Data Breach, Cyber Alert Monday 3-23-2020 COVID-19

Last week, a ransomware attack impacts COVID-19 care, what happens when a company ignores basic security protocols, and mitigating cybersecurity risks during the Coronavirus pandemic.

average downtime due to ransomeware

United States – Whisper 

Exploit: Unsecured database.
Whisper: Privacy-focused messaging app.  

Risk to Small Business: 2.111 = Severe:

Developers overlooked basic security protocols when they left a database containing customer information unprotected by even a password, and hackers pounced. As a result, 900 million files dating back to the company’s launch in 2012 were made available online. Although the company was quick to secure the database, its reactive efforts will do little to assuage the doubts and concerns of its privacy-minded customer base.  

Individual Risk: 2.571 = Moderate:

Users’ names were not stored in the exposed database, but nicknames, ages, ethnicities, genders, hometowns, group memberships, and location data were all available. Some personal information was highly sensitive and could be used to execute spear phishing campaigns or targeted ransomware attacks. 

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues.

United States – Champaign-Urbana Public Health District

Exploit: Ransomware.
Champaign-Urbana Public Health District: Healthcare service provider.  

Risk to Small Business: 2.111 = Severe:

A ransomware attack disabled the healthcare provider’s website as concerns over Coronavirus (COVID-19) are reaching a fever pitch. While the incident spared the provider’s email accounts, health records, and patient records, it limited the agency’s ability to communicate with patients. The Champaign-Urbana Public Health District has begun using its social media accounts to communicate with the public, and they’ve launched a backup website to replace the disabled page. This is an expensive and potentially harmful incident at a time when quickly communicating information can be a matter of life and death. 

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: The particular malware strain that infected the Champaign-Urbana Health District targets enterprises running Windows 10. It’s a reminder that ransomware is on the rise and companies can take simple steps to ensure that malware doesn’t enter their system through outdated software, phishing attacks, or other vulnerabilities.

United Kingdom – Anteus Tecnologia  

Exploit: Exposed database.
Anteus Tecnologia: Developer and distributor of fingerprint identification systems

Risk to Small Business: 1.888 = Severe:

A cyberattack on February 20, 2020, compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.

Individual Risk: 2.142 = Severe:

In addition to precise fingerprint data, the database also contained the email addresses and phone numbers of employees who store their information with the company. Those impacted by the breach should take every precaution to secure their data and beware of potential instances of fraud resulting from this compromised information. 

Customers Impacted: 76,000

How it Could Affect Your Customers’ Business: Today’s regulatory landscape promises steep penalties for companies that fail to protect customer information. In this environment careless errors, like failing to password protect a database, are especially egregious to regulators and customers – and all companies need to ensure that data security is a day-one, top-down priority.  

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

Hackers Collect Millions from Stolen Payment Card Records  

In an increasingly digital-first world, payment card skimming malware has been a growing threat to both customers and retailers – and a profitable business for the bad guys. Unfortunately, that trend is unlikely to abate anytime soon. According to cybersecurity researchers, hackers recently hauled in $1.6 million from selling 239,000 stolen payment cards on the Dark Web.  

The card information was stolen throughout 2019 from as thousands of retailers fell victim to malware. In this web-skimming incident, attackers used malicious JavaScript to steal payment data at checkout from stores hosted on the Volusion cloud platform. Unfortunately, the high yield is likely to incentivize other cyber-criminals to pursue payment card skimming, creating a serious liability for companies and customers processing payments online.  

Customers routinely demonstrate an unwillingness to shop at online retailers after a data breach. Making cybersecurity at the point of sale a top priority could be the difference between a flourishing online store and a floundering operation. Any business planning to implement online sales needs to have a strong cybersecurity strategy that works mitigate some of the risk of this means of attack including regular malware assessments and Dark Web monitoring

A Note From Kobargo

Free Coronavirus (COVID-19) Cybersecurity Support Resources!

The Coronavirus (COVID-19) pandemic continues to disrupt the normal flow of business. We know that this is causing challenges for our Partners and clients, and we’re committed to doing everything that we can to support you. We’ve put together some resources that address cybersecurity threats during this difficult time, and we’ll keep providing you with news and tips about protecting data and systems during this crisis to read and share in our blog.   

We’re on top of staying responsive to this rapidly evolving threat environment and monitoring the Dark Web. If we can be of service don’t hesitate to contact us – we’re still working to stay one step ahead of the bad guys.  

Check out CISA Insights here.

Don’t forget to follow us on social media for our latest news, events, product updates and more!

Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 3-16-2020 Coronavirus Scam

Last week, ransomware puts contracts at risk, big security errors lead to big fines, and the rise of Coronavirus-related phishing scams.

United States – Visser Precision

Exploit: Ransomware.
Visser Precision: Parts manufacturer for space and defense contractors.

Risk to Small Business: 2.111 = Severe:

Visser Precision was infected with data exfiltrating ransomware that stole proprietary information before encrypting IT systems. Based on documents published online, it appears that hackers obtained company data, including a list of clients, nondisclosure agreements, and some development plans. This incident reflects a growing trend in ransomware attacks – cybercriminals are increasingly stealing company data before encrypting critical IT systems, and organizations don’t detect it until it’s too late.

Individual Risk: No personal information was compromised in this breach.

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues.

United States – Riverview Health

Exploit: Accidental data sharing.
Riverview Health: Healthcare provider.

Risk to Small Business: 2.333 = Severe:

On January 14, 2020, an employee inadvertently sent notification letters that intermixed patients’ names and addresses. The messages were delivered to the appropriate addresses, but they included the incorrect patient name. In today’s digital landscape, even small clerical errors can have significant consequences as both customers and regulators look to punish companies that fail to secure personal information.

Individual Risk: 2.714 = Moderate: 

Patients’ names and addresses were compromised in the breach. Riverview Health maintains that the risk of data misuse is very low, but victims should still be aware that this information can be used for nefarious purposes and take precautions to ensure that their information is secure.

Customers Impacted: 2,610

How it Could Affect Your Customers’ Business: The biggest threat to your data isn’t cybercriminals, its human error. With customer blowback and regulatory penalties increasing, every organization needs to take steps to mitigate the risk posed by staff mistakes. Implementing protocols and increasing training about the pitfalls presented by phishing attacks and data sharing errors can significantly reduce your organization’s exposure to a data breach.

United States – J Crew

Exploit: Unauthorized database access.
J Crew: Clothing retailer.

Risk to Small Business: 2.111 = Severe:

J Crew identified a data breach that took place in April 2019. In response, the company has disabled all impacted accounts and advised all customers to reset their account credentials. The incident follows cybersecurity lapses at other prominent retailers at a time in which many consumers are shunning companies that don’t secure their information. The lengthy identification and reporting time will likely open the organization up to additional regulatory scrutiny that could further erode its brand reputation and bottom line.

Individual Risk: 2.428 = Severe:

Hackers accessed customers’ account login credentials, email addresses, and passwords. Partial payment card data and order information was also compromised. The company has closed the impacted accounts, but all J Crew customers should take steps to protect their personal information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: With threats coming from multiple directions, every organization must enact strong cybersecurity defenses to ensure that they are ready to address potential threats and keep their clients’ data safe – and avoid the brand-eroding fallout that comes from a cybersecurity disaster. In doing so, they can minimize the consequences of a breach, keep customer data off the Dark Web, and promote rapid recovery.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

60% of UK Consumers Impacted By a Data Breach in 2019

As expected, 2019 was a devastating year for data breach victims. As more year-end studies are completed and released, we’re learning more about who was affected the most. According to a recent report, nearly 60% of UK consumers were impacted by a data breach last year, a staggering total that underscores the personal implications of the more than 7,000 data breaches that affected UK companies in 2019.

The report noted the potential consequences of such an extensive breach environment, including cybercriminals using the sensitive personal and financial information that they collect from users as a gateway to deploy other cyberattack tactics like spear-phishing that can compromise sensitive information, data, and systems even more severely.

Although the number of breaches hasn’t increased significantly, the amount of compromised records has escalated. The number of records that have been compromised has tripled since 2018, surpassing 15 billion this year. This 300% year-over-year increase should encourage companies to seek solutions that can monitor the Dark Web for their data to preempt further hacking attempts. At the same time, training employees to identify and neutralize increasingly sophisticated spear-phishing campaigns is an absolute prerequisite for a capable defensive posture in 2020. https://securityboulevard.com/2020/02/almost-60-of-uk-consumers-affected-by-data-breaches-in-2019/

A Note From Kobargo

Coronavirus Phishing Scams Capitalizing on Fear & Urgency

As concern over the Coronavirus (COVID-19) spreads around the globe, hackers are exploiting the atmosphere of panic and fear created by the pandemic to steal peoples’ personal information. According to a recent report, more than 4,000 Coronavirus-related domains have been registered since the beginning of the year. Experts consider 3% to be outright malicious, and 5% are categorized as suspicious – more than double the usual number. Hackers are likely to target organizations with phishing attacks in an attempt to steer employees toward these malicious sites where they can steal critical data.

