InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
AT&T
https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/Exploit: Hacking
AT&T: Communications Conglomerate
Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.
Customers Impacted: Unknown
How It Could Affect Your Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.
Indiana Department of Health
https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/
Exploit: MisconfigurationIndiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
How It Could Affect Your Business: Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
St. Joseph’s/Candler Health System
https://portswigger.net/daily-swig/us-healthcare-org-sends-data-breach-warning-to-1-4m-patients-following-ransomware-attackExploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
How It Could Affect Your Business: It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
Japan – Liquid
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
Japan – Tokio Marine Holdings
https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/
Exploit: RansomwareTokio Marine Holdings: Insurer
Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.
Customers Impacted: Unknown
How it Could Affect Your Business: Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms
Brazil – Lojas Renner
https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/Exploit: Ransomware
Lojas Renner: Fashion Retailer
Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Brazil – National Treasury (Tesouro Nacional Brasil)
https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/
Exploit: HackingNational Treasury (Tesouro Nacional Brasil): National Government Agency
Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.
How it Could Affect Your Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.
Accenture
https://threatpost.com/accenture-lockbit-ransomware-attack/168594/
Exploit: RansomwareAccenture: Consulting Firm
Risk to Business: 1.437 = Extreme
The LockBit ransomware gang has hit consulting giant Accenture. In a post on its dark web announcement site, the gang is offering multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company. The LockBit ransomware gang reports theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. News outlets are reporting that the hack was the result of an insider job.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware hits against big service providers are attractive for cybercriminals because they often open up fresh avenues of attack, creating third-party risk.
Ford Motor Company
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
Ford Motor Company: Automobile Manufacturer
Risk to Business: 2.033 = Severe
A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.
Risk to Individual: 2.371 = Severe
The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history and other details.
How It Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
T- Mobile
https://gizmodo.com/hacker-claims-to-have-data-on-more-than-100-million-t-m-1847491056Exploit: Hacking
T-Mobile: Mobile Phone Company
Risk to Business: 1.673=Severe
Hackers are claiming that they’ve obtained data related to more than 100 million US T-Mobile customers in a post on a popular dark web forum. They’re selling access to part of the information for 6 Bitcoin which translates into roughly $277,000. T-Mobile has confirmed the incident after some back-and-forth.
Risk to Business: 1.737=Severe
The data purportedly stolen is records and information for consumers including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.
How It Could Affect Your Business: Cybercriminals love personal data, the number one type of data stolen in 2020. Protecting customer data is critical to maintaining good customer relationships.
Maine Department of Environmental Protection
Exploit: RansomwareMaine Department of Environmental Protection: State Government Agency
Risk to Business: 1.825 = Severe
Ransomware attacks endangered operations at two Maine wastewater treatment facilities this week. The attacks occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. Officials were quick to note that the attacks presented no threat to public health and safety, characterizing them as minor. Operations have been restored.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
France – Chanel
https://www.infosecurity-magazine.com/news/chanel-apologizes-for-data-breach/Exploit: Ransomware
Chanel: Fashion House
Risk to Business: 2.721 = Moderate
French luxury brand Chanel has issued an apology after personal data belonging to its customers was exposed in an incident that impacted customers in Korea. A database belonging to the famed perfume and fashion brand is believed to have been compromised by hackers in a cyberattack at an unnamed cloud-based data storage firm.
Risk to Business: 2.326 = Moderate
The stolen data includes birth dates, customer names, gender details, passwords, phone numbers and shopping or payment history. The incident is still under investigation and complete details have not been released.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Germany – Crytek Studios
https://www.bleepingcomputer.com/news/security/crytek-confirms-egregor-ransomware-attack-customer-data-theft/Exploit: Ransomware
Crytek Games: Game Studio
Risk to Business: 1.612 = Severe
German game developer Crytek has just disclosed that the Egregor ransomware gang breached its network in late 2020 obtaining client information, stealing proprietary data and encrypting systems. Files related to online FPS hit WarFace, development data on Crytek’s canceled Arena of Fate MOBA game, and documents with information on their network operations. The company downplayed the impact in a letter to potentially impacted individuals.
Risk to Business: 1.669 = Severe
The customer information exposed included players’ first and last name, job title, company name, email, business address, phone number and country. Impacted players have been sent a notification by mail.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Israel – Bar Ilan University
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Nation-State Hacking
Bar Ilan University: Institution of Higher Learning
Risk to Business: 1.111 = Severe
A cyberattack that targeted Israel’s Bar Ilan University over the weekend was likely launched by Chinese threat actors as part of a massive attack against Israeli targets in varied sectors. In a report released by FireEye, the incident is categorized as part of a large-scale Chinese attack on Israel, in itself part of a broader campaign that targeted Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use ransomware to strike at their targets because it is cheap and effective.
Accenture
https://threatpost.com/accenture-lockbit-ransomware-attack/168594/
Exploit: RansomwareAccenture: Consulting Firm
Risk to Business: 1.437 = Extreme
The LockBit ransomware gang has hit consulting giant Accenture. In a post on its dark web announcement site, the gang is offering multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company. The LockBit ransomware gang reports theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. News outlets are reporting that the hack was the result of an insider job.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware hits against big service providers are attractive for cybercriminals because they often open up fresh avenues of attack, creating third-party risk.
Ford Motor Company
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
Ford Motor Company: Automobile Manufacturer
Risk to Business: 2.033 = Severe
A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.
Risk to Individual: 2.371 = Severe
The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history and other details.
How It Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
T- Mobile
https://gizmodo.com/hacker-claims-to-have-data-on-more-than-100-million-t-m-1847491056Exploit: Hacking
T-Mobile: Mobile Phone Company
Risk to Business: 1.673=Severe
Hackers are claiming that they’ve obtained data related to more than 100 million US T-Mobile customers in a post on a popular dark web forum. They’re selling access to part of the information for 6 Bitcoin which translates into roughly $277,000. T-Mobile has confirmed the incident after some back-and-forth.
Risk to Business: 1.737=Severe
The data purportedly stolen is records and information for consumers including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.
How It Could Affect Your Business: Cybercriminals love personal data, the number one type of data stolen in 2020. Protecting customer data is critical to maintaining good customer relationships.
Maine Department of Environmental Protection
Exploit: RansomwareMaine Department of Environmental Protection: State Government Agency
Risk to Business: 1.825 = Severe
Ransomware attacks endangered operations at two Maine wastewater treatment facilities this week. The attacks occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. Officials were quick to note that the attacks presented no threat to public health and safety, characterizing them as minor. Operations have been restored.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
France – Chanel
https://www.infosecurity-magazine.com/news/chanel-apologizes-for-data-breach/Exploit: Ransomware
Chanel: Fashion House
Risk to Business: 2.721 = Moderate
French luxury brand Chanel has issued an apology after personal data belonging to its customers was exposed in an incident that impacted customers in Korea. A database belonging to the famed perfume and fashion brand is believed to have been compromised by hackers in a cyberattack at an unnamed cloud-based data storage firm.
Risk to Business: 2.326 = Moderate
The stolen data includes birth dates, customer names, gender details, passwords, phone numbers and shopping or payment history. The incident is still under investigation and complete details have not been released.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Germany – Crytek Studios
https://www.bleepingcomputer.com/news/security/crytek-confirms-egregor-ransomware-attack-customer-data-theft/Exploit: Ransomware
Crytek Games: Game Studio
Risk to Business: 1.612 = Severe
German game developer Crytek has just disclosed that the Egregor ransomware gang breached its network in late 2020 obtaining client information, stealing proprietary data and encrypting systems. Files related to online FPS hit WarFace, development data on Crytek’s canceled Arena of Fate MOBA game, and documents with information on their network operations. The company downplayed the impact in a letter to potentially impacted individuals.
Risk to Business: 1.669 = Severe
The customer information exposed included players’ first and last name, job title, company name, email, business address, phone number and country. Impacted players have been sent a notification by mail.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Israel – Bar Ilan University
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Nation-State Hacking
Bar Ilan University: Institution of Higher Learning
Risk to Business: 1.111 = Severe
A cyberattack that targeted Israel’s Bar Ilan University over the weekend was likely launched by Chinese threat actors as part of a massive attack against Israeli targets in varied sectors. In a report released by FireEye, the incident is categorized as part of a large-scale Chinese attack on Israel, in itself part of a broader campaign that targeted Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use ransomware to strike at their targets because it is cheap and effective.
Advanced Technology Ventures
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Exploit: RansomwareElectronic Arts (EA): Video Game Maker
Risk to Business: 1.207 = Extreme
Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, has disclosed that it was hit by a ransomware attack. The cybercriminals were able to steal personal information about the company’s private investors. ATV said it became aware of the attack on July 9 after its servers storing financial information were encrypted by ransomware. By July 26, the company learned that its investor data had been stolen from the servers before the files were encrypted, a hallmark of the “double extortion” tactic used by ransomware groups.
Individual Risk: 1.326 = Extreme
Investor data was accessed by cybercriminals. ATV believes the names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack. Some 300 individuals were affected by the incident
How It Could Affect Your Business: Ransomware tactics like double and triple extortion allow cybercriminals to score even bigger paydays, making them very popular techniques.
SeniorAdvisor
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
SeniorAdvisor: Senior Care Review Site
Risk to Business: 1.663 = Severe
Researchers have discovered a misconfigured Amazon S3 bucket owned by SeniorAdvisor, a site that provides ratings and information for senior care facilities. The bucket in question contained the personal data of more than three million people categorized as “leads”. The team found around 2000 “scrubbed” reviews in the misconfigured bucket, in which the user’s sensitive information was wiped or redacted. In total, it contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.
Risk to Individual: 1.271 = Severe
This exposed bucket was full of data including names, emails, phone numbers and dates contacted for every person designated as a lead, comprising an estimated 3 million consumers.
How it Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
University of Kentucky
https://therecord.media/university-of-kentucky-discovers-data-breach-during-scheduled-pen-test/Exploit: Hacking
University of Kentucky: Institution of Higher Learning
Risk to Business: 2.223=Severe
In a head-shaking turn of irony, officials at the University of Kentucky discovered that they’d already been breached while conducting a penetration test. The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed as a component of its Open-Source Tools for Instructional Support (OTIS) framework. That program provides free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. University officials said that their investigation discovered that an unknown threat actor accessed the system between January 8, 2021, and February 6, 2021, to gain access to the DDL platform and acquire a copy of its internal database.
