Last week, compromised email accounts expose customer data, ransomware disrupts remote work, and the FBI releases a new warning about COVID-19 related healthcare cybercrime.   

United States – AST LLC

Exploit: Employee payroll breach 
AST LLC.: Cloud & digital transformation service provider  

Risk to Small Business: 1.871 = Severe

Using a previously compromised email account, hackers accessed employee payroll information. Hackers used their access to set up rules that diverted received messages, making it more difficult for the company to detect the breach. The incident, which occurred on March 9, 2020, has prompted the company to update its cybersecurity standards to include two-factor authentication on company email accounts. Unfortunately, this change is too-little-too-late and is unlikely to assuage the concerns of the company’s enterprise clients. 

Individual Risk: 1.690 = Severe

Hackers accessed employees’ payroll information and 2019 W-2 forms, which included their names, addresses, salary details, Social Security numbers, employer identification numbers, and other work-related information. AST has warned employees that this information will likely be transferred to the Dark Web, where it could be used to create convincing spear phishing emails. The company is offering affected personnel a year of identity theft prevention services, and victims should enroll in this service as an extra defense against additional cybercrimes related to this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Employee email accounts are often compromised, and this can have significant repercussions for both employee and company data. Simple steps, like enabling multi-factor authentication, can help keep these accounts secure while protecting ROI.

United States – San Francisco International Airport

Exploit: Malware attack
San Francisco International Airport: Airport authority

Risk to Small Business: 2.505 = Moderate

A malware attack on two websites related to the San Francisco International Airport, SFOConnect.com and SFOConstruction.com, compromised users’ login credentials. The breach applies specifically to users accessing the sites using Internet Explorer or a Windows-based personal device. In response, the airport has reset all account passwords, and they are encouraging everyone with an account on these platforms to update their login information for other websites that use the same information. 

Individual Risk: 2.775 = Moderate

Hackers obtained peoples’ usernames and passwords. Although the company was quick to reset these credentials, victims should be mindful that this information could be used to access other accounts that rely on the same username and password combination. Therefore, they should carefully monitor their accounts for suspicious or unusual activity.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Stolen login credentials are often available for sale on the Dark Web, making an awareness of this nefarious marketplace an integral part of any company’s cybersecurity strategy. By having your eyes and ears attuned to this information’s availability, companies can prevent its use before it enables a more devastating data breach. 

---

Canada – Holland America Line, Inc.

Exploit: Accidental data sharing 
Holland America Line, Inc.: Cruise company 

Risk to Small Business: 1.833 = Severe

When communicating with COVID-19 patients from a recently-docked cruise ship, authorities accidentally emailed an attachment that included the personal details to all cruise line passengers impacted by the virus. Compounding the problem, many recipients forwarded the email, expanding the scope of the data exposure. Impacting COVID-19 patients, this data breach is an awful event occurring at a terrible time.

Individual Risk: 1.905 = Severe

The breach includes patients’ personally identifiable information, including their names, addresses, dates of birth, email addresses, phone numbers, and passport numbers. The 247 passengers are also being asked to change their passport numbers. Victims should enroll in a credit and identity monitoring service to ensure the long-term integrity of this critical data.  

Customers Impacted: 247

How it Could Affect Your Customers’ Business: This incident is a reminder that companies need a 360-degree approach to data security that accounts for all types of data loss opportunities. In this way, holistic cybersecurity training can equip employees to rightly prioritize company data and to take appropriate steps to mitigate the risk of a data breach.

---

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Thousands of Zoom Credentials Available on Dark Web      

As we recently reported in our blog, Zoom and other video conferencing services have soared in popularity, but their convenience can come at a steep cost to cybersecurity. Unfortunately, these services have been subject to a litany of cyber threats. Terms like “Zoom bombing” are now part of our vernacular as Zoom takes the most heat for cybersecurity weaknesses, but other services have faced privacy concerns of their own. 

This reality was underscored this week when cybersecurity researchers discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users.

Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing Dark Web monitoring is one way to stay ahead of the game during this critical time.

https://securityaffairs.co/wordpress/101475/deep-web/zoom-dark-web.html

---

A Note From Kobargo

COVID-19 Treatment Centers Targeted by Cybercrime   

This week, the Federal Bureau of Investigation (FBI) issued a warning that hackers are increasingly targeting companies pursuing treatments for the novel Coronavirus. As a result, the FBI warned, “Now is the time to protect critical research you’re conducting.”   

Of course, it’s not just researchers experiencing a surge in COVID-19-related cyberattacks. Other healthcare facilities, including hospitals, testing facilities, and specialty care units have experienced a barrage of phishing scams, ransomware attacks, and other cyberattacks. This activity is part of a concerted effort by cybercriminals to take advantage of this scary and destabilizing moment to steal valuable company and customer data. 

Consequently, now is the time for every company to reassess its cyber preparedness in light of the new realities posed by COVID-19. If we can support these efforts in any way, please don’t hesitate to contact our team! 

https://www.reuters.com/article/us-health-coronavirus-cyber/foreign-state-hackers-target-u-s-coronavirus-treatment-research-fbi-official-idUSKBN21Y3GL?&web_view=true

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, third party contractors put data at risk, phishing scams continue to target unprepared employees, and cybercriminals target online retailers as the pandemic continues to keep customers out of stores.    

United States – Wolfe & Associates 

Exploit: Unauthorized access 
Wolfe & Associates: Property management company

Risk to Small Business: 2.756 = Moderate

A company database containing housing applicants’ personal data was infiltrated by hackers more than six months ago, providing bad actors unfettered and unrestrained access to sensitive personal information. Wolfe & Associates learned of the breach when it was notified by a local police department, which raises real questions about their cybersecurity capabilities and defensive posture. In addition to contacting victims directly, Wolfe & Associates completed a holistic overhaul of its IT infrastructure. However, this costly upgrade won’t undo the damage of its negligent data defense.

Individual Risk: 2.593 = Moderate

The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In response to this incident, Wolfe & Associates undertook a holistic realignment of their data security capabilities. However, in today’s cybersecurity landscape, where hackers are actively looking to exploit lax data defense standards, companies must take action to secure critical information before a breach occurs. 

---

United States – Canon Business Process  

Exploit: Phishing scam
Canon Business Process: Business outsourcing provider

Risk to Small Business: 1.575 = Severe

After an employee fell for a phishing scam, hackers gained access to the personal data from the company’s business contracts, including General Electric. The breach occurred between February 3 and February 14, 2020, but Canon Business Process didn’t learn of the breach until February 28. Now, in addition to providing credit monitoring services for victims, Canon Business Process has damaged its reputation with a major client.

Individual Risk: 1.701 = Severe

Canon Business Process provides outsourcing services for human resources and payroll responsibilities, so the compromised data includes direct deposit forms, tax forms, Social Security numbers, birth certificates, passports, benefit applications, and driver’s licenses. This information is often used to execute financial fraud, and those impacted by the breach should immediately notify their financial institutions of the breach. In addition, they should enroll in the complimentary credit monitoring services provided by Canon Business Process. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third-party data breaches are becoming increasingly common, extending businesses’ cybersecurity concerns to every partnership they pursue. With the cost and consequences of a data breach continually increasing, every company should consider a company’s defensive posture before agreeing to work together.

---

United States – nCourt

Exploit: Unprotected database
nCourt: Payment processor

Risk to Small Business: 2.341 = Severe

nCourt developers failed to secure a database containing customers’ financial data from its two websites that facilitate court payments. The breach compromised three years of customer data through November 2019. Unfortunately, this information has already been posted on hacking forums where bad actors can use it for many nefarious purposes.  

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time.

---

United States – Otis Bowen Center for Human Services

Exploit: Phishing scam
Otis Bowen Center for Human Services: Mental health and addiction recovery service

Risk to Small Business: 2.223 = Severe

Two employees engaged with a phishing scam that provided hackers with access to company data. Although the breach occurred in January 2020, the company only recently completed a digital forensic audit that revealed the extent of the incident. Unfortunately, this slow response time has put victims at risk of data misuse, and it could have regulatory implications because of the healthcare-oriented nature of the breach.

