Cyber Alert Monday 7-20-2020 – Malicious Insider

Last week, malicious insiders strike, gambling with security doesn’t pay off for a gambling app, and the debut of our newest eBook to help you transform into a marketing superhero!

person hand typing on computer, malicious insider

Malicious Insider Strikes

United States – DataViper 

Exploit: Unauthorized Database Access (Malicious Insider)
DataViper: Information Security

Risk to Small Business: 1.239 = Extreme

A malicious insider is a culprit in a data breach at an information security firm DataViper. 8,200 databases containing the personal information of millions of users were snatched from the company’s data leak monitoring service. The hacker, purportedly a former employee of Night Lion who is using that name for Dark Web activity, claims to have spent three months inside DataViper servers while exfiltrating databases indexed for the DataViper data leak monitoring service. The hacker also posted ads on the Empire Dark Web marketplace where they put up for sale 50 of the biggest databases that they found inside DataViper’s backend.

Individual Risk: 2.117 = Severe

While these databases contained the information of billions of people worldwide, much of the information was from old breaches. Some new information was included, but researchers have not ascertained how much and what kind. This kind of information is often used in phishing and credential stuffing attacks.

Customers Impacted: Unknown 

How it Could Affect Your Customers’ Business: Insider threats are a menace to every business. Check out this insider threat eBook to help companies spot and stop insider threats.  While most insider incidents at organizations are caused by unintentional threats like human error, malicious insider attacks count for more than 20% of insider incidents. Some malicious insiders sell company secrets or even their own credentials on the Dark Web.

Malware Infection Exposes Customer Records

United States – Benefit Recovery Specialists

Exploit: Malware
Benefit Recovery Specialists: Medical Billing and Debt Collection 

Risk to Small Business: 1.974 = Severe

A malware incident was just confirmed at Benefit Recovery Systems by the US Department of Health and Human Services’ Office for Civil Rights. Several computers at the Houston-based company were infected, leading to a breach that exposed thousands of customer records. In a breach notification statement posted on BRSI’s website, the company says that on April 30, it discovered a malware incident affecting certain company systems. The company stated that customer files containing personal information may have been accessed and/or acquired by the unknown actor between April 20 and April 30, 2020.  

Individual Risk: 2.227 = Severe

Information that may have been exposed includes name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code. A small number of Social Security numbers may also have been exposed. Patients that were impacted should be alert for spear-phishing attempts or identity theft. 

Customers Impacted: 275,000 

How it Could Affect Your Customers’ Business: Healthcare data is one of the hottest commodities in today’s data markets – especially COVID-19 related patient or research data. Plus, healthcare companies face steep fines for HIPPA violations like this, making it prudent for every healthcare organization to add data loss prevention and security awareness training as priorities before a breach.

Gaming App Gambles With Security 

India – T7 Games/Ouroboros Games

Exploit: Unsecured Database
T7 Games/Ouroboros Games: Gambling Games Application Developer 

Risk to Small Business: 1.217 = Extreme

The world’s most popular social gambling app Clubillion suffered a major data breach that affects customers around the world. A research team initially discovered the problem on March 19, finding the database hosted on Amazon Web Services during the course of working on a web mapping project. The developers of Clubillion were notified by the researchers quickly, but continued inaction exposed approximately 200 million user records per day – 50GB worth of data. The active database included constantly updated gameplay information for affected users as well as IP addresses, e-mail addresses, winnings, and private messages. The database was recorded as open for 16 days before action was taken to contain the leak. 

Individual Risk: 2.219 = Severe

While researchers did not see any personally identifying or financial information in the affected database, the complexity of the breach prevents certainty about exactly what was leaked. Users of the app should be aware of potential phishing attacks fueled by this data.  

Customers Impacted: 160,000+

How it Could Affect Your Customers’ Business: Staffers aren’t just using their favorite apps and services on their personal phones and computers – they’re doing it on their work machines too. As companies continue to adopt “Bring Your Own Device” policies and the work/personal line gets murkier for staffers, companies have to be concerned about the potential for danger caused by breaches in entertainment and social media apps.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:    

Web-Based Apps Are Great Tools For Businesses But They Have Hidden Dangers 

Almost every business relies on web-based applications and tools to function these days. From data storage to video conferencing, web-based applications are everywhere. But they’re not as safe as you might think – and a malicious insider can be a problem for businesses. 

Recently, a newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s widely used Chrome web browser. Google removed around 70 add-ons that it deemed “malicious” in response to that discovery.  

The extensions were designed to avoid detection by antivirus or security software. If a user with one of the malicious browser extensions installed surfed the web on a home computer, it would connect to a series of websites and transmit information. Anyone using a corporate network, which would include security services, would be less likely to transmit sensitive information.

As the work/home device line blurs, every company needs to put protections in place to deal with cybersecurity incidents caused by these kinds of problems. A dynamic, comprehensive digital risk protection platform like ID Agent’s can help reduce the risk of damage from unintentional insider threats like this with Passly.

ID Agent’s freshly updated secure identity and access management solution Passly, seamlessly integrates with over 1,000 applications to provide an essential added layer of security for companies by requiring multifactor authentication – keeping the bad guys out and company data in to help prevent a costly and potentially devastating breach. 

A Note From Kobargo

Third-Party Data Breaches Endanger Every Company 

Just because your company hasn’t had a data breach, that doesn’t mean that your staffers’ credentials are safe. Third-party data breaches are an increasing problem for every company. These days everyone uses internet-enabled services for everything from shopping to airline tickets. But that convenience comes at a price for workers: the risk of a personally identifiable data breach – and those breaches endanger their employers as well. 

Recently, 45 million records of travelers to Thailand and Malaysia appeared on the Dark Web. The stolen information included extensive personal data on travelers from many countries including their Passenger ID number, full name, mobile numbers, passport details, home address, gender, and flight details. And as we reported recently, users of top gambling app Clubillion were recently impacted by a data breach as well, leading to millions of users having personally identifiable data leaked.  

These breaches provide the fuel that powers spear-phishing attempts, blackmail, password compromise, and other cyberattacks. While companies can’t stop third-party breaches from accidental exposure of their workers’ personal information, they can mitigate the potential damage and add protections that can stop bad actors from using it against them.  

Ensure that you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan bulwarked by a digital risk protection platform featuring a Dark Web monitoring solution like Dark Web ID to watch for compromised credentials and alert companies to trouble. By making sure that you’re prepared for trouble from unexpected sources, you make your entire cybersecurity posture stronger to increase data loss prevention fast. 

Contact Kobargo Technology Partners to schedule a free consultation today!



sign up for our newsletter

Be the first to hear about our services, collaborations and online exclusive content. Join the Kobargo Family email list!

    By submitting this form, you are consenting to receive marketing emails from Kobargo Technology Partners. You can revoke your consent to receive emails at any time by using the SafeUnsuscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.