Cyber Alert Monday, Data Breach-First they scam you, then they hack you.  Lowlife internet criminals are exploiting your fears about the latest airline crashes and using it to phish you. Plus, it’s a bad week to be a U.S. Surgeon or Dun & Bradstreet as a whole.

Scam Of the Week: Airplane Crash Scam Warning.

Be on the lookout for emails in your inbox from “analysts” about the recent Boeing 737 Max airplane crashes, asking you to notify your loved ones about possible other airlines “that will go down soon”. These emails come with infected attachments that might make it through the filters, either at the office or at your house.
Remember to always be alert about email with unknown attachments, and never open an attachment unless you are expecting it from the sender and have confirmed that they have actually sent it to you.

Last week’s Hacks, Attacks, Breaches and More…

Columbia Surgical specialists: Surgical facility in Spokane, Washington.

Exploit: Ransomware attack.
Risk to Small Business: Severe: Columbia Surgical Specialists decided to pay almost $15,000 in ransom to unlock files that were encrypted by hackers. After originally discovering the incident on January 9th, the firm hired an outside security firm to mitigate the aftereffects of the attack. Initially, it was believed that 400,000 patients could have been affected, but the number has since then been reduced. Columbia Surgical Specialists explained that their delay in reporting was due to the time needed to analyze information surrounding the breach, and they do not believe that the attackers were able to access patient data.
Individual Risk: Severe: Names, drivers’ license numbers, SSNs, and protected health information was impacted in the ransomware attack. However, the outside security firm believes that it is unlikely that the data was exposed in the incident.
Customers Impacted: To be determined.
How it Could Affect Your Business:  Ransomware is a sticky subject for businesses and can resemble a virtual hostage situation. In the event of an attack, security experts recommend not paying ransoms to hackers, since it incentivizes future exploits and can result in greater demands. To prevent such exploits from occurring in the first place, organizations must partner up with managed security providers.
Source

Dun & Bradstreet: Business analytics company based in New Jersey.

Exploit: Trojan spam campaign.
Risk to Small Business: Moderate: Emails identified as spam were found attempting to impersonate Dun & Bradstreet’s official website using a lookalike domain. These “complaint” emails contained macros that deliver Trickbot, a damaging trojan that can be leveraged by hackers against banks. However, security researchers were able to uncover the campaign and users have been advised to disable macros from automatically opening in the Word application or open their emails in protected view.
Individual Risk: Moderate: If users avoid opening spam emails and attachments, there is limited risk involved. Nevertheless, if the Trickbot trojan installs itself on a computer containing valuable files, all bets are off.
Customers Impacted: To be determined.
How it Could Affect Your Business: Phishing campaigns are not only growing in sophistication but also their potential impact. Enhancing cybersecurity efforts at your company begins with the first-line of defense: your employees. To protect invaluable assets and customer data, businesses must improve cybersecurity awareness and prepare their workforce for inevitable phishing attacks. Source

Grinnell, Oberlin, and Hamilton Colleges: Three private colleges across the US.

Exploit: System breaches and ransom schemes.
Risk to Small Business: Severe: College applicants across Grinnell, Oberlin, and Hamilton are receiving ransom notes from hackers who claim to have access to their files. The only common thread that the three colleges share is a third-party data system known as Slate, which helps track applicant data, but security experts do not believe the company was at fault. Information that was allegedly hacked included personal information, along with notes from admissions officers and acceptance decisions. Although two of the colleges have stated that financial information was encrypted and not exposed, all three will likely face reputational damages and a downtrend in applications.
Individual Risk: Severe: If the hackers are unable to generate profit from the ransom schemes, they will most likely turn to the Dark Web or orchestrate identity theft themselves. Applicants are at high risk unless authorities can pinpoint and mitigate the source of the breach.
Customers Impacted: To be determined.
How it Could Affect Your Business: As the higher education vertical continues to grow more competitive for students, such a breach can be crippling for any institution. News of college applicants being hacked can cause serious concerns for prospective students and even result in turnover amongst current ones. To draw the parallel to small business, having a lead generation system breached can be similarly catastrophic to any company.
The first step to containing such an incident should be to understand whether hackers truly have access to customer data, and whether they are trying to sell it. One way to accomplish this is to proactively monitor the Dark Web for stolen customer data. Source.

