Protect Your Information with Kobargo

Cyber-criminals Target Remote Workers

Business needs have been changing in front of our eyes with the implementation of remote working conditions to help flatten the curve during a global pandemic, and cyber-criminals are taking notice.
In a recent story, Info-security published in May that cyber-criminals are now impersonating top brands to target remote workers. With new needs and online business demands, Google file sharing and storage websites are being used in 65% of nearly 100,000 form-based attacks according to a recent study.
Cyber-criminals are exploiting these tactics and using Google-branded sites like storage.googleapis.com, docs.google.com, storage.cloud.google.com, and drive.google.com to trick remote workers into sharing login credentials.
And the use of brand impersonation is increasing. Other form-based sites used by attackers included sendgrid.net (10%), mailchimp.com (4%) and formcrafts.com (2%).
All businesses must protect data and information with an IT partner that can help thwart data security tricks from the outside.

How To Protect Your Information with Kobargo

With the substantial rise in phishing attacks with the business workforce now working from home more than ever, businesses need to focus more on IT security.
Security systems and remote working best practices need a partner to strengthen your company’s IT infrastructure. Let Kobargo Technology Partners be your solution. We offer managed IT services, technology consulting, and cloud storage services to keep your data out of the wrong hands. We know how to leverage the very best technology to create customized solutions for your business.
Speak to us today about how to leverage multi-factor identification and email security software to protect your information.

Read more
Cyber Alert Monday 5-4-2020 – compromise

Last week, phishing scams continue to inundate healthcare providers, hackers compromise millions in children’s online game, and thousands of companies send employees home with compromised devices.   

dont let the fear of a hack make you sweat

 

United States – Beaumont Health 

Exploit: Phishing scam  
Beaumont Health: Healthcare provider  

Risk to Small Business: 1.537 = Severe

A phishing scam gave hackers access to IT infrastructure containing patients’ protected health information. The breach was identified on March 29, 2020, but data was exfiltrated between May 23, 2019, and June 2, 2019, leaving patient data exposed for nearly a year. This incident has come to light as healthcare providers face cybersecurity threats while battling the COVID-19 crisis, and Beaumont Health will undoubtedly face both regulatory troubles and financial woes on a long road to recovery.

Individual Risk: 1.509 = Severe

Hackers compromise and accessed patients’ personally identifiable information and protected health information, including names, birth dates, Social Security numbers, and medical conditions. In some cases, hackers also accessed bank accounts and driver’s license information. Those impacted by the breach should immediately contact their financial service providers to notify them of the incident. In addition, they will need to closely monitor their accounts for suspicious or unusual activity. They should be especially critical of incoming messages, as hackers often use information from one breach to craft authentic-looking spear phishing campaigns that can compromise additional data.  

Customers Impacted: 112,000

How it Could Affect Your Customers’ Business: Phishing scams are a significant risk to every company’s data. Especially during the COVID-19 pandemic, healthcare companies have seen a precipitous increase in these attacks, as hackers look to capitalize on the urgency and unease of the situation to trick employees into compromising critical data.  

United States – Small Business Administration  

Exploit: Unauthorized database access
Small Business Administration: Government agency overseeing small business affairs

Risk to Small Business: 2.177 = Severe

A cybersecurity vulnerability in the portal processing small business owners applying for an emergency loan under the Economic Injury Disaster Loan Program experienced a data breach. The breach, which was detected on March 25th, impacts a vital program for small businesses, and it could harm small business owners who are already grappling with an especially challenging time. Additionally, this oversight has caught the attention of news media, legislatures, and small business owners, weakening its credibility at a critical time. 

Individual Risk: 2.230 = Severe

The breach exposed applicants’ names, addresses, email addresses, dates of birth, citizen status, and insurance information. This data can quickly circulate on the Dark Web, and bad actors will frequently reuse the information in phishing scams and other fraud attempts. The Small Business Administration is offering victims a year of free identity monitoring services, and victims should enroll in this program to receive a notification if their information is misused.  

Customers Impacted: 8,000

How it Could Affect Your Customers’ Business: Now, more than ever, the consequences of a data breach are traumatic for victims. Organizations collecting and storing personal data can support their users during the COVID-19 pandemic by taking extra care to ensure that personal data remains private. It’s a priority that always matters, but that is especially amplified during the pandemic.