The World Health Organization has already issued a warning about Coronavirus-related phishing attacks that purport to be from to their organization, and CISA has released several warnings about the emerging threat of COVID-19 related phishing scams. Taken together, it’s a reminder that while phishing scam awareness training is an effective defense against cybercrime, security education isn’t a static endeavor. It must always adapt to address today’s shifting threats in order to keep your organization a step ahead of tomorrow’s bad actors.

https://www.vox.com/recode/2020/3/5/21164745/coronavirus-phishing-email-scams

Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 3-9-2020 Phishing

Last week, C-suite executives are compromised, failure to password protect customer data leads to breach, and phishing scam awareness begins to improve.

United States – Slickwraps

Exploit: Unprotected database. 
Slickwraps: Producer and distributor of hardware skins.

Risk to Small Business: 2 = Severe: The company’s databases lacked basic protections that exposed customer data to the internet. Slickwraps cited the long-term trust of its customers as a vital component of its business model, making this episode an especially problematic event for the business. The problem is compounded by the fact that an internet user tried to alert the company about the breach multiple times. Ultimately, Flickwraps discovered the breach after it was posted on Twitter.

Individual Risk: 2.428 = Severe: The company’s unsecured database exposed customer details to the internet. This included names, email addresses, physical addresses, phone numbers, and purchase histories. The breach does not extend to customers who accessed the online store as a guest, and it did not include financial data. Those impacted by the breach should be aware that this information can be used in spear-phishing attacks or for other malicious purposes. They should be especially vigilant in monitoring online communications.

Customers Impacted: 850,000

How it Could Affect Your Customers’ Business: Slickwraps has been extremely apologetic after the breach. However, this contrite posture is no replacement for simple steps that they could have taken to secure company and customer data from day one. Customers and regulatory authorities expect companies to follow basic best practices when dealing with sensitive data, and the company’s apologetic tone is unlikely to help avoid negative fallout from the incident.

United States – Clearview AI

Exploit: Unauthorized database access.
Clearview AI: Facial recognition software provider.

Risk to Small Business: 2.111 = Severe: Hackers obtained a copy of the company’s entire client list, which, given the sensitive nature of their work, is an especially egregious breach of data. In addition to the client list, hackers also obtained information identifying the number of accounts that clients set up and the number of searches conducted on the platform. In response, the company cited the inevitability of data breaches in the 21st Century, a platitude that is unlikely to placate the company’s clients. Indeed, Clearview AI is already enduring significant media scrutiny and customer blowback that could have significant implications for the company’s bottom line and future prospects.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Data breaches may be an unfortunate reality in the 21st Century, but that doesn’t mean that they have to be inevitable. Adjusting your defensive posture to address the most probable threats can significantly lessen the likelihood of a breach. At the same time, having the right policies and procedures in place to respond to a breach will mitigate the damage, allowing your company to meet any cybersecurity challenge.

United States – Pacific Specialty

Exploit: Phishing scam.
Pacific Specialty: Insurance provider.

Risk to Small Business: 1.444 = Extreme: Several employees fell for a phishing scam that compromised customers’ personal data. The attack allowed hackers to access some employee accounts between March 20, 2019, and March 30, 2019. However, the insurance provider wasn’t aware of the breach until November 7, 2019, and did not identify details until January 14, 2020. In response, the company has hired a cybersecurity team to update its data privacy practices, and reset all employee login credentials while enabling two-factor authentication on its accounts. Nevertheless, the company will end up paying much more than they would have if they had invested in basic security solutions.

Individual Risk: 1.857 = Severe: Personally identifiable information was compromised in the breach. This includes customers’ names, Social Security numbers, drivers’ licenses or government-issued IDs, financial information, payment card data, medical details, and health insurance credentials. Pacific Specialty is offering 12 months of credit and identity monitoring service to victims.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Phishing scams are a known threat to every company, and organizations that are committed to data security will take steps to prevent this common attack methodology from negatively impacting customer data. Selecting strong, unique passwords for every account and enabling two-factor authentication can thwart cybercriminals, even when employees act upon a phishing scam, making them an obvious security feature for every organization. Of course, they can only prevent a breach if they are implemented before an incident occurs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

A New Scam Targets Data Breach Victims

The costs associated with a data breach are well-documented, but they carry unique implications for each individual impacted by a data loss event. Now, a new scam is targeting data breach victims who are looking to recoup financial losses or exact justice. This scam originates from a website claiming to be run by the US Trade Commission, and it promises to provide financial compensation for data breaches involving personal data.