Risk to Business: 2.223=Severe
The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals. The university was careful to note that the stolen information included only emails and passwords and no SSNs or financial details were included.
How it Could Affect Your Business: Cybercriminals have been increasingly setting their sights on education targets since the onset of the global pandemic, and that trend is not stopping in 2021.
Reindeer
https://www.enterprisesecuritytech.com/post/defunct-marketing-company-leaked-the-sensitive-data-of-over-300-000-peopleExploit: Misconfiguration
Reindeer: Digital Marketing Firm
Risk to Business: 1.705 = Severe
New York-based digital media advertising and marketing company Reindeer left an unpleasant surprise behind when it closed its doors: an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files for a total of 32 GB of exposed data. The information exposed included about 1,400 profile photos and the details of approximately 306,000 customers in total. Users in 35 countries were represented with the US, Canada, and Great Britain accounting for almost 280,000 of those users. Nothing can be done to secure this data now.
Individual Risk: 1.622 = Severe
PII exposed includes customer names, surnames, email addresses, dates of birth, physical addresses, hashed passwords, and Facebook IDs for an estimated 306,000 customers.
How it Could Affect Your Business: Unexpected risks from sources like zombie accounts are around every corner, so taking that possibility seriously and mitigating risk from nasty surprises is critical.
School District No. 73 (SD73, Kamloops-Thompson)
Exploit: Nation-State HackingSchool District No. 73 (SD73, Kamloops-Thompson): Education Provider
Risk to Business: 2.911 = Moderate
School District No. 73 (SD73, Kamloops-Thompson) said it was notified that third-party service provider that it uses for travel and medical insurance provider for its international student program, guard.me, experienced a data breach that potentially exposed student information. Guard.me released a statement about the data security incident that spawned this data exposure, noting that the incident occurred during June 2021.
Risk to Business: 2.936 = Moderate
Student personal information that may be impacted by this incident includes identity information, contact information and other information provided to support submitted claims. impacted individuals are encouraged to visit the Canadian Anti-Fraud Centre for further information about how to protect themselves.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Italy – ERG
https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Italian energy company ERG reported minimal impact on infrastructure or consumer-facing services following a LockBit 2.0 ransomware incident. ERG is the leading Italian wind power operator and among the top ten onshore operators on the European market, with a growing presence in France, Germany, Poland, Romania, Bulgaria, and the United Kingdom. ERG was purchased by European power giant Enel earlier this week.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Taiwan – Gigabyte
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Misconfiguration
Gigabyte: Motherboard Manufacturer
Risk to Business: 1.602 = Severe
Motherboard manufacturer Gigabyte has been hit by the RansomEXX ransomware gang. The Taiwanese company was forced to shut down systems in Taiwan as well as multiple customer and consumer-facing websites of the company, including its support site and portions of the Taiwanese website. RansomEXX threat actors claimed to have stolen 112GB of data during the attack in an announcement on their leak site.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware operators are savvy to taking advantage of industries that are under stress as has been frequently exemplified in the last year.
Advanced Technology Ventures
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Exploit: RansomwareElectronic Arts (EA): Video Game Maker
Risk to Business: 1.207 = Extreme
Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, has disclosed that it was hit by a ransomware attack. The cybercriminals were able to steal personal information about the company’s private investors. ATV said it became aware of the attack on July 9 after its servers storing financial information were encrypted by ransomware. By July 26, the company learned that its investor data had been stolen from the servers before the files were encrypted, a hallmark of the “double extortion” tactic used by ransomware groups.
Individual Risk: 1.326 = Extreme
Investor data was accessed by cybercriminals. ATV believes the names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack. Some 300 individuals were affected by the incident
How It Could Affect Your Business: Ransomware tactics like double and triple extortion allow cybercriminals to score even bigger paydays, making them very popular techniques.
SeniorAdvisor
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
SeniorAdvisor: Senior Care Review Site
Risk to Business: 1.663 = Severe
Researchers have discovered a misconfigured Amazon S3 bucket owned by SeniorAdvisor, a site that provides ratings and information for senior care facilities. The bucket in question contained the personal data of more than three million people categorized as “leads”. The team found around 2000 “scrubbed” reviews in the misconfigured bucket, in which the user’s sensitive information was wiped or redacted. In total, it contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.
Risk to Individual: 1.271 = Severe
This exposed bucket was full of data including names, emails, phone numbers and dates contacted for every person designated as a lead, comprising an estimated 3 million consumers.
How it Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
University of Kentucky
https://therecord.media/university-of-kentucky-discovers-data-breach-during-scheduled-pen-test/Exploit: Hacking
University of Kentucky: Institution of Higher Learning
Risk to Business: 2.223=Severe
In a head-shaking turn of irony, officials at the University of Kentucky discovered that they’d already been breached while conducting a penetration test. The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed as a component of its Open-Source Tools for Instructional Support (OTIS) framework. That program provides free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. University officials said that their investigation discovered that an unknown threat actor accessed the system between January 8, 2021, and February 6, 2021, to gain access to the DDL platform and acquire a copy of its internal database.
Risk to Business: 2.223=Severe
The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals. The university was careful to note that the stolen information included only emails and passwords and no SSNs or financial details were included.
How it Could Affect Your Business: Cybercriminals have been increasingly setting their sights on education targets since the onset of the global pandemic, and that trend is not stopping in 2021.
Reindeer
https://www.enterprisesecuritytech.com/post/defunct-marketing-company-leaked-the-sensitive-data-of-over-300-000-peopleExploit: Misconfiguration
Reindeer: Digital Marketing Firm
Risk to Business: 1.705 = Severe
New York-based digital media advertising and marketing company Reindeer left an unpleasant surprise behind when it closed its doors: an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files for a total of 32 GB of exposed data. The information exposed included about 1,400 profile photos and the details of approximately 306,000 customers in total. Users in 35 countries were represented with the US, Canada, and Great Britain accounting for almost 280,000 of those users. Nothing can be done to secure this data now.
Individual Risk: 1.622 = Severe
PII exposed includes customer names, surnames, email addresses, dates of birth, physical addresses, hashed passwords, and Facebook IDs for an estimated 306,000 customers.
How it Could Affect Your Business: Unexpected risks from sources like zombie accounts are around every corner, so taking that possibility seriously and mitigating risk from nasty surprises is critical.
School District No. 73 (SD73, Kamloops-Thompson)
Exploit: Nation-State HackingSchool District No. 73 (SD73, Kamloops-Thompson): Education Provider
Risk to Business: 2.911 = Moderate
School District No. 73 (SD73, Kamloops-Thompson) said it was notified that third-party service provider that it uses for travel and medical insurance provider for its international student program, guard.me, experienced a data breach that potentially exposed student information. Guard.me released a statement about the data security incident that spawned this data exposure, noting that the incident occurred during June 2021.
Risk to Business: 2.936 = Moderate
Student personal information that may be impacted by this incident includes identity information, contact information and other information provided to support submitted claims. impacted individuals are encouraged to visit the Canadian Anti-Fraud Centre for further information about how to protect themselves.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Italy – ERG
https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Italian energy company ERG reported minimal impact on infrastructure or consumer-facing services following a LockBit 2.0 ransomware incident. ERG is the leading Italian wind power operator and among the top ten onshore operators on the European market, with a growing presence in France, Germany, Poland, Romania, Bulgaria, and the United Kingdom. ERG was purchased by European power giant Enel earlier this week.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Taiwan – Gigabyte
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Misconfiguration
Gigabyte: Motherboard Manufacturer
Risk to Business: 1.602 = Severe
Motherboard manufacturer Gigabyte has been hit by the RansomEXX ransomware gang. The Taiwanese company was forced to shut down systems in Taiwan as well as multiple customer and consumer-facing websites of the company, including its support site and portions of the Taiwanese website. RansomEXX threat actors claimed to have stolen 112GB of data during the attack in an announcement on their leak site.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware operators are savvy to taking advantage of industries that are under stress as has been frequently exemplified in the last year.
Personally Identifiable Information (PII) refers to any information maintained by an agency that can be used to identify or trace a specific individual. In other words, it includes data points, such as social security number, date of birth, mother's maiden name, biometric data, tax identification number, race, religion, location data and other information, that can be used to deanonymize anonymous data.
If your organization handles PII, you must take steps to secure your customer data. Not only is it essential from a compliance standpoint, but with security breaches on the rise, you have to make sure customer PII is not being compromised. Risk Based Security revealed that by the end of 2020, a total of 36 billion records had been exposed and compromised. Of such data breaches, 60 percent are caused by insider threats or security threats that originate from within an organization. To make things worse, reports indicate that the number of insider incidents has increased by 47 percent over the last two years.
Let's deep dive into the potential risks that insider threats pose to PII, especially for healthcare and financial institutions, and how you can protect your organization against such threats.
An insider threat is a security risk that originates from within your organization and is usually someone with authorized access misusing data (intentionally or unintentionally) to harm your company or your customers. The culprit could be any individual who has authorized access to confidential and sensitive company information, right from your present or former employees to consultants, partners or contractors.
If you don't secure your employee or customer PII, you leave yourself vulnerable to data breaches. Insider-led data breaches are widespread and can happen in multiple ways – from a negligent employee inadvertently downloading malicious malware to a disgruntled contractor selling customer data on the Dark Web to make money.
Insider-led data breaches are hard to detect because the threat actors have legitimate access and are probably familiar with your cybersecurity defense tools as well. It is much easier for them to circumvent your defenses, access sensitive customer data and expose it.
As a healthcare or financial institution, if your customer PII is exposed, it can cause a great deal of trouble to both your company and your customers. Let’s look at some of the potential risks:
With the insider threat landscape constantly evolving, businesses need to step up and secure PII and other sensitive data more effectively. By failing to do so, you could end up putting the future of your customers, employees and company in grave danger. Here are a few tips to help you get started:
Unsure about how you can protect Personally Identifiable Information? Get in touch with us today!
Article curated and used by permission.