Rush University Medical Center: Academic medical center in Chicago, IL.

Exploit: Third-party breach.
Risk to Small Business: Severe: After unearthing a massive data breach on January 22nd, the hospital revoked its contract with an IT vendor and launched an investigation. Patients whose data was compromised were notified, but Rush maintains that the data was not misused after the incident. Although the institution has offered one-year identity protection and breach helplines, this is the second security incident that Rush has suffered within the last year, causing patients and caregivers to reconsider their selection in care providers.
Individual Risk: Severe: According to a financial filing by the medical center, compromised data included names, addresses, birthdays, SSNs, health insurance information, and even medical data. Patients should enroll in identity protection immediately and continue to monitor their accounts for fraudulent activity.
Customers Impacted: 45,000
How it Could Affect Your Business: Back-to-back breaches produce adverse effects on customer retention, and this is especially true in healthcare. As patients grow increasingly cyber-vigilant, it is only a matter of time until they will evaluate security when choosing their care providers. By partnering with the right MSPs, businesses can avoid breaches while building rapport with their customers. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today! 

Cyber Alert Monday, Data Breach- Why should you care about the latest data breach or ransomware attack? Reality is, you don’t have to. In fact, that’s what cyber-criminals are counting on.

Topps: U.S. Sports trading card and collectible company.

Exploit: Form-jacking attack.
Risk to Small Business: Severe: After initially discovering unauthorized access in December and investigating, the company confirmed that customers who had placed orders from November through January may have been compromised. Payment card details including credit/debit card numbers, card expiration dates, and security codes were breached. This is the second breach suffered by the company in recent years, which may compound customer churn and security costs.
Individual Risk: Severe: Personal information such as customer names, mailing addresses, telephone numbers, and email addresses were also exposed during the attack. Users are being asked to review their payment card statements and stay alert for possible identity theft.
Customers Impacted: To be determined.
How it Could Affect Your Business:  Form-jacking attacks are being deployed by hackers at an unprecedented rate, with a targeted focus towards online retailers. Once customer data is skimmed from an e-commerce site using malicious code, it can be sold on the Dark Web for profit or used to carry out various forms of cyber fraud. Even worse, such attacks can go unnoticed for long periods of time, causing more damage to both companies and their customers. Source
 

St. Francis Physician Services: Health system based in South Carolina.

Exploit: Unauthorized access of electronic health record system.
Risk to Small Business: Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach.
Individual Risk: Severe: On January 4th, it was discovered that an unauthorized individual gained access to systems of Milestone Family Medicine, a medical practice in Greenville. The SFPS health system previously employed the physicians that worked at Milestone Family Medicine, leading the larger organization to launch an investigation. While there is currently no indication of information misuse, letters have been sent to patients alerting them of the breach.
Customers Impacted: To be determined.
How it Could Affect Your Business:  In this scenario, SFPS was obligated to disclose the data breach even though Milestone Family Medicine was no longer a part of its network. Small businesses should be educated on data breach notification requirements that are becoming increasingly stringent. To avoid similar situations from arising, companies must shield themselves from third-party or employee-related breaches. Source
 

Samsung Canada: Canadian arm of the Samsung Electronics company

Exploit: Third-party employee breach.
Risk to Small Business: Severe: On November 29th, 2018, an intruder gained account credentials for a Glentel employee and was able to view personal details of shoppers on the Samsung Canada online store. Glentel is the independent wireless retailer that operates the Samsung website, and was able to address the vulnerability within the same day. The company was forced to disclose the breach to its customers but has offered assurances that no financial information was exposed.
Individual Risk: Severe: Names, addresses, emails, phone numbers, and product purchase details were compromised. However, only customers that were making purchases during the time of exposure would have been affected.
Customers Impacted: To be determined.
How it Could Affect Your Business: Disguising or diminishing the consequences of a data breach can be detrimental for any organization. A customer openly spoke out against the data breach notification on Twitter, sarcastically noting that “only my address, phone number, email was accessed… Thanks, Samsung Canada”. In the event of a breach, it is important to communicate effectively with customers in order to restore trust and get back to business. Source.
 

