April 22nd, 2020 by Kevin Lancaster

This week, compromised email accounts expose customer data, ransomware disrupts remote work, and the FBI releases a new warning about COVID-19 related healthcare cybercrime.  

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: High-Tech & IT
  • Top Employee Count: 11-50

United States – AST LLC.

https://www.technadu.com/ast-llc-announces-data-breach-circulates-notices-employees/99052/

Exploit: Employee payroll breach

AST LLC.: Cloud & digital transformation service provider

gauge indicating severe risk

Risk to Small Business: 1.871 = Severe

Using a previously compromised email account, hackers accessed employee payroll information. Hackers used their access to set up rules that diverted received messages, making it more difficult for the company to detect the breach. The incident, which occurred on March 9, 2020, has prompted the company to update its cybersecurity standards to include two-factor authentication on company email accounts. Unfortunately, this change is too-little-too-late and is unlikely to assuage the concerns of the company’s enterprise clients.

gauge showing severe risk

Individual Risk: 1.690 = Severe

Hackers accessed employees’ payroll information and 2019 W-2 forms, which included their names, addresses, salary details, Social Security numbers, employer identification numbers, and other work-related information. AST has warned employees that this information will likely be transferred to the Dark Web, where it could be used to create convincing spear phishing emails. The company is offering affected personnel a year of identity theft prevention services, and victims should enroll in this service as an extra defense against additional cybercrimes related to this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Employee email accounts are often compromised, and this can have significant repercussions for both employee and company data. Simple steps, like enabling multi-factor authentication, can help keep these accounts secure while protecting ROI.

ID Agent to the Rescue: With Passly, you can protect your employees’ digital identities, your data, and your clients. Our remote-ready soultion packs multi-factor authentication, single sign-on, and password management tools in one affordable, easy-to-deploy package. Find out more at https://www.idagent.com/passly.


United States – San Francisco International Airport

https://www.bleepingcomputer.com/news/security/san-francisco-intl-airport-discloses-data-breach-after-hack/

Exploit: Malware attack

San Francisco International Airport: Airport authority

gauge indicating moderate risk

Risk to Small Business: 2.505 = Moderate

A malware attack on two websites related to the San Francisco International Airport, SFOConnect.com and SFOConstruction.com, compromised users’ login credentials. The breach applies specifically to users accessing the sites using Internet Explorer or a Windows-based personal device. In response, the airport has reset all account passwords, and they are encouraging everyone with an account on these platforms to update their login information for other websites that use the same information.

gauge indicating moderate risk

Individual Risk: 2.775 = Moderate

Hackers obtained peoples’ usernames and passwords. Although the company was quick to reset these credentials, victims should be mindful that this information could be used to access other accounts that rely on the same username and password combination. Therefore, they should carefully monitor their accounts for suspicious or unusual activity. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Stolen login credentials are often available for sale on the Dark Web, making an awareness of this nefarious marketplace an integral part of any company’s cybersecurity strategy. By having your eyes and ears attuned to this information’s availability, companies can prevent its use before it enables a more devastating data breach.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.


Canada – The Law Society of Manitoba

https://www.cbc.ca/amp/1.5530825

Exploit: Ransomware

The Law Society is Manitoba: Law firm collective

gauge indicating extreme risk

Risk to Small Business: 1.475 = Extreme

Two Manitoba law firms experienced a ransomware attack that crippled their operations. The encryption left employees unable to access computer systems, digital files, email, or data backups. As a result, firms are left without their client lists, accounting and financial information, photos, and other mission-critical information. The ransomware infected the firms’ systems after employees opened a malicious email attachment. According to the company, cybercriminals are demanding an “enormous” ransom that the companies are unable and unwilling to pay.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The challenging business environment created by the COVID-19 pandemic leaves little room for additional setbacks. Since ransomware attacks carry multifaceted expenses, including productivity loss, opportunity cost, and technology recovery, every company needs to be confident that it has its bases covered when it comes to this increasingly prominent threat.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.


Canada – Holland America Line, Inc.

https://hotforsecurity.bitdefender.com/blog/canadian-authorities-email-private-details-of-247-ms-zaandam-cruise-passengers-23010.html

Exploit: Accidental data sharing

Holland America Line, Inc.: Cruise company

gauge indicating severe risk

Risk to Small Business: 1.833 = Severe

When communicating with COVID-19 patients from a recently-docked cruise ship, authorities accidentally emailed an attachment that included the personal details to all cruise line passengers impacted by the virus. Compounding the problem, many recipients forwarded the email, expanding the scope of the data exposure. Impacting COVID-19 patients, this data breach is an awful event occurring at a terrible time.

Gauge indicating severe risk

Individual Risk: 1.905 = Severe

The breach includes patients’ personally identifiable information, including their names, addresses, dates of birth, email addresses, phone numbers, and passport numbers. The 247 passengers are also being asked to change their passport numbers. Victims should enroll in a credit and identity monitoring service to ensure the long-term integrity of this critical data.

