Tuesday, July 23, 2019

Three Billion Phishing Emails are Sent Every Day



Phishing attacks are wreaking havoc as they encourage unsuspecting recipients to hand over critical credentials that give hackers access to network infrastructure, personal financial accounts, and other important portals. 

This type of cybersecurity threat is ultimately the most defensible, since phishing attacks not only need to make it through email filters, but recipients have to directly act upon the message. Yet, they continue to inflict serious damage on small and medium businesses alike, becoming more common and complicated in today’s digital landscape. 

According to a recent report, more than 3.4 billion phishing emails are sent each day, making it increasingly probable that an employee will accidentally engage with the message. This underscores the need for awareness and prevention training to disrupt these efforts. Given the high cost of recovering from a phishing attack, acquiring comprehensive training from trusted professionals (like us!) is a cost-effective way to equip your employees to defend against phishing attacks. 


https://www.techrepublic.com/article/more-than-3b-fake-emails-sent-daily-as-phishing-attacks-persist/?ftag=CMG-01-10aaa1b

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Monday, July 22, 2019

Canadian Companies Unprepared for Cost and Consequences of a Data Breach

Canadian Companies Unprepared for Cost and Consequences of a Data Breach 

Shred-it’s annual Data Protection Report, which evaluates the most prescient threats to data security, took aim at Canadian businesses and concluded that they have an overly optimistic outlook of today’s cybersecurity landscape. 

Consequently, many companies are not prepared to defend against a data breach, which could negatively impact revenue, employee, and customer retention. 

The survey identified shifting consumer sentiments about data privacy and encouraged Canadian businesses to cater to the changing market dynamics by considering the reputational damage that accompanies a data breach along with other serious consequences.

Today, the stakes couldn’t be higher. 

A single data breach can have devastating outcomes for companies of all sizes, and this year’s survey concluded that too many companies need to prioritize cybersecurity as a critical component of overall business success. In many cases, partnering with a qualified security consultant can patch holes in your cybersecurity protocols while bolstering your defenses going forward. 


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

Friday, July 19, 2019

Breached!!!

United States - NEO Urologyhttp://www.wfmj.com/story/40646778/boardman-medical-practice-hacked-told-to-pay-75000-in-bitcoin-to-unlock-system

Exploit: RansomwareNEO Urology: Healthcare provider for urology care services
twib-severeRisk to Small Business: 1.666 = Severe: Hackers gained access to NEO Urology’s network, encrypting the company’s files and disrupting many of their services. Employees were notified of the ransomware by a fax listing “Pay4Day.io” as a contact address for additional information. While their network was inaccessible, the practice reported operational losses of $30,000 - $50,000 per day, a significant sum that ultimately led them to pay the $75,000 ransom using Bitcoin. In this case, it was more affordable to pay the ransom than to experience the revenue losses that accompany an inaccessible network. Unfortunately, their willingness to pay could make them a target for additional attacks.
whitebox
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Every company needs a ransomware response plan that is both technological and philosophical. Many ransomware attacks originate through phishing scams or other malware, a maxim that underscores the importance of robust cybersecurity initiatives. At the same time, developing adequate backup protocols can help companies avoid paying ransoms that neither guarantee a solution nor curtail bad actors from returning in the future.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Oregon Department of Human Services https://www.kptv.com/news/oregon-dhs-notifying-people-of-data-breach-personal-information-compromised/article_90b9d3c2-9210-11e9-8aae-f74903185b1a.html

Exploit: Phishing attack
Oregon Department of Human Services: State government agency supporting safety and health initiatives
twib-extremeRisk to Small Business: 1.444 = Extreme: When nine employees clicked on a phishing email, hackers gained access to their accounts, which collectively included more than two million emails containing personal information. The data breach occurred in January 2019, and it was first reported in March. However, the agency’s forensics investigation identified nearly twice as many impacted accounts as initially disclosed. Although phishing scams are entirely defensible, relying primarily on apathy and ignorance to trick unsuspecting recipients, the Oregon Department of Human Services is now responsible for providing 12 months of identity monitoring and recovery services as well as a $1 million insurance reimbursement policy to those who were impacted by the breach.
twib-severeIndividual Risk: 2 = Severe: When hackers gained access to the employees’ email accounts, they received an incredible amount of personal information. This data could include names, addresses, birth dates, social security numbers, case numbers, personal health information, and other sensitive information. Oregon DHS is offering identity monitoring and recovery services to those impacted by the breach.
Customers Impacted: 645,000
How it Could Affect Your Customers’ BusinessPhishing attacks are on the rise, delivering malware that can cripple a company’s reputation and financial standing. Fortunately, they are also entirely defensible. With proper training, employees can be transformed into the strongest line of cybersecurity defense, rather than an imminent liability. Given the high cost of a data breach, the relatively minor expense of a training program is an obvious solution for any organization.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - ResiDex Softwarehttps://www.scmagazine.com/home/security-news/data-breach/ransomware-attack-on-software-company-residex-may-have-exposed-data-on-assisted-living-residents-workers/