Individual Risk: 2.130 = Severe

The company declined to identify the specific data sets, but patient data often contains peoples’ most sensitive information. Victims were notified by email, and they should take every precaution to ensure that they mitigate the possible repercussions of the breach. This includes enrolling in the complimentary credit and identity monitoring services offered by the company. 

Customers Impacted: 35,800

How it Could Affect Your Customers’ Business: In 2020, data privacy regulations impact companies in every sector and in many locations. As a result, data security isn’t just an altruistic endeavor. It’s a mission-critical priority, and a failure to execute on this standard can have significant financial implications for companies that experience a data breach.

---

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Online Retailers See Surge in Cyberattacks Amidst COVID-19 Crisis   

The COVID-19 pandemic has relegated many of us to our homes, leaving businesses with few opportunities to reach their customers and make sales. Online shopping has become a vital lifeline for thousands of businesses while brick and mortar locations are closed and millions of people shelter in place. In fact, many retailers are experiencing online traffic that is exceeding Cyber Monday activity, typically a high watermark for online shopping.  

Unfortunately, bad actors are capitalizing on this moment by targeting e-commerce platforms for attack using tricks like account takeovers, bot-powered scraping attacks, and payment card skimming malware. For example, 80% of login incidences at home goods retailers are attributed to account takeover attempts.

While a litany of COVID-19-related cyber risks has become increasingly apparent, it’s clear that online retailers need to be especially critical of their defensive posture to ensure that they can continue meeting surging demand in an uncertain retail atmosphere in order to retain customer goodwill and capture enough revenue to stay afloat in a challenging time for retail. 

https://www.scmagazine.com/home/security-news/cybercrime/report-account-takeover-and-data-scraping-attacks-on-e-retailers-up-as-covid-19-surges/

---

A Note From Kobargo

Less Than Half of Businesses Provide Cybersecurity Training

According to a recent study, less than half of UK businesses provide cybersecurity training to all employees, and 65% of IT security decision-makers view their organization as complacent when it comes to securing customer data. At the same time, the study found that correcting those issues is essential for ensuring data security.    

Closing the gap between best practices and actual implementation is especially important now that COVID-19 has produced many novel cybersecurity threats that even the most well-trained and cybersecurity-savvy employees might not be prepared to thwart. 

At ID Agent, we know that these unprecedented times present unique challenges. That’s why we’re happy to be able to offer Passly, the ideal secure identity and access management tool for today’s remote workforce. Passly adds vital security to every user’s login credentials to quickly secure access to your systems and data. 

We are also ready to support your data security initiatives with best-in-class cybersecurity training  that includes training your staff to spot and repel phishing attacks, the most common tactic that cybercriminals employ to gain entry to the heart of your business. 

Our  affordable, scalable solutions can be deployed in a flash and quickly customized to work for any company, enabling you to rapidly pivot to meet today’s needs and be well positioned for tomorrow.

https://www.itproportal.com/news/less-than-half-of-businesses-provide-cybersecurity-training/

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, ransomware slows COVID-19 treatment development, malware targets online shoppers, and phishing scams jump by 667% in a month. 

United States – Social Bluebook

Exploit: Unauthorized database access 
Social Bluebook: Social media platform

Risk to Small Business: 2.117 = Severe

Cybercriminals ex-filtrated a company database containing personal information from thousands of internet influencers. Embarrassingly, the breach, which occurred in October 2019, was identified by TechCrunch reporters who were sent a copy of the stolen database. In a statement, the company claimed to be ignorant of the breach, raising serious questions about the efficacy of its cybersecurity strategy. This incident is likely to have significant blowback from well-connected influencers on social media and invite regulatory scrutiny on many fronts.

Individual Risk: 2.122 = Severe

The stolen database contains account information for 217,000 users. This includes names, email addresses, and hashed and scrambled passwords. Those impacted by the breach should immediately update their login credentials for this website and any other service using the same information, plus closely monitor their accounts for unusual or suspicious activity.