Data Sources:
If your organization handles PII, you must take steps to secure your customer data. Not only is it essential from a compliance standpoint, but with security breaches on the rise, you have to make sure customer PII is not being compromised. Risk Based Security revealed that by the end of 2020, a total of 36 billion records had been exposed and compromised. Of such data breaches, 60 percent are caused by insider threats or security threats that originate from within an organization. To make things worse, reports indicate that the number of insider incidents has increased by 47 percent over the last two years.
Let's deep dive into the potential risks that insider threats pose to PII, especially for healthcare and financial institutions, and how you can protect your organization against such threats.
Potential Risks
An insider threat is a security risk that originates from within your organization and is usually someone with authorized access misusing data (intentionally or unintentionally) to harm your company or your customers. The culprit could be any individual who has authorized access to confidential and sensitive company information, right from your present or former employees to consultants, partners or contractors.
If you don't secure your employee or customer PII, you leave yourself vulnerable to data breaches. Insider-led data breaches are widespread and can happen in multiple ways – from a negligent employee inadvertently downloading malicious malware to a disgruntled contractor selling customer data on the Dark Web to make money.
Insider-led data breaches are hard to detect because the threat actors have legitimate access and are probably familiar with your cybersecurity defense tools as well. It is much easier for them to circumvent your defenses, access sensitive customer data and expose it.
As a healthcare or financial institution, if your customer PII is exposed, it can cause a great deal of trouble to both your company and your customers. Let’s look at some of the potential risks:
Risks to Your Company
Reputational damage
Financial loss
Ransomware costs
Operational standstill
Risks to Your Customers
Identity theft
Social engineering attacks
Blackmail campaigns
How to Secure PII
With the insider threat landscape constantly evolving, businesses need to step up and secure PII and other sensitive data more effectively. By failing to do so, you could end up putting the future of your customers, employees and company in grave danger. Here are a few tips to help you get started:
- Use behavioral analytics to set up unique behavioral profiles for all insiders and detect insiders accessing data not associated with their job functions.
- Implement access and permission controls to review, revise and restrict unnecessary user access privileges, permissions and rights.
- Review the PII data you have already collected, where it is stored and who has access to it, and then securely delete what is not necessary for the business to operate.
- Set up an acceptable PII usage policy that defines how PII data should be classified, stored, accessed and protected.
- Make sure your PII policy is compliant with different privacy and data regulations that apply to your business.
- Upgrade your storage holdings to ensure the data lives in a SOC2-protected data center.
- Cut down on inadvertent insiders by implementing mandatory cybersecurity and data security training programs.
- Make use of software that will help you protect PII.
Unsure about how you can protect Personally Identifiable Information? Get in touch with us today!
Article curated and used by permission.
Data Sources:
- https://www.securitymagazine.com/articles/94076-the-top-10-data-breaches-of-2020#:
- https://securityintelligence.com/posts/what-are-insider-threats-and-how-can-you-mitigate-them/
- https://techjury.net/blog/insider-threat-statistics/#gref
- https://www.databreachtoday.com/whitepapers/ponemon-institute-study-reputation-impact-data-breach-w-540
- https://www.csoonline.com/article/3434601/what-is-the-cost-of-a-data-breach.html
Personally Identifiable Information (PII) refers to any information maintained by an agency that can be used to identify or trace a specific individual. In other words, it includes data points, such as social security number, date of birth, mother's maiden name, biometric data, tax identification number, race, religion, location data and other information, that can be used to deanonymize anonymous data.
If your organization handles PII, you must take steps to secure your customer data. Not only is it essential from a compliance standpoint, but with security breaches on the rise, you have to make sure customer PII is not being compromised. Risk Based Security revealed that by the end of 2020, a total of 36 billion records had been exposed and compromised. Of such data breaches, 60 percent are caused by insider threats or security threats that originate from within an organization. To make things worse, reports indicate that the number of insider incidents has increased by 47 percent over the last two years.
Let's deep dive into the potential risks that insider threats pose to PII, especially for healthcare and financial institutions, and how you can protect your organization against such threats.
An insider threat is a security risk that originates from within your organization and is usually someone with authorized access misusing data (intentionally or unintentionally) to harm your company or your customers. The culprit could be any individual who has authorized access to confidential and sensitive company information, right from your present or former employees to consultants, partners or contractors.
If you don't secure your employee or customer PII, you leave yourself vulnerable to data breaches. Insider-led data breaches are widespread and can happen in multiple ways – from a negligent employee inadvertently downloading malicious malware to a disgruntled contractor selling customer data on the Dark Web to make money.
Insider-led data breaches are hard to detect because the threat actors have legitimate access and are probably familiar with your cybersecurity defense tools as well. It is much easier for them to circumvent your defenses, access sensitive customer data and expose it.
As a healthcare or financial institution, if your customer PII is exposed, it can cause a great deal of trouble to both your company and your customers. Let’s look at some of the potential risks:
With the insider threat landscape constantly evolving, businesses need to step up and secure PII and other sensitive data more effectively. By failing to do so, you could end up putting the future of your customers, employees and company in grave danger. Here are a few tips to help you get started:
Unsure about how you can protect Personally Identifiable Information? Get in touch with us today!
Article curated and used by permission.
Data Sources:
If your organization handles PII, you must take steps to secure your customer data. Not only is it essential from a compliance standpoint, but with security breaches on the rise, you have to make sure customer PII is not being compromised. Risk Based Security revealed that by the end of 2020, a total of 36 billion records had been exposed and compromised. Of such data breaches, 60 percent are caused by insider threats or security threats that originate from within an organization. To make things worse, reports indicate that the number of insider incidents has increased by 47 percent over the last two years.
Let's deep dive into the potential risks that insider threats pose to PII, especially for healthcare and financial institutions, and how you can protect your organization against such threats.
Potential Risks
An insider threat is a security risk that originates from within your organization and is usually someone with authorized access misusing data (intentionally or unintentionally) to harm your company or your customers. The culprit could be any individual who has authorized access to confidential and sensitive company information, right from your present or former employees to consultants, partners or contractors.
If you don't secure your employee or customer PII, you leave yourself vulnerable to data breaches. Insider-led data breaches are widespread and can happen in multiple ways – from a negligent employee inadvertently downloading malicious malware to a disgruntled contractor selling customer data on the Dark Web to make money.
Insider-led data breaches are hard to detect because the threat actors have legitimate access and are probably familiar with your cybersecurity defense tools as well. It is much easier for them to circumvent your defenses, access sensitive customer data and expose it.
As a healthcare or financial institution, if your customer PII is exposed, it can cause a great deal of trouble to both your company and your customers. Let’s look at some of the potential risks:
Risks to Your Company
Reputational damage
Financial loss
Ransomware costs
Operational standstill
Risks to Your Customers
Identity theft
Social engineering attacks
Blackmail campaigns
How to Secure PII
With the insider threat landscape constantly evolving, businesses need to step up and secure PII and other sensitive data more effectively. By failing to do so, you could end up putting the future of your customers, employees and company in grave danger. Here are a few tips to help you get started:
- Use behavioral analytics to set up unique behavioral profiles for all insiders and detect insiders accessing data not associated with their job functions.
- Implement access and permission controls to review, revise and restrict unnecessary user access privileges, permissions and rights.
- Review the PII data you have already collected, where it is stored and who has access to it, and then securely delete what is not necessary for the business to operate.
- Set up an acceptable PII usage policy that defines how PII data should be classified, stored, accessed and protected.
- Make sure your PII policy is compliant with different privacy and data regulations that apply to your business.
- Upgrade your storage holdings to ensure the data lives in a SOC2-protected data center.
- Cut down on inadvertent insiders by implementing mandatory cybersecurity and data security training programs.
- Make use of software that will help you protect PII.
Unsure about how you can protect Personally Identifiable Information? Get in touch with us today!
Article curated and used by permission.
Data Sources:
- https://www.securitymagazine.com/articles/94076-the-top-10-data-breaches-of-2020#:
- https://securityintelligence.com/posts/what-are-insider-threats-and-how-can-you-mitigate-them/
- https://techjury.net/blog/insider-threat-statistics/#gref
- https://www.databreachtoday.com/whitepapers/ponemon-institute-study-reputation-impact-data-breach-w-540
- https://www.csoonline.com/article/3434601/what-is-the-cost-of-a-data-breach.html
Electronic Arts (EA)
https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/Exploit: Hacking
Electronic Arts (EA): Video Game Maker
Risk to Business: 1.311 = Extreme
Hackers have leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum. Initially, they released a cache of 1.3GB of FIFA source code on July 14 as part of a demand for payment to stop them from releasing the rest, but after EA refused to play ball, the rest was added. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network, ultimately allowing them to download more than 780GB of source code from the company’s internal code repositories. EA says that no player information was ever at risk and they’ve fixed the problem internally.
How It Could Affect Your Business: Part of this hacking incident was powered by impersonation, which is a form of phishing, and is reminiscent of the 2020 Twitter hack that enabled cybercriminals to gain access to celebrity accounts by impersonating Twitter workers.
University of San Diego Health
https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/Exploit: Phishing
University of San Diego Health: Hospital System
Risk to Business: 1.663 = Severe
UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health discovered that cybercriminals had gained access to some of its employees’ email accounts through a phishing attack. The attackers may have accessed the personal information of patients, employees and students between December 2, 2020, and April 8, 2021.
Risk to Individual: 1.271 = Severe
Potentially impacted information includes: patients’ full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number and username and password. The hospital will offer free credit monitoring and identity theft protection services through Experian IdentityWorks for one year and is contacting impacted individuals via mail.
How it Could Affect Your Business: Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this hospital substantial fines under HIPAA and California Privacy regulations.
City of Grass Valley, CA
https://sacramento.cbslocal.com/2021/07/29/grass-valley-cyberattack-ransom/
Exploit: RansomwareCity of Grass Valley, CA: Municipality
Risk to Business: 2.223=Severe
Municipalities have been ripe targets for cybercriminals, and they’ve scored another payday in Grass Valley, California. City services except emergency services experienced outages and the city ultimately chose to pay the ransom, citing data privacy concerns for its citizens. Grass Valley officials said the Federal Bureau of Investigation (FBI) was contacted. Several state agencies are still investigating. Services were restored after the ransom payment. Federal agencies including CISA and the FBI strongly discourage paying ransoms which is illegal in many circumstances.
