Data Breach, Cyber Alert Monday 05-27-19

Cyber Alert:  Last week, hackers continued to phish for patient data from US healthcare providers.


Equitas Health: Regional, a not-for-profit healthcare provider based in Ohio
Exploit: Employee email account breach
Risk to Small Business: 1.333 = Extreme: Company officials discovered abnormal email activity on two enterprise email accounts belonging to employees, ultimately concluding that a hacker was successful in accessing personally identifiable information (PII) and patient records. The organization hired a third-party forensics firm to better understand the breach, and they are reaching out to affected individuals. Although the organization took immediate steps to contain the incident, it will now face the tangible costs of offering free identity monitoring services to patients, along with the less quantifiable losses in reputational damage.
Individual Risk: 2 = Severe: While it appears that the scope of the attack is limited, the breadth of compromised information is extensive. It includes patient names, dates of birth, patient account and medical record numbers, prescription information, medical history, procedure information, physician names, diagnoses, health insurance information, social security numbers, and driver’s license numbers.
Customers Impacted: 569 affiliated members
How it Could Affect Your Business: This data breach demonstrates the potentially expansive consequences of a single vulnerability. Since healthcare companies are legally required to protect their patients’ data, they need to conduct regular security audits and employee training that can prevent this type of breach. At the same time, Equitas explicitly serves protected classes and marginalized patient groups, making this episode especially egregious. Therefore, it’s critical to continuously monitor protected information in order to understand what happens to patient data after it’s compromised.


Oregon State Hospital: Public psychiatric hospital based in Salem, Oregon

Exploit: Spear phishing attack
Risk to Small Business: 1.555 = Severe: An employee clicked on a phishing email, which allowed hackers to gain access to the employee’s email account. Fortunately, IT administrators were able to identify the breach just 40 minutes after it occurred, limiting the exposure of patient information. Although the investigation isn’t complete, the company did reveal that an undetermined amount of patient information was exposed during the breach.
Individual Risk: 2 = Severe: The phishing scam compromised names, dates of birth, medical record numbers, diagnoses, and treatment care plans. Although the company plans to notify impacted individuals in 4 to 6 weeks, anyone with records as the hospital should monitor their credentials for potential misuse.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing scams are entirely avoidable, and any data breach that results from a phishing scam is a self-inflicted wound for the company’s reputation. In addition to deploying robust security software, companies should conduct regular training to avoid unnecessary data breaches. MSPs should consider partnering with third-party cybersecurity services that provide robust employee training to avoid phishing scams.

Pacers Sports and Entertainment: The parent company of the Indiana Pacers, a professional basketball team in the NBA
Exploit: Employee email phishing campaign
Risk to Small Business: 1.555 = Severe: A phishing campaign against Pacers Sports & Entertainment (PSE) resulted in hackers gaining access to several employee accounts that contained sensitive personal information between October 15 and December 4 of last year. However, the company first learned of the incident almost six months ago, which begs the question: why are they just beginning to notify customers now? Along with the damaging outcomes of a customer and employee breach, the organization will now face media scrutiny and resulting customer attrition.
Individual Risk: 1.857 = Severe: PSE did not differentiate if the compromised data belonged to employees or customers, but it does include names, addresses, dates of birth, password numbers, health insurance information, driver’s license numbers, social security numbers, debit/credit card numbers, digital signatures, usernames, and account passwords.
Customers Impacted: Unknown
How it Could Affect Your Business: It’s clear that PSE did not fully appreciate the scope of the data breach. Although the company has not received any reports of personal data misuse, the compromised information can be used to orchestrate fraud in the near future. Along with harming the reputation of their company, PSE will have to answer to the press and customers in the wake of the breach.