Customers Impacted: 217,000

How it Could Affect Your Customers’ Business: Hackers frequently target social media influencers because of their large public following. Therefore, companies catering to this clientele need to be prepared to protect their users’ valuable personal data. If they can’t, these influencers will almost certainly tell their followers all about it, a principle that applies to a growing number of consumers in every sector.

---

United States – Ozark Orthopedics 

Exploit: Phishing scam
Ozark Orthopedics: Orthopedic healthcare practice

Risk to Small Business: 2.113 = Severe

Four employees fell for a phishing scam and gave hackers access to email accounts containing patient data. The scope of the data breach that occurred in late 2019 was just released by the healthcare provider, creating questions about the practice’s cybersecurity practices. As a result, patients were unable to quickly take steps to protect their identities and Ozark Orthopedics has opened itself up to regulatory scrutiny that could result in substantial financial penalties.

Individual Risk: 1.775 = Severe

Patients’ personally identifiable information was exposed in the breach, including their names, treatment information, Medicare or Medicaid identification numbers, Social Security numbers, and financial account information. In the wrong hands, this information can be used in a litany of financial or identity-related crimes. Those impacted by the breach should immediately enroll in credit and identity monitoring services to secure their personal information.

Customers Impacted: 15,240

How it Could Affect Your Customers’ Business: More than a trillion phishing emails are sent each year, some of which will inevitably make their way into your employees’ inboxes. Training employees to spot these scams is especially important to protect your company from a devastating data breach.

---

United States – 10x Genomics Inc.  

Exploit: Ransomware
10x Genomics Inc.: Biotechnology company

Risk to Small Business: 2.206 = Severe

A ransomware attack disrupted operations at the biotechnology company, which is currently acting as part of a consortium working to quickly develop a treatment for COVID-19. Before encrypting IT, hackers exfiltrated company data. Although the company reports “no material day-to-day impact,” it’s unclear what the implications are for the stolen data or how this could impact its development of a COVID-19 treatment.   

Individual Risk: At this time, no personal information was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Companies in every sector have seen an uptick in cybersecurity threats as COVID-19 disrupts business-as-usual and puts many people on edge. This is especially true for the healthcare industry, which is experiencing a deluge of ransomware attacks, phishing scams, and other threats at a critical time.

---

United States – GoDaddy 

Exploit: Phishing scam
GoDaddy: Internet domain registrar

Risk to Small Business: 2.313 = Severe

A spear phishing attack tricked a customer service employee into providing information that ultimately allowed hackers to view and modify customer records. As a result, several GoDaddy clients, including Escrow.com, which provides escrow services for several prominent websites, were impacted. The breach will have costly implications for both GoDaddy and its customers, who will have to decide if they want to continue partnering with a company that puts their sensitive data at risk.  

Individual Risk: At this time, no personal information was compromised in the breach. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Today’s online ecosystem is vast and interconnected. This incident is a reminder that failures at other companies can have significant implications for your own, which increases the importance of securing accounts to buttress your IT infrastructure against potential failure at third-party contractors. With simple cybersecurity features, like two-factor authentication, company accounts remain secure even when credentials or login information is exposed.

---

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Healthcare Data Breaches See Significant Increase 

In late 2019, we wrote about the connection between healthcare data and the Dark Web, noting a troubling trend that saw bad actors increasingly targeting patient data. Unfortunately, that trend has only accelerated with the onset of the COVID-19 pandemic that is pushing healthcare providers to their limits.

A study of the Department of Health and Human Services’ HIPAA breach reporting tool found 105 breaches impacting 2.5 million patients. However, before February 19th, only 38 incidents and 1.1 million records were affected. Cybercriminals have upped their game to take advantage of the chaotic situation on the ground, and healthcare organizations need to be prepared.

