Wednesday, November 6, 2019

Breached!!

United States - Alphabroder https://www.asicentral.com/news/newsletters/promogram/october-2019/alphabroder-suffers-ransomware-attack/

Exploit: Ransomware attackAlphabroder: Promotional product supplier
twib-severe
Risk to Small Business: 1.555 = Severe: A ransomware attack temporarily halted Alphabroder’s processing and shipping platform. Since the ransomware prevented the company from executing orders, Alphabroder was forced to make a statement on social media and interrupt most business processes. Alphabroder did subscribe to cybersecurity insurance to help offset the costs, but the reputational damage and long-term infrastructure costs can be difficult to quantify and are capable of significantly dampening the company's financial prospects in the near term.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybercriminals are always looking for new ways to profit from businesses’ IT vulnerabilities. Unfortunately, these bad actors only have to execute their strategy once to inflict incredible long-term damage on a company. This complicated threat landscape makes it especially important that businesses regularly assess their cybersecurity stance to ensure that they are ready to defend whatever comes their way.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United States - Stripehttps://www.bleepingcomputer.com/news/security/stripe-users-targeted-in-phishing-attack-that-steals-banking-info/

Exploit: Phishing attack
Stripe: Online payment processing company
twib-severe
Risk to Small Business: 1.888 = Severe: Hackers are deploying fake and invalid Stripe support alerts to engage customers and procure user credentials. After clicking on the fictitious support alert, users are prompted to enter their bank account information and user credentials on a fake customer login page. This isn’t the first time that Stripe customers have been targeted in phishing attacks, and such attacks are becoming increasingly sophisticated and prevalent.
twib-severe

Individual Risk: 2.428 = Severe: Given that Stripe is an online financial platform, users can easily be tricked into providing their most sensitive personal data to cybercriminals. It’s unclear if any Stripe customers have fallen for this phishing scam, but any users who responded to one of these malicious messages had their personal data compromised. They should immediately report this to Stripe and their other financial institutions, and they should take steps to ensure their data’s long-term integrity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Cybersecurity has taken center stage among customers and employees, and both are demonstrating an unwillingness to work with companies that can’t protect their information. Especially for companies operating in a crowded and competitive market, top-shelf cybersecurity standards are a prerequisite to a thriving business model.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

United States - Pitney Bowes Inc. 
https://www.zdnet.com/article/pitney-bowes-claims-customer-data-safe-following-malware-attack/

Exploit: Malware attack
Pitney Bowes Inc.: Mail management company
twib-severe
Risk to Small Business: 2.111 = Severe: A malware attack prevented Pitney Bowes’ employees and customers from accessing critical services. The company, which specializes in mail management, lost business directly as a result of the attack. Customers were unable to refill postage or upload transactions on their mailing machines. In addition, news of the announcement sent the company’s shares down 4%, which underscores the many ways that a cybersecurity incident can negatively impact a company’s bottom line.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Regardless of the attack methodology, cybersecurity events are incredibly costly for companies. In this case, Pitney Bowes was punished by investors, lost revenue opportunities, and endured reputational damage that will have long-term implications for the company. Given the high cost of recovery, pursuing robust cybersecurity services is a bargain.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Canada - The Canada Posthttps://www.ctvnews.ca/canada/canada-post-investigating-whether-some-customer-data-was-compromised-in-2017-1.4642932

Exploit: Credential stuffing attackThe Canada Post: Primary postal operator in Canada
twib-severe

Risk to Small Business: 2.444 = Severe The Canada Post recently acknowledged that it discovered a data breach from 2017. The credential stuffing attack relied on redundant username and password credentials obtained from previous hacks to access user accounts. The postal provider was unable to identify the scope of the attack, so Canada Post is resetting all user account passwords.

correct severe gauge

Individual Risk: 2.571 = Moderate: The postal operator did not provide specific insights into compromised data, but the lengthy gap between intrusion and identification increases the likelihood that compromised accounts ended up on the Dark Web or leveraged for fraud. All users should review account credentials to ensure that they are not using similar passwords across accounts, or double-dipping, which would make them vulnerable to future threats.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing attacks are a natural consequence of years of data breaches that have compromised billions of records. Since many customers reuse the same username and password combinations across multiple accounts, it can be an easy way for hackers to infiltrate other accounts and access even more user data. In response, businesses should do a better job of encouraging strong, two-factor passwords, while also identifying compromised credentials before they are reused in a credential stuffing attack.