Southeastern Council on Alochol and Drug Dependence: Non-profit organization based in Norwich, Connecticut offering alcohol and substance abuse treatment
Exploit: Ransomware
Risk to Small Business: 1.777= Severe: The healthcare provider lost control of more than 25,000 patient records when a ransomware attack was discovered in its network. While they have procured cybersecurity assistance to deal with the issue, the company has been unable to eradicate the ransomware or secure patient records.
Individual Risk: 1.857 = Severe: The data breach compromised PII including patient names, addresses, social security numbers, medical history, and treatment information. Although affected individuals are being offered free credit monitoring services, they are encouraged to remain vigilant about potential financial or identity fraud.
Customers Impacted: 25,148
How it Could Affect Your Business: It is incredibly important for companies, especially those already dealing with a vulnerable client base, to ensure the integrity of their financials and identity after a data breach. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee.

Ada Highway County District: Independent government agency operating in Garden City, Idaho
Exploit: Ransomware
Risk to Small Business: 2 = Severe: A ransomware attack injected into the agency’s system through malicious malware restricted access to the computer networks for nearly 30 hours. While the agency hasn’t found evidence that the hackers accessed the department’s database, they can’t conclusively rule out a more extensive breach. The agency has declined to pay the undisclosed ransom demanded by the hackers.
Individual Risk: 2 = Severe: There is no indication that hackers accessed any individual data during the attack. However, since the agency can’t conclusively rule out access to their database, those with information at the agency should monitor their personal information for signs of fraud or misuse.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks are growing in frequency and sophistication, making it mandatory that companies of all sizes develop a comprehensive plan for responding to the threat and ensuring that services remain operational during an attack. These contingencies can be the difference between a temporary disruption and a major debacle. Moreover, since many ransomware attacks start with phishing emails, employee training and security contingencies are a must-have protocol in today’s digital environment.

Medical Oncology Hematology Consultants: Healthcare network offering cancer treatment solutions
Exploit: Phishing Scam
Risk to Small Business: 1.555 = Severe: When an untrained employee inadvertently clicked on a phishing email, hackers gained access to the employee’s account, which contained sensitive data on an unknown number of patients. Although the data breach took place in June 2018, the healthcare network just reported the incident to the public, a problematic delay when personally identifiable information is involved. While the company has taken measures to secure their network, their delayed response and the preventable nature of the attack is a reminder that the greatest security risk to a company can be its own employees.
Individual Risk: 1.857 = Severe: Although just a single email account was compromised, it contained patient data including names, social security numbers, government-issued IDs, financial data, dates of birth, and medical records.
Customers Impacted: Unknown
How it Could Affect Your Business: The consequences of a data breach are amplified when companies are slow to respond. In the wake of a data loss event, companies have a responsibility to quickly react by both communicating with their customers and by repairing the technical vulnerability. Even though the company took important steps to shore up their cybersecurity by integrating things like malware blocking tools, suspicious email reporting, email encryption, and two-factor authentication, their slow response time is bad for business and bad for their customers. Not only do companies need to be proactive about prioritizing cybersecurity best practices before a breach occurs, but they must develop a strategy for communicating with their customers in a timely fashion.

A Note From Kobargo:

Australia Sees a Spike in Credential Stuffing Attacks

If you’ve ever wondered what happens to the deluge of data stolen during a cybersecurity breach, Australia’s sudden spike in credential stuffing attacks will certainly provide some clarity.
According to a recent cybersecurity report, Australians are now the fifth highest target for credential stuffing attacks, an incredible metric given their modest population.
This form of cybercrime involves hackers using previously stolen information like usernames, email addresses, or passwords in an attempt to gain access on other platforms. Since people often use the same username and password combinations, it’s often possible to apply stolen credentials across multiple accounts.
The report found a robust market for stolen credentials that are often sold in bulk on the Dark Web. Businesses are encouraged to deploy the latest security standards, like two-factor authentication, to help prevent these attacks. Moreover, it underscores the cascading consequences of a data breach, and it highlights the importance of keeping a pulse on customer and employee information. Hint: that’s our bread and butter. Ask how you can take advantage of Dark Web monitoring services 

Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 05-20-19

Cyber Alert:  Last week, a global accounting firm was afflicted by a malware attack and more media companies were brought down by ransomware.