Canada – Webkinz

Exploit: Unauthorized database access 
Webkinz: Online children’s game  

Risk to Small Business: 2.727 = Moderate

Hackers compromised a database containing customer information and subsequently posted the information on the Dark Web. The breach includes more than 22 million usernames and passwords. Although the company has patched the vulnerability, this information could give bad actors access to the personally identifiable information of minors. In addition to being a veritable PR disaster for a company marketing its products to children, the breach has safety implications as well.  

Individual Risk: 2.603 = Moderate

Those impacted by the breach should immediately update their Webkinz account passwords and their login credentials for any other accounts using the same information. Since this data has already been posted on the Dark Web, users should act quickly to update their credentials, and they need to monitor their accounts for suspicious or unusual activity. 

Customers Impacted: 23,000,000

How it Could Affect Your Customers’ Business: In recent years, the consumer privacy pendulum has swung towards conservative vigilance, and they are increasingly unwilling to do business with companies that can’t protect their data. This is especially true when it comes to companies marketing products to minors. Parents have to feel confident in a company’s data security practices if they are going to support their children’s involvement with your platform

Netherlands – COVID19 Alert  

Exploit: Accidental data exposure
COVID19 Alert: Mobile application

Risk to Small Business: 1.315 = Extreme

Developers for the mobile app, COVID19 Alert, which was pitched to the government as a way to track COVID-19 cases, compromised user data in its source code. Before the breach, the app was on the shortlist for government adoption, which could have provided a lucrative contract for developers. Instead, the company has experienced public backlash, and it seems unlikely that they will progress further in the selection process. 

Individual Risk: 2.380 = Severe

The source code, which was released for public scrutiny ahead of the selection process, contained the names, email addresses, and hashed passwords from another project by the developers. This information can quickly make its way to the Dark Web where bad actors can redeploy it in a variety of cybercrimes. Those impacted by the breach should update their account credentials and carefully monitor their accounts and communications for suspicious or unusual activity.  

Customers Impacted: 200

How it Could Affect Your Customers’ Business: Developers cited their rapid development schedule and their desire to quickly make the service available as the reason for the oversight. However, companies looking to bring a new digital product to market must ensure that user data is secure. Otherwise, the project is likely to stall out before it ever even gets started. 

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Hackers Use Stolen Credentials to Attack And Compromise Hospitals with Ransomware      

Since the onset of the COVID-19 pandemic, hospitals, and healthcare facilities have dealt with a deluge of cyberattacks, and ransomware has been especially pernicious. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), hackers infiltrated many of these organizations using stolen credentials obtained from a known vulnerability in their Pulse Secure VPN servers.  

This threat was first identified in October 2019, with the CISA and the US Federal Bureau of Investigation both issuing subsequent alerts in January and April of 2020. Unfortunately, even after repairing the vulnerability, the agencies have seen examples of cybercriminals using compromised credentials to access company networks.

The incident is a reminder of the importance of acting swiftly to address cybersecurity vulnerabilities but also of maintaining insights into the Dark Web, where stolen login information can quickly circulate and create chaos for your IT infrastructure.  

COVID-19 is creating a more perilous digital environment for companies, making now the right time to double-down on cybersecurity initiatives that can prevent a breach.  

https://www.bleepingcomputer.com/news/security/us-govt-hacker-used-stolen-ad-credentials-to-ransom-hospitals/?&web_view=true    


A Note From Kobargo

50,000 Companies Send Employees Home with Infected Devices   

In a rush to enable employees to work remotely, many companies unknowingly sent staffers home with compromised devices. A recent study found that as many as 50,000 companies issued already-compromised devices that were protected at the office by company firewalls and other in-house defensive measures but not outside of it.  

These compromised devices are now operating on lightly-secured home or public Wi-Fi networks in an unmoderated environment, and that brings a deluge of cybersecurity risks. At ID Agent, we’ve compiled several resources to help mitigate risks like this for your remote workforce including a guide for addressing remote work vulnerabilities

Adding an extra layer of protection for access to your data and systems is crucial. That’s why we’re excited to be able to provide you with a cutting-edge secure identity and access management solution that was designed with remote workers in mind – at an excellent value.

Passly is perfect for securing company data when workers and administrators are away from the office. Scalable and quick to deploy, Passly provides a single sign-on Launchpad tailored for each user and integrates seamlessly with the applications that your staffers use every day. Multifactor authentication means that even if passwords are compromised, an extra credential is needed to access your data and systems.

