Data Breach, Cyber Alert Monday 11-25-2019

Last week, ransomware erodes profitability, healthcare providers struggle to protect PII, and data breaches officially reach an all-time high.

United States – SmartASP.NET

Exploit: Ransomware attack
SmartASP.NET: Web hosting platform

Risk to Small Business: 2 = Severe: Hackers encrypted the web hosting platform’s data, crippling both its IT infrastructure and customer data. After the attack, the company’s phones and website were both inaccessible, and SmartASP.NET was forced to notify customers that their data was encrypted. In addition to encrypting customer-facing infrastructure, a common target for ransomware attacks, the attack locked up significant amounts of back end data and delayed recovery efforts considerably.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks inevitably have significant financial repercussions, and this is only compounded by the reputational damage that follows such a newsworthy incident. However, hackers need an avenue to deploy this malware, and companies can protect themselves by ensuring that their defensive posture is sufficient to repel today’s most prescient threats.

United States – Florida Blue 

Exploit: Phishing attack
Florida Blue: Health insurance provider

Risk to Small Business: 2.2 = Severe: A phishing attack at one of Florida Blue’s third-party vendors successfully duped an employee into compromising patients’ personally identifiable information (PII). The event included less than 1% of Florida Blue’s members, but it shines a spotlight on the underlying cybersecurity vulnerabilities within third-party partnerships. Now, because of an event outside of their immediate control, Florida Blue will face intense regulatory scrutiny and suffer from less-quantifiable reputational damage in the wake of the breach.

Individual Risk: 2 = SeverePatients’ PII was exposed in the breach, including names, dates of birth, and prescription information. Florida Blue is offering free credit monitoring and identity theft protection for anyone impacted by the breach. Although Florida Blue doesn’t believe that patient data has been misused, these services will provide long-term oversight to ensure that patients’ credentials remain secure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In today’s digital environment, cybersecurity needs to be a central component of any third-party partnership. Unprotected companies place your data at risk, potentially undermining your best efforts to secure infrastructure. In contrast, strong cybersecurity standards can serve as a competitive advantage, allowing companies to market their strong defensive posture as a reason to subscribe to their services.

United States – Boardriders

Exploit: Ransomware
Boardriders: Action sports retailer

Risk to Small Business: 2.222 = Severe A ransomware attack crippled Boardriders’ operations, forcing several of their online stores to close and preventing employees from accessing any of the company’s IT. The event occurred during the last week of October, leaving the business with nearly two weeks of lost sales, productivity, and inventory. Until the ransomware was cleared from the network, employees were asked not to even turn on their computers. This productivity loss is one of the many hidden costs of ransomware attacks that are becoming increasingly prevalent as hackers look to extract large, single-payment sums from their victims.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The costs of a ransomware attack are enormous. Whether companies pay the ransom or restore a system from backups, the immediate expense can cripple a business, and the long-term repercussions are a serious deterrent to profitability. In this case, Boardriders offered consumers deep discounts to entice them to return to the store, and their inventory and productivity losses will further erode profitability.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

Data Breaches Reach New Highs

2019 has been a notorious year for data breaches, a reality that is playing out in front-page headlines and major industry studies. According to Risk Based Security’s Q3 2019 Data Breach Report, it’s the worst ever recorded in history. 

The year’s third quarter saw a year-over-year increase of 112% in the total records exposed. Unfortunately, this isn’t all attributable to the high-volume data breaches at major corporations. This year, SMBs, government agencies, and educational institutions are also seeing an uptick in cybersecurity incidents, together creating a 33.3% increase in the total number of breaches for the year.

Notably, many of these data breaches were avoidable. From misconfigured databases to phishing attacks, businesses have many options at their disposal for proactively protecting their most sensitive information. There is no indication that this recent data breach trend is likely to abate anytime soon, so businesses of every size have plenty of reasons to ensure that negligence isn’t the cause of yet another data catastrophe.

A Note From Kobargo.

New Threat Actor Impersonates Government Agencies 

Cybersecurity researchers are warning consumers of a new threat actor impersonating government email accounts in the US and EU. To date, researchers have discovered hoax emails from the US Postal Service, the German Federal Ministry of Finance, and the Italian Revenue Agency. The emails are delivering malicious payloads containing ransomware to a variety of recipients. 

While researchers found that cybercriminals are targeting a broad audience with their messages, they concluded that most are heavily skewed toward businesses, which offer higher payouts and more robust data sets when attacks are successful.

Fortunately, malicious emails rely on user response, so businesses can protect themselves by training their employees to spot fraudulent emails. This particular attack might be new, but the strategy is well-established, and today’s employees need to be aware of the threats that are potentially lurking in their inboxes.

Contact Kobargo Technology Partners to schedule a free consultation today!




sign up for our newsletter

Be the first to hear about our services, collaborations and online exclusive content. Join the Kobargo Family email list!

    By submitting this form, you are consenting to receive marketing emails from Kobargo Technology Partners. You can revoke your consent to receive emails at any time by using the SafeUnsuscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.