Baltimore City Government: City government serving Baltimore, Maryland
Exploit: Ransomware
Risk to Small Business: 1.888 = Severe: A ransomware attack has disabled nearly all computerized functions for the Baltimore City Government, including email, online payment platforms, and more. Business operations have been interrupted for “almost every department,” and city officials have started using library computer labs to process payroll for employees. It’s entirely possible that paychecks for city employees will be delayed, which can ultimately cause staff members to leave.
Individual Risk: 2.428 = Severe: Citing concerns about revealing the network vulnerability, city officials have not disclosed information about the breach. However, there is no indication that personal data was compromised as part of this breach.
Customers Impacted: Unknown
How it Could Affect Your Business: When adding up the costs of a data breach or ransomware attack, it’s important to consider the residual effects that take shape in the wake of a security incident. After factoring in the losses that result from customer and employee attrition, the ROI of security training and awareness solutions becomes irrefutable.


Wyzant: Online education marketplace that matches tutors with students

Exploit: Database infiltration
Risk to Small Business: 1.777 = Severe: Hackers took advantage of a database anomaly to steal personally identifiable information (PII) from an undisclosed number of users on April 27, 2019. The tutoring company issued a patch to the database, and a more in-depth investigation is underway.
Individual Risk: 2.248 = Severe: Although it’s unclear how many users were impacted by the breach, PII was definitely made available to hackers. This data includes names, email addresses, zip codes, and more. The company’s platform lets users sign in using their Facebook credentials, enabling hackers to siphon off .jpegs of Facebook profile pictures, which can be leveraged to facilitate phishing scams.
Customers Impacted: Unknown
How it Could Affect Your Business: Failing to understand the security vulnerabilities that impact your IT infrastructure can have significant consequences for your users. Especially for companies handling PII for minors, protecting customer information has to remain a top priority. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee data.

Watertown Daily Times: Daily newspaper published in Watertown, New York
Exploit: Ransomware
Risk to Small Business: 2 = Severe: A company employee discovered ransomware on the company’s network while working on computer systems that are responsible for ad design and newspaper production. In addition to disabling certain publication capabilities, the ransomware restricted access to the company’s email servers and internet-based phones. While the newspaper was able to publish its latest edition, some sections were inaccessible, and reporters were forced to work from home.
Individual Risk: 3 = Moderate Risk: There is no indication that individual data was compromised in this breach.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks are on the rise in every industry. Companies should proactively assess their threat landscape while establishing protocols for restoring operations and protecting sensitive data. Meanwhile, understanding what happens to sensitive data after it’s accessed is a natural next step for repairing the product and reputation damage that frequently follows a data breach.

Augustana College: Private liberal arts college in Rock Island, Illinois
Exploit: Ransomware
Risk to Small Business: 2.111= Severe: A university server housing personal information of students was hijacked by a ransomware attack. Although the server was taken offline and existing data was migrated to a new server, the hackers were able to view student information before the breach was detected. A third-party forensic investigation team has been hired to review the incident, and the organization is undergoing new initiatives to prevent an attack like this in the future.
Individual Risk: 2.571 = Moderate: Augustana did not reveal the exact nature of the personal information compromised in the attack, but university staff and students should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes.
Customers Impacted: Unknown
How it Could Affect Your Business: When it comes to preventing malicious hacking attempts, the best offense is a strong defense. This means that all campus dwellers at a university should be enrolled in ongoing security training. Untrained employees are a significant security risk, but they can be transformed into an organization’s best defense against cybercrime.

