaborate for Success

Sources:

Importance of Technology Audits

Benefits of Technology Audits

No Surprises

Data-Driven Decision Making

A Vision for the Future

Source:

Importance of Technology Audits

Benefits of Technology Audits

No Surprises

Data-Driven Decision Making

A Vision for the Future

Source:

Cronin

Supernus Pharmaceuticals

Butler County Community College

Brazil – WSpot

United Kingdom – BTC-Alpha

Sweden – IKEA

Singapore – Swire Pacific Offshore

Cronin

Supernus Pharmaceuticals

Butler County Community College

Brazil – WSpot

United Kingdom – BTC-Alpha

Sweden – IKEA

Singapore – Swire Pacific Offshore

GoDaddy

California Pizza Kitchen

Lake County Board of Commissioners

Cyprus – StripChat

Denmark – Vestas

Australia – Copyright Agency

GoDaddy

California Pizza Kitchen

Lake County Board of Commissioners

Cyprus – StripChat

Denmark – Vestas

Australia – Copyright Agency

How to Become a Resilient Organization

What Does a Resilient Organization Look Like?

Create an environment for innovation

Adapt to meet changing customer needs

Overcome reputational and organizational setbacks

Rise to the challenge

Tactics of Resilient Organizations

Proactive cybersecurity planning

Protection of intellectual property (IP)

Implementation of uptime safeguards

Contingency plan mapping

How to Become a Resilient Organization

What Does a Resilient Organization Look Like?

Create an environment for innovation

Adapt to meet changing customer needs

Overcome reputational and organizational setbacks