The Week in Breach News: 03/03/21 – 03/09/21
This Week in Breach News:
This week, we’ll explore: hacking at SITA with a wide ripple effect, nation-state actors sliding in through a Microsoft flaw and how the pandemic has changed phishing for the worse – plus we’ve got an amazing (and timely) eBook on Supply Chain & Third-Party Risk and a magical new infographic for you just in time for St. Patrick’s Day!
United States – CallX
https://www.infosecurity-magazine.com/news/telemarketing-biz-exposes-114000/
Exploit: Unsecured Server
CallX: Telemarketing Firm
Risk to Business: 1.727 = Severe
An unsecured AWS S3 bucket has been leaking information gathered by CallX, whose analytics services are utilized by a wide array of companies including LendingTree, Liberty Mutual Insurance and Vivint to improve their media buying and inbound marketing. Discovered by researchers, 114,000 files were left publicly accessibly in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.
Individual Risk: 1.447 = Extreme
Personally identifiable information (PII) contained in these files included full names, home addresses, phone numbers and call details. The leaked data can be used to launch spear phishing attacks and other fraud.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Information like this makes its way quickly to the bustling data markets and dumps on the dark web, seeding future trouble.
ID Agent to the Rescue: Watch for threats from the dark web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>
United States – Qualys
Exploit: Third-Party Breach (Ransomware)
Qualys: Cybersecurity & Cloud Development
Risk to Business: 1.412 = Extreme
Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. The Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm including purchase orders, invoices, tax documents and scan reports.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business It’s especially damaging for a cybersecurity company to fall victim to something like ransomware. Unfortunately, this problem came through a third-party partner, but potential customers may see a cybersecurity firm that can’t protect itself.
ID Agent to the Rescue: Read our Security Awareness Champion’s Guide, for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals use to conduct them. GET THE BOOK>>
United States – PrismHR
Exploit: Ransomware
PrismHR: Payroll Services
Risk to Business: 2.212 = Severe
A suspected ransomware attack has brought trouble to payroll giant Prism HR and its clients. PrismHR’s platform is experiencing a service outage as a result, which has led to smaller accountants, and their clients, to lose access to PrismHR’s customer portals.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can strike anytime, anywhere and companies of any size are vulnerable. Smart companies take proper precautions like increased security awareness training.
ID Agent to the Rescue: Learn the secret to keeping ransomware and phishing away from your business and keeping your data safer in The Phish Files. READ IT >>
United States – Microsoft
https://www.nytimes.com/2021/03/06/technology/microsoft-hack-china.html
Exploit: Nation-State Hacking
Microsoft: Software Developer
Risk to Business: 1.227 = Extreme
Microsoft is reporting a that suspected Chinese nation-state actors have exploited a flaw in Exchange that has given them some access to data or email accounts. The company estimates that 30,000 or so customers were affected. This flaw impacts a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers were able to steal emails and install malware to continue surveillance of their targets. Patches are available and should be installed immediately.
Individual Impact: No sensitive personal or financial information was announced as part of this incident from Microsoft directly, but organizations around the world will be conducting assessments with potentially wide-ranging fallouts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This is a tremendous problem for businesses of every size, and something that will be lingering for years for impacted organizations.
ID Agent to the Rescue: Stolen information can keep coming back to haunt you, but Dark Web ID can give you a heads up if your credentials turn up in dark web markets. SEE DARK WEB ID AT WORK>>
Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>
United Kingdom – Nova Education Trust
https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/
Exploit: Hacking
Nova Education Trust: School System
Risk to Business: 1.702 = Severe
15 schools in the United Kingdom have been unable to provide online learning due to a cyberattack. According to Nova Education Trust, a threat actor was able to access the trust’s central network infrastructure and while an investigation took place, all existing phone, email and website communication was stalled. The 15 schools impacted by the central cybersecurity incident were not able to provide typical remote learning and teachers have been unable to upload learning materials. Alternative access is being used to keep schools open.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Hackers have been a continued source of trouble for educational institutions as the pandemic forced learning online. Threat actors have used this opportunity to attack a sector with traditionally weak security and profit handsomely.
ID Agent to the Rescue: Protect your business environment from hackers by adding Passly to your security suite to stop 99% of password-based cybercrime cold using multifactor authentication and more. SEE IT IN ACTION>>
The Netherlands – Ticketcounter
Exploit: Hacking
Ticketcounter: Ticketing Platform
Risk to Business: 1.603 = Severe
Ticketcounter, a platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue, suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.