Notably, the study found that hacking incidents are, by far, the leading cause of data breaches. Many included various forms of email account compromise. Moreover, the report predicts that, as more employees work from home, incidents of phishing attacks will increase because employees are more likely to fall for scams when they are isolated at home. Fortunately, a comprehensive employee awareness campaign can thwart these attacks, helping ensure that healthcare providers are focused on patient care rather than being inundated with cybersecurity threats.

https://www.bankinfosecurity.com/health-data-breach-tally-spikes-in-recent-weeks-a-14031

---

A Note From Kobargo

Phishing Scams Have Spiked by 667% in One Month

The global COVID-19 response has required millions of workers to work from home. When coupled with a general sense of unease and uncertainty, the situation has created a perfect environment for cybercriminals to execute phishing scams. As a result, the number of phishing emails has increased by 667% in the past month.     

According to an assessment of 468,000 phishing emails, 2% were directly related to COVID-19. Meanwhile, 54% were labeled as scams, 34% as brand impersonation attacks, and 11% as blackmail. In addition, many are luring clicks by claiming to sell cures, face masks, and other critical supplies.  

For businesses, the implications are clear. Nobody can afford a data breach in this environment. Now is the right time to update and reemphasize phishing scam awareness training to ensure that employees can repel these damaging cyberattacks. 

https://www.infosecurity-magazine.com/news/covid19-drive-phishing-emails-667/   

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, phishing attacks reel in a bountiful catch in the healthcare sector, how social distancing makes companies vulnerable to a data breach, and cybersecurity tips for working from home. 

United States – Tandem Diabetes Care

Exploit: Phishing scam
Tandem Diabetes Care: Medical device manufacturer

Risk to Small Business: 2.555= Severe

Five employees fell for a phishing scam that gave hackers access to email accounts containing customer data between January 17 and January 20, 2020. Although the company acted quickly to secure the compromised employee accounts, they were unable to recoup the stolen information. Given the sensitive nature of their industry, Tandem Diabetes Care will likely face increased regulatory scrutiny and hefty financial penalties.

Individual Risk: 2.428 = Severe

Although Tandem Diabetes Care has expressed in the integrity of their data storage, hackers likely had access to names, contact information, service-related details – even some patients’ Social Security numbers were exposed in the breach. Victims should consider enrolling in credit and identity monitoring services.   

Customers Impacted: 140,000

How it Could Affect Your Customers’ Business: In response to this breach, Tandem Diabetes Care is updating its email security protocols to prevent a similar incident in the future. However, phishing scams account for a significant portion of all data breaches, and preparing for these attacks should be a built-in component of every organization’s defense strategy.

---

United States – University of Utah Health 

Exploit: Phishing scam
University of Utah Health: Research and teaching hospitalr

Risk to Small Business: 1.889= Severe

A phishing scam provided hackers with access to the University of Utah Health’s network for more than a month, beginning on January 22, 2020. In addition, the healthcare provider discovered malware on its network that allowed hackers to access patient data. Although the University of Utah Health responded quickly, bad actors still had prolonged access to company and customer data, including HIPPA-protected healthcare records – creating financial, reputational, and regulatory consequences both now and in the future.

Individual Risk: 2.428= Severe

The compromised accounts included patients’  names, dates of birth, medical record numbers, and clinical data. This information can be used to craft authentic-looking spear phishing campaigns. Victims should carefully evaluate all digital communications, and consider enrolling in identity and credit monitoring services to ensure that this information isn’t being misused in other ways.  

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: Like many companies responding to a data breach, the University of Utah Health is promising changes to its defensive posture to prevent a similar breach in the future. However, companies should assume that malware attacks and phishing scams are an “if” not a “when” proposition, and they should prepare their defensive posture accordingly.

---

United States –  Tupperware  

Exploit: Malware attack
Tupperware: Home products line

Risk to Small Business: 2.334= Severe

Hackers infiltrated Tupperware’s online store, injecting payment skimming malware into the checkout process. The malicious script was active for at least five days, and it effectively mimicked Tupperware’s official payment form. After shoppers entered their data into the fake form, a “time out” error appeared, redirecting customers to the actual payment page and disguising the theft, which allowed it to go undetected.    

