Tuesday, March 12, 2019

Breached!!

Exploit: User account takeover
Sizmek: American online advertising platform based in Austin
correct severe gaugeRisk to Small Business: 2.111 = Severe: Security researcher Brian Krebs caught hackers auctioning access to a Sizmek user account on the Dark Web, specifically a Russian-language cybercrime forum. The bidding began at $800 per account. With account access in hand, threat actors are capable of infecting ongoing ad campaigns or siphoning profits from ads in the system. After investigating, Sizmek believes that the account in question was simply a regular user account, without higher level administrator access. Nevertheless, the platform will be forced to upgrade security and deal with a PR nightmare to retain customers and continue to do business.
correct severe gauge                                                
Individual Risk: 2.714 = Severe: Given that the company connects over 20,000 advertisers with 3,600 agencies across 70 countries, such a compromise could have displaced advertising revenue from clients and passed undetected for quite some time. This type of attack poses high risk for Sizmek clients and their end-users, who have the most to lose in the event of breach.
Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: In an ecosystem of evolving B2B2C business models, companies that provide services for business users must acknowledge the possibility and gravity of a cyber-attack. As evidenced by this event, cybercriminals are peddling access to attack vectors that have the potential to cripple businesses on the Dark Web. Partnering with an MSP who can proactively monitor and navigate the inner workings of the Dark Web is crucial to securing small business customers and end users.

ID Agent to the Rescue:  Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/ 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Ransomware attack
Delaware Guidance Services: Non-profit that offers mental health services for children, youth, and families
correct severe gaugeRisk to Small Business: 1.666 = Severe: The Delaware-based organization issued letters to 50,000 patients notifying them of a ransomware attack that took place on December 25, 2018. After records were locked by hackers, DGS ended up paying a ransom in exchange for a decryption key to regain access. Although their investigation concluded that no data was compromised, they are offering free credit monitoring and reporting services for one year to those affected.
correct severe gauge                                               Individual Risk: 2.428 = Severe Personal details including names, addresses, DOBs, SSNs, and medical information was impacted. All members have been advised to review financial and credit reports for any suspicious activity.
Customers Impacted: 50,000 patients
How it Could Affect Your Customers’ BusinessThe threat of ransomware is increasing at alarming rates, and small businesses must begin to consider the potential impact of an attack on their systems. In the event of breach, management is forced to decide whether to pay the ransom or risk losing access to customer records forever.
ID Agent to the Rescue: Dark Web ID can monitor the Dark Web and find out if your customers’ data has been compromised. We work with MSPs and MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/ 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Internal data breach
Orchard View School DistrictA high school district in Muskegon Township, Michigan..
correct severe gaugeRisk to Small Business: 2.223 = SevereStudents allegedly hacked the school’s information system, PowerSchool, and altered grades and attendance records. The school has notified parents of the students who may be responsible and is investigating the incident. However, what data was modified and how access.
correct severe gaugeIndividual Risk: 2.857 = Moderate Risk Depending on whether a ledger of the previous data was stored or removed, other students could be at risk for having their grades modified. Regardless, the possibility of losing such data can be upsetting for students, to say the least..
Customers Impacted: To be determined
How it Could Affect Your Customers’ BusinessOrganizations that store important information must remain vigilant for cyber-attacks, especially originating from within. To protect valuable data from getting in the hands of the wrong people, internal systems must be “fool-proofed” by partnering with the right security provider.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Ransomware attack Container WorldOne of the largest supply chain companies for beverages in British Columbia
correct severe gaugeRisk to Small Business: 2.111 = SevereCybercriminals were able to breach business systems at the logistics company, demanding a ransom to restore access. In response, Container World chose not to pay the ransom and acted to protect their systems by shutting down affected systems. All systems were taken offline for over a week as their engineers scrambled to rebuild the IT infrastructure from the ground up. Aside from the hefty costs associated with interruptions to business processes and time spent rebuilding systems, the company may have to answer to disgruntled business customers.
correct severe gauge                                               Individual Risk: 3.0 = Moderate Risk  Although no financial information of customers was accessed, private liquor stores, bars, and restaurants suffered a major disruption to business. For a small mom-and-pop chain, such an incident could be crippling.
Customers Impacted: Undisclosed
How it Could Affect Your Customers’ BusinessUnderstanding the widespread impact that breaches can have in the B2B world is crucial to valuing cybersecurity. A weeklong halt in distribution can create a ripple effect that not only affects current sales, but also future customer loyalty. In a world of increasing options, corporate customers will begin to diversify and move their valuable business elsewhere when they can no longer have faith in their supplier.


ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime:  https://www.idagent.com/bullphish-id
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Card-stealing Javascript malware
Emerson HospitalUK brunch of sportswear brand 
extreme gaugeRisk to Small Business: 2.0 = Severe: Russian security vendor Group-IB discovered that a malware dubbed GMO was installed into clothing brand’s website for at least the past 4 months. The attacker responsible was able to secretly collect card data entered by customers through the company’s server, researchers reported. However, the company was unable to remove the card-stealing code from their site until very recently. Along with the threat of fines and lawsuits, the business will certainly face customer churn.
extreme gauge                                               Individual Risk: 2.428 = Severe Anyone who ordered from the FILA.co.uk website should be contacting their bank and checking their statements. Since the company has yet to issue a statement, it could be months before customers are notified and able to act, potentially putting them at severe risk.
Customers Impacted: An estimated 5,600 cardholders 
How it Could Affect Your Customers’ Business:  As the world of e-commerce grows increasingly competitive, especially in the lens of the apparel industry, businesses should know that such a breach can produce catastrophic consequences. Keeping online shoppers on your website is hard enough as-is, and companies must avoid breaches at all costs to retain trust. In order to do so, it becomes a simple matter of enlisting the help of an IT security provider.
ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Employee phishing breach
Sir John Colfox Academy: Secondary school in Bridport, England
correct severe gaugeRisk to Small Business: 2.111 = SevereHackers were able to infect the academy’s computer network after a staff member opened a phishing email that appeared to be from a colleague. Coursework saved in the school’s system was lost, which means that the school will have to determine how to rectify the situation for students and their families. Such an attack can certainly affect future enrollment, as parents may reconsider before sending their kids back to the same school that lost valuable academic information.
correct severe gaugeIndividual Risk: 2.857 = Moderate: The school announced that it does not store the personal data of staff, students, or parents. Nevertheless, it is still possible that hackers will be able to leverage the information obtained.
Customers Impacted: To be disclosed
How it Could Affect Your Customers’ BusinessHackers have identified company workforce as the path of least resistance when it comes to executing damaging cyber-attacks. In order to prevent further exploits, companies must invest in security solutions that can guard against phishing exploits to protect employees and customers.
ID Agent to the RescueOur newest offering, BullPhish ID, simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id
1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
New Zealand - Kathmandu Holdings Ltd. https://www.nzx.com/announcements/331882
Exploit: To be determined.
Kathmandu Holdings Limited: Outdoor clothing and equipment retailer.
correct moderate gaugeRisk to Small Business: 1.666 = Severe: The company recently learned that an unauthorized party gained access to their website between January 8th and February 12th, compromising the personal information of customers. After hiring cybersecurity consultants, Kathmandu proceeded to reset passwords and notify potentially affected customers. Although it is unclear exactly how this will affect the retailer, a sharp decrease in brand equity and customer loyalty is imminent.
correct severe gaugeIndividual Risk: 2.714 = Moderate: Everything from billing/shipping names, addresses, email accounts, and phone numbers to payment and loyalty card details was compromised. Customers who have shopped online with the store should immediately begin to contact their financial institution, reset passwords, and monitor their credit reports.
Customers Impacted: To be determined
How it Could Affect Your Customers’ BusinessAn attack of this scale is not easily forgotten by the victims. Previously loyal customers will likely never return to the website or physical stores, amounting to a sticky situation for business owners. The only way to identify, prevent, and contain vicious cybercrime is to partner with security experts who offer comprehensive solutions.

ID Agent to the Rescue:   Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Dormant email account hack.
Christchurch: Largest city in the South Island of New Zealand that recently suffered from a mass shooting
correct moderate gaugeRisk to Small Business: 2.222 = Severe: Government agency CERT NZ warned citizens of opportunistic scams seeking to exploit the recent Christchurch tragedy. These cyber-attacks have taken the form of phishing emails for fake donations, malware-embedded videos, and fraudulent websites. Companies that offer work-from-home policies to employees and operate on networks that unsecured should beware of resulting compromises.
correct moderate gaugeIndividual Risk: 2.428 = Moderate: Individuals can avoid putting themselves at risk by simply exercising basic cybersecurity awareness. However, giving payment information on the wrong website or clicking the wrong video can result in fraud and malware that is difficult to trace.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Businesses that allow employees to use devices outside of secure networks should make cybersecurity training mandatory. Without proper internal and external controls in place, the chances of being breached increase exponentially.

ID Agent to the Rescue:  Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id 
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

No comments:

Post a Comment

Week In Breach