Tuesday, June 18, 2019

Week in Breach

This week, malware infects POS systems of US fast-food chain, ransomware continues to impact local governments, and a phishing scam tricks Office 365 users. 
Dark Web ID Trends:
Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry: 
Finance & Insurance
Top Employee Count: 
11 - 50 Employees 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Monday, June 17, 2019

Friday, June 14, 2019

Canada Sees Spike in Malicious Email Campaigns

Canada Sees Spike in Malicious Email Campaigns 

Canadians were the target of more than 100 campaigns in the first four months of 2019. The malicious email campaigns were especially geo-targeted to French-speaking regions of the country, which include important organizations for the shipping, logistics, banking, and governments services. 

While a few specific campaigns accounted for much of the traffic, phishing emails and imposter attacks are on the rise globally, making many companies’ own employees the primary culprit in enabling more extensive data breaches to occur. 

Consequently, organizations have a responsibility to train their employees about the emerging trends, growing risks, and best practices to ensure that their networks remain secure. You might even want to partner with an MSP that can facilitate these initiatives, ensuring that your most prescient vulnerabilities become a trained level of defense against cybercrime
.

https://www.scmagazine.com/home/security-news/malware/great-white-north-bombarded-with-malicious-email-campaigns-report/

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Wednesday, June 12, 2019

Mobile Banking Malware Increases by 58%

Mobile Banking Malware Increases by 58% 

According to a recent report by Kaspersky Lab, mobile banking malware is on the rise. The first quarter saw instances of mobile banking malware more than triple, and there was a 58% increase in modifications to banking trojans. 

A single piece of malware, dubbed Asacub malware, accounts for more than half of the banking trojans detected during this time, attacking approximately 8,200 users a day. 

In the first three months of the year, cybersecurity researchers identified 29,841 different modifications of banking trojans, underscoring the complex tasks that companies have when defending their digital infrastructure. 

As more and more financial services are conducted online, it’s a troubling sign to see an uptick in the scope and complexity of mobile-focused malware attempts. It’s also a reminder that companies can’t win this battle alone. They need to partner with skilled MSPs to help them identify and eliminate the latest threats to their businesses.



Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Tuesday, June 11, 2019

Breached!!!

United States - The Georgia Institute of Technology (Georgia Tech)https://finance.yahoo.com/news/georgia-tech-notifies-community-security-140000215.html

Exploit: Unauthorized database accessThe George Institute of Technology: Public research university based in Atlanta, Georgia
twib-severeRisk to Small Business: 1.555 = Severe: Hackers were able to infiltrate the Institute’s databases that were storing sensitive personal information on current and former students and employees. After identifying an unauthorized user sending queries through an Institute web server, Georgia Tech began an investigation and executed a few countermeasures to secure their ecosystem. Not only will Tech be on the hook for providing credit and identity monitoring services to affected individuals, but they will also deal with scrutiny from current students, employees, and even alumni.
twib-severe                                             
Individual Risk: 2.285 = Severe: According to an official statement from Georgia Tech, the information accessed varies by individual, but it could include names, addresses, Institute ID numbers, dates of birth, and social security numbers. This breach could extend to students, faculty, staff, alumni, applicants, and affiliates. Anyone with ties to Georgia Tech should enroll in identity theft protection services and stay vigilant for potential compromises or fraud attempts.
Customers Impacted: 1,265
How it Could Affect Your Customers’ Business: Failing to understand your organization’s threat landscape can have significant consequences in today’s digital environment. In this case, hackers had access to the university’s database for nearly four months, making it evident that their security standards were not adequate to address relevant threats. Particularly when your university is seen as a premier technological institution, failure in this regard is entirely preventable, embarrassing, and unacceptable.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Louisville Regional Airport Authorityhttps://www.scmagazine.com/home/security-news/louisville-regional-airport-authority-grounded-by-ransomware-attack/