Exploit: Unauthorized network access
ResiDex Software: Software provider for assisted-living, group facilities, and care-giving organizations
extreme gaugeRisk to Small Business:  2.333 = Severe: When the software company was the victim of a ransomware attack on April 9th, it discovered unauthorized network access starting on April 2nd. ResiDex launched an IT forensics investigation, which determined that no company information was accessed in the attack. However, hackers could have gained access to the personal information of its clients. Not only will ResiDex have to bear the cost of updating its cybersecurity standards, but the unquantifiable reputational damage will have continuing consequences as the company tries to attain new clients or maintain relationships with existing customers.
twib-severeIndividual Risk: 2 = Severe: Since ResiDex serves assisted-living, group facilities, and care-giving organizations, patients at these locations could have their information compromised in the breach. This could include names, social security numbers, and protected health information that was stored with the provider. The software company notified all impacted individuals, but this information can quickly spread on the Dark Web, and those impacted should attain proper identify and financial monitoring services to ensure that their information remains secure.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessWhen sensitive personal information is compromised in a data breach, companies have a responsibility to help their customers regain confidence in their data’s integrity. In addition to providing identity and financial monitoring services to those impacted, understanding if the exposed information is accessible on the Dark Web by hackers is a critical component of a strong breach response.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - City of Riviera Beachhttps://www.cnet.com/news/florida-city-will-pay-hackers-600000-to-recover-from-ransomware-attack/

Exploit: RansomwareCity of Riviera Beach: Local government organization serving Riviera Beach, Florida
twib-severeRisk to Small Business: 1.555 = Severe: When a single employee clicked on a malicious email link containing ransomware, the city’s entire computer network was encrypted by ransomware. The encryption prevented the city from using email, logging 911 calls, or even controlling their water utilities. After spending nearly $1 million on new IT infrastructure, the city ultimately decided to pay the ransom, which cost $600,000 in Bitcoin. The payment, which will come from the city’s insurance provider, became necessary when the city discovered that it didn’t have adequate backups to restore vital information to this equipment.
whiteboxIndividual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessA ransomware preparedness plan is a veritable must-have for every organization since cybersecurity threats should be considered a “when”, not an “if” proposition. Such plans should include adequate backups, which can allow cities to avoid paying a ransom, but also proper training to avoid the phishing emails that frequently deliver the ransomware. These preventative measures are significantly more affordable than the cost of a ransom payment and the ancillary opportunity costs that accompany such an attack.


ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more herehttps://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada - Desjardins 
https://www.zdnet.com/article/desjardins-canadas-largest-credit-union-announces-security-breach/

Exploit: Unauthorized network access
Desjardins: Credit union cooperative
twib-extremeRisk to Small Business: 1.333 = Extreme: A former employee gained access to the company’s network, ultimately making off with the data of millions of members. Significant amounts of personally identifiable information were taken in the breach, impacting both its home users and business customers. The bank is in the process of notifying those impacted by the breach, and they are partnering with local law enforcement to mitigate the risk to their customers. This is a significant cybersecurity incident at a major financial institution, and it now faces the responsibility of updating its cybersecurity protocols along with the costs of identity and financial monitoring services while it works to rebuild its reputation.
twib-severeIndividual Risk: 2.142 = Severe Risk: The data breach included information from personal and business accounts. For personal users, this information contained names, dates of birth, social insurance numbers, addresses, phone numbers, and email addresses. Meanwhile, corporate data involved business names, addresses, phone numbers, owners’ names, and the names of users with access to accounts. Desjardins is providing free credit monitoring services for anyone impacted by the breach.
Customers Impacted: 2.9 million
How it Could Affect Your Customers’ Business:  Quick communication and effective response methods can go a long way toward helping companies recover from a data breach. While it’s no substitute for adequately guarding data in the first place, providing the right services can accelerate the recovery time while helping companies recoup some of the reputational damage incurred from a data breach.