Customers Impacted: 247

How it Could Affect Your Customers’ Business: This incident is a reminder that companies need a 360-degree approach to data security that accounts for all types of data loss opportunities. In this way, holistic cybersecurity training can equip employees to rightly prioritize company data and to take appropriate steps to mitigate the risk of a data breach.

ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.


United Kingdom – Travelex

https://www.ciodive.com/news/travelex-ransom-breach-investigation/575842/

Exploit: Ransomware

Travelex: Foreign exchange company

gauge indicating severe risk

Risk to Small Business: 1.703 = Severe

Hackers stole and encrypted company data, and they are threatening to publish the information if Travelex doesn’t pay a significant ransom. The attack was first reported by hackers in January when they indicated to media sources that they copied and encrypted 5GB of personal data. Ultimately, the attack has cost Travelex more than $2 million. Hackers exploited a flaw in VPN software to gain access to the network, and cybersecurity researchers believe that hackers had access to the company’s network well before they encrypted its data.

gauge indicating moderate risk

Individual Risk: 2.711 = Moderate

While it’s unclear what specific data categories were accessible to hackers, stealing and publishing personal data is one of the latest threats to accompany a ransomware attack. Travelex customers should be vigilant to monitor their accounts for unusual activity and their incoming messages for signs of phishing scams.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are incredibly costly, and their repercussions can reverberate through companies for years. Protecting against potential vulnerabilities that give hackers a foothold must be a top priority for companies looking to succeed in a digital environment where a ransomware attack is always a possibility.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.


Denmark – DESMI   

https://securityaffairs.co/wordpress/101495/hacking/desmi-discloses-cyber-attack.html

Exploit: Ransomware

DESMI: Pump manufacturer and developer

gauge showing severe risk

Risk to Small Business: 2.617 = Severe

A ransomware attack has encrypted company IT, prohibiting remote workers from accessing company systems. Although the DESMI is confident in its ability to restore services, this outage constitutes a veritable shutdown as employees can neither utilize in-office tools nor communicate via virtual meetings.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: COVID-19 has made remote work a necessity at companies around the world. This workflow is contingent on employees having access to company systems. During this time, a ransomware attack can erode the limited productivity and sales opportunities that companies have now, which increases the impetus to protect your company’s digital environment.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.


Australia – Ingram   

https://portswigger.net/daily-swig/ingram-data-breach-digital-content-platform-hack-resulted-in-theft-of-publishers-titles

Exploit: Unauthorized account access

Ingram: Book distributor

gauge showing severe risk

Risk to Small Business: 2.335 = Severe

Hackers accessed a customer account and downloaded numerous book titles from the company’s repository. The bookseller, which operates in the US, UK, France, and Australia, immediately revoked the account credentials and hired a third-party cybersecurity team to investigate the breach. As an on-demand printing business, Ingram relies on its reputation, as authors select platforms that can securely and reliably deliver their content to readers.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In today’s digital environment, where billions of login credentials are readily on sale on the Dark Web, every company should expect that hackers could gain front door access to its IT infrastructure. Therefore, it’s critical that they deploy security solutions, like two-factor authentication, that can prevent hackers from accessing user accounts even when they are armed with login information

ID Agent to the Rescue: Passly protects employees’ digital identities, data, and business continuity through an integrated multi-factor authentication, single sign-on, and password management solution. Learn more at https://www.idagent.com/passly.


Australia – Wappalyzer    

https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/

Exploit: Unsecured database

Wappalyzer: Technographics data provider

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.417 = Severe

On January 20, 2020, hackers copied data from an exposed database containing customers’ personal details. Now, Wappalyzer customers are receiving emails from hackers offering to sell the database for $2,000 in Bitcoin. The company downplayed the incident, claiming that the information was from an old database from its previous website. However, the details were valid enough that hackers were able to communicate with customers directly. As a best-case scenario, this incident is a PR disaster for the company, but the consequences could become more onerous.

gauge indicating moderate risk

Individual Risk: 2.883 = Moderate

Wappalyzer contends that the exposed database doesn’t include customers’ personal data. Even so, because hackers have access to users’ email addresses, those impacted by the breach should be especially vigilant about assessing incoming messages for potential spear phishing messages that could compromise even more sensitive personal data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Data breaches do serious damage to a company’s reputation. Customers and business partners are increasingly unwilling to work with companies that are stained by a data security incident. When coupled with expanding privacy regulations and soaring costs, today’s companies have millions of reasons to secure their customers’ data.

ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager.st.


Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News

Thousands of Zoom Credentials Available on Dark Web   

As we recently reported in our blog, Zoom and other video conferencing services have soared in popularity, but their convenience can come at a steep cost to cybersecurity. Unfortunately, these services have been subject to a litany of cyber threats. Terms like “Zoom bombing” are now part of our vernacular as Zoom takes the most heat for cybersecurity weaknesses, but other services have faced privacy concerns of their own.

This reality was underscored this week when cybersecurity researchers discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users.

Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing Dark Web monitoring is one way to stay ahead of the game during this critical time.

https://securityaffairs.co/wordpress/101475/deep-web/zoom-dark-web.html