Individual Risk: 2.673 = Moderate
The data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords. People who use Ticketcounter should be aware of potential spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Unsecured servers are a rookie move. It pays to make sure that you’re following basic security procedures when storing or moving data.
ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. READ THE BOOK>>
France – European Banking Authority (EBA)
https://www.bbc.com/news/technology-56321567
Exploit: Third-Party Breach
European Banking Authority: Regulatory Agency
Risk to Business: 1.993 = Severe
The first dominos to fall in the massive Microsoft breach (see above) will be government entities in the US and Europe. Starting that trend, the European Banking Authority has announced that it’s been impacted. EBA officials say that personal data may have been accessed from its servers. The agency has taken its email system offline temporarily as part of its investigation and remediation process.
Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third-party and supply chain risk is amping up for every business as an interconnected world creates new openings for danger
ID Agent to the Rescue: Mitigating third-party and supply chain risk is essential. Learn how to do that in our NEW eBook “Breaking Up with Third Party and Supply Chain Risk. GET THE NEW EBOOK NOW!>>
Switzerland – Adecco Group
https://cybernews.com/security/5-million-adecco-com-users-data-leaked/
Exploit: Unsecured Database
Adecco Group: Staffing Firm
Risk to Business: 1.913 = Severe
Security researchers visiting a hacking forum uncovered bad actors purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second-largest human resources and temp staffing provider in the world. About 5 million records were stolen from accounts in Peru, Brazil, Argentina, Colombia, Chile and Ecuador.
Individual Impact: No details about the type of information is available and an investigation is ongoing.
Customers Impacted: up to 5 million
How it Could Affect Your Customers’ Business: Make sure that you’re covering the easy baases by making sure that basic security protocols are being followed throughout your organization because embarrassing, damaging incidents like this can happen to you.
ID Agent to the Rescue: Are you careful about protecting your systems and data? Don’t rely on luck to keep it all safe! Rely on these 7 tips and digital risk protection solutions from ID Agent. Download our adorable St. Patrick’s day infographic for more details! GRAB THIS INFOGRAPHIC>>
Switzerland – SITA Société Internationale de Télécommunications Aéronautiques (SITA)
https://heimdalsecurity.com/blog/outspread-sita-security-breach-exposes-more-airlines/
Exploit: Hacking
SITA: Aviation IT
Risk to Business: 1.116 = Extreme
Aviation IT giant SITA has announced that it has experienced a hacking-related security breach that impacts airlines in the Star Alliance and the One World alliance. Those airlines include Singapore Airlines, Air New Zealand, British Airways, American Airlines, Lufthansa, Malaysia Airlines, Finnair, Japan Airlines, United Airlines, SAS, Cathay Pacific, and South Korean airline Juju Air. Customers were unable to access many functions within carriers’ online platforms including frequent flyer and ticketing information.
Individual Impact: The investigation is ongoing, but there is an expectation that cybercriminals may have been able to access some basic PII through various airlines’ accounts. No real detail is available.
Customers Impacted: Over 2 million
How it Could Affect Your Customers’ Business: Third-party incidents are unfortunate. They’re also a reality of the modern business world. Taking precautions on your side of the relationship by adding security measures like multifactor authentication (MFA) to blunt the impact of relationship risk.
ID Agent to the Rescue: Get smart, affordable protection from many hacking attempts with Passly, the award-winning multitool including MFA that handles secure identity and access management for less. SEE VIDEO OF PASSLY>>
Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- 60% of Companies Go Out of Business After a Cyberattack
- The Week in Breach 02/24/21- 03/02/21
- Kaseya Receives 5 Cybersecurity Excellence Awards
- Don’t Make Friends with Social Media Phishing Scammers
- 42% of Companies Must Improve Password Security. Here’s How to Do It.
Learn the Secret of How Cybercriminals Trick You Into Falling for Phishing Messages!
Spring Your Sales Forward with Fresh NEW RESOURCES!
Secure Your Data from Shenanigans with This Infographic!
Cybercriminals are scheming to get their hands on your pot of gold! Don’t rely on luck to secure your systems and data! Rely on the strong solutions in the ID Agent digital risk platform to find security at the end of the rainbow. We’ve also created this holiday-themed infographic to share with your customers featuring 7 lucky tips for securing businesses against data-snatching leprechauns fast.
Download the infographic “Don’t Believe in Luck” today! DOWNLOAD IT>>
Kick Your Unhealthy Relationship with Supply Chain & Third-Party Risk to the Curb
The interconnected relationships between businesses and suppliers, vendors and partners has been in the spotlight as cybersecurity peril mushrooms from giant companies like Microsoft and Solarwinds. So how can you protect your company and your clients from the added risk that comes with doing business in today’s world? Find great ways to reduce third-party and supply chain risk in our new eBook “Breaking Up with Third Party and Supply Chain Risk”.