ID Agent to the Rescue: SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United Kingdom - Mermaids UK https://www.bbc.com/news/uk-48652970

Exploit: Unauthorized email access
Mermaids UK: Charity and advocacy organization supporting gender diverse and transgender youth in the UK
twib-severeRisk to Small Business: 1.555 = Severe Risk: 1,100 company emails containing sensitive, intimate details about their users were inadvertently accessed and shared on a private messaging group. The emails were related to the organization’s work between 2016 - 2017, and they were searchable under certain circumstances. Since the organization’s constituents are especially vulnerable, this data breach undermines their ability to carry out their mission, and it could negatively impact their ability to acquire the funding necessary to continue their work.
twib-severeIndividual Risk: 1.857 = Severe Risk: Although the charity contends that only the news organization that discovered the breach had accessed the emails, those impacted by the breach should not presume that it’s reach was so restricted. It’s possible that their names, addresses, and intimate details about their dealings with the organization were viewable in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessEvery organization needs to prioritize their users' data protection, and those serving vulnerable clients need to be especially diligent about this prerogative. In this case, insufficient security protocols could do considerable harm to those impacted, something that is both unacceptable and unnecessary. At the same time, supporting those impacted by a data breach should be a top priority, and understanding what happens to affected data on the Dark Web can provide victims the peace-of-mind necessary to adequately recover from a breach.


ID Agent to the RescueDark Web ID, monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia - Australian Catholic University https://www.smh.com.au/national/australian-catholic-university-staff-details-stolen-in-fresh-data-breach-20190617-p51yif.html

Exploit: Phishing attack
Australian Catholic University: Public university with seven campuses throughout Australia

twib-severeRisk to Small Business: 2 = Severe Risk: A phishing email supposedly originating from the university tricked several employees into providing their account details through a fake login page. Since these credentials could provide hackers with access to multiple university systems, those impacted by the breach had their credentials reset and relevant financial institutions were notified.
twib-severeIndividual Risk: 2.285 = Severe Risk: Although the data breach was relegated to university staff, those who entered their credentials in the fake login page could have had their email accounts, calendars, and bank account details compromised. Therefore, anyone impacted by the breach should monitor their accounts for suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessThis is the second data breach this month at an Australian university, and it comes after a report on the lax cybersecurity standards at the country’s schools. Since the information acquired in phishing scams can be used for other services, companies can face cascading consequences for not working to solve the problem before a breach occurs. Phishing scams are entirely preventable through proper awareness training, making cybersecurity training programs a must for defending against these increasingly prolific attacks.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia - Nagle Catholic College https://www.abc.net.au/news/2019-06-20/nagle-catholic-school-parents-targeted-in-cyber-attack/11227802

Exploit: Phishing attack
Nagle Catholic College: Independent Roman Catholic day school

twib-severe
Risk to Small Business: 1.666 = Severe: A four-day “highly sophisticated” cybersecurity attack that began when someone clicked on a malicious link in a phishing email has allowed hackers to access parents’ personal information stored on the network. The school is working with law enforcement and cybersecurity experts to address the data breach by identifying cybersecurity standards in need of remediation and fully understanding the scope of the attack. Due to this cybersecurity incident, the school will have to foot the bill for cybersecurity services while also facing increased scrutiny from media and community members.
 twib-severeIndividual Risk: 2.142 = Severe: Although the school is still in the process of identifying the compromised data, it’s clear that financial information was accessed during the attack. This could include parents’ bank account details, credit card information, and scanned signatures. Since this information is valuable on the Dark Web and can spread quickly, those impacted should be vigilant about monitoring their financial accounts while also obtaining necessary credit monitoring services to ensure that their credentials are not being misused.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are easy to execute and possible to defend. However, with these attacks increasing in frequency and complexity, every organization needs to adequately assess this threat by providing their employees and stakeholders with the tools necessary to defend against a phishing scam. In this case, a single email is wreaking havoc on an entire institution yet could have been prevented far before it began.

ID Agent to the Rescue:DMonitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com