How it Could Affect Your Business: Cybercriminals have been striking municipalities and similar authorities frequently. Historically poor cybersecurity combined with a tendency to simply pay ransoms makes this a growth industry for cybercrime.
Calgary Parking Authority
https://calgaryherald.com/news/local-news/calgarians-personal-data-exposed-in-parking-authority-security-breachExploit: Misconfiguration
Calgary Parking Authority: Municipal Entity
Risk to Business: 1.705 = Severe
Calgary Parking Authority recently experienced a breach that exposed the personal information of vehicle owners. A misconfigured server containing computer-readable technical logs, payments, parking tickets, driver personal data and more was discovered in the wild by researchers. Reports say that the server, used to monitor the authority’s parking system for bugs and errors, was left on the internet without a password in a security blunder.
Individual Risk: 1.622 = Severe
Data exposed includes drivers’ full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses, including license plates and vehicle descriptions, and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates.
How it Could Affect Your Business: It’s hard enough to stay ahead of hackers without giving them an easy payday by making sloppy mistakes. Building a strong security culture is vital for keeping systems and data safe.
Homewood Health
https://bc.ctvnews.ca/unknown-number-of-british-columbians-personal-information-for-sale-online-after-health-company-extorted-1.5525715Exploit: Nation-State Hacking
Homewood Health: Healthcare Provider
Risk to Business: 1.926 = Severe
Ontario-based Homewood Health has disclosed that it fell victim to hacking earlier this year. The organization has begun contacting companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. The organization is blaming the breach on the state-sponsored Chinese hackers Hafnium.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
D-BOX
https://cyberintelmag.com/attacks-data-breaches/entertainment-company-d-box-recovers-from-ransomware-cyberattack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Canadian immersive entertainment technology provider D-BOX said it was gradually resuming its activities following a ransomware attack. The company said it had worked with incident response experts to determine that the impact was limited to internal systems and that its services to studios and theatre operators were not affected. All services have now been restored. The company has stated that it believes that its policy of segmentation between internal and customer-focused systems helped protect its clients.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation state threat actors. Every business needs to be ready for it.
The Netherlands – Raven Hengelsport
https://www.theregister.com/2021/07/27/azure_blob_raven_hengelsport/Exploit: Misconfiguration
Raven Hengelsport: Specialty Fishing Supply
Risk to Business: 1.602 = Severe
Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. That server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was discovered by security researchers and had purportedly been wide open for months. Even after researchers attempted to contact the company it took a long time for them to do anything about it.
Individual Risk: 2.416 = Moderate
The bonanza of information contained customer IDs, delivery dates, discounts, shipping fees, payments and shipment tracking numbers as well as PII like names, surnames, addresses, genders, phone numbers, email addresses and business names.
How it Could Affect Your Business: Mistakes like this are only compounded by blunders in the response. It shows clients that you aren’t concerned about their security if you aren’t concerned about yours.
Electronic Arts (EA)
https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/Exploit: Hacking
Electronic Arts (EA): Video Game Maker
Risk to Business: 1.311 = Extreme
Hackers have leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum. Initially, they released a cache of 1.3GB of FIFA source code on July 14 as part of a demand for payment to stop them from releasing the rest, but after EA refused to play ball, the rest was added. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network, ultimately allowing them to download more than 780GB of source code from the company’s internal code repositories. EA says that no player information was ever at risk and they’ve fixed the problem internally.
How It Could Affect Your Business: Part of this hacking incident was powered by impersonation, which is a form of phishing, and is reminiscent of the 2020 Twitter hack that enabled cybercriminals to gain access to celebrity accounts by impersonating Twitter workers.
University of San Diego Health
https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/Exploit: Phishing
University of San Diego Health: Hospital System
Risk to Business: 1.663 = Severe
UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health discovered that cybercriminals had gained access to some of its employees’ email accounts through a phishing attack. The attackers may have accessed the personal information of patients, employees and students between December 2, 2020, and April 8, 2021.
Risk to Individual: 1.271 = Severe
Potentially impacted information includes: patients’ full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number and username and password. The hospital will offer free credit monitoring and identity theft protection services through Experian IdentityWorks for one year and is contacting impacted individuals via mail.
How it Could Affect Your Business: Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this hospital substantial fines under HIPAA and California Privacy regulations.
City of Grass Valley, CA
https://sacramento.cbslocal.com/2021/07/29/grass-valley-cyberattack-ransom/
Exploit: RansomwareCity of Grass Valley, CA: Municipality
Risk to Business: 2.223=Severe
Municipalities have been ripe targets for cybercriminals, and they’ve scored another payday in Grass Valley, California. City services except emergency services experienced outages and the city ultimately chose to pay the ransom, citing data privacy concerns for its citizens. Grass Valley officials said the Federal Bureau of Investigation (FBI) was contacted. Several state agencies are still investigating. Services were restored after the ransom payment. Federal agencies including CISA and the FBI strongly discourage paying ransoms which is illegal in many circumstances.
How it Could Affect Your Business: Cybercriminals have been striking municipalities and similar authorities frequently. Historically poor cybersecurity combined with a tendency to simply pay ransoms makes this a growth industry for cybercrime.
Calgary Parking Authority
https://calgaryherald.com/news/local-news/calgarians-personal-data-exposed-in-parking-authority-security-breachExploit: Misconfiguration
Calgary Parking Authority: Municipal Entity
Risk to Business: 1.705 = Severe
Calgary Parking Authority recently experienced a breach that exposed the personal information of vehicle owners. A misconfigured server containing computer-readable technical logs, payments, parking tickets, driver personal data and more was discovered in the wild by researchers. Reports say that the server, used to monitor the authority’s parking system for bugs and errors, was left on the internet without a password in a security blunder.
Individual Risk: 1.622 = Severe
Data exposed includes drivers’ full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses, including license plates and vehicle descriptions, and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates.
How it Could Affect Your Business: It’s hard enough to stay ahead of hackers without giving them an easy payday by making sloppy mistakes. Building a strong security culture is vital for keeping systems and data safe.
Homewood Health
https://bc.ctvnews.ca/unknown-number-of-british-columbians-personal-information-for-sale-online-after-health-company-extorted-1.5525715Exploit: Nation-State Hacking
Homewood Health: Healthcare Provider
Risk to Business: 1.926 = Severe
Ontario-based Homewood Health has disclosed that it fell victim to hacking earlier this year. The organization has begun contacting companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. The organization is blaming the breach on the state-sponsored Chinese hackers Hafnium.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
D-BOX
https://cyberintelmag.com/attacks-data-breaches/entertainment-company-d-box-recovers-from-ransomware-cyberattack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Canadian immersive entertainment technology provider D-BOX said it was gradually resuming its activities following a ransomware attack. The company said it had worked with incident response experts to determine that the impact was limited to internal systems and that its services to studios and theatre operators were not affected. All services have now been restored. The company has stated that it believes that its policy of segmentation between internal and customer-focused systems helped protect its clients.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation state threat actors. Every business needs to be ready for it.
The Netherlands – Raven Hengelsport
https://www.theregister.com/2021/07/27/azure_blob_raven_hengelsport/Exploit: Misconfiguration
Raven Hengelsport: Specialty Fishing Supply
Risk to Business: 1.602 = Severe
Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. That server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was discovered by security researchers and had purportedly been wide open for months. Even after researchers attempted to contact the company it took a long time for them to do anything about it.
Individual Risk: 2.416 = Moderate
The bonanza of information contained customer IDs, delivery dates, discounts, shipping fees, payments and shipment tracking numbers as well as PII like names, surnames, addresses, genders, phone numbers, email addresses and business names.
How it Could Affect Your Business: Mistakes like this are only compounded by blunders in the response. It shows clients that you aren’t concerned about their security if you aren’t concerned about yours.
Florida Department for Economic Opportunity (DEO)
https://stpetecatalyst.com/zaps/floridas-deo-warns-of-unemployment-data-breach-affecting-nearly-58000/Exploit: Hacking
Florida Department for Economic Opportunity (DEO): State Government Agency
Risk to Business: 2.550 = Severe
Records from more than 58,000 Florida unemployment accounts have been stolen in a data breach. The information was stolen in a suspected malicious insider incident, although details are sketchy. The stolen information was contained in the DEO’s online unemployment benefit system, called CONNECT, and the records stolen fall between April 27 and July 16, 2021. The incident is still under investigation.
Individual Risk: 1.663= Severe
Exposed information includes social security numbers, bank account information and other personal details that users may have stored in CONNECT. The DEO purchased a year’s subscription of LifeLock Identify protector services for all those affected.
How It Could Affect Your Business: Personal data is the cybercriminal’s bread and butter, especially when financial information is involved because it is quickly saleable in the busy dark web data markets.
Yale New Haven Health
Exploit: Third-Party Data BreachYale New Haven Health: Medical System
Risk to Business: 1.716 = Severe
Patients at Yale New Haven Health are being warned that their information has been stolen in an incident at a third-party vendor, Elekta. That company facilitates cancer treatments and was the victim of a ransomware attack just a few weeks ago that is rippling out to catch many medical institutions. Yale New Haven Health contends that hackers had no access to patient medical records, and a very small number of customers had financial information stolen.
Risk to Individual: 2.601 = Severe
Officials said that certain demographic information such as names, addresses, phone numbers, emails, Social Security numbers, treatment locations and preferred languages were included in the Elekta databases impacted by the breach. A small group of people may have had their financial information exposed. Anyone with information that could have been exposed will be notified by mail and people who may have had their financial information exposed will be offered complimentary credit monitoring service.
How it Could Affect Your Business: Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this company a substantial HIPAA fine.
Mobile County, Alabama
https://www.wkrg.com/news/mobile-county-commission-notifies-employees-of-data-breach/
Exploit: HackingMobile County, Alabama: Local Government
Risk to Business: 2.223=Severe
The Mobile County Commission has officially notified county employees of a computer system breach where employee data and sensitive information were at risk the county has announced that certain computer systems were subject to unauthorized access on May 24, 2021, culminating in employee information at risk. This is a developing situation as the investigation winds down. The county had initially stated that no sensitive information was exposed.