NWT Department of Health and Social Services: Health department for the Northwest Territories of Canada

Exploit: Theft of government employee laptop.
Risk to Small Business: Severe: On May 9th, 2018, an intruder broke into a car and stole a government employee’s laptop, resulting in a severe privacy breach. It is estimated that the device contained information on up to 40,000 Canadian citizens, and included sensitive health information. Officials are citing inadequate privacy training as the core issue since managers are instructed to delete sensitive data immediately after using them. The department will now be required to conduct a list of privacy initiatives by 2020, resulting in expensive investments measured in time and money.
Individual Risk: Severe: Although less than half of those affected were only identified by health card numbers, the remaining 53% could be at risk since their names, dates of birth, health card numbers, and diagnoses were stored on the exposed laptop. Such sensitive data can be sold on the Dark Web to the highest bidder or leveraged for harmful identity theft.
Customers Impacted: 40,000 Canadian residents.
How it Could Affect Your Business: Employees are identified as agents, or extensions, of the company they work for. When news breaks that an employee is responsible for a data compromise, the entire organization is put under a microscope. Businesses must ensure that their workforce acts as custodians of customer data, and this can be accomplished through privacy training and proper vetting. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today! 
 

Cyber Alert Monday, Data Breach- That business lunch you enjoyed last week just cost you more than you think. 100+ restaurants and hotels across nine states had their customer data accessed.

North Country Business Products:  A  Minnesota-based provider of POS systems for the hospitality sector.

Exploit: Malware injection into point-of-sale (POS) systems.
Risk to Small Business: EXTREME: Customers of restaurants and hotels in nine states, including some 50 Arizona establishments and 65 Dunn Brothers coffee shops, may have had their payment card information accessed between January 3 and January 24, 2019. Announcement of this potential exposure was made February 15 by North Country Business Products, which provides point-of-sale software systems in the hospitality sector. Upon discerning suspicious activity in certain of its clients’ networks, North Country launched an investigation January 4, determining on January 30 that an outside party deployed malware to some of its business partners.
Individual Risk: SEVERE RISK:  Information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV. Criminals can use this information to commit payment fraud, so those who patronized the Arizona restaurants and hotels affected should continuously review account statements and monitor credit reports. North Country, which says that the problem has been corrected, lists the businesses potentially affected on its website and has set up a helpline for consumers.
Customers Impacted: To be determined.
How it Could Affect Your Business:  The issue was first noticed January 4 and data continued to be exposed for another 20 days, until January 24, signaling an opportunity for North Country Business Products to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source
 

AdventHealth Medical Group: Taveras, Florida-based health care practice.

Exploit: Malware.
Risk to Small Business: Severe: AdventHealth Group recently announced a 16-month data breach stretching back to August 2017 that exposed some 42,000 patients’ sensitive personal data. The medical provider group has not detected how the malware was installed, nor has it stated why the breach was not discovered for nearly a year and a half.
Individual Risk: Severe: The malware allowed access to patient names, addresses, email addresses, telephone numbers, dates of birth, health insurance information, Social Security numbers, and medical histories, as well as race, gender, weight, and height. This data could allow identity theft and potentially blackmail where particularly sensitive medical conditions, such as HIV/AIDS or addiction, are concerned.
Customers Impacted: 42,000.
How it Could Affect Your Business: The data breach extended across 16 months before it was discovered, and the medical group has not yet determined its origin, indicating a need to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source
 

American consumers: Online users in the United States

Exploit: Malvertising campaign.
Risk to Small Business: Severe: A malvertising campaign by the eGobbler group targeting U.S. users was launched over Presidents Day weekend, February 16-18, garnering some 800 million impressions. Those who clicked on the ads were redirected to a wide range of phishing sites that attempted to trick consumers to enter personal details, including financial information.
Individual Risk: Moderate: Cybercriminals can use the information collected to conduct spear phishing email campaigns or they can sell the stolen credentials on the Dark Web to other criminals.
Customers Impacted: Unknown.
How it Could Affect Your Business: Malvertising campaigns can expose sensitive customer and employee data, or cause mistrust in websites hosting the infected ads leading to brand erosion and customer churn. Source.
 

