Week in Breach

The Week in Breach: 05/28/19 – 06/04/19

By Kevin Lancaster on Jun 5, 2019 3:59:56 PM

This week, malware infects POS systems of US fast-food chain, ransomware continues to impact local governments, and a phishing scam tricks Office 365 users. 

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry: 
Finance & Insurance
Top Employee Count: 
11 – 50 Employees


United States – Flipboard
https://www.zdnet.com/article/flipboard-says-hackers-stole-user-details/

Exploit: Unauthorized database access
Flipboard: News aggregator service and mobile app

Risk to Small Business: 2 = Severe: Hackers accessed a database containing users’ account information on two separate occasions during a span of nine months. The company notified law enforcement of the breach and hired a third-party investigative firm to audit their security standards and develop better standards for the future. However, this incident will inflict a significant black eye on their reputation, and the company will be required to spend time and money to secure their platform and restore trust.
Individual Risk: 2.571 = Moderate: It’s unclear if the hackers downloaded users’ personal information, but the hacked database includes user names, hashed and salted passwords, email addresses, and digital tokens associated with Google, Facebook, and Twitter accounts. Although Flipboard has reset all user passwords and disconnected or deleted all tokens, impacted individuals should be mindful that their credentials could be compromised. Flipboard users should be especially careful about using duplicate passwords on other services.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breach incident responses are becoming increasingly commonplace. Apologies, investigations, and updates are typical responses from organizations, but they don’t have to become the norm. Extensive breaches similar to Flipboard’s should encourage companies to prioritize their cybersecurity initiatives and avoid breaches from occurring in the first place.

ID Agent to the Rescue: With BullPhish ID™, can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United States – Checkers Drive-in Restaurants Inc.
https://cyware.com/news/checkers-drive-in-restaurants-suffered-malware-attack-impacting-102-checkers-and-rallys-locations-f31199f1

Exploit: Malware
Checkers Drive-in Restaurants Inc.: Fast food chain operating in 28 states

Risk to Small Business: 2 = Severe: Hackers successfully infected 102 of the company’s point-of-sale systems with malware that stole customers’ payment information. The restaurant chain has elicited the support of law enforcement authorities and third-party security experts to remove the corrupted software from their systems. They will now face the considerable costs of digital infrastructure repair and reputational costs that could discourage people from visiting their restaurants.
Individual Risk: 2.285 = Severe: Attackers gained access to information stored on the credit or debit cards’ magnetic strips. This includes cardholder names, payment card numbers, verification codes, and expiration dates. This extensive payment information can quickly make its way to the Dark Web or be redeployed as a payment method on other websites. All customers should review their account statements for suspicious activity while also procuring credit monitoring services.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Any company reliant on point-of-sale exchanges with their customers must be especially vigilant about protecting the integrity of these systems. Not only is it incredibly costly to repair the technological infrastructure, but the cascading consequences of reputational damage can be even more profound. Companies can (and should) demonstrate their commitment to protecting their employees and customers by taking proactive measures to prevent future breaches.

ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United States – City of Laredo
https://www.lmtonline.com/local/article/City-of-Laredo-office-recovering-from-ransomware-13890519.php

Exploit: Ransomware
City of Laredo: Local government organization serving Laredo, Texas

Risk to Small Business: 2.111 = Severe:A ransomware virus encrypted the city’s document management system, requiring a total shutdown of the city’s computers. Fire, police, and utility and health departments were the first to be restored, but agencies were required to work offline while authorities cleared each individual computer and were forced to interrupt business processes.
Individual Risk: No personal or employee information was compromised in this attack.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks on local government and small businesses are on the rise, and everyone needs a response plan in place before an incident occurs. In this case, quick action prevented the virus from spreading deeper into the system, and the city’s ransomware insurance will help defer the costs of a breach. At the same time, many ransomware attacks are initiated by phishing scams, which means that every company should include training on cybersecurity best practices as a part of their ransomware preparedness plan.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United States – People Inc.
https://www.zdnet.com/article/one-of-new-yorks-largest-nonprofits-suffers-data-breach/

Exploit: Employee email account breach
People Inc.: New York’s largest non-profit organization providing services for seniors, families, and individuals with developmental disabilities

Risk to Small Business: 1.555 = Severe: A compromised email account gave hackers access to an extensive amount of client and patient information. Security officials believe that a brute force attack exploited a weak employee password, and a simple password reset secured the account. However, it was later discovered that the company knew of the breach as early as February, which makes their recent acknowledgement of the incident especially alarming.
Individual Risk: 2 = Severe: The compromised email account included vast amounts of client and patient information. Names, addresses, social security numbers, financial data, medical information, health insurance information, and government IDs were all accessible to hackers. This information can quickly spread on the Dark Web, and clients or patients should be vigilant about acquiring identity and credit monitoring services as a precaution against credential misuse.