Individual Risk: 2.223=Severe
Mobile County alerted all employees, more than 1,600 people, that their information may have been exposed including Social Security numbers, dates of birth and other sensitive information. Also at risk, health insurance contract numbers for employees subscribed to receive health coverage and routing numbers for employees enrolled in direct deposit with the county.
How it Could Affect Your Business: Even a small amount of data is attractive to data thieves who especially love vital information and financial data.
United Kingdom – Guntrader
https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/Exploit: Hacking
Guntrader: Gun Ownership Management System
Risk to Business: 1.705 = Severe
Hackers hit a website used for buying and selling firearms in the UK making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The SQL database powered both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The Information Commissioner’s Office was informed and an investigation is underway.
Individual Risk: 1.622 = Severe
The database that the hackers scored provided a wealth of information about firearms enthusiasts in the UK including names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords.
How it Could Affect Your Business: Hackers are always in the market for fresh data, and this kind of information will net them a hefty profit fast.
Florida Department for Economic Opportunity (DEO)
https://stpetecatalyst.com/zaps/floridas-deo-warns-of-unemployment-data-breach-affecting-nearly-58000/Exploit: Hacking
Florida Department for Economic Opportunity (DEO): State Government Agency
Risk to Business: 2.550 = Severe
Records from more than 58,000 Florida unemployment accounts have been stolen in a data breach. The information was stolen in a suspected malicious insider incident, although details are sketchy. The stolen information was contained in the DEO’s online unemployment benefit system, called CONNECT, and the records stolen fall between April 27 and July 16, 2021. The incident is still under investigation.
Individual Risk: 1.663= Severe
Exposed information includes social security numbers, bank account information and other personal details that users may have stored in CONNECT. The DEO purchased a year’s subscription of LifeLock Identify protector services for all those affected.
How It Could Affect Your Business: Personal data is the cybercriminal’s bread and butter, especially when financial information is involved because it is quickly saleable in the busy dark web data markets.
Yale New Haven Health
Exploit: Third-Party Data BreachYale New Haven Health: Medical System
Risk to Business: 1.716 = Severe
Patients at Yale New Haven Health are being warned that their information has been stolen in an incident at a third-party vendor, Elekta. That company facilitates cancer treatments and was the victim of a ransomware attack just a few weeks ago that is rippling out to catch many medical institutions. Yale New Haven Health contends that hackers had no access to patient medical records, and a very small number of customers had financial information stolen.
Risk to Individual: 2.601 = Severe
Officials said that certain demographic information such as names, addresses, phone numbers, emails, Social Security numbers, treatment locations and preferred languages were included in the Elekta databases impacted by the breach. A small group of people may have had their financial information exposed. Anyone with information that could have been exposed will be notified by mail and people who may have had their financial information exposed will be offered complimentary credit monitoring service.
How it Could Affect Your Business: Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this company a substantial HIPAA fine.
Mobile County, Alabama
https://www.wkrg.com/news/mobile-county-commission-notifies-employees-of-data-breach/
Exploit: HackingMobile County, Alabama: Local Government
Risk to Business: 2.223=Severe
The Mobile County Commission has officially notified county employees of a computer system breach where employee data and sensitive information were at risk the county has announced that certain computer systems were subject to unauthorized access on May 24, 2021, culminating in employee information at risk. This is a developing situation as the investigation winds down. The county had initially stated that no sensitive information was exposed.
Individual Risk: 2.223=Severe
Mobile County alerted all employees, more than 1,600 people, that their information may have been exposed including Social Security numbers, dates of birth and other sensitive information. Also at risk, health insurance contract numbers for employees subscribed to receive health coverage and routing numbers for employees enrolled in direct deposit with the county.
How it Could Affect Your Business: Even a small amount of data is attractive to data thieves who especially love vital information and financial data.
United Kingdom – Guntrader
https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/Exploit: Hacking
Guntrader: Gun Ownership Management System
Risk to Business: 1.705 = Severe
Hackers hit a website used for buying and selling firearms in the UK making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The SQL database powered both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The Information Commissioner’s Office was informed and an investigation is underway.
Individual Risk: 1.622 = Severe
The database that the hackers scored provided a wealth of information about firearms enthusiasts in the UK including names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords.
How it Could Affect Your Business: Hackers are always in the market for fresh data, and this kind of information will net them a hefty profit fast.
Campbell Conroy & O’Neil, P.C. (Campbell)
https://www.bleepingcomputer.com/news/security/ransomware-hits-law-firm-counseling-fortune-500-global-500-companies/Exploit: Ransomware
Campbell Conroy & O’Neil, P.C. (Campbell): Law Firm
Risk to Business: 1.201= Extreme
Campbell Conroy & O’Neil, P.C. (Campbell), a law firm that counts dozens of Fortune 500 and Global 500 companies among its clientele, has disclosed a data breach following a February 2021 ransomware attack. The firm’s client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation. At the time, it was unclear if client data had been stolen, but the investigation has since determined that client data was stolen.
Individual Risk: 1.963= Severe
The crooks made off with data about clients including names, dates of birth, driver’s license numbers, state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data. Usernames and passwords were also snatched. and/or online account credentials (i.e. usernames and passwords).” The firm24 months of free access to credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack
How It Could Affect Your Business: This data abiut major companies and powerful business executives is cybercriminal gold and quickly saleable in the busy dark web data markets.
Forefront Dermatology S.C.
https://www.databreachtoday.com/dermatology-clinic-chain-breach-affects-24-million-a-17074Exploit: Ransomware
Forefront Dermatology S.C.: Medical Network
Risk to Business: 2.216 = Severe
Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a ransomware incident it recently experienced. Cuba ransomware is believed to be the culprit. The incident is the third-largest healthcare breach of 2021 so far. Xperts who spotted the data dump on a darknet site said that it was approximately 47 MB, including more than 130 files with information on the entity’s system and network, with security and backup details, and all their logins for vendor sites.
Risk to Individual: 2.462 = Severe
The company has announced that potentially compromised patient, clinician and employee information includes name, address, date of birth, patient account number, health insurance plan member ID number, medical record number, dates of service, provider names, and/or medical and clinical treatment information.
How it Could Affect Your Business: Medical data is some of the hottest product to sell in dark web markets, earning cybercriminals a substantial profit and this company a substatial HIPAA fine.
Guess
https://www.zdnet.com/article/guess-announces-breach-of-employee-ssns-and-financial-data-after-darkside-attack/Exploit: Ransomware
Guess: Fashion Brand
Risk to Business: 2.223=Severe
Fashion brand Guess, known for their salacious 90’s advertising campaigns, was hit with a ransomware attack from an unexpected source: Darkside. Sources are mixed as to whether this is a new operation or an old one just coming to light. Guess would not confirm that the incident occurred, but dark web researchers uncovered 200 GB of data from the fashion brand on a leak site. No consumer financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Proproetary data about businesses and their products is a hot seller on the dark web, especially if blueprints, formulas or similar information is included.
Mint Mobile
https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/Exploit: Hacking
Mint Mobile: Mobile Network Carrier
Risk to Business: 1.575 = Severe
California-based Mint Mobile has disclosed a data breach. The company says that an unauthorized person gained access to their data including subscribers’ account information. The miscreants also ported phone numbers to another carrier.
Individual Risk: 1.502 = Severe
Exposed client data may include name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number and subscription features.
How it Could Affect Your Business: Hackers are always in the market for fresh data, and this kind of prorietary information is a goldmine for them.
United Kingdom – Northern Railway
Exploit: RansomwareNorthern Trains: Government-Run Transportation Authority
Risk to Business: 1.302 = Extreme
Railway passengers in Northern England got an unpleasant surprise when they discovered that ticket machines on Northern Trains’ network were knocked offline following a ransomware attack. Run by the British government, Northern Trains said no customer or payment data had been compromised, and that customers could still buy tickets online.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks againts utilities and quasi-utility infrastructure have been steadily increasing, and businesses in those sectors need to step up their protection to stay safe.
Ecuador – Corporación Nacional de Telecomunicación (CNT)
https://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/Exploit: Hacking
Corporación Nacional de Telecomunicación (CNT): State Run Telecommunications Utility
Risk to Business: 1.919 = Severe
Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal and customer support. This company provides telecommunications services including fixed-line phone service, mobile, satellite TV, and internet connectivity. The attack has shut online payment systems down. RansomEXX is suspected to be the culprit. An investigation and systems restoration is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Customer satisfaction is bound to be severely impacted by the loss of online payment systems.
Campbell Conroy & O’Neil, P.C. (Campbell)
https://www.bleepingcomputer.com/news/security/ransomware-hits-law-firm-counseling-fortune-500-global-500-companies/Exploit: Ransomware
Campbell Conroy & O’Neil, P.C. (Campbell): Law Firm
Risk to Business: 1.201= Extreme
Campbell Conroy & O’Neil, P.C. (Campbell), a law firm that counts dozens of Fortune 500 and Global 500 companies among its clientele, has disclosed a data breach following a February 2021 ransomware attack. The firm’s client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation. At the time, it was unclear if client data had been stolen, but the investigation has since determined that client data was stolen.
Individual Risk: 1.963= Severe
The crooks made off with data about clients including names, dates of birth, driver’s license numbers, state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data. Usernames and passwords were also snatched. and/or online account credentials (i.e. usernames and passwords).” The firm24 months of free access to credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack
How It Could Affect Your Business: This data abiut major companies and powerful business executives is cybercriminal gold and quickly saleable in the busy dark web data markets.
Forefront Dermatology S.C.
https://www.databreachtoday.com/dermatology-clinic-chain-breach-affects-24-million-a-17074Exploit: Ransomware
Forefront Dermatology S.C.: Medical Network
Risk to Business: 2.216 = Severe
Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a ransomware incident it recently experienced. Cuba ransomware is believed to be the culprit. The incident is the third-largest healthcare breach of 2021 so far. Xperts who spotted the data dump on a darknet site said that it was approximately 47 MB, including more than 130 files with information on the entity’s system and network, with security and backup details, and all their logins for vendor sites.
Risk to Individual: 2.462 = Severe
The company has announced that potentially compromised patient, clinician and employee information includes name, address, date of birth, patient account number, health insurance plan member ID number, medical record number, dates of service, provider names, and/or medical and clinical treatment information.
