Data Breach, Cyber Alert Monday 04-22-19

Data Breach, Cyber Alert

Last week, phishing scams targeted US government and healthcare employees, and 60,000 digital fingerprints found their way to the Dark Web.

BBH: Mental health service provider’s South Carolina network
Exploit: Ransomware attack
Risk to Small Business: 1.777 = Severe: After local police detected a ransomware infection, the city was forced to shut down most of its servers. While police and fire facilities remain unaffected, other services, including payments to city agencies, are significantly restricted. Consequently, city officials recommend making cash payments until the network can be restored. The city expects servers to be offline for several days as they work to determine the next steps towards rectifying the situation.
Individual Risk: 2.571= Severe: According to the city’s communications manager, Brock Letchworth, the city does not believe that the incident compromised personal information.
Customers Impacted: To be determined.
How it Could Affect Your Business:  This episode is a reminder of the fragility within local infrastructure. Although critical safety operations remain unaffected, city employees are unable to continue business as usual, and new solutions are not immediately apparent. Most importantly, it’s essential to know if data is stolen and to understand what thieves intend to do with that information.
Minnesota Department of Human Services: Minnesota state agency
Exploit: Phishing scam
Risk to Small Business: 2= Severe: In March 2018, a bad actor logged into a state agency email account and sent emails seeking personal information and invoice payments via wire transfer. The breach was detected when an agency employee received the email and flagged it as suspicious. The breach was just disclosed this week, and department officials believe that hackers gained access to the personal information of 11,000 users.
Individual Risk: 2.285 = Severe: Although the agency contends that personal information has not been misused, the perpetrator certainly had access to the data of thousands of people. Because the breach impacted the agency’s Direct Care and Treatment division, the data stolen includes treatment information and other sensitive health files.
Customers Impacted: 11,000
How it Could Affect Your Business: This most recent incident is the department’s third breach in just over a year, something that can have broad implications for data security and patient trust. The employee who received the malicious email responded appropriately, but these scams are preventable through security training and education.
A Note From Kobargo:
Coming soon – Cybersecurity for 5G
As you might imagine, many industries are gearing up to harness the widely anticipated development of 5G. Although there is much to gain, including better speeds and more consistency, we must also prepare for 5G to usher in its own showcase of security threats.
One of the immediate concerns that rises to the top is how 5G will transform data collection and protection. With fast-moving and highly customized web traffic, new technologies such as IoT devices will be enabled, creating an unmet need in security statistics and metrics.
High-level cyber-security strategies must adapt to meet these needs, but one maxim still holds true. Hackers will continue to expose the gaps within the infrastructures of small businesses or enterprises, but Kobargo Technology Partners will prepare you with the tools to fight back.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 04-15-19

Cyber Alert: Last week, ransomware shuts down a US medical practice, freshmen hack their school’s Wi-Fi to avoid tests and UConn is hit with a $5M data breach lawsuit.