Individual Risk: 2.428= Severe

The payment skimming malware collected customer data entered including names, addresses, phone numbers, credit card numbers, expiration dates, and CVV codes. This data could allow hackers to commit financial theft or identity fraud. Those impacted by the breach should immediately notify their banks, as they will likely need to be issued new payment cards and carefully monitor their accounts for misuse.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The COVID-19 pandemic has heightened the already-important online shopping experience for many businesses, and online shopping is a singular respite in an otherwise bleak outlook for retailers. Companies can’t afford to lose customers because of a cybersecurity vulnerability. Many customers indicate that they will not return to an online store after a data breach, which means that companies looking to capitalize on their online stores need to make sure this avenue is secure

---

European Union – Norwegian Cruise Line 

Exploit: Phishing scam
Norwegian Cruise Line: Cruise tourism provider

Risk to Small Business: 2.334 = Severe

A Norwegian Cruise Line employee was reeled in by a phishing scam that compromised the personal details of thousands of independent travel agents. The information was then posted on Dark Web forums, making it widely accessible to bad actors. The company, already reeling from the COVID-19 crisis, has now damaged its relationship with partners that are critical to its recovery. 

Individual Risk: 2.714= Moderate

The data breach includes plain text passwords and email addresses for thousands of travel agents. While many are associated with TUI and Virgin Holidays, it also covers independent agents and those working with other organizations. Those impacted by the breach should immediately reset their login credentials while also monitoring their accounts for unusual or suspicious activity. 

Customers Impacted: 27,000

How it Could Affect Your Customers’ Business: This incident underscores the heightened risk and outsized consequences of falling for scams during the COVID-19 crisis. With more employees working remotely and a general, pervasive sense of uncertainty overshadowing many companies, there is a higher risk of damage from cyberattacks including phishing and ransomware encountered (and interacted with) by anxious employees.

---

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Expert Cybersecurity Tips for Working From Home During a Time of Social Distancing

The COVID-19 pandemic has brought about an unprecedented work-from-home experiment as social distancing measures require millions of employees around the world to work from home. As we’ve already seen, this presents unique cybersecurity challenges for both companies and their employees. To help you secure data while working remotely, here are four simple steps that every company and employee can take

1. Use a trusted VPN. These services can provide a layer of protection by encrypting network traffic and making it more difficult for bad actors to spy on your activity. Choose a reputable VPN provider, as a number of VPN scams have tricked employees into downloading malicious software that steals their login credentials

2. Enable two-factor authentication. Account security is critical, especially when entire companies are working remotely. Enabling two-factor authentication is an affordable and effective way to keep company accounts secure at all times.  

3. Refrain from using personal devices. Many employees may be tempted to use personal devices for work-related tasks, especially when working from home. It’s always possible that these devices contain malware or other exploits that could compromise company data.  

4. Look out for Phishing Scams. Cybercriminals are always looking for ways to capitalize on our vulnerabilities. At this moment, COVID-19-related phishing scams abound, targeting employees’ sense of isolation and vulnerability to capture critical information.  

---

A Note From Kobargo

Social Distancing Puts Company Data at Risk 

As the COVID-19 pandemic continues to cause chaos for businesses, we continue to be committed to helping keep your data secure. To that end, we’ve compiled several resources to help you navigate this unique terrain, and if we can serve you in any way, please don’t hesitate to contact us.     

This week, we wanted to highlight a cybersecurity vulnerability that is especially prescient as many people work from home and practice social distancing. According to a study by the Better Business Bureau, the FINRA Investor Education Foundation, and the Stanford Center on Longevity, people are more likely to fall for a scam when they are socially isolated.  

Cybercriminals are already taking advantage of our new digital environment sending a flurry of phishing and other fraudulent messages meant to compromise personal and company data, and isolated employees are more vulnerable than usual to these attack methodologies. Therefore, in addition to preparing employees for this troubling trend, make an effort to reach out to employees, coworkers, and family members to make personal connections during this challenging time.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, cybercrime makes COVID-19 recovery more difficult, unsecured databases give away millions of records, and resources you need to protect data during this challenging time. 