Labour Party: Second largest political party in the United Kingdom

Exploit: Theft of data from member databases.
Risk to Small Business: Severe: The United Kingdom’s Labour Party announced February 20, 2019, that it had detected several attempts to access member databases and campaign tools. The surmise is that members of Parliament (MPs) who recently left the Labour Party to form a competing party known as The Independent Group tried to steal information that would allow targeting in future political campaigns. Anyone obtaining or attempting to obtain personal data without the consent of the controller is committing an offense under the U.K.’s Data Protection Act of 2018.
Individual Risk: Moderate: It is yet unknown if information was obtained by individuals whose access to that information should have been revoked. Labour Party officials may also be questioned as to the large number of individuals with access to its databases, including not only MPs but also paid and volunteer campaign associates across the nation.
Customers Impacted: Undisclosed.
How it Could Affect Your Business: All organizations, whether public or private sector, need robust systems and processes to validate access rights and continually manage those rights, which includes triggering notices when unauthorized parties attempt to gain access. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today! 
 

Cyber Alert Monday,Data Breach- The Cyber-criminal Spring Break party jumps off early this year, targeting favorite food spots, kids camps and more.

Dunkin’ Donuts: One of the world’s leading baked goods and coffee chains.

Exploit: Credential stuffing attack.  ( A type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a Data Breach). This information is used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application).

Risk to Small Business: Severe: On February 12th, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018. As we’ve covered before, hackers employ credential stuffing attacks by leveraging previously leaked usernames and passwords to access user accounts. In this case, they were able to breach DD Perks rewards accounts and are putting them up for sale on Dark Web forums. Aside for the “double whammy” of two attacks within a short time-frame, loyal customers who have lost their rewards will likely bring their business elsewhere.
Individual Risk: Moderate:  This Data Breach consisted of exposed accounts containing personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes. Although the accounts have been put up for sale so that buyers on the Dark Web can cash out on reward points, they can also use credentials to orchestrate further cyberattacks.
Customers Impacted: 12,000.
How it Could Affect Your Business:  The trend of credential stuffing is only the first wave resulting from billions of recently leaked usernames and passwords. Companies that experience similar attacks on user accounts will be held liable, regardless of whether they are the source of the breach. To protect from future attacks, businesses must team up with security providers to ensure state-of-the-art password protection and Dark Web monitoring. Source
 

DataCamp: Online learning platform for data science

Exploit: Unauthorized system access.
Risk to Small Business: Severe: Last Monday, the site announced that it had suffered a breach affecting users of the platform. A third-party was able to gain access to one of its systems, and the company has notified users, logged out all accounts, and reset passwords since then. Additionally, an investigation has been initiated to discover the exact cause of the breach and how many users are affected.
Individual Risk: Moderate: Personal information including names, email addresses, and optional information such as location, company, biography, education, and profile picture were exposed. This was coupled by account details containing hashed passwords, account creation dates, last sign-in dates, and IP addresses. Users should immediately reset their passwords across all associated accounts, especially if they created a complete profile on DataCamp.
Customers Impacted: To be determined.
How it Could Affect Your Business: Striking the balance between convenience and security becomes increasingly difficult during a breach incident. In this scenario, DataCamp took an added precaution by logging all users out of their accounts and requesting password resets. However, it is entirely possible that users will switch over to other platforms after being inconvenienced. To maintain a loyal customer base, companies should focus on security solutions that are not intrusive to the customer’s path to purchase. Source
 