A Note From Kobargo:
As you’ve probably noticed from tuning into our weekly newsletter, ransomware attacks are increasing in scope and severity at an alarming rate.
Security researchers are now tracking a new ransomware that is infecting computers by disguising itself as anti-virus software. Talk about a malicious advancement for an already meticulous cybersecurity threat!
This latest file-locking malware is disguised as an anti-virus installation that users willingly download on their computers. Victims are lured by the false request  through phishing emails that prompt users to “update and verify” their anti-virus software with an embedded link.
When users click on the link, the malware downloads ransomware and an outdated anti-virus software. The download begins encrypting files in the background while unknowing users complete the anti-virus software installation.
While this tactic isn’t necessarily new, its reemergence should compel companies to train their employees to spot malicious materials and to create a comprehensive plan for dealing with phishing scams, malware, and ransomware attacks. Consider partnering with an MSP that can offer phishing simulation training, like Kobargo Technology Partners, that can help support such initiatives with state-of-the-art solutions.
Protect your business from Ransomware. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 05-13-19

Cyber Alert:  Last week, software companies were put under siege by ransomware and a flaw in Google Chrome may lead to phishing scams.



Partners in Care: Healthcare provider based in Bend, Oregon
Exploit: Phishing Attack
Risk to Small Business: 1.777 = Severe: A phishing attack compromised an employee’s email account towards the end of 2018, providing hackers with access to patients’ health information between November 17 and December 12. After completing a manual email review, the company concluded that sensitive patient information was exposed during the breach.
Individual Risk: 2 = Severe: Although it is unclear how many records were compromised in the breach, hackers were able to access patients’ personal information including names, birth dates, medical records, and social security numbers. Patient records related to diagnosis, medications, and insurance details were also revealed. The organization notified those impacted by the breach and are encouraging them to monitor their account statements for suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies managing sensitive healthcare information are expected to have mechanisms in place to protect their patients, so a preventable data breach is particularly egregious. While phishing scams are used to gain access to a company’s IT infrastructure, they can be prevented through training and monitoring tools.


Citrix: Multinational software company providing application and software services

Exploit: Password Spraying
Risk to Small Business: 2.333 = Severe: Hackers took advantage of weak employee passwords and gained entrance to the company’s network via password spraying. Once inside, they were able to access internal documents and information on former and current employees for about six months. The bad actors were expelled from the network, and the company took measures to improve the company’s password security.
Individual Risk: 2.248 = Severe:  As part of an ongoing investigation, it was revealed that financial information and social security numbers of employees were at risk, in addition to internal business assets. Even worse, the company also disclosed that hackers were able to view personal information of employees’ beneficiaries and dependents. Current and former employees are encouraged to sign up for identity protection services to monitor their credentials.
Customers Impacted: Unknown
How it Could Affect Your Business:  Recovering from a data breach that not only compromises employee information but also that of their dependents and beneficiaries can be an arduous process. Employees lose trust and goodwill in their employer, and it becomes difficult for them to discern the long-term consequences once personal data is accessed. Therefore, proactively providing identity monitoring services can go a long way in demonstrating a commitment to employees while mitigating security risks for the company as a whole.

Microsoft: Multinational technology company based in Redmond, Washington
Exploit: Account takeover attack
Risk to Small Business: 2.111 = Extreme: Hackers used many different maneuvers including brand impersonation, social engineering, and phishing scams to gain access to the email accounts of Office 365 users. Once inside, the cybercriminals implemented a variety of inbox rules to hide their behavior as they sent thousands of emails intended to facilitate spear phishing, BEC attacks, and malvertising campaigns.
Individual Risk: 2.284 = Severe: While hackers gained access to user email accounts, it appears that their primary purpose was to proliferate the scam by sending emails to unsuspecting recipients. However, users with compromised Office 365 accounts should immediately change their passwords while also being mindful of the potential for data misuse.
Customers Impacted: 4,000
How it Could Affect Your Business: Email account compromises are the center of many data breaches today, and it’s time that small businesses take notice. The good news is, securing employee and user accounts can be achieved by partnering up with the right cybersecurity training solution.

