Wednesday, July 10, 2019

Breached!!

United States - Emuparadisehttps://www.zdnet.com/article/emuparadise-gaming-rom-repository-suffers-data-breach/

Exploit: Compromised password hashing algorithmEmuparadise: Retro gaming emulator website
twib-severeRisk to Small Business: 1.555 = Severe: An outdated, compromised password hashing algorithm was exploited by hackers, causing user data to be compromised. Although the data breach took place on April 1, 2018, the damage was only recently revealed when accounts were provided to HavelBeenPwned. By failing to update their cybersecurity standards, Emuparadise will now face reputational erosion and incur significant costs associated with interrupted business processes and recovery.
twib-severe
Individual Risk: 2 = Severe: Emuparadise users can search HavelBeenPwned to view the status of their credentials. For those compromised, hackers gained access to email addresses, IP addresses, usernames, and passwords. Impacted individuals should be mindful that their credentials could be compromised, and they should be especially careful about using duplicate passwords on other services.
Customers Impacted: 1,131,229
How it Could Affect Your Customers’ Business: A data breach predicated on outdated security standards is an unnecessary and self-inflicted wound that is entirely avoidable. Instead, every organization should routinely evaluate their cybersecurity standards, ensuring that they reflect industry standard best practices.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Lake Cityhttps://cyware.com/news/triple-threat-ransomware-attack-cripples-email-systems-and-services-of-lake-city-729e1f23

Exploit: Ransomware
Lake City: Local government organization serving Lake City, Florida
twib-severeRisk to Small Business: 2 = Severe: A malware attack delivered “triple threat” ransomware that targeted the city’s network systems, rendering many city services inaccessible. Although emergency services such as police and fire are operational, city email accounts, land-line phones, and credit card services were disabled. In the meantime, the city has been forced to write bills, receipts, and other services by hand. It’s a reminder that ransomware attacks are uniquely dangerous because they not only cost money to repair, but those impacted run the risk of disrupting business processes or losing valuable data.
correct severe gaugeIndividual Risk: 3 = Moderate Risk: City officials believe that personal data, including online payment information, was not compromised in the breach. However, residents should monitor their accounts for suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessLocal governments are a top target for hackers, and ransomware is becoming a commonly deployed method for extorting valuable city resources away from citizens. Therefore, every local government needs a comprehensive ransomware response plan before an incident occurs. Ransomware attacks are often initiated by phishing scams, signaling the importance of cybersecurity awareness and training at the front line.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - U.S. Customs and Border Protectionhttps://techcrunch.com/2019/06/10/cbp-data-breach/

Exploit: Malicious cyberattack
U.S. Customs and Border Protection: Law enforcement agency operating under the authority of the Department of Homeland Security
extreme gaugeRisk to Small Business:  1.777 = Severe: A subcontractor violated the department’s policy and transferred copies of license plate and traveler images to their network where they were stolen in a malicious cyberattack. In response, the agency is monitoring the Dark Web for evidence of this data, and they are reevaluating their cybersecurity and privacy standards. Of course, these initiatives are simpler and more palatable when they are done proactively, rather than after an incident occurs. Consequently, the agency will now have to endure increased governmental oversight and media scrutiny.
twib-severeIndividual Risk: 2.428 = Severe: The stolen data included license plate and travel images from certain lanes at a particular border crossing. The agency isn’t providing any more specific information at this time, noting that it processes more than a million border crossings each day. However, they did indicate that no passport or other travel information was compromised in the breach.
Customers Impacted: 100,000
How it Could Affect Your Customers’ BusinessWhen sensitive personal information is compromised in a data breach, organizations have a responsibility to help those impacted recover from the incident. These responses vary significantly, but they should foundationally include understanding what happens to personal information after its stolen. Personal data can be quickly bought and sold on the Dark Web, so monitoring this environment is a staple of any comprehensive response that can begin restoring the organization’s reputation and protecting those that are affected.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Auburn Food Bankhttps://www.bleepingcomputer.com/news/security/food-bank-hit-by-ransomware-needs-your-charity-to-rebuild/

Exploit: RansomwareAuburn Food Bank: Charitable organization providing free food to families and individuals
twib-severeRisk to Small Business: 2.111 = Severe: A ransomware attack struck the non-profit, charitable organization, encrypting all but one of its computers. This particular ransomware, GlobalImposter 2.0, cannot be decrypted, and victims must contact the hackers to negotiate a ransom. However, Auburn Food Bank is refusing to negotiate. Instead, they are seeking donations to replace their technology, which is roughly equal to the ransom demands.
correct severe gaugeIndividual Risk: 3 = Moderate Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessRansomware attacks are frequently initiated through phishing emails, but this incident occurred at 2:00 A.M., when no employees were in the office. Keeping in mind that such threats can arrive at any time and any place, organizations must prepare a response plan proactively and continuously evaluate their cybersecurity posture.


ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more herehttps://www.idagent.com/dark-web/.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Evite 
https://www.zdnet.com/article/evite-e-invite-website-admits-security-breach/

Exploit: Unauthorized system access
Evite: Social planning and e-invitation service
twib-severeRisk to Small Business: 1.888 = Severe Risk: Hackers were able to access Evite’s network, which allowed them to download an inactive data storage file that contained the personal information of millions of their customers. Despite being notified of the breach on April 15th, the company is only now acknowledging the breach. Their slow response time and lax security standards will now require them to incur the fees of third-party cybersecurity analysts as well as cascading reputational costs that are difficult to quantify and even more challenging to repair. In the meantime, the company is encouraging users to reset their passwords, a modest first step for such a traumatic incident.
twib-severeIndividual Risk: 2.428 = Severe Risk: The compromised information could include names, usernames, email addresses, dates of birth, phone numbers, and mailing addresses. Fortunately, social security numbers and financial data were not included as part of the breach. However, since this information was already discovered on the Dark Web, those impacted by the breach should immediately attain credit and identity monitoring services to secure their credentials.
Customers Impacted: 10 million
How it Could Affect Your Customers’ Business:  When organizations are compromised in a data breach, their response becomes a critical metric in restoring their users’ trust. In this case, the company was slow to respond to the breach, delaying their messaging by several months. When exposed information makes its way to the Dark Web, timing is of the essence, and understanding what happens to the information accessed in the data breach can provide employees or customers with confidence in the integrity of their personal information or credentials. Partnering with an MSP can provide the insight necessary to achieve this.


ID Agent to the Rescue: SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada - Nova Scotia Health Authority https://www.cbc.ca/news/canada/nova-scotia/nova-scotia-health-authority-privacy-breach-1.5169171

Exploit: Phishing attack
Nova Scotia Health Authority: Provincial health authority serving Nova Scotia, Canada
twib-severeRisk to Small Business: 2 = Severe Risk: When an employee entered his credentials into an email purporting to be from the company's information technology department, hackers gained access to sensitive patient information stored in the employee’s email account. Although the breach was first reported on May 13th, the organization required nearly a month to determine the type and scope of the compromised data. Their slow response time and weak protocols will make the clean-up costly as they must reestablish their patients’ trust even as they upgrade their cybersecurity practices.
twib-severeIndividual Risk: 2.428 = Severe Risk: The breach specifically pertains to patients who were scheduled for surgery at or who were communicating with the Colchester East Hants Health Centre in Truro. Since the organization can’t verify specific data exposure, those impacted by the breach should prepare for the worst and assume that their information could be made accessible on the Dark Web.
Customers Impacted: 2,841
How it Could Affect Your Customers’ BusinessThe Health Authority has repeatedly struggled to mitigate the threat of a breach, and employee actions are frequently the cause, something that is certainly not restricted to this particular organization. A rapidly changing and increasingly capricious threat landscape means that companies need to routinely and continually train and prepare their employees to succeed in this regard. Often, that means partnering with industry experts to keep your employees up to speed.


ID Agent to the RescueMonitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Canada - City of Burlington https://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach

Exploit: Phishing scam
City of Burlington: Local government organization serving Burlington, Canada

twib-severeRisk to Small Business: 2 = Severe Risk: A sophisticated phishing email requesting new bank account information was purportedly sent from an established city vendor. Workers didn’t immediately identify the scam, and the city sent $503,000 to a falsified bank account. Although the government is updating its protocols to prevent this from happening in the future, it’s a reminder that, when it comes to guarding resources, proper cybersecurity training is a bargain.
correct severe gaugeIndividual Risk: 3 = Moderate Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessPhishing attacks are entirely preventable, but they can be incredibly difficult to identify. As hackers adopt more sophisticated methodologies, it increases the importance of sophisticated and continual training to prevent them from wreaking havoc on your company’s IT infrastructure and customer data. What’s more, this training needs to reflect the evolving nature of today’s attacks.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns, helping employees identify the signs of a scam in a rapidly changing threat environment. Click the link to get started: https://www.idagent.com/bullphish-id/.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Belgium - ASCO https://www.scmagazineuk.com/airplane-parts-maker-asco-ransomware-attack/article/1587573

Exploit: Ransomware
ASCO: Designer and manufacturer of aerospace components

twib-severe
Risk to Small Business: 2.111 = Severe: A ransomware attack crippled IT systems and halted production at the company’s Belgium plant. To prevent the ransomware from spreading, the company also shut down production in Germany, Canada, and the United States. Not only is ASCO faced with either paying the ransom or purchasing new network infrastructure, but the company had to send home 1,000 of its workers on paid leave for the entire week.
 correct severe gaugeIndividual Risk: 3 = Moderate: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Regardless of your company’s size or sector, having a plan in place in the event of a ransomware attack is a must-have asset in today’s digital economy. Since data breach management is considerably more expensive than proactively training employees and implementing safeguards, such efforts should be a no-brainer for every institution.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

No comments:

Post a Comment

Breached!