Customers Impacted: 1,000
How it Could Affect Your Customers’ Business: This incident underscores the importance of cybersecurity best practices in any organization. A simple oversight gave hackers access to a single account, which compromised the information of 1,000 people. Every organization needs to prioritize training and oversight as a cybersecurity must-have. This data breach, like many others, was entirely preventable, and no organization wants to bear the financial and reputational burden of an avoidable oversight.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrimehttps://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United Kingdom – Leicester City Football Club
https://www.theregister.co.uk/2019/05/31/leicester_city_fc_hacked_credit_card_data/

Exploit: Malware
Leicester City Football Club: English professional football club

Risk to Small Business: 1.888 = Severe: Malware infecting the online store for the football club has siphoned payment information from the site’s users. Although the company can’t confirm the precise vulnerability that led to the breach, online stores are increasingly being targeted using the Magecart infection because of the uniquely sensitive information that is exposed during the checkout process. The team notified its customers of the breach, and it is now undergoing the arduous process of restoring faith in their platform.
Individual Risk: 2.285 = Severe: The malware collected payment information at checkout, which includes names, payment card information, expiration dates, and CVVs. While hackers are prevented from using the compromised payment information on the site, this data is valuable on the Dark Web, and it can quickly spread to other outlets through spear-phishing attacks. Users should be extremely vigilant about monitoring their financial records, and they are encouraged to acquire credit monitoring services.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  In the wake of many damaging data breaches originating at checkout, any organization with an online store needs to be especially mindful of their cybersecurity vulnerabilities. Most notably, they need to address them before they damage their customers while also doing considerable harm to the company’s bottom line and reputation. In addition, every organization needs a plan to support their customers in the event of an attack.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.United Kingdom – Greene King
https://securityboulevard.com/2019/05/uk-pub-chain-greene-king-gift-card-website-hacked/

Exploit: Unauthorized website access
Greene King: Pub retailer and brewer that owns pubs, restaurants, and hotels

Risk to Small Business: 1.666 = Severe:Hackers gained access to Greene King’s gift card website, which contained sensitive customer information. The company notified the Information Commissioner’s Office about the breach, and they will now have to manage the legal and technological ramifications of lax security standards.
Individual Risk: 2.285 = Severe: Although bank details and payment information were not accessed in the breach, hackers did gain access to customers’ names, email addresses, user IDs, encrypted passwords, addresses, postcodes, and gift card order numbers. Even without collecting payment data, personal information can be extremely valuable on the Dark Web, and it can be used to perpetuate identity theft and other forms of fraud. Anyone impacted by the breach should procure identity monitoring services to protect themselves from these malicious acts.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While a data breach is incredibly devastating for any company, they can begin repairing the damage by providing clear communication and incredible customer service in the wake of the event. When personal information is revealed, the company should provide customers with the services they need to safeguard their credentials and to achieve the peace-of-mind.

ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.Australia – LandMark White
https://www.smh.com.au/business/companies/landmark-white-calls-police-on-data-breach-accuses-banks-of-supporting-petty-criminals-20190602-p51tmo.html

Exploit: Unauthorized database access
LandMark White: Property evaluation firm

Risk to Small Business: 1.555 = Severe: Company documents were lifted from its internal database and uploaded to the website Scribd. This marks the company’s second data breach in the past six months. LandMark White is currently in the process of having their documents removed from Scribd, and they’ve begun an internal investigation to determine the source of the breach.
Individual Risk: 2.714 = Severe: According to the firm, the posted documents are primarily PDFs containing valuations and operationally related commercial documents, which lessens the risk of individual exposure. However, it’s possible that individuals working with the company could have their information included on a posted document. Therefore, anyone with a relationship with the firm should be vigilant about monitoring their personal information to ensure its integrity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Security vulnerabilities come in many forms, and every organization needs a holistic approach to data security that includes a well-rounded risk assessment and a comprehensive plan for mitigating the most prescient risks. Partnering with an MSP can provide the insight necessary to achieve this.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.New Zealand – New Zealand Treasury
https://www.zdnet.com/article/nz-treasury-says-systems-hacked-ahead-of-budget/

Exploit: Unauthorized system access
New Zealand Treasury: Central public service department for New Zealand, overseeing economic policy and performance

Risk to Small Business: 1.666 = Severe: An unauthorized user gained access to the department’s network, potentially procuring sensitive budgetary information scheduled for future release. The agency has support from the National Cyber Security Centre to identify the source of the breach, and they are conducting a holistic overview of their security standards. This incident is a reminder that personal information isn’t the only valuable asset that organizations hold. Their proprietary data can be equally as valuable to hackers.
 Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While most companies are rightly focused on securing their customers’ data, they need to be continually mindful of guarding their own information as well. Company data can be incredibly valuable, and organizations can struggle to recuperate that information once it’s unleashed on the internet or the Dark Web.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, ensuring that their most important data remains secure. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

Stolen NSA Tool May Be Responsible for Rash of Ransomware Attacks 

Ransomware attacks on local governments have become alarmingly prevalent, and they may have an unlikely source – a cyber weapon developed by the U.S. National Security Agency (NSA). In 2017, the NSA lost control of one of its most impactful weapons, code-named EternalBlue, and it now lies in the hands of independent bad actors and state sponsored hackers. 

The impact on local governments has been immense. While some cities refuse to pay the ransom, many are left with little choice but to pay up to restore access to their digital infrastructure. At the same time, the additional security costs have made it difficult for cash-strapped governments to combat the threat. 

With so much on the line, a comprehensive ransomware response plan has never been more important. Since most ransomware originates as phishing scams sent to employee email accounts, this also means that proper training can be worth its weight in gold, or at least in Bitcoin.