BBH: Mental health service provider based in Missouri
Exploit: Unsecured business associate portal
Risk to Small Business: 2.333= Severe: BBH has sent letters to patients notifying them of a breach that occurred in August of last year. Potential attackers would be able to infiltrate a business associate’s portal to access electronic protected health information (ePHI) and compromise sensitive records. The mental health service provider noted that there was no evidence of unauthorized access, but will be providing free identity monitoring, protection, and reporting from agencies including Equifax, Experian, and TransUnion. Along with the direct costs associated with offering such services to patients, the organization will have to pour funds into reputation management.
Individual Risk: 2.571= Severe: The exposed records included names, addresses, contact information, DOBs, medical history information, driver’s license numbers and SSNs. Given the amount of time that has lapsed, patients are at high risk and should immediately begin monitoring their identity and credit reports.
Customers Impacted: 67,493 patients
How it Could Affect Your Business: As breaches continue to become more commonplace, companies are being held accountable for providing free identity protection for their customers and employees. Such damage can be disabling for small businesses, especially when combined with the costs that come with managing public relation.
Brookside: Medical practice in Battle Creek, Michigan
Exploit: Ransomware attack
Risk to Small Business: 2= Severe: The doctor’s office of Dr. William Scalf and Dr. John Bizon will be forced to close on April 30th after falling victim to a ransomware attack and refusing to pay $6,500 to regain access. Although hackers were unable to compromise their data, all information regarding appointments, patients, and payments was completely erased.
Individual Risk: 2.428= Severe: Sensitive information of individuals was not accessed, only deleted. However, none of the unrecoverable data was salvaged and the office closure will force patients to seek treatment elsewhere, even those with imminent health concerns.
Customers Impacted: Undetermined
How it Could Affect Your Business: This security incident is a perfect example of how devastating a ransomware attack can be for small businesses and their customers. Hackers are capable of wiping out infrastructure and important records, causing business owners to rebuild from the ground-up. As such, company managers must begin assessing cybersecurity threats and working with MSPs to protect themselves from compromises going forward.
Secaucus High School: New Jersey school district
Exploit: Malware
Risk to Small Business: 2.333 =Severe: Two high school freshmen were arrested for disabling their school’s Wi-Fi system to avoid taking tests. The students used a private company to execute the hack, resulting in them being charged with computer criminal activity and conspiracy to commit computer criminal activity. Although the systems are back up and running, it remains to be seen how the students will be disciplined by the school district.
Individual Risk:  2.482= Severe: None.
Customers Impacted: 2
How it Could Affect Your Business: Hacks are being commoditized, with packaged products capable of bringing down systems and stealing information becoming readily available on the Dark Web. Smaller organizations must learn to recognize such trends and protect their members, customers, and staff by investing in security providers that host solutions enabling them to understand the inner workings of online, underground marketplaces.
A Note From Kobargo:
UConn’s $5M data breach lawsuit
The University of Connecticut Health Center has been served a class action lawsuit over a data breach that resulted in the exposure of 326,000 current and former patients. Yoselin Martinez and others are seeking $5M in damages, alleging that the university not only took months to report the breach, but could have done more to prevent it. Martinez claims that her bank account has been defrauded and overdrawn due to the information that was compromised during the breach.
The attack was discovered in December of last year, when an unauthorized party was able to access an employee’s email account and compromise names, DOBs, addresses, medical information, and SSNs. With the public eye scrutinizing organizational efforts to protect their customers and employees, small businesses must catch on early and begin working with MSPs to bolster new cybersecurity initiatives.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data breach, cyber alert Monday 04-08-2019


Verity Medical Foundation: Healthcare provider based in San Jose, CA.
Exploit: Employee phishing scam.
Risk to Small Business: 2.333 = Severe: VMF recently notified its patients of another security breach it suffered on January 16th of this year, immediately following two similar phishing incidents. A hacker was able to compromise an employee’s Office 365 account for several hours and send phishing emails internally and externally to gather usernames and passwords. Although the organization maintains that there is no evidence of patient information being accessed, they will now face scrutiny by the media and patients, along with being forced to deploy mandatory training for employees.

Individual Risk: 2.571 = Severe: Aside from account usernames and passwords, protected health information including DOBs, patient identification numbers, phone numbers, addresses, health plans, treatments received, SSNs, and even insurance details may have been exposed. While the company believes that it was unlikely that the attacker was after the data, affected patients should enlist in identity monitoring and additional security measures.

Customers Impacted: 14,894 patients
How it Could Affect Your Business: The compounding effects of back-to-back breaches can amount to serious losses for organizations. Even worse, employee phishing attacks are entirely preventable through the implementation of security training and education. If breach occurs, businesses are forced to enroll their employees in such programs anyway, and likely at a higher cost. By then, however, the damage will have already been done.

 Earl Enterprises: Hospitality industry giant that owns Buca Di Beppo, Planet Hollywood, Earl of Sandwich, and other restaurant brands

Exploit: Malware installation on point-of-sale (POS) systems

Risk to Small Business: 2 = Severe: In a press release published last Friday, the company announced that hackers had planted malware on POS systems, affecting over 100 restaurants between May 23, 2018, and March 18, 2019. After noticing a mysteriously large card dump in February, cybersecurity researchers realized that this incident is related to a database that is already available for sale on the Dark Web. In addition to dealing with customer churn and brand degradation, the company will now have to do its best to protect the users whose card information is up for grabs on the Dark Web.