Docker Hub: Online platform for procuring container applications
Exploit: Unauthorized database access
Risk to Small Business: 1.777 = Severe: When an unauthorized third party breached Docker Hub’s database, they gained access to sensitive data including usernames, passwords, and other account features. Although the company immediately notified users of the attack, the hackers gained extensive system access, ultimately compromising nearly 200,000 accounts. Even worse, it’s possible that the software applications that users built on the platform could be impacted by the breach.
Individual Risk: 2.571 = Moderate: The organization insists that financial information was not accessed during the breach, but hackers did gain extensive information about Docker Hub customers. Anyone with a Docker Hub account should enroll in identity and financial monitoring services.
Customers Impacted: 190,000
How it Could Affect Your Business: Docker Hub is being scrutinized for avoiding the implementation of industry’s security best practices, such as two-factor authentication, which could have allowed them protect users from this breach. Small businesses operating in the B2B space need to ensure that they are doing everything possible to protect customer data by partnering up with MSPs with state-of-the-art cybersecurity technology.

St. Ambrose Cathalic Parish: Local Catholic Parish based in Brunswick, Ohio
Exploit: Fraudelent email scam
Risk to Small Business: 2.444 = Severe: Bad actors sent fraudulent emails on behalf of a construction company that was contracted to complete work on the church building. The emails claimed that the parish was two months behind on project payments and included instructions for wiring payment to an external bank account. To execute the fraud, hackers first gained access to the email accounts for the construction company, extending the cybersecurity event beyond just the church.
Individual Risk: 3 = Moderate: There is no indication that any personal information was compromised in this breach.
Customers Impacted: 1
How it Could Affect Your Business: As this episode demonstrates, email scams can be a convincing way to execute fraud, and companies need to educate their employees about the signs of deception while also equipping them with training in best practices to avoid being a victim of a cybercrime. Unfortunately, events like this are incredibly commonplace and can happen to anyone, but companies are still responsible for protecting their systems.

A Note From Kobargo:
E-retail theft is a lucrative business 
Traditionally, payment credentials stolen from brick-and-mortar stores were able to command a higher price on the Dark Web than card-not-present data (also known as CNP). However, it seems like the market dynamics have recently shifted, as this information is now being used to target online retailers.
Consequently, the demand for these credentials is far outpacing supply, driving up the price. The economics can be explained by the recent US migration towards chip-based payment cards, which offer a superior level of fraud protection for in-store purchases.
Such news has broad implications for both consumers and companies operating in today’s digital ecosystem. Security has to be a constant priority, since payment trends will give way to new threats, and tomorrow’s vulnerabilities will not be the same as those existing today. In order to keep a continuous pulse on your employee and customer data, consider partnering up with an MSP that implements proactive Dark Web monitoring.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 05-06-19

Cyber Alert: Last week, employee phishing runs rampant, ransomware brings an airport offline, an NBA team’s online store leaks credit card information, and another Dark Web marketplace takes a dive.