How it Could Affect Your Business: Medical data is some of the hottest product to sell in dark web markets, earning cybercriminals a substantial profit and this company a substatial HIPAA fine.
Guess
https://www.zdnet.com/article/guess-announces-breach-of-employee-ssns-and-financial-data-after-darkside-attack/Exploit: Ransomware
Guess: Fashion Brand
Risk to Business: 2.223=Severe
Fashion brand Guess, known for their salacious 90’s advertising campaigns, was hit with a ransomware attack from an unexpected source: Darkside. Sources are mixed as to whether this is a new operation or an old one just coming to light. Guess would not confirm that the incident occurred, but dark web researchers uncovered 200 GB of data from the fashion brand on a leak site. No consumer financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Proproetary data about businesses and their products is a hot seller on the dark web, especially if blueprints, formulas or similar information is included.
Mint Mobile
https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/Exploit: Hacking
Mint Mobile: Mobile Network Carrier
Risk to Business: 1.575 = Severe
California-based Mint Mobile has disclosed a data breach. The company says that an unauthorized person gained access to their data including subscribers’ account information. The miscreants also ported phone numbers to another carrier.
Individual Risk: 1.502 = Severe
Exposed client data may include name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number and subscription features.
How it Could Affect Your Business: Hackers are always in the market for fresh data, and this kind of prorietary information is a goldmine for them.
United Kingdom – Northern Railway
Exploit: RansomwareNorthern Trains: Government-Run Transportation Authority
Risk to Business: 1.302 = Extreme
Railway passengers in Northern England got an unpleasant surprise when they discovered that ticket machines on Northern Trains’ network were knocked offline following a ransomware attack. Run by the British government, Northern Trains said no customer or payment data had been compromised, and that customers could still buy tickets online.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks againts utilities and quasi-utility infrastructure have been steadily increasing, and businesses in those sectors need to step up their protection to stay safe.
Ecuador – Corporación Nacional de Telecomunicación (CNT)
https://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/Exploit: Hacking
Corporación Nacional de Telecomunicación (CNT): State Run Telecommunications Utility
Risk to Business: 1.919 = Severe
Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal and customer support. This company provides telecommunications services including fixed-line phone service, mobile, satellite TV, and internet connectivity. The attack has shut online payment systems down. RansomEXX is suspected to be the culprit. An investigation and systems restoration is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Customer satisfaction is bound to be severely impacted by the loss of online payment systems.
Northwestern Memorial HealthCare
https://portswigger.net/daily-swig/data-breach-at-third-party-provider-exposes-medical-information-of-us-healthcare-patientsExploit: Third-Party Data Breach
Northwestern Memorial HealthCare: Hospital System
Risk to Business: 1.771= Severe
A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital.
Individual Risk: 1.603= Severe
The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Morgan Stanley
https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/Exploit: Third-Party Data Breach
Morgan Stanley: Financial Services Firm
Risk to Business: 2.216 = Severe
Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack.
Risk to Individual: 2.462 = Severe
Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts.
How it Could Affect Your Business: Ransomware can have ripple consequences that complicate response for everyone involved, creating unexpected risk.
Republican National Committee (RNC)
https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committeeExploit: Nation-State Cybercrime
Republican National Committee (RNC): Political Organization
Risk to Business: 2.223=Severe
Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.
GETTR
https://therecord.media/gettr-leaks-email-addresses-and-user-details-in-api-security-snafu/Exploit: Hacking
GETTR: Social Media Platform
Risk to Business: 1.575 = Severe
A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.
Individual Risk: 1.502 = Severe
According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
How it Could Affect Your Business: Strong endpoint security and security awareness training are vital for the success of security plans
Switzerland – Comparis
https://www.reuters.com/technology/ransomware-attack-hits-swiss-consumer-outlet-comparis-2021-07-09/Exploit: Hacking
Comparis: Shopping Platform
Risk to Business: 1.302 = Extreme
Swiss online consumer outlet Comparis has disclosed a ransomware attack by filing a criminal complaint. The attack purportedly blocked some of the information technology systems, causing scattered disruptions for several days. Sister company Credaris, a financial services provider that uses the same server environment, may also have experienced unconfirmed malicious access to unspecified information. According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
Customers Impacted: Unknown
How it Could Affect Your Business: Personal data is gold in dark web markets, and cybercriminals are hungry to find new stores of it to sell.
Germany – Spreadshop
https://www.privacysharks.com/spreadshop-hit-by-cyber-attack-payment-details-emails-and-passwords-breached/Exploit: Hacking
Spreadshop: Shopping Platform
Risk to Business: 1.919 = Severe
German merchandise platform Spreadshop has disclosed that on July 8th, 2021, it was the victim of a malicious cyberattack. The company confirmed that personal user data, including bank account details, were compromised. The platform is the commerce arm of a web of businesses that also includes Spreadshirt and TeamShirts.
Individual Risk: 2.271 = Severe
According to a statement from Spreadshop, the compromised data includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
India – Technisanct
https://ciso.economictimes.indiatimes.com/news/data-breach-in-trading-platform/83829525Exploit: Hacking
Technisanct: Trading Platform
Risk to Business: 2.801 = Moderate
Big data startup Technisanct has disclosed a data breach in a trading platform that it operates in India. Information from over 3.4 million customers was compromised. The security breach was identified by Technisanct’s digital risk monitoring tool. Researchers have reported that the pilfered data was for sale in an online platform dedicated to these kinds of transactions, and some of the information was published on June 15.
Idividual Risk: 2.766 = Moderate
The company has disclosed that Personal Identifiable Information (PII) was exposed including name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.
How it Could Affect Your Business: PII was the second most popular category of data in dark web markets last year according to the Verizon/Ponemon DBIR 2021 report.
Taiwan – Adata
https://www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/Exploit: Ransomware
Adata: Computer Chip Maker
Risk to Business: 1.801 = Severe
The Ragnar Locker ransomware gang has announced that they’ve acquired more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. According to reports, the largest archive is close to 300GB, and the second largest is 117GB and the archives likely contain corporate financial information, non-disclosure agreements and sales data.
Customers Impacted: Unknown
How it Could Affect Your Business: That’s a huge trove of data that will be very popular in hacker marketplaces.
Northwestern Memorial HealthCare
https://portswigger.net/daily-swig/data-breach-at-third-party-provider-exposes-medical-information-of-us-healthcare-patientsExploit: Third-Party Data Breach
Northwestern Memorial HealthCare: Hospital System
Risk to Business: 1.771= Severe
A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital.
Individual Risk: 1.603= Severe
The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Morgan Stanley
https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/Exploit: Third-Party Data Breach
Morgan Stanley: Financial Services Firm
Risk to Business: 2.216 = Severe
Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack.
Risk to Individual: 2.462 = Severe
Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts.
How it Could Affect Your Business: Ransomware can have ripple consequences that complicate response for everyone involved, creating unexpected risk.
Republican National Committee (RNC)
https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committeeExploit: Nation-State Cybercrime
Republican National Committee (RNC): Political Organization
Risk to Business: 2.223=Severe
Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.
GETTR
https://therecord.media/gettr-leaks-email-addresses-and-user-details-in-api-security-snafu/Exploit: Hacking
GETTR: Social Media Platform
Risk to Business: 1.575 = Severe
A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.
Individual Risk: 1.502 = Severe
According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
How it Could Affect Your Business: Strong endpoint security and security awareness training are vital for the success of security plans
Switzerland – Comparis
https://www.reuters.com/technology/ransomware-attack-hits-swiss-consumer-outlet-comparis-2021-07-09/Exploit: Hacking
Comparis: Shopping Platform
Risk to Business: 1.302 = Extreme
Swiss online consumer outlet Comparis has disclosed a ransomware attack by filing a criminal complaint. The attack purportedly blocked some of the information technology systems, causing scattered disruptions for several days. Sister company Credaris, a financial services provider that uses the same server environment, may also have experienced unconfirmed malicious access to unspecified information. According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
Customers Impacted: Unknown
How it Could Affect Your Business: Personal data is gold in dark web markets, and cybercriminals are hungry to find new stores of it to sell.
Germany – Spreadshop
https://www.privacysharks.com/spreadshop-hit-by-cyber-attack-payment-details-emails-and-passwords-breached/Exploit: Hacking
Spreadshop: Shopping Platform
Risk to Business: 1.919 = Severe
German merchandise platform Spreadshop has disclosed that on July 8th, 2021, it was the victim of a malicious cyberattack. The company confirmed that personal user data, including bank account details, were compromised. The platform is the commerce arm of a web of businesses that also includes Spreadshirt and TeamShirts.
Individual Risk: 2.271 = Severe
According to a statement from Spreadshop, the compromised data includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
India – Technisanct
https://ciso.economictimes.indiatimes.com/news/data-breach-in-trading-platform/83829525Exploit: Hacking
Technisanct: Trading Platform
Risk to Business: 2.801 = Moderate
Big data startup Technisanct has disclosed a data breach in a trading platform that it operates in India. Information from over 3.4 million customers was compromised. The security breach was identified by Technisanct’s digital risk monitoring tool. Researchers have reported that the pilfered data was for sale in an online platform dedicated to these kinds of transactions, and some of the information was published on June 15.
Idividual Risk: 2.766 = Moderate
The company has disclosed that Personal Identifiable Information (PII) was exposed including name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.
How it Could Affect Your Business: PII was the second most popular category of data in dark web markets last year according to the Verizon/Ponemon DBIR 2021 report.
Taiwan – Adata
https://www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/Exploit: Ransomware
Adata: Computer Chip Maker
Risk to Business: 1.801 = Severe
The Ragnar Locker ransomware gang has announced that they’ve acquired more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. According to reports, the largest archive is close to 300GB, and the second largest is 117GB and the archives likely contain corporate financial information, non-disclosure agreements and sales data.
Customers Impacted: Unknown
How it Could Affect Your Business: That’s a huge trove of data that will be very popular in hacker marketplaces.
These 10 Facts About Passwords Prove That Your “Password Protected” Data Isn’t Safe.