Truluck’s Seafood, Steak, & Crab House: Houston-based chain restaurant

Exploit: Malware injection into point-of-sale (POS) systems.
Risk to Small Business: Severe: Truluck’s recently disclosed a Data Breach notification to one of its servers, which occurred between November 21 to December 8 of 2018. The investigation has revealed that malware was injected into POS systems of 8 restaurant locations across Austin, Houston, Naples, Southlake, and Chicago. Although payment information was compromised, personal information was not stored, which means that the company will likely deal with breach-related expenses but be able to retain customers.
Individual Risk: Severe: Compromised information included debit or credit card numbers and expiration dates. Hackers can use such details to execute payment fraud, so previous restaurant patrons should continuously review account statements and monitor credit reports.
Customers Impacted: To be determined.
How it Could Affect Your Business: The payment breach was discovered two months after it was initially conducted, signaling an opportunity for Truluck’s to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today! 
 

PHP Exploit, Cyber Alert Monday  02-18- 2019

2017: The Year of Cryptojacking. 2018: The Year of Ransomware. 2019 PHP Exploit? Is this year is shaping up to be the year of Phishing? See who got hacked…

Trakt:  A US media service for tracking movies and shows watched online. 

Exploit: PHP Exploit. (An application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context.
Risk to Small Business: Severe: The California-based media platform emailed its customers notifying them of a breach (PHP exploit) that took place over 4 years ago, in December of 2014. In their statement, they claimed that they only recently discovered the breach, and took steps to mitigate it since. Payment information was not disclosed, but usernames, emails, passwords, names, and locations were. The investigation is ongoing, but the only risk at this point seems to be that of customer attrition.
Individual Risk: Moderate: The company seems to have inadvertently mitigated the breach, migrating to a more secure version of its website in January 2015. However, users that have recycled passwords between accounts should be wary.
Customers Impacted: To be determined
How it Could Affect Your Business: Even without involving payment data, breaches that trace back multiple years can unnerve end-users into deleting their accounts forever. When they receive an email notifying them that a breach from 2014 was just now discovered, they are likely to weigh other options or stop using the service entirely. In a world where competition is cutthroat and the customer has more information and choices at their fingertips than ever before, businesses must do everything in their power to retain and build trust. Source
 

Olympia Financial Group: Full-service Canadian mortgage firm and trust

Exploit: Ransomware attack on IT infrastructure.
Risk to Small Business: Severe: Last week, the company reported a ransomware attack on its information technology systems, resulting in an adverse interruption to business operations. The company will continue to investigate the attack but currently believes that personal information was left intact.
Individual Risk: Moderate: The company has claimed that there is currently no evidence that suggests that customers were impacted, but clients should check for updates since the investigation is still underway.
Customers Impacted: To be determined
How it Could Affect Your Business: Ransomware attacks are trending in volume and intricacy, forcing businesses to finally realize the potential threat of losing control of their business systems. Small businesses are not exempt, and they must partner with security providers that can help prevent and mitigate such attacks.Source
 

Canada CarePartners: Ontario-based healthcare service provider

Exploit: PData dumping extortion
Risk to Small Business: Severe: After suffering a data breach back in June 2018 affecting patients, the Canadian firm is now facing an exposure of employee information. The recent “data dump” contains employee earnings, contractor details, and forms that include names, addresses, social security numbers, and wages. Currently, the hackers are requesting 5 bitcoins for the encryption key that unlocks most of the files, but CarePartners has not yet responded.
Individual Risk: Moderate: Personal and financial information is at stake, and CarePartners employees have reasons to be worried. If the hackers are unable to find profits from the data dumping extortion, they will likely sell the information on the Dark Web and allow fraudsters to use the data to conduct damaging cyber-attacks.
Customers Impacted: Over 12,000 files including employer information
How it Could Affect Your Business: The prospect of a double attack is becoming more probable, and businesses should take notice. Experiencing two consecutive data breaches can be a crippling blow to any business, especially when they impact both customers and employees. Retention becomes an uphill battle, as customers and employees begin to quit in droves. In order to prevent this, businesses must work with experts who use industry-leading cybersecurity solutions. Source.
Protect your business from a Ransomware Attack. Contact Kobargo Technology Partners today for a free consultation!