Data Breach, Cyber Alert Monday 06-03-19

Cyber Alert: Last week, the tech unicorn Canva endured a significant data breach and local government agencies were under attack.


The Georgia Institute of Technology (Georgia Tech): Public research university based in Atlanta, Georgia
Exploit: Unauthorized database access
Risk to Small Business: 1.555 = Severe: Hackers were able to infiltrate the Institute’s databases that were storing sensitive personal information on current and former students and employees. After identifying an unauthorized user sending queries through an Institute web server, Georgia Tech began an investigation and executed a few countermeasures to secure their ecosystem. Not only will Tech be on the hook for providing credit and identity monitoring services to affected individuals, but they will also deal with scrutiny from current students, employees, and even alumni.
Individual Risk: 2.285 = Severe: According to an official statement from Georgia Tech, the information accessed varies by individual, but it could include names, addresses, Institute ID numbers, dates of birth, and social security numbers. This breach could extend to students, faculty, staff, alumni, applicants, and affiliates. Anyone with ties to Georgia Tech should enroll in identity theft protection services and stay vigilant for potential compromises or fraud attempts.
Customers Impacted: 1,265
How it Could Affect Your Business: Failing to understand your organization’s threat landscape can have significant consequences in today’s digital environment. In this case, hackers had access to the university’s database for nearly four months, making it evident that their security standards were not adequate to address relevant threats. Particularly when your university is seen as a premier technological institution, failure in this regard is entirely preventable, embarrassing, and unacceptable.


Louisville Regional Airport Authority: Municipal corporation responsible for owning, operating, and developing Louisville International Airport and Bowman Field

Exploit: Ransomware
Risk to Small Business: 2.111 = Severe: Hackers were able to install ransomware on the airport’s network system, encrypting localized files for two airports, the Louisville Muhammad Ali International Airport and Bowman Field. Fortunately, the organization was prepared for such an incident, and they are restoring their files from backups rather than paying the ransom. While the ransomware was restricted to localized files that are unaffiliated with the organization’s operations or security systems, it’s always concerning when critical infrastructure is tangentially impacted by security vulnerabilities.
Individual Risk: 3 = Moderate: There is no indication that personal information was compromised as part of this breach.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a growing threat among SMBs. Since it is often injected into a company’s network through phishing scams or other employee errors, consider partnering with an MSP that has the tools to train employees and prevent phishing attacks.

Perceptics: Maker and distributor of license plate readers, under-vehicle cameras, and driver cameras
Exploit: Network compromise
Risk to Small Business: 1.444 = Extreme: A hacker using the pseudonym “Boris Bullet-Dodger” gained access to the company’s database and exfiltrated hundreds of gigabytes of data, which he subsequently published on the Dark Web. In total, more than 65,000 files were stolen including data directly from employee laptops. In total, the data breach included information from the access databases, ERP databases, HR records, Microsoft SQL Server data stores, business plans, financial figures, and personal information.
Individual Risk: 2.142 = Severe: The trove of data released by this hack compromised personal information, and the extent of the hack makes it difficult to know precisely what data was taken. However, evidence that hackers accessed employees’ desktops, denoted through the presence of music stored on user computers, suggests that the information exposed could be extensive.
Customers Impacted: Unknown
How it Could Affect Your Business: Responding to a breach of this scope is complicated. Managing the PR fallout is a significant responsibility, but an organization’s most important function is to support those whose information is posted on the Dark Web. In the event of a data breach, knowing what happens to your data is critical, and partnering with a qualified MSP can make all the difference.