We’re here to help as your company adjusts its cybersecurity strategy to meet the new challenges of our changed world and shifting threat landscape. If we can support your efforts during this tumultuous time, please contact us today.

https://www.darkreading.com/endpoint/work-from-home-exposes-already-infected-machines-in-50k-us-organizations-/d/d-id/1337606?&web_view=true


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Cyber Alert Monday 4-27-2020 – cybercrime

Last week, compromised email accounts expose customer data, ransomware disrupts remote work, and the FBI releases a new warning about COVID-19 related healthcare cybercrime.   

2018 43% of breaches involved small business victims

United States – AST LLC

Exploit: Employee payroll breach 
AST LLC.: Cloud & digital transformation service provider  

Risk to Small Business: 1.871 = Severe

Using a previously compromised email account, hackers accessed employee payroll information. Hackers used their access to set up rules that diverted received messages, making it more difficult for the company to detect the breach. The incident, which occurred on March 9, 2020, has prompted the company to update its cybersecurity standards to include two-factor authentication on company email accounts. Unfortunately, this change is too-little-too-late and is unlikely to assuage the concerns of the company’s enterprise clients. 

Individual Risk: 1.690 = Severe

Hackers accessed employees’ payroll information and 2019 W-2 forms, which included their names, addresses, salary details, Social Security numbers, employer identification numbers, and other work-related information. AST has warned employees that this information will likely be transferred to the Dark Web, where it could be used to create convincing spear phishing emails. The company is offering affected personnel a year of identity theft prevention services, and victims should enroll in this service as an extra defense against additional cybercrimes related to this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Employee email accounts are often compromised, and this can have significant repercussions for both employee and company data. Simple steps, like enabling multi-factor authentication, can help keep these accounts secure while protecting ROI.

United States – San Francisco International Airport

Exploit: Malware attack
San Francisco International Airport: Airport authority

Risk to Small Business: 2.505 = Moderate

A malware attack on two websites related to the San Francisco International Airport, SFOConnect.com and SFOConstruction.com, compromised users’ login credentials. The breach applies specifically to users accessing the sites using Internet Explorer or a Windows-based personal device. In response, the airport has reset all account passwords, and they are encouraging everyone with an account on these platforms to update their login information for other websites that use the same information. 

Individual Risk: 2.775 = Moderate

Hackers obtained peoples’ usernames and passwords. Although the company was quick to reset these credentials, victims should be mindful that this information could be used to access other accounts that rely on the same username and password combination. Therefore, they should carefully monitor their accounts for suspicious or unusual activity.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Stolen login credentials are often available for sale on the Dark Web, making an awareness of this nefarious marketplace an integral part of any company’s cybersecurity strategy. By having your eyes and ears attuned to this information’s availability, companies can prevent its use before it enables a more devastating data breach. 

Canada – Holland America Line, Inc.

Exploit: Accidental data sharing 
Holland America Line, Inc.: Cruise company 

Risk to Small Business: 1.833 = Severe

When communicating with COVID-19 patients from a recently-docked cruise ship, authorities accidentally emailed an attachment that included the personal details to all cruise line passengers impacted by the virus. Compounding the problem, many recipients forwarded the email, expanding the scope of the data exposure. Impacting COVID-19 patients, this data breach is an awful event occurring at a terrible time.

Individual Risk: 1.905 = Severe

The breach includes patients’ personally identifiable information, including their names, addresses, dates of birth, email addresses, phone numbers, and passport numbers. The 247 passengers are also being asked to change their passport numbers. Victims should enroll in a credit and identity monitoring service to ensure the long-term integrity of this critical data.  

Customers Impacted: 247

How it Could Affect Your Customers’ Business: This incident is a reminder that companies need a 360-degree approach to data security that accounts for all types of data loss opportunities. In this way, holistic cybersecurity training can equip employees to rightly prioritize company data and to take appropriate steps to mitigate the risk of a data breach.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Thousands of Zoom Credentials Available on Dark Web      

As we recently reported in our blog, Zoom and other video conferencing services have soared in popularity, but their convenience can come at a steep cost to cybersecurity. Unfortunately, these services have been subject to a litany of cyber threats. Terms like “Zoom bombing” are now part of our vernacular as Zoom takes the most heat for cybersecurity weaknesses, but other services have faced privacy concerns of their own. 

This reality was underscored this week when cybersecurity researchers discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users.

Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing Dark Web monitoring is one way to stay ahead of the game during this critical time.

https://securityaffairs.co/wordpress/101475/deep-web/zoom-dark-web.html


A Note From Kobargo

COVID-19 Treatment Centers Targeted by Cybercrime   

This week, the Federal Bureau of Investigation (FBI) issued a warning that hackers are increasingly targeting companies pursuing treatments for the novel Coronavirus. As a result, the FBI warned, “Now is the time to protect critical research you’re conducting.”   

Of course, it’s not just researchers experiencing a surge in COVID-19-related cyberattacks. Other healthcare facilities, including hospitals, testing facilities, and specialty care units have experienced a barrage of phishing scams, ransomware attacks, and other cyberattacks. This activity is part of a concerted effort by cybercriminals to take advantage of this scary and destabilizing moment to steal valuable company and customer data. 

Consequently, now is the time for every company to reassess its cyber preparedness in light of the new realities posed by COVID-19. If we can support these efforts in any way, please don’t hesitate to contact our team! 

https://www.reuters.com/article/us-health-coronavirus-cyber/foreign-state-hackers-target-u-s-coronavirus-treatment-research-fbi-official-idUSKBN21Y3GL?&web_view=true


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Cyber Alert Monday 4-20-2020 – cybercriminals

Last week, third party contractors put data at risk, phishing scams continue to target unprepared employees, and cybercriminals target online retailers as the pandemic continues to keep customers out of stores.    

multi-factor authentication attacks are or the rise

United States – Wolfe & Associates 

Exploit: Unauthorized access 
Wolfe & Associates: Property management company

Risk to Small Business: 2.756 = Moderate

A company database containing housing applicants’ personal data was infiltrated by hackers more than six months ago, providing bad actors unfettered and unrestrained access to sensitive personal information. Wolfe & Associates learned of the breach when it was notified by a local police department, which raises real questions about their cybersecurity capabilities and defensive posture. In addition to contacting victims directly, Wolfe & Associates completed a holistic overhaul of its IT infrastructure. However, this costly upgrade won’t undo the damage of its negligent data defense.

Individual Risk: 2.593 = Moderate

The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In response to this incident, Wolfe & Associates undertook a holistic realignment of their data security capabilities. However, in today’s cybersecurity landscape, where hackers are actively looking to exploit lax data defense standards, companies must take action to secure critical information before a breach occurs. 

United States – Canon Business Process  

Exploit: Phishing scam
Canon Business Process: Business outsourcing provider

Risk to Small Business: 1.575 = Severe

After an employee fell for a phishing scam, hackers gained access to the personal data from the company’s business contracts, including General Electric. The breach occurred between February 3 and February 14, 2020, but Canon Business Process didn’t learn of the breach until February 28. Now, in addition to providing credit monitoring services for victims, Canon Business Process has damaged its reputation with a major client.

Individual Risk: 1.701 = Severe

Canon Business Process provides outsourcing services for human resources and payroll responsibilities, so the compromised data includes direct deposit forms, tax forms, Social Security numbers, birth certificates, passports, benefit applications, and driver’s licenses. This information is often used to execute financial fraud, and those impacted by the breach should immediately notify their financial institutions of the breach. In addition, they should enroll in the complimentary credit monitoring services provided by Canon Business Process. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third-party data breaches are becoming increasingly common, extending businesses’ cybersecurity concerns to every partnership they pursue. With the cost and consequences of a data breach continually increasing, every company should consider a company’s defensive posture before agreeing to work together.

United States – nCourt

Exploit: Unprotected database
nCourt: Payment processor

Risk to Small Business: 2.341 = Severe

nCourt developers failed to secure a database containing customers’ financial data from its two websites that facilitate court payments. The breach compromised three years of customer data through November 2019. Unfortunately, this information has already been posted on hacking forums where bad actors can use it for many nefarious purposes.  

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time.

United States – Otis Bowen Center for Human Services

Exploit: Phishing scam
Otis Bowen Center for Human Services: Mental health and addiction recovery service

Risk to Small Business: 2.223 = Severe

Two employees engaged with a phishing scam that provided hackers with access to company data. Although the breach occurred in January 2020, the company only recently completed a digital forensic audit that revealed the extent of the incident. Unfortunately, this slow response time has put victims at risk of data misuse, and it could have regulatory implications because of the healthcare-oriented nature of the breach.