EmCare:  Dallas-based healthcare provider that offers physician services and other healthcare functions
Exploit: Employee Email Account Breach
Risk to Small Business: 1.666 = Severe: An unauthorized third party accessed employee emails, allowing them to view sensitive personal information and confidential patient data. Through this vulnerability, hackers were able to access as many as 60,000 individual records, including 31,000 patient records. The company was quick to indicate that they don’t believe any personal data has or will be misused, and it’s unclear why this information was accessed. Nevertheless, EmCare will now bear the costs of providing free credit monitoring services and managing public relations.
Individual Risk: 2.149 = Severe: Employees and patients who received care from the company could have had their name, birth date, age, social security number, and driver’s license number exposed. In some cases, protected health information was also made vulnerable.
Customers Impacted: 60,000
How it Could Affect Your Business: This episode is a reminder that even minor vulnerabilities can have extensive consequences. In this case, accessing just a few email accounts compromised thousands of patient records, creating serious problems for both the victims and the company. Since healthcare organizations are explicitly charged with protecting this information, they need to take every precaution to make sure that their systems are secure. By monitoring where and how hackers use patient and employee information on the Dark Web, providers can offer lasting protection.
Atlanta Hawks Shop: Online store for the Atlanta Hawks, a professional basketball team in the NBA
Exploit: Malware
Risk to Small Business: 1.888 = Severe: A malicious code bearing the signature of Magecart, a well-known collective of online credit card thieves, was planted on the online store for the Atlanta Hawks. The malware records keystrokes on the payment platform, allowing the thieves to acquire sensitive payment information from buyers. It’s believed that hackers accessed the store through unprotected third-party extensions affiliated with the shop’s cloud hosting service.
Individual Risk: 2.248 = Severe:  The Atlanta Hawks online store has more than seven million visitors each year, and this particular strain of malware was introduced on April 20th. Anyone who made purchases through the online store on or after that date should assume that their name, address, and credit card information was compromised. As a result, those impacted should immediately sign up for credit monitoring services while staying vigilant for other misuses of this sensitive data.
Customers Impacted: Unknown
How it Could Affect Your Business:  E-commerce has quickly become the shopping method of choice for many consumers, and securing this process is critical for any company looking to capitalize on this trend. To put it simply, if customers don’t trust that your checkout is secure, they are less likely to make a purchase on your platform. Businesses must vet their third-party payment processing providers and implement additional layers of security through MSPs who can navigate digital marketplaces to understand how compromised payment data is being used by hackers.
Doctors’ Management Service: Medical billing service provider
Exploit: Ransomware attack
Risk to Small Business: 1.444 = Extreme: Nearly 40 healthcare centers were significantly impacted by a ransomware attack that compromised patient data. Although the company deployed a network backup to avoid paying the ransom, the hackers had access to sensitive patient information including names, addresses, dates of birth, social security numbers, driver’s license numbers, and health insurance information.
Individual Risk: 2 = Severe: The company was unable to determine if personal health information was viewed or downloaded, and patients at any of the healthcare providers working with Doctors’ Management System could be impacted by the breach. Therefore, all patients within this network are encouraged to obtain credit and identity monitoring services.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a serious problem for healthcare companies and those tasked with managing patient data. Having the right backup infrastructure in place is important, and, in this case, allowed the company to avoid paying a ransom to reclaim its data. However, implementing the right security measures for proactive detection is even more critical for preventing attacks from occurring in the first place.
Cleveland Hopkins International Airport: A public airport located in Cleveland, Ohio
Exploit: Ransomware attack
Risk to Small Business: 2.111 = Severe: A ransomware attack on the airport disabled information screens that provide information about incoming arrivals, imminent departures, and baggage claim status. At the same time, other network components including email, electronic payroll, and record keeping services were also affected. These disruptions occurred for many days, and the FBI is investigating the source of the attack.