Shubert Organization: Theatrical producing organization and owner of theaters in Manhattan and New York City
Exploit: Employee email account breach
Risk to Small Business: 1.777= Severe: Hackers gained access to several employee email accounts containing sensitive personal information. The data breach occurred last February, and it’s unclear why the company either took so long to identify the intrusion or to communicate the incident with stakeholders. Regardless, it underscores the importance of strong defenses, as the company is now responsible for providing credit monitoring services for 24 months. However, this pales in comparison to the incalculable reputational damages that can occur with the magnitude of this breach.
Individual Risk: 2.285 = Severe: Although the company can’t confirm that the intruder accessed personal information, the affected accounts included customers’ names, credit card numbers, and credit card expiration dates.
Customers Impacted: Unknown
How it Could Affect Your Business: While every company is responsible for putting up strong defenses again cybercriminals, bad actors are highly motivated and continually operate with an advantage. Therefore, it’s crucial for companies to differentiate themselves through their support services to help impacted individuals in the wake of a data disaster.

Team Viewer: Developer of proprietary software for remote desktop control, desktop sharing, online meetings, web conferencing, and file transfers
Exploit: Malware
Risk to Small Business: 2.222 = Severe: TeamViewer has acknowledged a malware attack that gave hackers access to the company’s servers, which included their software’s source code. According to an official release by the company, the threat was detected before hackers could steal any data or code. However, this incident took place in 2016, which makes their timing problematic. Consequently, the company will face heightened media scrutiny and reputational damage that could exceed the scope of the actual breach.
Individual Risk: 3 = Moderate: The company contends that personal information was not compromised during the breach, but users should be mindful of the company’s security posture, especially given the potentially sensitive information conveyed through their services.
Customers Impacted: Unknown
How it Could Affect Your Business: Regardless of actual outcomes resulting from the data breach, this episode makes it clear that TeamViewer does not prioritize clear and timely communication when it comes to their cybersecurity initiatives. While data security needs to be a top priority for every organization, communication and customer support are a close second, along with being the most controllable part of any cyber defense plan.

Canva: Graphic design website providing amateur and professional web/media design tools
Exploit: Database server compromise
Risk to Small Business: 1.555 = Severe: A now-prolific hacking group accessed Canva’s network, compromising information for millions of users. According to the hacker’s message after the breach, the theft includes extensive records up until May 17th. The company’s quick response and high cybersecurity standards will help mitigate the damage of the breach, but they are now responsible for understanding what happens to their users’ data when it’s published on the Dark Web.
Individual Risk: 2.149 = Severe: The scope of this breach is incredible, but it will impact users differently. Compromised information could include usernames, real names, email addresses, and location information. Fortunately, the passwords for 61 million users were hashed, making them more difficult to decrypt. The company encourages users to change their account passwords and to update passwords from other accounts that may be using redundant credential.
Customers Impacted: 139 million
How it Could Affect Your Business: Even companies with the best cybersecurity standards can still fall victim to a devastating data breach. Partner with an MSP that can determine where information ultimately ends up (hint: the Dark Web!) so that your customers, employees, and profit margins are always protected from cybersecurity threats.

A Note From Kobargo:
Mobile Banking Malware Increases by 58% 
According to a recent report by Kaspersky Lab, mobile banking malware is on the rise. The first quarter saw instances of mobile banking malware more than triple, and there was a 58% increase in modifications to banking trojans.
A single piece of malware, dubbed Asacub malware, accounts for more than half of the banking trojans detected during this time, attacking approximately 8,200 users a day.
In the first three months of the year, cybersecurity researchers identified 29,841 different modifications of banking trojans, underscoring the complex tasks that companies have when defending their digital infrastructure.
As more and more financial services are conducted online, it’s a troubling sign to see an uptick in the scope and complexity of mobile-focused malware attempts. It’s also a reminder that companies can’t win this battle alone. They need to partner with skilled MSPs like Kobargo Technology Partners to help them identify and eliminate the latest threats to their businesses.

Contact Kobargo Technology Partners to schedule a free consultation today!



sign up for our newsletter

Be the first to hear about our services, collaborations and online exclusive content. Join the Kobargo Family email list!

    [md-form spacing="tight"]

    [md-text label="E-mail"]


    [md-submit style="outlined"]



    By submitting this form, you are consenting to receive marketing emails from Kobargo Technology Partners. You can revoke your consent to receive emails at any time by using the SafeUnsuscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.