Individual Risk: 2.428 = Severe: Credit and debit card numbers, expiration dates, and cardholder names were exposed in the incident and will eventually be sold to the highest bidder on the Dark Web. Anyone who dined at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, or Tequila Taqueria should consider cancelling their cards, monitoring their financial reports, and changing their passwords.

Customers Impacted: 2.15 million cardholders
How it Could Affect Your Business: In the wake of a breach, understanding how fraudsters plan on using stolen data is crucial to risk mitigation. If Earl Enterprises had worked with security providers capable of monitoring the Dark Web, the company would have been able to identify the threat earlier and act accordingly.

Canadian Internet Registration Authority: Canada’s not-for-proft agency that manages domain registry

Exploit: Ransomware infection to third-party system

Risk to Small Business: 2 = Severe: On March 26th, the CIRA’s parking garage suffered from a ransomware attack, allowing anyone to enter without a security check and park for free. The compromise persisted for two days, resulting in systems being locked with a ransom note displayed by the attackers. Since the parking garage company Precise Link did not have a backup of the files, restoring the systems will come at an incredibly high cost.

Individual Risk: 2.482 = Severe: It is unclear if the hackers gained access to employee data, but the risk for citizens should be little to none.

Customers Impacted: To be determined
How it Could Affect Your Business:Vendors that serve as third-party service providers for large firms should be wary of upcoming attacks. As hackers shift their focus towards the smallest vulnerabilities within an organization, they will certainly consider targeting the third-party companies that manage their data. To avoid future compromises, companies should work with a security solution that employs a Dark Web monitoring tool which can be crucial in determining if stolen information is trading hands between.

Toyota: Japanese car maker
Exploit: IT System breach.

Risk to Small Business: 2.333 = Severe: Toyota announced another data breach last week, making it the second incident within the past few months. After breaching the Australian arm of the company, this time hackers targeted main offices in Japan to access sales information for up to 3.1M customers. The company has yet to determine if details were extracted vs. just accessed but explained that customer financial information was not stored on the compromised servers. Additionally, they are uncertain if the hacks were perpetrated by the same group, yet security experts believe that APT32 cyber criminals are the likely culprits. Furthermore, it is being speculated that the hacker scheme involved leveraging the data gained in the Australian breach to execute the latest attack on the company’s Japan office headquarters.

Individual Risk: 2.571 = Moderate: Details regarding what information was exposed are still being determined, but Toyota customers should watch out for suspicious activities on their personal and payment accounts. Also, looking back to see what information was provided to the car maker can help determine the level of risk that may be involved.

Customers Impacted: 3.1 million users
How it Could Affect Your Business: Just because a company has been hacked before does not mean that it won’t be targeted again. In this case, it is quite possible that the fraudsters intended to extract valuable information from the Australian breach of Toyota in order to access their main offices. To keep systems airtight, companies must reevaluate what data is shared across working groups, departments, and offices, along with emphasizing the importance of adhering to cybersecurity best practices when it comes to their employees.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!
Read more
DATA BREACH, Cyber Alert Monday 04-01-2019

This week, a Dutch academic publisher is exposed, US sleep companies snooze on payment fraud, UK police face ransomware attack and Uber might be spying on us (again)…