Individual Risk: 3 = Moderate: There is no indication that any personal information was compromised in this attack, but users with information stored on this network should be mindful of its vulnerabilities while monitoring for possible misuse of stored information.
Customers Impacted: Unknown
How it Could Affect Your Business: When data breaches occur at companies providing critical services like air travel, the prospect of a disruptive data breach can have far-reaching consequences. While this data breach didn’t compromise any critical infrastructure, travelers might be less likely to trust the company’s infrastructure to guard against more progressive or intrusive tasks. When public safety is concerned, preventing a breach becomes an even more critical concern. Idaho-based online forum and retailer for supplements
Exploit: Employee phishing scam
Risk to Small Business: 1.888 = Severe: A single phishing email targeting staff members managed to compromise an entire network, allowing hackers to access the personal information of the platform’s users. Even more alarmingly, the company was unable to confirm if data was actually stolen, signaling a lack of privacy stewardship. Along with the threat of fines or lawsuits, the company stands to lose the trust of customers who catch wind of the breach.
Individual Risk: 2.428 = Moderate: While the platform contends that credit card and social security numbers were not compromised in the breach, they acknowledged that it’s possible that hackers accessed customers names, email addresses, billing/shipping addresses, phone numbers, order history, and company communications.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing scams are preventable, and the right training coupled with proactive security software can stop such an attack before it compromises the entire network. This incident serves as reminder that untrained and unfamiliar staff can be a point of vulnerability that hackers tap into, creating significant security risks for any company.
Partners for Quality: Pennsylvania-based agency providing educational services for children with intellectual and developmental disabilities
Exploit: Compromised email accounts
Risk to Small Business: 1.222 = Extreme: A malicious third party gained access to several employee email accounts, giving them broad access to their users’ sensitive personal information. This is the company’s second data breach this year, and, since the company handles uniquely sensitive information about their customers, the responsibility to secure this data is magnified.
Individual Risk: 2 = Severe: Hackers gain access to protected health information (PHI) including names, social security numbers, diagnosis/treatment, medical records, billing claims, health insurance credentials, passport information, and banking numbers. Those impacted by the breach should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes.
Customers Impacted: 3,673
How it Could Affect Your Business: Every company managing PHI needs to be especially aware of their cybersecurity vulnerabilities, since a breach not only imperils their users but it also casts doubt on their competence. Since most email-based threats are preventable, companies handling PHI should take every action to educate their employees and to secure their networks.
A Note From Kobargo:
Cyber-attacks are soaring in 2019
It’s no surprise that cyber criminals are always looking for new vulnerabilities to take advantage of, and we are now becoming inundated, and even accepting, of breaches making daily news headlines. However, their swift increase in the first quarter of 2019 is shocking even by today’s standards.
According to recent report by Malwarebytes, cyber threats are up 235% year-over-year, primarily the result of a surge in ransomware and trojans.
However, bad actors aren’t just increasing the frequency of their attacks. They are changing their focus. The study found that cyber criminals are targeting SMBs because they have less money and resources to spend on cyber defense.
Most prominently, cyber criminals are relying on ransomware. Corporate ransomware attacks are up 195% from the last quarter, and they have grown at an astonishing 500% since April 2018.
It’s no secret that today’s threat landscape is always evolving, and protecting small businesses requires a continual reevaluation of your organization’s most prominent vulnerabilities. However, in order to fight fire with fire, companies must enlist the help of security solutions that are designed to keep a pulse on hacker activities and employee/customer information.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 04-29-19