You’ll discover:
- Examples of third-party and supply chain data breaches
- A clear walkthrough of how supply chain and third-party risk endanger businesses
- Solutions that mitigate the chance of disaster from those risks
Download the NEW eBook “Breaking Up with Third Party and Supply Chain Risk” now. DOWNLOAD THIS EBOOK>>
Escalating Phishing Threats Are Still Capitalizing on Pandemic Pressure and Remote Workers
Many things in the world have slowed down or are still stopped as we navigate the back end of the global COVID-19 pandemic. But one thing is having a major growth spurt with no end in sight: phishing. Across the board, phishing threats are the top cybersecurity menace that businesses face today and that threat meter is only going up.
Phishing increased 42% overall in 2020, while some categories and attack types like ransomware experienced triple-digit growth. That constantly growing menace rose 148% in March 2020 alone. Phishing threats took their biggest jump in Q2 2020, escalating an eye-popping 660% according to Google. Even in Q4 2020, the increase was lower but still epic: phishing was up more than 220%. Experts agree that phishing will continue to dominate the threat lanscape in 2021.
Cybercriminals are still milking the public’s thirst for information about COVID-19. In the early months of lockdowns and public health emergencies, bad actors grew adept at using pandemic lures and other crafty, socially-engineered tricks to take advantage of stress and anxiety, especially when it comes to targeting remote workers. More than 30% of the email sent overall in 2020 was a pandemic-themed phishing attempt, and a whopping 72% of all phishing email was COVID-19 themed.
Automated Email Security can save your business a fortune. Get a free eBook that details how Graphus lowers your company’s chance of an email related security disaster at a price you’ll love now!
One reason that phishing is up is because email volume is up. Workers handled 72% more emails in 2020 than the year before, and email is the primary communication tool of the majority of businesses these days, although messaging is catching up. That gives cybercriminals many more chances to snag a tired, stressed, or distracted remote worker.
Impersonation and business email compromise scams are also reaching new heights. Business email compromise (BEC) attacks doubled, and impersonation scams, especially phishing that aped a major corporation or “trusted” source took off – more than half of all phishing “websites” in 2020 imitated one of those organizations. In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
Smart cybercriminals know that they’ll have a far easier time duping an unsuspecting worker into clicking a link than downloading an attachment, and they planned their attacks accordingly. While an estimated 71% of spear-phishing attacks included malicious URLs, only 30% of BEC attacks included a link. Drilling down, 20% of phishing URLs were WordPress sites, 72% of phishing websites used genuine HTTPS certificates, and 100% of drop zones employed TLS encryption.
Would you trust a flimsy old lock for your front door? Why trust one on your data? Learn to Build Better Passwords. GET IT>>
Don’t Dismiss Increased Risk. These Solutions Can Help.
Securing systems and data against phishing is a multi-pronged operation. Combining multiple solutions for overlapping protection is important for ensuring that security gaps don’t appear for cybercriminals to exploit. Here are our recommendations for dealing with escalating phishing risk sensibly and affordably to secure your business and your clients.
Start Using Multifactor Authentication Now
The power of MFA to mitigate risk cannot be overstated. A major goal of cybercriminals who go phishing is capturing passwords and credentials – which they can do with great success. In the event that a staffer coughs up a password to cybercriminals, MFA can save an organization a world of hurt. On its own, MFA stops 99% of password-related cybercrime.
If your clients can only afford to shell out for one new security tool right now, make it Passly. Secure identity and access management that includes MFA, single sign-on (SSO), secure shared password vaults and more is a powerful weapon against both phishing-related cybercrime and password-related cybercrime. Plus, automated password resets take the pressure off of IT teams and save money. Passly provides a great deal of essential protection in one affordable package.
Upgrade Security Hygiene To Build Cyber Resilience
Prevent organizations from experiencing a cyberattack altogether is no longer a realistic option. Even a well-protected business is going to land in cybercriminal sights at some point in today’s elevated threat atmosphere. Not to mention constantly growing third-party and supply chain risk. The better goal to pursue for businesses is to prevent cybercriminals from gaining access to important data or gravely impacting business operations.
That’s why building cyber resilience is so important. By combining smart solutions, quality training, and savvy cybersecurity disaster planning, organizations can remain agile and able to function under adverse conditions, while experiencing a cyberattack. Malware like ransomware is often used to disrupt operations rather than stealing data, and a cyber resilient organization is ready to deal with that. Check out “The Road to Cyber Resilience” for insight.