Oregon Department of Human Services (DHS): State agency of Oregon.
Exploit: Employee phishing scam.
Risk to Small Business: Severe: Last Thursday, the Oregon DHS announced that it suffered a data breach after nine employees opened phishing emails and exposed their accounts to hackers. As a result, the social security and personal information of an undecided number of citizens could have been exposed. Along with having to inform the affected individuals, the state’s largest agency will be forced to upgrade security efforts and likely conduct cybersecurity training for employees.
Individual Risk: Moderate: The privacy breach could have included first and last names, addresses, DOBs, SSNs, and case numbers related to DHS programs. State residents should monitor their credit reports for possible payment fraud but will remain at risk.
Customers Impacted: To be determined
How it Could Affect Your Business: In the wake of numerous phishing attacks resulting in privacy breaches, organizations storing personal information must take notice and begin protecting individuals. Employee phishing scams are entirely preventable with proper cybersecurity training, which can effectively mitigate the risk of breach. The case and ROI for phishing security solutions becomes intuitive when we consider the potential damages and costs.
MyPillow and Amerisleep: Pillow and mattress companies in the US.
Exploit: Magecart attack on website checkout pages.
Risk to Small Business: Severe: After being targeted as early as 2017, both online retailers faced card skimming attacks. In this scheme, hackers will insert malicious code into website checkout pages and covertly swipe customer payment information. Although MyPillow discovered the first compromise almost immediately, it argued that the second attack did not result in the loss of information. On the other hand, Amerisleep has not responded to comments. Depending on what further investigations reveal, it is possible that the sleep companies will face hefty fines for their delay in responding as well as scrutiny from online shoppers.
Individual Risk:  Severe :As you can imagine, any information provided on a checkout page is up for grabs during a Magecart attack. This could include first and last names, addresses, credit card numbers, and more.
Customers Impacted: To be determined.
How it Could Affect Your Business: Most recent Magecart attacks such as those on British Airways and Newegg were targeted towards larger firms, but now hacking groups are shifting their focus to small businesses. Skimming schemes are especially dangerous since they can be hard to trace, yet able to extract valuable customer information. Once cybercriminals can get their hands on such data, they will move to the Dark Web to make profits or conduct payment fraud.
Canada-Natural Health Services: Largest referral network of medical cannabis users.
Exploit: Breach of medical records.
Risk to Small Business: Severe: Between December 4, 2018, and January 7, 2019, attackers gained access to the electronic medical records (EMR) system containing personal health information. The company was forced to notify its B2B clients, which could result in turnover and a degradation of trust.
Individual Risk: Severe: Exposed information included patient’s personal information, medical diagnoses, and referral data. At the same time, no patient prescriptions, credit card information, or SSNs were involved.
Customers Impacted: To be determined
How it Could Affect Your  Business: Organizations that store large amounts of personal data on behalf of B2B clients should be especially vigilant for cyber-attacks, given the amount of information at stake. In the event of such a breach, a security solution that employs a Dark Web monitoring tool can be crucial in determining if stolen information is trading hands between cybercriminals.
UK Police Federation: Organization that represents 119,000 police officers across England and Wales.
Exploit: Ransomware attack
Risk to Small Business: Severe: A ransomware attack hit computers at the federation’s Surrey headquarters on March 9, encrypting several databases and email systems. This led to a disruption in services, along with the deletion of all backup data. The organization will be forced to rebuild its systems and ensure that data was not compromised.
Individual Risk: Moderate Risk:  Currently there is no indication that data was extracted from their systems, but the attack has severely damaged the organization’s infrastructure.
Customers Impacted: Undisclosed
How it Could Affect Your  Business: The National Crime Agency is investigating the attack, but the police federation believes that it was not targeted specifically and was victim to a larger campaign. As the threat of ransomware continues to evolve, companies must avoid getting caught in the crosshairs by arming themselves with cybersecurity training and protocols.