Individual Risk: 2.130 = Severe

The company declined to identify the specific data sets, but patient data often contains peoples’ most sensitive information. Victims were notified by email, and they should take every precaution to ensure that they mitigate the possible repercussions of the breach. This includes enrolling in the complimentary credit and identity monitoring services offered by the company. 

Customers Impacted: 35,800

How it Could Affect Your Customers’ Business: In 2020, data privacy regulations impact companies in every sector and in many locations. As a result, data security isn’t just an altruistic endeavor. It’s a mission-critical priority, and a failure to execute on this standard can have significant financial implications for companies that experience a data breach.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Online Retailers See Surge in Cyberattacks Amidst COVID-19 Crisis   

The COVID-19 pandemic has relegated many of us to our homes, leaving businesses with few opportunities to reach their customers and make sales. Online shopping has become a vital lifeline for thousands of businesses while brick and mortar locations are closed and millions of people shelter in place. In fact, many retailers are experiencing online traffic that is exceeding Cyber Monday activity, typically a high watermark for online shopping.  

Unfortunately, bad actors are capitalizing on this moment by targeting e-commerce platforms for attack using tricks like account takeovers, bot-powered scraping attacks, and payment card skimming malware. For example, 80% of login incidences at home goods retailers are attributed to account takeover attempts.

While a litany of COVID-19-related cyber risks has become increasingly apparent, it’s clear that online retailers need to be especially critical of their defensive posture to ensure that they can continue meeting surging demand in an uncertain retail atmosphere in order to retain customer goodwill and capture enough revenue to stay afloat in a challenging time for retail. 

https://www.scmagazine.com/home/security-news/cybercrime/report-account-takeover-and-data-scraping-attacks-on-e-retailers-up-as-covid-19-surges/


A Note From Kobargo

Less Than Half of Businesses Provide Cybersecurity Training

According to a recent study, less than half of UK businesses provide cybersecurity training to all employees, and 65% of IT security decision-makers view their organization as complacent when it comes to securing customer data. At the same time, the study found that correcting those issues is essential for ensuring data security.    

Closing the gap between best practices and actual implementation is especially important now that COVID-19 has produced many novel cybersecurity threats that even the most well-trained and cybersecurity-savvy employees might not be prepared to thwart. 

At ID Agent, we know that these unprecedented times present unique challenges. That’s why we’re happy to be able to offer Passly, the ideal secure identity and access management tool for today’s remote workforce. Passly adds vital security to every user’s login credentials to quickly secure access to your systems and data. 

We are also ready to support your data security initiatives with best-in-class cybersecurity training  that includes training your staff to spot and repel phishing attacks, the most common tactic that cybercriminals employ to gain entry to the heart of your business. 

Our  affordable, scalable solutions can be deployed in a flash and quickly customized to work for any company, enabling you to rapidly pivot to meet today’s needs and be well positioned for tomorrow.

https://www.itproportal.com/news/less-than-half-of-businesses-provide-cybersecurity-training/


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Cyber Alert Monday 4-13-2020 – Malware Targets

Last week, ransomware slows COVID-19 treatment development, malware targets online shoppers, and phishing scams jump by 667% in a month. 

50,000 companies have been impacted by payment skimming malware

United States – Social Bluebook

Exploit: Unauthorized database access 
Social Bluebook: Social media platform

Risk to Small Business: 2.117 = Severe

Cybercriminals ex-filtrated a company database containing personal information from thousands of internet influencers. Embarrassingly, the breach, which occurred in October 2019, was identified by TechCrunch reporters who were sent a copy of the stolen database. In a statement, the company claimed to be ignorant of the breach, raising serious questions about the efficacy of its cybersecurity strategy. This incident is likely to have significant blowback from well-connected influencers on social media and invite regulatory scrutiny on many fronts.

Individual Risk: 2.122 = Severe

The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.

Customers Impacted: 217,000

How it Could Affect Your Customers’ Business: Hackers frequently target social media influencers because of their large public following. Therefore, companies catering to this clientele need to be prepared to protect their users’ valuable personal data. If they can’t, these influencers will almost certainly tell their followers all about it, a principle that applies to a growing number of consumers in every sector.