Companies are still relying on passwords alone to be an effective security measure – and that is a mistake that could lead to an expensive disaster like a data breach fast. Don’t rely on just a password for data loss prevention. It’s completely outdated. You wouldn’t use an old-fashioned lock to secure your office door – why are you relying on an old-fashioned lock to secure your data? See how password risk has evolved with the help of the Dark Web to learn why you need to upgrade your security from “password protected” to “secure identity and access management solution defended”. Take a look at 10 facts about passwords that will shine a light on why secure identity and access management is a must-have.Passwords Aren’t Protection
As we’ve demonstrated before, passwords are not an effective security measure, and keeping data and systems safe in the modern threat landscape requires stronger protection. These 10 statistics clearly show that passwords are definitely not the last word in data loss prevention.- At least 60% of people reuse passwords across multiple sites regularly.
- A terrifying 13% of people use the same password for all passworded accounts and devices.
- An estimated 81% of data breaches are due to poor password security.
- Although 91% of participants in a recent survey understand the risk of password reuse, 59% admitted to doing it anyway.
- 543 million employee credentials for Fortune 1000 companies are circulating on commonly used underground hacking forums, a 29% increase from 2020.
- Unfortunately, 48% of workers use the same passwords in both their personal and work accounts.
- Compromised passwords are responsible for 81% of hacking-related breaches.
- The average person reuses each password 14 times!
- An estimated 49% of employees only add a digit or change a character in their password when they’re required to update it.
- More than 60% of employees use the same password across multiple work and home applications.
People Love to Make Bad Passwords
Most people will choose passwords that can be divided into 24 common combinations, and 49% of users will only change one letter or digit in one of their preferred passwords when required to make a new password. Based on an analysis of the data that we analyzed from Dark Web ID in 2020, the most categories of information used to generate bad passwords in 2020 were Names, Sports, Food, Places, Animals, and Famous People/Characters.Most passwords originate from these groups:
59% of Americans use a person’s name or family birthday in their passwords33% include a pet’s name
22% use their own name
Take a look at the Worst Passwords of 2020 to find out what NOT to do.
The Most Common Passwords by Category
Names: maggieSports: baseball
Food: cookie
Places: Newyork
Animals: lemonfish
Famous People/Characters: Tigger
These 10 Facts About Passwords Prove That Your “Password Protected” Data Isn’t Safe.
Companies are still relying on passwords alone to be an effective security measure – and that is a mistake that could lead to an expensive disaster like a data breach fast. Don’t rely on just a password for data loss prevention. It’s completely outdated. You wouldn’t use an old-fashioned lock to secure your office door – why are you relying on an old-fashioned lock to secure your data? See how password risk has evolved with the help of the Dark Web to learn why you need to upgrade your security from “password protected” to “secure identity and access management solution defended”. Take a look at 10 facts about passwords that will shine a light on why secure identity and access management is a must-have.Passwords Aren’t Protection
As we’ve demonstrated before, passwords are not an effective security measure, and keeping data and systems safe in the modern threat landscape requires stronger protection. These 10 statistics clearly show that passwords are definitely not the last word in data loss prevention.- At least 60% of people reuse passwords across multiple sites regularly.
- A terrifying 13% of people use the same password for all passworded accounts and devices.
- An estimated 81% of data breaches are due to poor password security.
- Although 91% of participants in a recent survey understand the risk of password reuse, 59% admitted to doing it anyway.
- 543 million employee credentials for Fortune 1000 companies are circulating on commonly used underground hacking forums, a 29% increase from 2020.
- Unfortunately, 48% of workers use the same passwords in both their personal and work accounts.
- Compromised passwords are responsible for 81% of hacking-related breaches.
- The average person reuses each password 14 times!
- An estimated 49% of employees only add a digit or change a character in their password when they’re required to update it.
- More than 60% of employees use the same password across multiple work and home applications.
People Love to Make Bad Passwords
Most people will choose passwords that can be divided into 24 common combinations, and 49% of users will only change one letter or digit in one of their preferred passwords when required to make a new password. Based on an analysis of the data that we analyzed from Dark Web ID in 2020, the most categories of information used to generate bad passwords in 2020 were Names, Sports, Food, Places, Animals, and Famous People/Characters.Most passwords originate from these groups:
59% of Americans use a person’s name or family birthday in their passwords33% include a pet’s name
22% use their own name
Take a look at the Worst Passwords of 2020 to find out what NOT to do.
The Most Common Passwords by Category
Names: maggieSports: baseball
Food: cookie
Places: Newyork
Animals: lemonfish
Famous People/Characters: Tigger
US & UK Data Breaches Are Exploding, Driving Up Cyber Insurance Rates
At the root of many damaging cybersecurity incidents, you’ll find phishing. In fact, 90% of incidents that end in a data breach start with a phishing email. Researchers at leading organizations have been sounding the alarm about phishing forever, but many organizations still fail to really take the threat seriously to their detriment. As phishing rates worldwide continue to climb, escalating risk for devastating cyberattacks like ransomware and business email compromise, there’s a new impetus for businesses to fight back against phishing.Phishing Never Stops Evolving
While it may not seem like it on the surface, phishing is a complex hazard for businesses to navigate. One reason for that complexity is that phishing is a rapidly evolving area of cybercrime. The bad guys are always trotting out new scams. In fact, researchers at the University of Maryland estimate that cybercriminals launch a new cyberattack like phishing every 39 seconds. These statistics offer a starting point when considering the way that phishing impacts the business world right now.Phishing Quick Hits
- 94% of malware is delivered by email.
- More than 80 % of reported security incidents are phishing-related
- 40% of phishing messages aren’t caught by conventional security or a SEG
- One-fifth of employees in a 2020 survey fell for phishing tricks and interacted with spurious emails
- 45% of employees click emails they consider to be suspicious “just in case it’s important.”
US & UK Data Breaches Are Up by Over 70%
Data breach numbers have been skyrocketing all over the world since the start of the global pandemic, and phishing is at the root of many of those breaches – an estimated 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months. The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.But the US isn’t that far ahead, and the dramatic increase in phishing-related data breaches that are plaguing businesses isn’t just a US problem. In a recent UK survey of insider incident risk, researchers noted that 73% of the UK organizations that they surveyed have suffered at least one data breach caused by phishing attacks in the last year. Overall, researchers studying phishing found that 80% of IT professionals that they spoke to worldwide said that their organizations have faced an increase in the number of phishing attacks that they’re combatting in 2021.
US & UK Cyber Insurance Rates Are Also Climbing
The epic rise in phishing-related data breaches is also behind the serious rise in pricing for cyber insurance up by 56% in the US and 35% in the UK. Insurance industry experts point to ransomware as the cause of such steep increases. Ransomware cyber insurance claims worldwide clocked a 260% increase in 2020 as cybercriminals turned up the heat. Many insurers are placing restrictions on the coverage that companies can buy for phishing related disasters because of the frequency and severity of losses related to ransomware, including insurance giants like AXA have announced that they will no longer underwrite cyber insurance policies to reimburse companies for ransomware payments after cyber attacks.What is Behind the Increase?
While there’s no single cause that can be isolated for the rise in phishing-related data breaches, three major factors have seriously influenced the phishing-related data breach landscape. The pandemic certainly set up the conditions under which phishing thrived last year. In a survey of executives, 90% said that their companies experienced an increase in cyberattacks due to the pandemic with 98% incurring significant security challenges including an increased volume of phishing messages within just the first two months. But that’s not the total story. Other contributors have also played a part.Remote Work Has Created Too Much Opportunity for Cybercriminals to Resist
The rise of remote work has definitely been a factor in increased phishing. Email volume increased dramatically, and that increased opportunity for cybercriminals to conduct phishing scams. Google notched a more than 600% increase in phishing email at the start of the global pandemic and phishing remains at a high volume. Over half of IT leaders say that remote working during the pandemic increased data breaches caused by phishing, and that problem, doesn’t appear to be waning either. Google has registered 2,145,013 phishing sites as of Jan 17, 2021. This is up from 1,690,000 on Jan 19, 2020 (up 27% over 12 months).- About 55% of remote workers use email as their primary form of communication.
- More than 40% of remote workers polled recently admitted that they’d made email handling errors that caused cybersecurity incidents.
- An estimated 50% of the IT leaders surveyed in a recent insider threat survey expect this trend to continue into the future.
Social Engineering Powered by Abundant Dark Web Data
Bad actors use all sorts of psychological tricks to lure their victims into the number one type of social engineering attack: phishing. These attacks are typically powered by abundant dark web data. About 60% of the data on the dark web at the beginning of 2020 could be used to harm businesses and more than 22 billion new records have been added including 103 GB in this year’s RockYou2021 dump. Socially engineered phishing attacks use that data to lure employees into opening dodgy emails, clicking suspicious links, handing over passwords, downloading sketchy attachments and engaging in other unsafe behaviors that can put your business at risk of damaging disasters.- Socially engineered cyberattacks are just under 80% effective.
- Over 90% of successful data breaches are rooted in social engineering.
- More than 70% of IT professionals say they’ve experienced employees falling for a social engineering attack.
The Evolution and Weaponization of Ransomware
These days, every business is at risk of a ransomware attack, and the majority of those are delivered through phishing. Ransomware attacks can be especially sophisticated, often utilizing social engineering in order to lull targets into a false sense of security that encourages them to download a poisonous Office file (48% of malicious attachments in 2020 were office files) or provide a bad actor with their credentials under false pretenses – and giving the bad guys a golden opportunity to snatch data. Cybercriminals are especially interested in mounting attacks that enable them to use highly profitable double and triple extortion ransomware.- 51% of businesses worldwide were negatively impacted by ransomware in 2020
- 65% of active cybercriminal gangs use phishing as their favored method of delivery for ransomware
- Two in five SMBs experienced a ransomware attack in 2020
How Can Businesses Reduce US & UK Data Breach Risk from Phishing?
With the world operating remotely during the pandemic lockdowns last year, email volume skyrocketed. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies continue to grapple with the implications of the ongoing pandemic and virus variants that could lead to long-term remote work becoming the norm. If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025.Unfortunately, businesses continue to be locked into remote operations in most of the world as the global pandemic enters a new phase, creating another round of opportunities that cybercriminals won’t want to miss. In this year’s ISACA State of Cybersecurity 2021 Survey, 35% of respondents reported that their enterprises are experiencing an increase in cyberattacks like phishing in 2021. That’s three percentage points higher than was recorded in that survey in 2020, a record-breaking year for phishing worldwide. That means that it is imperative for businesses to fight back against the rising tide of phishing by taking sensible precautions.