ID Agent to the Rescue: With AuthAnvil™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

United Kingdom - Sonic Jobs 
https://www.cisomag.com/recruitment-sites-exposes-250000-resumes-online/

Exploit: Exposed database
Sonic Jobs: Job recruitment website
twib-severeRisk to Small Business: 2.111= Severe: An exposed database revealed the personal information of thousands of job seekers. Sonic Jobs, which partnered with Amazon Web Services for its database, failed to change the database configuration to private, meaning that all users could view the details of job applicants and anyone who knew the locations of the servers could have downloaded the information.
extreme gauge

Individual Risk: 2= Severe: The exposed data was provided by job seekers, and it includes their names, addresses, contact information, and work experience. This information can quickly be sold on the Dark Web, where it can be used to facilitate other cyber crimes including phishing and identity scams. To protect themselves, anyone impacted by the breach should enroll in identity monitoring services while also being especially critical of unusual or unexpected communications.
Customers Impacted: 29,202
How it Could Affect Your Customers’ Business: In its response, Sonic Jobs cited its limited resources as one reason that the database’s configuration went undetected. Unfortunately for the company, consumers and global regulators don’t look at this metric when deciding how to respond to a data breach. Given the enormous financial and reputational costs of a data breach, acquiring the services to assess and secure your cybersecurity landscape is a no brainer.


ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more: https://www.idagent.com/dark-web.

France - M6 Group https://www.zdnet.com/article/m6-one-of-frances-biggest-tv-channels-hit-by-ransomware/

Exploit: Ransomware attack
M6 Group: Privately owned multimedia group
twib-severe
Risk to Small Business: 1.777 = Severe: Cybercriminals attempted to bring M6’s TV and radio channels offline using a ransomware attack. However, employees’ rapid identification and response time prevented the malware from disrupting programming. The company’s email and phone services did not escape the attack, remaining offline for several days after the attack. Several media outlets have been targeted with costly ransomware attacks this year, but M6 was able to sidestep more sinister consequences.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ BusinessWhen it comes to cybersecurity, a company’s employees can either be a vulnerability or an asset. In almost every case, this distinction is forged through training and preparedness. In this case, employees’ quick detection and response prevented an even more catastrophic ransomware attack. Rather than leaving cybersecurity up to chance, provide your employees with comprehensive cybersecurity training so that they can serve as an extra layer of protection against a litany of threats.


ID Agent to the RescueBullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Australia - CSLhttps://www.smh.com.au/business/companies/doctor-patient-details-allegedly-stolen-in-csl-espionage-scandal-20191017-p531k5.html

Exploit: Insider data theft
CSL: Biotherapy provider

twib-extreme

Risk to Small Business: 1.333 = Extreme Risk: A former high-level company executive stole a treasure trove of company details that he used to procure a job with a competitor. In addition to millions of pages of trade secrets, sales information, research, and testing information, the former executive procured the information on 800 doctors working with the company. These people are contracted by the company to influence other doctors and industry members and losing these contacts could prevent CSL from capitalizing on the exclusive thought leadership of these members.
twib-severe

Individual Risk: 1.857 = Severe: Although the doctors’ data was stolen for business purposes, those impacted by the breach should be aware that their information was used in an unethical and illegal manner by CSL’s former employee.
Customers Impacted: 800
How it Could Affect Your Customers’ BusinessCSL’s data breach is a reminder that customer data isn’t the only thing at risk in today’s digital environment. Trade secrets, intellectual property, and valuable industry contracts are all up for grabs, and this information can quickly be deployed by your competitors to undercut your advantage or to short-circuit your strategies. Therefore, when considering your cybersecurity strategy, devise a holistic plan to protect all of your valuable company data.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Channel Success Team will set you up for the win! https://www.idagent.com/goal-assist.

New Zealand - NZ First https://www.stuff.co.nz/national/politics/116409225/major-leak-of-nz-first-membership-database-exposes-personal-details

Exploit: Database exposure
NZ First: Political party in New Zealand

twib-severe

Risk to Small Business: 1.555 = Severe: A bad actor shared confidential information on a political party’s members with reporters. The incident is being described as “deliberate and malicious.” The data breach follows recent complaints about the party’s internal candidate selection process. Members whose data was distributed were furious, speaking with the media about their frustration over the party’s data management.
twib-severe

Individual Risk: 1.857 = Severe: The compromised data reveals personally identifiable information, including names, addresses, email addresses, phone numbers, and party member due status. This information can quickly spread on hacker forums or the Dark Web where it is often used to execute additional cybercrimes. Therefore, those impacted by the breach should be especially vigilant about monitoring their accounts, and they should consider enrolling in identity monitoring services to ensure that their information isn’t being misused.
Customers Impacted: 800
How it Could Affect Your Customers’ BusinessBeyond the obvious political ramifications, the incident underscores the importance of holistic data security at a time when personal data can be either an asset or a liability. This breach could discourage people from formally affiliating themselves with the party through membership. Similarly, businesses that fail to protect user data in one instance almost always endure long-term consequences that are even more significant than the initial breach.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

No comments:

Post a Comment

Breached