Don’t let ransomware take your business hostage!
Get the eBook Ransomware 101>>
See our list of 10 things you need to know about ransomware!>>
Drill Phishing Resistance Constantly
No anti-phishing strategy is complete without fostering an improved security awareness culture, and that includes phishing resistance training. No matter how much anyone thinks that employees have been trained to spot and stop phishing, it’s not enough. More than 60% of businesses do not do enough cybersecurity awareness or phishing resistance training, and that’s a problem – especially for remote workers.
The newly revamped BullPhish ID makes training painless for everyone. Easy remote management and personalized training portals make it a snap to assign and run training. Plus, new training content is added monthly. Now that content can be customized to reflect industry-specific threats, including attachments. Simple, clean reports and online quizzes clearly demonstrate the value of the training too, including improvement statistics and details about how employees performed in different scenarios.
If your clients are looking for smart, affordable, automated protection against phishing, they need to look no further than Graphus. In a recent test of Secure Email Gateways and other traditional solutions versus automated phishing solutions, more than 40% of the messages sent in a phishing penetration test bypassed conventional email security – but not automated security.
Phishing Isn’t Slowing Down
This is definitely not going to be the year when phishing threats decrease. Cybercrime growth will continue to be explosive as the pandemic’s impact continues to squeeze the world economy. In Q4 2020, phishing threats were up 220% over Q42019, and similar growth is expected when Q1 2021 numbers come in. Don’t put off getting your customers in a strong position to overcome the challenges brought by this tidal wave of phishing. By taking the initiative to get ahead of the risk, they’ll be in a better place to ride out phishing trends throughout the year.
Book a demo of the ID Agent digital risk protection platform now! BOOK IT>>
Mar 3 & 9 – MSP Cybersecurity Certification Webinar REGISTER NOW>>
Mar 11 – The MSP Lounge (EMEA Special) REGISTER NOW>>
Mar 11 – MSP Mastered® Level 1: Developing Effective Master Service Agreements and SOWs REGISTER NOW>>
Mar 23 – Xaas Summit: Innovation on Demand Via the Channel (EMEA Special) REGISTER NOW>>
Mar 25 – MSP Mastered® Level 1: Optimizing and Integrating Your Business Platforms REGISTER NOW>>
Mar 31 – Apr 1 – Zero Trust World (MSP Edition) REGISTER NOW>>
Are you ready to boost your MRR with fast, easy security sales wins in 2021?
Watch “5 Proven, Practical Steps to Close New Security Business” now>>
Impersonation Schemes Can Snag Even Savvy Employees
As phishing threats continue to rise, a disturbing trend that has grown throughout the pandemic continues to impact businesses around the world. Smart cybercriminals are pulling off audacious impersonation schemes, and protecting your business from them needs to be a priority.
Cybercriminals have been using the circumstances of the global pandemic to their advantage. Workers received 72% more emails in 2020 than the year before, and that means many more opportunities for phishing – over 35% of all phishing emails sent in 2020 had a COVID-19 twist.
Bad actors used emails purporting to be from organizations like the World Health Organization, the New York Department of Labor, Oxford University and myriad other seemingly “trustworthy” authorities to socially engineer pandemic-rattled workers into downloading spurious attachments and clicking poisoned links.
Those are the kinds of phishing messages that can snag anyone, even employees who are normally wary about such things. That’s why it’s essential that phishing resistance training is a central feature of your cybersecurity plan. Studies show that security awareness training like that can reduce your risk of a cybersecurity incident by up to 70% as long as it’s regularly refreshed (typically quarterly).
BullPhish ID is an ideal training solution for businesses of any size. Our content is updated regularly, providing fresh exercises reflecting the latest threats for workers every month. Training materials can also be quickly customized to better reflect industry-specific dangers. Access it all through a user-friendly training portal that makes the whole experience painless..
Don’t wait until someone’s been fooled by a phishing email. Strengthen your company’s defense against clever, socially-engineered phishing attacks with regular phishing resistance and security awareness training. You’ll gain dividends today and tomorrow.
If Cybersecurity is Like a Game, Shouldn’t You Play to Win? Here’s How to Do It.
Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!
*** This is a Security Bloggers Network syndicated blog from Blog – ID Agent authored by Kevin Lancaster. Read the original post at: https://www.idagent.com/blog/the-week-in-breach-data-breach-news-03-03-21-03-09-21