Health Service Executive (HSE): National health service website.
Exploit: Unauthorized adtech.
Risk to Small Business: Severe: Webpage users are having their data “continuously and invisibly leaked to commercial actors,” including sensitive topics with health-related information. A study of adtech installed on public health service websites found that 73% of HSE landing pages contained ad trackers. Although organizations are not being held responsible for this type of data exposure, consumers are easily spooked. Because of the study and the looming threat of GDPR compliance fines, the HSE is in the process of redesigning its website.
Individual Risk: SevereCookies placed on the website could be used to infer sensitive information about user health information. These companies can build profiles and sell them to third-party marketers, insurers, credit raters, and more. Nevertheless, this news only brings mid-level risk since the companies involved are typically not malicious in nature.
Customers Impacted: To be determined.
How it Could Affect Your Business:  The business of leveraging customer data for precision marketing is coming under scrutiny, especially with the introduction of GDPR in Europe. As the public becomes more aware of how their data is being used, companies must adapt by implementing security solutions to protect their consumers.
Group of Italian Investors: Independent investors.
Exploit: Crypto fraud via social engineering.
Risk to Small Business: Severe: The Italian authorities recently arrested a computer expert who was able to exploit communication channels and false identities from the Dark Web to defraud crypto investors. The hacker posed as a representative of a reputable Swiss investment firm to earn the trust of the victims. Although no individual business faces risk, more crypto-related breaches may result in an eventual downturn in investments.
Individual Risk: Severe: Investors in the crypto market should be wary of such hacks, since crypto transactions are typically untraceable and irreversible. Nevertheless, personal and payment information is not at stake, so the individual risk of future breaches is not impacted.
Customers Impacted: Unknown.
How it Could Affect Your  Business: This incident is proof of how identities on the Dark Web can be leveraged by hackers to conduct payment fraud via social engineering. To stop such exploits from occurring in the first place, companies must protect employees and customers by investing in security solutions that can guard against phishing and privacy-related attacks.
Elsevier: Scholarly paper publisher and analytics company
Exploit: Server misconfiguration.
Risk to Small Business: Severe: Login credentials for users were exposed after the company’s servers were misconfigured, affecting students and teachers at universities across the world. Since it was a human error attack, Elsevier was able to secure the leaky server quickly and is issuing password reset links to users. Like other B2B breaches, such an exposure is certainly bad for business and can result in the loss of clientele.
Individual Risk: Moderate: User email addresses and passwords may have been compromised, which could jeopardize other accounts where the same passwords are used. Those affected should change their passwords across all accounts immediately.
Customers Impacted: To be determined
How it Could Affect Your Business: Organizational data can be leveraged by hackers and put up for sale on the Dark Web or used to conduct payment fraud. With the knowledge that cybercriminals are looking for targets with limited security controls and valuable data, small businesses need to work with security providers to protect themselves and their customers.
Uber: Transportation network company headquartered in San Francisco, California.
Exploit: Spyware.
Risk to Small Business: Severe: A rogue employee deployed a “secret spyware program” to help Uber get a competitive advantage against local businesses in Australian markets. Dubbed Surfcam, the software was developed in 2015 and scraped driver and vehicle data. The company spokesperson is denying any claims, but this is now the second time Surfcam has been mentioned after similar allegations were made in Singapore.
Individual Risk: Moderate: Although the spyware program is likely using rider data to optimize marketing efforts on behalf of Uber, it can have serious consequences for competitors and consumers in the long run. At the same time, users do not face immediate threat.
Customers Impacted: Unknown
How it Could Affect Your Business: The improper use of data is making headlines across the world, and companies must do everything they can to avoid being involved. The stewardship of personal and payment information should be at utmost importance for small businesses and can be accomplished by partnering with the right security solution.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 03-25-2019