US & UK Data Breaches Are Exploding, Driving Up Cyber Insurance Rates
At the root of many damaging cybersecurity incidents, you’ll find phishing. In fact, 90% of incidents that end in a data breach start with a phishing email. Researchers at leading organizations have been sounding the alarm about phishing forever, but many organizations still fail to really take the threat seriously to their detriment. As phishing rates worldwide continue to climb, escalating risk for devastating cyberattacks like ransomware and business email compromise, there’s a new impetus for businesses to fight back against phishing.
Phishing Never Stops Evolving
While it may not seem like it on the surface, phishing is a complex hazard for businesses to navigate. One reason for that complexity is that phishing is a rapidly evolving area of cybercrime. The bad guys are always trotting out new scams. In fact, researchers at the University of Maryland estimate that cybercriminals launch a new cyberattack like phishing every 39 seconds. These statistics offer a starting point when considering the way that phishing impacts the business world right now.Phishing Quick Hits
- 94% of malware is delivered by email.
- More than 80 % of reported security incidents are phishing-related
- 40% of phishing messages aren’t caught by conventional security or a SEG
- One-fifth of employees in a 2020 survey fell for phishing tricks and interacted with spurious emails
- 45% of employees click emails they consider to be suspicious “just in case it’s important.”
US & UK Data Breaches Are Up by Over 70%
Data breach numbers have been skyrocketing all over the world since the start of the global pandemic, and phishing is at the root of many of those breaches – an estimated 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months. The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.But the US isn’t that far ahead, and the dramatic increase in phishing-related data breaches that are plaguing businesses isn’t just a US problem. In a recent UK survey of insider incident risk, researchers noted that 73% of the UK organizations that they surveyed have suffered at least one data breach caused by phishing attacks in the last year. Overall, researchers studying phishing found that 80% of IT professionals that they spoke to worldwide said that their organizations have faced an increase in the number of phishing attacks that they’re combatting in 2021.
US & UK Cyber Insurance Rates Are Also Climbing
The epic rise in phishing-related data breaches is also behind the serious rise in pricing for cyber insurance up by 56% in the US and 35% in the UK. Insurance industry experts point to ransomware as the cause of such steep increases. Ransomware cyber insurance claims worldwide clocked a 260% increase in 2020 as cybercriminals turned up the heat. Many insurers are placing restrictions on the coverage that companies can buy for phishing related disasters because of the frequency and severity of losses related to ransomware, including insurance giants like AXA have announced that they will no longer underwrite cyber insurance policies to reimburse companies for ransomware payments after cyber attacks.
What is Behind the Increase?
While there’s no single cause that can be isolated for the rise in phishing-related data breaches, three major factors have seriously influenced the phishing-related data breach landscape. The pandemic certainly set up the conditions under which phishing thrived last year. In a survey of executives, 90% said that their companies experienced an increase in cyberattacks due to the pandemic with 98% incurring significant security challenges including an increased volume of phishing messages within just the first two months. But that’s not the total story. Other contributors have also played a part.Remote Work Has Created Too Much Opportunity for Cybercriminals to Resist
The rise of remote work has definitely been a factor in increased phishing. Email volume increased dramatically, and that increased opportunity for cybercriminals to conduct phishing scams. Google notched a more than 600% increase in phishing email at the start of the global pandemic and phishing remains at a high volume. Over half of IT leaders say that remote working during the pandemic increased data breaches caused by phishing, and that problem, doesn’t appear to be waning either. Google has registered 2,145,013 phishing sites as of Jan 17, 2021. This is up from 1,690,000 on Jan 19, 2020 (up 27% over 12 months).- About 55% of remote workers use email as their primary form of communication.
- More than 40% of remote workers polled recently admitted that they’d made email handling errors that caused cybersecurity incidents.
- An estimated 50% of the IT leaders surveyed in a recent insider threat survey expect this trend to continue into the future.
Social Engineering Powered by Abundant Dark Web Data
Bad actors use all sorts of psychological tricks to lure their victims into the number one type of social engineering attack: phishing. These attacks are typically powered by abundant dark web data. About 60% of the data on the dark web at the beginning of 2020 could be used to harm businesses and more than 22 billion new records have been added including 103 GB in this year’s RockYou2021 dump. Socially engineered phishing attacks use that data to lure employees into opening dodgy emails, clicking suspicious links, handing over passwords, downloading sketchy attachments and engaging in other unsafe behaviors that can put your business at risk of damaging disasters.- Socially engineered cyberattacks are just under 80% effective.
- Over 90% of successful data breaches are rooted in social engineering.
- More than 70% of IT professionals say they’ve experienced employees falling for a social engineering attack.
The Evolution and Weaponization of Ransomware
These days, every business is at risk of a ransomware attack, and the majority of those are delivered through phishing. Ransomware attacks can be especially sophisticated, often utilizing social engineering in order to lull targets into a false sense of security that encourages them to download a poisonous Office file (48% of malicious attachments in 2020 were office files) or provide a bad actor with their credentials under false pretenses – and giving the bad guys a golden opportunity to snatch data. Cybercriminals are especially interested in mounting attacks that enable them to use highly profitable double and triple extortion ransomware.- 51% of businesses worldwide were negatively impacted by ransomware in 2020
- 65% of active cybercriminal gangs use phishing as their favored method of delivery for ransomware
- Two in five SMBs experienced a ransomware attack in 2020
How Can Businesses Reduce US & UK Data Breach Risk from Phishing?
With the world operating remotely during the pandemic lockdowns last year, email volume skyrocketed. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies continue to grapple with the implications of the ongoing pandemic and virus variants that could lead to long-term remote work becoming the norm. If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025.Unfortunately, businesses continue to be locked into remote operations in most of the world as the global pandemic enters a new phase, creating another round of opportunities that cybercriminals won’t want to miss. In this year’s ISACA State of Cybersecurity 2021 Survey, 35% of respondents reported that their enterprises are experiencing an increase in cyberattacks like phishing in 2021. That’s three percentage points higher than was recorded in that survey in 2020, a record-breaking year for phishing worldwide. That means that it is imperative for businesses to fight back against the rising tide of phishing by taking sensible precautions.
Arthur J. Gallagher
Exploit: RansomwareArthur J. Gallagher (AJG): Insurance Broker
Risk to Business: 1.673= Severe
Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to customers impacted in a previously unannounced ransomware attack that hit its systems in late September 2020. The company said that an unknown party accessed data contained within their network between June 3, 2020, and September 26, 2020. The company has apparently just completed its investigation.
Individual Risk: 1.522= Severe
While the company did not specify the types of data exposed, their SEC filing did and PII starred heavily on the list. Data exposed may include a client’s Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number and biometric information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington State Department of Labor and Industries
https://www.thenewstribune.com/news/state/washington/article252532918.html
Exploit: Third-Party Data BreachWashington State Department of Labor and Industries: Government Agency
Risk to Business: 1.816 = Severe
Washington State informed over 16,000 workers that their PII may have been exposed in a ransomware attack on Renton market research company Pacific Market Research (PMR). The contractor was hit with a ransomware attack in May 2021.
Risk to Business: 1.516 = Severe
The exposed information for workers includes claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey for the agency.
How it Could Affect Your Business: An unsecured database is easy pickings for cybercriminals and a rookie mistake that could cost the survey company a client.
Practicefirst
https://healthitsecurity.com/news/healthcare-ransomware-attack-targets-practice-management-vendor
Exploit: RansomwarePracticefirst: Healthcare Technology Services
Risk to Business: 2.223=Severe
Practicefirst announced that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and employees. The service provider specializes in medical billing, coding, credentialing, bookkeeping, and practice management solutions. When they detected suspicious activity on December 30th, 2020, they shut down all systems, changed passwords and notified authorities but not before the bad guys scooped up data.
Risk to Business: 2.201=Severe
Practicefirst disclosed that patient and employee information has been impacted including birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers employee usernames and passwords, bank account information. Other data that may have been stolen is primarily treatment-focused like diagnoses, lab and treatment information, medication information and health insurance identification.
How it Could Affect Your Business: Clients and employees won’t be happy about having this kind of personal information stolen – and neither will the Department of Health and Human Services.
UofL Health
https://www.infosecurity-magazine.com/news/kentucky-healthcare-system-exposes/Exploit: Insider Threat (Employee Error)
UofL Health: Healthcare System
Risk to Business: 1.575 = Severe
Kentucky-based UofL Health has notified more than 40,000 patients of an employee blunder that resulted in their personal health information being emailed to the wrong address. In this case, a UofL employee accidentally sent personal health information from UofL patients to an email address outside of the health system’s network. According to UofL, the accidental recipient of the data did not view or access any patient information.
Risk to Business: 1.502 = Severe
Patients whose data was impacted by the incident have been offered free identity protection services. No specifics about what exact data was accessed have been released beyond personal health information.
How it Could Affect Your Business: Employee errors that impact compliance in a heavily regulated industry pack a punch after regulators get to work.
United Kingdom – Salvation Army
https://www.theregister.com/2021/06/30/salvation_army_ransomware_attack/Exploit: Hacking
Salvation Army – Non-Profit
Risk to Business: 2.424= Severe
The United Kingdom arm of the evangelical Christian nonprofit Salvation Army disclosed that it had been the victim of an unspecified cyberattack. The industry press are reporting that the attack was purportedly ransomware but no confirmation is available at this time. The fundamentalist charity says that no programs were impacted and has not released information about the type of data that was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: organizations that hold financial information for donors should put extra care into securing it to keep those people donating.
Spain – MasMovil
https://www.hackread.com/revil-ransomware-gang-hits-masmovil-telecom/Exploit: Ransomware
MasMovil: Telecommunications
Risk to Business: 1.801 = Severe
Cybercrime gang REvil struck Spain’s fourth-largest telecom over the 4th of July weekend. The group claims to have “downloaded databases and other important data” belonging to the telecom giant, sharing screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM and OCU.
Customers Impacted: Unknown
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.