Switzerland – World Health Organization

Exploit: Phishing scam
World Health Organization: United Nations agency responsible for international public health  

Risk to Small Business: 1.888= Severe:

Hospital workers are receiving an email purportedly from Dr. Tedros Adhanom Ghebreyesus, director of the World Health Organization (WHO). The email contains a personalized message using the recipients’ valid username and an innocuous-looking attachment. Unfortunately, it’s a phishing attack –  when the attachment is opened, it installs malware capable of stealing credentials from the computer. According to cybersecurity researchers, the messages specifically prey on the altruism of recipients, by purporting to include information about novel, preventative drugs and COVD-19 cures.

Individual Risk: 2.571 = Moderate:

At this time, there are no reports of recipients falling for this scam. However, anyone who does click on the attachment has likely allowed malware to compromise their credentials. In that case, they should immediately take steps to remove the malware, reset account passwords, and notify their employers of the incident.  

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: In 2020, clever spear-phishing emails are par for the course when it comes to anticipated attack vectors, and the bad guys are making them look more authentic all the time. Rather than allowing employees to fall for these scams, possibly compromising company and customer data along the way, keep them alert for trouble by providing regular phishing scam awareness training that accounts for the latest trends and encompasses all of the possible vulnerabilities.

**We’ve learned that even more cyberattacks have been mounted against WHO during this crisis, easily double the usual number. A group of hackers known as DarkHotel is suspected in one of the most major recent live attacks. More than 2000 Corona-virus themed websites are being created each day as cybercriminals rush to take advantage of the opportunity to breach data and steal passwords that is presented to them by the chaos of this pandemic.

---

United States – Open Exchange Rates

Exploit: Unauthorized database access
Open Exchange Rates: Currency data provider

Risk to Small Business: 1.777= Severe:

While investigating a network misconfiguration, Open Exchange Rates discovered that an unauthorized user was accessing their network. Ultimately, it was determined that the hacker had been accessing their database for nearly a month, beginning on February 9, 2020, and ending on March 2, 2020. The company believes that hackers extracted sensitive user information. In response, Open Exchange Rates has disabled the passwords for all accounts created before March 2, 2020.

Individual Risk: 2.285= Severe:

A copious amount of personal data was compromised in the attack, including user names, addresses, encrypted and hashed passwords, IP addresses, country of residence details, and website addresses. In addition to resetting their account passwords and updating their credentials on any other website using the same information, Open Exchange Rates is warning customers that this information can be used to execute targeted spear-phishing attacks. Therefore, those impacted by the breach should carefully monitor their online accounts for suspicious activity.

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: Although it’s a relatively small operation, Open Exchange Rates provides an API that is used by several prominent financial service providers. As a result, the costs of repairing this breach will be compounded by reputational damage that could impact its relationship with these critical partners.

---

United States – TrueFire   

Exploit: Malware attack
TrueFire: Online music school

Risk to Small Business: 1.555= Severe:

On January 10th, TrueFire identified unauthorized access to its database by a mysterious user who was active for more than six months. It’s unclear why the company waited until March to disclose the incident to its customers. The breach compromised users who made online purchases between August 3, 2019, and January 14, 2020. Although the company didn’t explicitly categorize the breach, payment skimming malware is likely responsible for the theft, which included users’ personal and financial data from their online purchases of classes and services.    

Individual Risk: 2.571= Severe:

The breach compromised customers’ personal and financial data, including names, addresses, payment card numbers, card expiration dates, and security codes. TrueFire is encouraging victims to monitor their financial statements for unusual activity, but they should do much more. Those impacted by the breach should immediately notify their financial institutions of the incident, and they should strongly consider enrolling in a credit and identity monitoring service to provide long-term oversight of this critical information. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Customers increasingly prefer shopping online rather than going to physical stores. Especially now, as the COVID-19 pandemic forces people to stay home, online stores are a vital lifeline for SMBs to continue generating revenue while people stay off the streets. Therefore, protecting the checkout process must be a top priority, as many customers will be gone for good if their personal or financial data is compromised through mishandled data on the merchant’s end when they make online purchases.