Cyber Alert: Last week, Chipotle accounts might be getting hacked and the Weather Channel is struck by ransomware.

Chipotle: American chain of fast casual restaurants
Exploit: Credential stuffing
Risk to Small Business: 1.888 = Severe: Several individuals took to Twitter and Reddit to report that their Chipotle accounts were being used to place unauthorized orders at locations across the country. However, many of the customers maintain that their passwords were unique to Chipotle, which could rule out the possibility of a credential stuffing attack and shift the blame directly on Chipotle. In response, Chipotle officials stated that they don’t believe their network was breached or that personal data was revealed to outside entities. This is the company’s second data security incident in two years, and they have yet to roll out two-factor authentication for their customers.
Individual Risk: 2.571 = Moderate: In credential stuffing attacks, hackers leverage personal information retrieved from past data breaches to breach new accounts. Chipotle account holders should enlist in identity monitoring solutions and reset their passwords to protect their information going forward.
Customers Impacted: To be determined.
How it Could Affect Your Business: Being able to rule out a credential stuffing attack is crucial to identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it becomes incredibly difficult to track how compromised data is being leveraged by hackers. When developing digital platforms, companies of all sizes need to plan to protect their customer data by taking every precaution to ensure that their information is never compromised.
Navicent Health: Second largest hospital in Georgia and part of the Central Georgia Health System.
Exploit: Employee e-mail breach
Risk to Small Business: 1.777 = Severe: In a recent data breach notice, Navicent Health disclosed that they learned about a breach originating with their employees’ corporate email accounts, which were accessed by an unauthorized third party. Although no evidence of identity theft was revealed, the company was forced to take responsibility, notify patients, and offer free identity protection services, while also pledging to improve their security infrastructure moving forward.
Individual Risk: 2.857 = Severe Navicent doesn’t believe any of the accessed data is being used to perpetuate identity theft or other cybercrimes, but the compromised emails did include sensitive patient data including their names, birthdays, addresses, medical information, and social security numbers.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies charged with handling personal health information (PHI) need a comprehensive understanding of their IT infrastructure, including potential vulnerabilities. Since HIPAA compliance and patient trust are both on the line, any company managing PHI should prioritize risk assessment and prevention. Employees should be the first line of defense, as they manage patient data on a daily basis, and they must be armed with proper cybersecurity awareness training to prevent future incidents.
Verint: Global cybersecurity firm offering analytics, surveillance, and business IT service
Exploit: Ransomware attack
Risk to Small Business: 2.111 = Severe: Verint is an international cybersecurity firm headquartered in the US, and the ransomware is currently contained within their Israel offices. The company reacted quickly, issuing an on-screen message that instructs employees to immediately shut down devices if they receive a ransomware message. However, the erosion of brand reputation has the potential to spread like wildfire, especially among cybersecurity experts and customers who catch wind of the incident.
Individual Risk: 2.857 = Severe: Ransomware attacks typically affect businesses because they prevent users from accessing files until a ransom is paid. However, when hackers gain access to a company’s network, there is always a risk of revealing personal information. At this time, there is no indication that Verint employee or customer information was compromised.
Customers Impacted: Unknown
How it Could Affect Your Business: This incident is a reminder of the difficulty of managing and maintaining an international IT infrastructure. Fortunately, Verint’s security software immediately detected the breach and made employees aware of best practices for combating a ransomware attack, but a lot more could have been done. Companies should invest in solutions that can proactively and continuously monitor hacker marketplaces for compromised employee or customer data. Especially in the case of companies conducting business in cybersecurity and IT infrastructure, the risk associated with damaged brand quality is too high.
The Weather Channel: Television network airing 24-hour coverage of weather
Exploit: Ransomware attack
Risk to Small Business: 2.333 = Severe: The Weather Channel’s daily morning show AMHQ was unable to air at its regular time because of a ransomware attack that temporarily incapacitated the network. The downtime lasted for more than 90 minutes, and viewers saw pre-recorded footage during this time.
Individual Risk: 3 = Moderate: It is not currently believed that any personal information was revealed in the ransomware attack.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a serious problem for companies of all sizes. Critical information and operations can be cut off until the ransom is paid. Businesses must establish security protocols and source advanced security solutions in order to appropriately respond in the event of a ransomware attack.
Augusta: The city capital of Maine, which provides services to 18,000 residents
Exploit: Computer virus
Risk to Small Business: 2.333 = Severe: A malicious software infiltrated and damaged the city’s computer network system and individual devices, shutting down all offices for an extended period of time. Not only did the virus prevent officials from using servers and computers, but it debilitated the machines used by emergency dispatchers, which required manual tracking of emergency vehicles and responses. The phone system and public safety radio system did remain operational during the ordeal, ensuring no disruption to public safety. Additionally, all services related to the computer network including billing, tax records, and general assistance were completely offline. City officials believe the incident was perpetrated by an inside threat who wanted to destroy, not capture, government data.
Individual Risk: 2.714 = Moderate: City officials don’t believe that any personal information was compromised in the attack, but they do admit that this information has become inaccessible. Individuals with data stored on the city network should be mindful of the vulnerability by taking precautions to ensure data parity.
Customers Impacted: Unknown
How it Could Affect Your Business: The notion that this incident could be perpetrated by an insider threat is a reminder than any single employee can do significant damage to a company’s IT infrastructure. Having contingency plans in place is a veritable must-have, but companies should also be prepared to provide support to any individuals impacted by the breach.
A Note From Kobargo:
How Will You Handle Ransomware?
Ransomware attacks are one of the scariest and most reported cyber-security threats, and a recent report found that most victims are now prepared to pay the ransom.
The Telstra’s 2019 Security Report surveyed 320 Australian businesses, more than half of which paid ransomware attackers to retrieve their data. Interestingly, 77% of those companies successfully recovered their information after paying the ransom.
In some ways, this is a good thing. Nobody wants to lose their data to hackers. However, it also incentivizes bad actors, making it possible for them to continue victimizing more people. Having a plan to combat and address ransomware is quickly becoming a critical component of any cyber-security strategy, and it’s one that demands more than just a cache of Bitcoin for a rainy day.  Kobargo Technology Partners will prepare you with the tools to fight back.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more