Exploit: Ransomware
Louisville Regional Airport Authority: Municipal corporation responsible for owning, operating, and developing Louisville International Airport and Bowman Field
twib-severeRisk to Small Business: 2.111 = Severe: Hackers were able to install ransomware on the airport’s network system, encrypting localized files for two airports, the Louisville Muhammad Ali International Airport and Bowman Field. Fortunately, the organization was prepared for such an incident, and they are restoring their files from backups rather than paying the ransom. While the ransomware was restricted to localized files that are unaffiliated with the organization’s operations or security systems, it’s always concerning when critical infrastructure is tangentially impacted by security vulnerabilities.
correct severe gaugeIndividual Risk: 3 = Moderate: There is no indication that personal information was compromised as part of this breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessRansomware is a growing threat among SMBs. Since it is often injected into a company’s network through phishing scams or other employee errors, consider partnering with an MSP that has the tools to train employees and prevent phishing attacks.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Percepticshttps://www.vice.com/en_us/article/qv7zxx/perceptics-license-plate-readers-hacked

Exploit: Network compromise
Perceptics: Maker and distributor of license plate readers, under-vehicle cameras, and driver cameras
twib-extremeRisk to Small Business: 1.444 = Extreme: A hacker using the pseudonym “Boris Bullet-Dodger” gained access to the company’s database and exfiltrated hundreds of gigabytes of data, which he subsequently published on the Dark Web. In total, more than 65,000 files were stolen including data directly from employee laptops. In total, the data breach included information from the access databases, ERP databases, HR records, Microsoft SQL Server data stores, business plans, financial figures, and personal information.
twib-severeIndividual Risk: 2.142 = Severe: The trove of data released by this hack compromised personal information, and the extent of the hack makes it difficult to know precisely what data was taken. However, evidence that hackers accessed employees’ desktops, denoted through the presence of music stored on user computers, suggests that the information exposed could be extensive.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessResponding to a breach of this scope is complicated. Managing the PR fallout is a significant responsibility, but an organization’s most important function is to support those whose information is posted on the Dark Web. In the event of a data breach, knowing what happens to your data is critical, and partnering with a qualified MSP can make all the difference.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Shubert Organizationhttps://www.forbes.com/sites/marchershberg/2019/05/23/shubert-organization-suffers-data-breach/

Exploit: Employee email account breachShubert Organization: Theatrical producing organization and owner of theaters in Manhattan and New York City
twib-severeRisk to Small Business: 1.777 = Severe: Hackers gained access to several employee email accounts containing sensitive personal information. The data breach occurred last February, and it’s unclear why the company either took so long to identify the intrusion or to communicate the incident with stakeholders. Regardless, it underscores the importance of strong defenses, as the company is now responsible for providing credit monitoring services for 24 months. However, this pales in comparison to the incalculable reputational damages that can occur with the magnitude of this breach.
twib-severeIndividual Risk: 2.285 = Severe: Although the company can’t confirm that the intruder accessed personal information, the affected accounts included customers’ names, credit card numbers, and credit card expiration dates.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessWhile every company is responsible for putting up strong defenses again cybercriminals, bad actors are highly motivated and continually operate with an advantage. Therefore, it’s crucial for companies to differentiate themselves through their support services to help impacted individuals in the wake of a data disaster.


ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn morehttps://www.idagent.com/identity-monitoring-programs.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom - Sunderland City Council Library
https://cyware.com/news/sunderland-city-council-library-database-suffered-cyber-attack-compromising-customer-data-9c191d58

Exploit: Unauthorized database access
Sunderland City Council Library: Local city library serving Sunderland
twib-severeRisk to Small Business: 2.111 = Severe: Hackers were able to compromise a library database which contained customer account information and was hosted by a third-party vendor. The City Council hired an external cybersecurity firm to investigate the incident and shore up their security posture moving forward. Security measures that are implemented in the wake of a breach are valuable but protecting IT infrastructure from the beginning is the most cost-effective plan for keeping your customer and employee data secure.
twib-severeIndividual Risk: 2.4286 = Severe: The databases gave intruders access to personal information, including names, phone numbers, and dates of birth. While investigators found that only 45 accounts were accessed, they can’t determine which accounts were compromised. Therefore, all library account holders should be monitoring their accounts for identity theft or fraud.
Customers Impacted: 145,000
How it Could Affect Your Customers’ Business:  Enhancing security standards is an essential next step after a data breach, but organizations are most beholden to those who are impacted by the initial incident. To be vigilant and prepared at all times, every organization should partner with an MSP that can proactively monitor the Dark Web for customer and employee data.


ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom - TalkTalk Grouphttps://www.bbc.com/news/business-48351900

Exploit: Cyber attack
TalkTalk Group: Telecommunications company providing internet and mobile network services throughout the United Kingdom
twib-severeRisk to Small Business: 2.222 = Severe: In 2015, TalkTalk experienced a catastrophic data breach that impacted 4% of their entire customer base. However, a communications failure left the personal information of thousands of victims exposed online since the breach.
twib-severeIndividual Risk: 2.285 = Severe: Although the company is hedging against the incident by claiming that none of the exposed credentials could individually lead to direct financial loss, the exposed data includes names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers, and bank details. Making matters worse, news organizations were able to identify victims’ banking information with a simple Google search, indicating both the seriousness of the information and the accessibility of the data.
Customers Impacted: 4,545
How it Could Affect Your Customers’ BusinessEspecially in the E.U., where GDPR mandates make clear communication a veritable must-have for any organization, TalkTalk’s oversight is especially egregious. However, regardless of scope or locale, effective communication and proper incident navigation can go a long way toward regaining customer trust and rebuilding brand reputation.


ID Agent to the RescueSpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Germany - TeamViewerhttps://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/

Exploit: Malware
TeamViewer: Developer of proprietary software for remote desktop control, desktop sharing, online meetings, web conferencing, and file transfers

twib-severeRisk to Small Business:  2.222 = Severe: TeamViewer has acknowledged a malware attack that gave hackers access to the company’s servers, which included their software’s source code. According to an official release by the company, the threat was detected before hackers could steal any data or code. However, this incident took place in 2016, which makes their timing problematic. Consequently, the company will face heightened media scrutiny and reputational damage that could exceed the scope of the actual breach.
correct severe gaugeIndividual Risk: 3 = Moderate: The company contends that personal information was not compromised during the breach, but users should be mindful of the company’s security posture, especially given the potentially sensitive information conveyed through their services.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessRegardless of actual outcomes resulting from the data breach, this episode makes it clear that TeamViewer does not prioritize clear and timely communication when it comes to their cybersecurity initiatives. While data security needs to be a top priority for every organization, communication and customer support are a close second, along with being the most controllable part of any cyber defense plan.

ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia - Canvahttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/

Exploit: Database server compromise
Canva: Graphic design website providing amateur and professional web/media design tools

twib-severe
Risk to Small Business: 1.555 = Severe: A now-prolific hacking group accessed Canva’s network, compromising information for millions of users. According to the hacker’s message after the breach, the theft includes extensive records up until May 17th. The company’s quick response and high cybersecurity standards will help mitigate the damage of the breach, but they are now responsible for understanding what happens to their users’ data when it’s published on the Dark Web.
twib-severeIndividual Risk: 2.149 = Severe: The scope of this breach is incredible, but it will impact users differently. Compromised information could include usernames, real names, email addresses, and location information. Fortunately, the passwords for 61 million users were hashed, making them more difficult to decrypt. The company encourages users to change their account passwords and to update passwords from other accounts that may be using redundant credential.
Customers Impacted: 139 million
How it Could Affect Your Customers’ Business: Even companies with the best cybersecurity standards can still fall victim to a devastating data breach. Partner with an MSP that can determine where information ultimately ends up (hint: the Dark Web!) so that your customers, employees, and profit margins are always protected from cybersecurity threats.

ID Agent to the Rescue:  Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web/.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Week in Breach