---

United States – College of Dupage  

Exploit: Accidental data exposure 
College of Dupage: Academic institution

Risk to Small Business: 1.555= Severe:

The College of Dupage accidentally exposed the 2018 W-2 forms of current and former employees. In a statement, the school identified the risk of data misuse as low. In reality, even one cybercriminal misusing this information could pose significant consequences for a potential victim. The breach occurred as the College of Dupage is preparing to move its services online due to the spread of COVID-19, forcing the cancellation of in-person classes – a  timely reminder that in uncertain times information security will still be top-of-mind for end-users, whether they are consumers, staffers, patients, or students. 

Individual Risk: 2.142= Severe:

W-2 forms contain personally identifiable information, including names, addresses, and Social Security numbers. College of Dupage is offering free identity monitoring services to those impacted by the breach, and victims should take advantage of it to ensure that their information remains secure both now and in the future.  

Customers Impacted: 1,775

How it Could Affect Your Customers’ Business: In response to the incident, the College of Dupage is updating its data management standards to prevent a similar incident from occurring in the future. Unfortunately, these updated protocols will not undo the damage for the nearly 2,000 victims of this data breach. Rather than waiting until a cybersecurity incident occurs, companies should prioritize a reevaluation of their practices to ensure that customer and company data is secure before a breach occurs.

---

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Canadian Healthcare System Inundated by Cybercrime Attacks 

The stress created by an emergency like the Coronavirus pandemic is a golden opportunity for hackers. As the Canadian healthcare system grapples with surging treatment demands related to COVID-19, their IT systems are also grappling with a significant uptick in cyberattacks from bad actors trying to steal data and breach systems at healthcare organizations in a critical time.  

The threat is so severe that some organizations have called on the government to enact national cybersecurity standards and provide emergency funding to help defend patient data. We’ve reported on several Canadian health institutions impacted by data breaches this year, and in 2019, nearly half of all Canadian data breaches were healthcare-related.

According to several officials, many Canadian healthcare providers are midway through their cybersecurity upgrade roadmaps. Their slow progress means that many of their defenses are outdated and inadequate to meet today’s quickly evolving threats to data and systems.

Don’t wait for your organization’s Doomsday scenario to unfold. Get support now to prevent phishing scams, malware, and other cyber threats from compromising company data. Partnering with cybersecurity experts can help you get your defenses against cyberattacks up to speed faster before a breach occurs.

---

A Note From Kobargo

How to Avoid Data Breaches While Working From Home

The COVID-19 pandemic has reshaped the way we work practically overnight, as many people are working from home for the foreseeable future. Unfortunately, bad actors are taking advantage of these circumstances by increasing phishing attacks targeting home workers. Taking action now to secure your data and keep your staff alert about threats is the best way to protect your company’s data and systems from opportunistic cybercriminals.   

According to a recent assessment, Italy saw a sharp spike in phishing scams as workers quickly shifted from in-office work to home-based arrangements. Around the globe, more than 40% of all workers are currently working from home, a significant jump even in just the past week. In addition to phishing scams, cybersecurity researchers identified a spike in malicious remote access attempts.  

Cybercriminals are taking advantage of the jump in employees teleworking to mask their activity and gain access to company data. The US Department of Homeland Security recommends that organizations remain vigilant about equipping employees to identify phishing scams and that they enable two-factor authentication to protect accounts from unauthorized access. 

At ID Agent, we recognize that this is a uniquely challenging time for your organization and your employees. To address your data security concerns in these quickly changing times, we’ve compiled several resources to help your data stay safe. If we can be of service, don’t hesitate to reach out. Throughout this crisis, we are committed to keeping your company and customer information secure. 

Don’t forget to follow us on social media for our latest news, events, product updates and more!

---

Contact Kobargo Technology Partners to schedule a free consultation today!