Cyber Alert Monday, Data Breach- We are falling prey to the phenomenon of “data breach fatigue.” Indoctrinated with daily news of compromises, we’re beginning to ignore the possibility of future cyber-attacks.

Why data never expires on the Dark Web
In the ongoing slew of mega data breaches, it’s likely that our personal information has been breached and is being auctioned off on the Dark Web. Hackers are not only scooping up more personally identifiable information (PII) than ever before, but also additional information that can be leveraged to conduct damaging fraud. At the same time, we are falling prey to the phenomenon of “data breach fatigue.” Indoctrinated with daily news of compromises, we’re beginning to ignore the possibility of future cyber-attacks.
Simply changing a few passwords is not enough. When a hacker gets his hands on persistent records such as a customer name, SSN, or permanent address, it almost never expires. The only way to survive in this new reality is by protecting employees and customers from identity theft. How can this be accomplished? Investing in identity theft solutions that can detect compromises proactively by monitoring for an organization’s employee and customer data on the Dark Web.

Last week’s Hacks, Attacks, Breaches and More…

Sizmek: American online advertising platform based in Austin

Exploit: User account takeover.
Risk to Small Business: Severe: Security researcher Brian Krebs caught hackers auctioning access to a Sizmek user account on the Dark Web, specifically a Russian-language cybercrime forum. The bidding began at $800 per account. With account access in hand, threat actors are capable of infecting ongoing ad campaigns or siphoning profits from ads in the system. After investigating, Sizmek believes that the account in question was simply a regular user account, without higher level administrator access. Nevertheless, the platform will be forced to upgrade security and deal with a PR nightmare to retain customers and continue to do business.
Individual Risk: Severe: Given that the company connects over 20,000 advertisers with 3,600 agencies across 70 countries, such a compromise could have displaced advertising revenue from clients and passed undetected for quite some time. This type of attack poses a high risk for Sizmek clients and their end-users, who have the most to lose in the event of a breach.
Customers Impacted: To be determined.
How it Could Affect Your Business:  In an ecosystem of evolving B2B2C business models, companies that provide services for business users must acknowledge the possibility and gravity of a cyber-attack. As evidenced by this event, cybercriminals are peddling access to attack vectors that have the potential to cripple businesses on the Dark Web. Partnering with an MSP who can proactively monitor and navigate the inner workings of the Dark Web is crucial to securing small business customers and end users.

Delaware Guidance Services: Non-profit that offers mental health services for children, youth, and families.

Exploit: Ransomware attack.
Risk to Small Business: Severe: The Delaware-based organization issued letters to 50,000 patients notifying them of a ransomware attack that took place on December 25, 2018. After records were locked by hackers, DGS ended up paying a ransom in exchange for a decryption key to regain access. Although their investigation concluded that no data was compromised, they are offering free credit monitoring and reporting services for one year to those affected.
Individual Risk: Severe: Personal details including names, addresses, DOBs, SSNs, and medical information was impacted. All members have been advised to review financial and credit reports for any suspicious activity.
Customers Impacted:  50,000 patients.
How it Could Affect Your Business: The threat of ransomware is increasing at alarming rates, and small businesses must begin to consider the potential impact of an attack on their systems. In the event of a breach, management is forced to decide whether to pay the ransom or risk losing access to customer records forever. Source

Orchard View School District: A high school district in Muskegon Township, Michigan.

Exploit: Internal data breach.
Risk to Small Business: Severe: Students allegedly hacked the school’s information system, PowerSchool, and altered grades and attendance records. The school has notified parents of the students who may be responsible and is investigating the incident. However, what data was modified and how accessed has yet to be determined.
Individual Risk: Moderate: Depending on whether a ledger of the previous data was stored or removed, other students could be at risk for having their grades modified. Regardless, the possibility of losing such data can be upsetting for students, to say the least.
Customers Impacted: To be determined.
How it Could Affect Your Business: Organizations that store important information must remain vigilant for cyber-attacks, especially originating from within. To protect valuable data from getting in the hands of the wrong people, internal systems must be “fool-proofed” by partnering with the right security provider.
The right security partner can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into its strongest points of protection.  Source.

FILA: UK branch of sportswear brand 

Exploit: Card-stealing Javascript malware.
Risk to Small Business: Severe: Russian security vendor Group-IB discovered that a malware dubbed GMO was installed into the clothing brand’s website for at least the past four months. The attacker responsible was able to secretly collect card data entered by customers through the company’s server, researchers reported. However, the company was unable to remove the card-stealing code from their site until very recently. Along with the threat of fines and lawsuits, the business will certainly face customer churn.
Individual Risk: Severe: Anyone who ordered from the website should be contacting their bank and checking their statements. Since the company has yet to issue a statement, it could be months before customers are notified and able to act, potentially putting them at severe risk.
Customers Impacted: An estimated 5,600 cardholders.
How it Could Affect Your Business: As the world of e-commerce grows increasingly competitive, especially in the lens of the apparel industry, businesses should know that such a breach can produce catastrophic consequences. Keeping online shoppers on your website is hard enough as-is, and companies must avoid breaches at all costs to retain trust. In order to do so, it becomes a simple matter of enlisting the help of an IT security provider. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today! 

Read more