United States – Ozark Orthopedics 

Exploit: Phishing scam
Ozark Orthopedics: Orthopedic healthcare practice

Risk to Small Business: 2.113 = Severe

Four employees fell for a phishing scam and gave hackers access to email accounts containing patient data. The scope of the data breach that occurred in late 2019 was just released by the healthcare provider, creating questions about the practice’s cybersecurity practices. As a result, patients were unable to quickly take steps to protect their identities and Ozark Orthopedics has opened itself up to regulatory scrutiny that could result in substantial financial penalties.

Individual Risk: 1.775 = Severe

Patients’ personally identifiable information was exposed in the breach, including their names, treatment information, Medicare or Medicaid identification numbers, Social Security numbers, and financial account information. In the wrong hands, this information can be used in a litany of financial or identity-related crimes. Those impacted by the breach should immediately enroll in credit and identity monitoring services to secure their personal information.

Customers Impacted: 15,240

How it Could Affect Your Customers’ Business: More than a trillion phishing emails are sent each year, some of which will inevitably make their way into your employees’ inboxes. Training employees to spot these scams is especially important to protect your company from a devastating data breach.

United States – 10x Genomics Inc.  

Exploit: Ransomware
10x Genomics Inc.: Biotechnology company

Risk to Small Business: 2.206 = Severe

A ransomware attack disrupted operations at the biotechnology company, which is currently acting as part of a consortium working to quickly develop a treatment for COVID-19. Before encrypting IT, hackers exfiltrated company data. Although the company reports “no material day-to-day impact,” it’s unclear what the implications are for the stolen data or how this could impact its development of a COVID-19 treatment.   

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time.

United States – GoDaddy 

Exploit: Phishing scam
GoDaddy: Internet domain registrar

Risk to Small Business: 2.313 = Severe

A spear phishing attack tricked a customer service employee into providing information that ultimately allowed hackers to view and modify customer records. As a result, several GoDaddy clients, including Escrow.com, which provides escrow services for several prominent websites, were impacted. The breach will have costly implications for both GoDaddy and its customers, who will have to decide if they want to continue partnering with a company that puts their sensitive data at risk.  

Individual Risk: At this time, no personal information was compromised in the breach. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Today’s online ecosystem is vast and interconnected. This incident is a reminder that failures at other companies can have significant implications for your own, which increases the importance of securing accounts to buttress your IT infrastructure against potential failure at third-party contractors. With simple cybersecurity features, like two-factor authentication, company accounts remain secure even when credentials or login information is exposed.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:

Healthcare Data Breaches See Significant Increase 

In late 2019, we wrote about the connection between healthcare data and the Dark Web, noting a troubling trend that saw bad actors increasingly targeting patient data. Unfortunately, that trend has only accelerated with the onset of the COVID-19 pandemic that is pushing healthcare providers to their limits.

A study of the Department of Health and Human Services’ HIPAA breach reporting tool found 105 breaches impacting 2.5 million patients. However, before February 19th, only 38 incidents and 1.1 million records were affected. Cybercriminals have upped their game to take advantage of the chaotic situation on the ground, and healthcare organizations need to be prepared.

Notably, the study found that hacking incidents are, by far, the leading cause of data breaches. Many included various forms of email account compromise. Moreover, the report predicts that, as more employees work from home, incidents of phishing attacks will increase because employees are more likely to fall for scams when they are isolated at home. Fortunately, a comprehensive employee awareness campaign can thwart these attacks, helping ensure that healthcare providers are focused on patient care rather than being inundated with cybersecurity threats.

https://www.bankinfosecurity.com/health-data-breach-tally-spikes-in-recent-weeks-a-14031


A Note From Kobargo

Phishing Scams Have Spiked by 667% in One Month

The global COVID-19 response has required millions of workers to work from home. When coupled with a general sense of unease and uncertainty, the situation has created a perfect environment for cybercriminals to execute phishing scams. As a result, the number of phishing emails has increased by 667% in the past month.     

According to an assessment of 468,000 phishing emails, 2% were directly related to COVID-19. Meanwhile, 54% were labeled as scams, 34% as brand impersonation attacks, and 11% as blackmail. In addition, many are luring clicks by claiming to sell cures, face masks, and other critical supplies.  

For businesses, the implications are clear. Nobody can afford a data breach in this environment. Now is the right time to update and reemphasize phishing scam awareness training to ensure that employees can repel these damaging cyberattacks. 

https://www.infosecurity-magazine.com/news/covid19-drive-phishing-emails-667/   


Contact Kobargo Technology Partners to schedule a free consultation today!

Read more

CATEGORIES

YOU MAY ALSO LIKE