Unfortunately, the US Trading Commission does not exist, and the fraudulent website is collecting personal information, including names, credit card numbers, and Social Security numbers, which the website claims will be used for identification purposes. While the website boasts many hallmarks of a phishing scam, it can be enticing for victims to provide this information out of desperation or frustration.

Unfortunately, there isn’t a magic cure after a data breach hits. Instead, companies need to focus on their defensive strategies before an attack. For instance, securing accounts using two-factor authenticationtraining employees to spot phishing scams, and assessing your network for unseen vulnerabilities are all steps that companies can take to help ensure that a breach doesn’t occur in the first place.

A Note From Kobargo

Phishing Scam Awareness is On the Rise. So Are Phishing Scams.

This week marks the 100th issue of ID Agents Week in Breach newsletter. From the beginning, we’ve provided a weekly rundown of the most prescient cyber threats impacting SMBs, and phishing scams always make the top of the list.

Phishing scams, and their various iterations, including pharming, smishing, and vishing, account for a growing number of cybercrimes, according to the FBI’s latest Internet Crime Report. The latest iteration found a 59% increase since 2015. Similarly, business email compromise, which often includes elements of phishing scams, is up 160%.

However, the report doesn’t only include bad news. It found that 96% of people are aware of the possibility of a phishing scam, and 88% were able to accurately explain the threat. Unfortunately, many people only view phishing scams as an email threat, which, as we explained in a blog post last year, only accounts for one attack vector among many.

Ultimately, it appears that phishing scam awareness training is proving to be an effective tool to educate people on a growing threat category that impacts everyone. 

Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 3-2-2020 Data Access

Last week, small businesses fail to prevent phishing attacks, online shoppers have their data access snatched, and a new study reveals the prominent role of human error in data breaches.

United States – Idaho Central Credit Union

Exploit: Unauthorized data access
Idaho Central Credit Union: Financial institution

Risk to Small Business: 1.555 = Severe: The Idaho Central Credit Union has reported two data access breaches that compromised personally identifiable customer information. The first incident occurred in November 2019 when a third-party mortgage portal was victimized by hackers. While investigating the first breach, cybersecurity experts identified a second incident stemming from several compromised employee email accounts. In today’s digital economy, a company’s competitive advantage is predicated on its ability to protect customer data. Two consecutive data breaches will have far-reaching repercussions for the credit union.

Individual Risk: 2.142 = Severe: In both incidents, the personally identifiable information of the bank’s customers was compromised. This included names, dates of birth, Social Security numbers, financial account information, tax identification numbers, and other sensitive financial details. Cybercriminals can redeploy this information in a host of harmful ways. Those impacted by the breach should enroll in identity and credit monitoring services as soon as possible.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Email accounts are serious vulnerabilities for every company, as there are many ways by which cybercriminals can exploit social engineering and malware to find their way in. However, every company can lock down their email accounts by implementing two-factor authentication to prevent unauthorized access, even if login credentials are compromised.

United States – Monroe County Hospital & Clinics

Exploit: Phishing scam
Monroe County Hospital & Clinics: Public medical practice

Risk to Small Business: 1.666 = Severe: Hackers gained access to the clinic’s email system, which contained patients’ protected health information. The breach, which was discovered in December 2019, spanned several months and gave bad actors plenty of time to misuse patient data. Now Monroe County Hospital and Clinics face intense regulatory scrutiny due to the sensitive nature of the breach, and their reputation has been badly damaged in an industry that is especially sensitive to privacy concerns. In addition to other recovery expenses, they will bear the cost burden of providing credit and identity monitoring services for the thousands of patients impacted by the breach.

Individual Risk: 2.428 = Severe: Personal data was compromised in the breach. This includes names, dates of birth, addresses, insurance information, and treatment information. In some cases, patients’ Social Security numbers were also exposed. Those impacted by the breach are encouraged to enroll in the credit monitoring service provided by the company and monitor their accounts and digital communications for potential instances of fraud.

Customers Impacted: 7,500

How it Could Affect Your Customers’ Business: Despite incredible advancements in fraud detection technology, phishing scams will inevitably make their way into employees’ inboxes. When employees engage with malicious content, it can have enormous consequences for your organization. Nobody wants to endure the rising costs associated with a data breach, and comprehensive employee awareness training can ensure that those phishing scams don’t impact your bottom line.

Australia – Ashley Madison 

Exploit: Unauthorized database access
Ashley Madison: Adult romance website

Risk to Small Business: 2 = Severe: Cybercriminals are redeploying data from Ashley Madison’s 2016 data breach to target Australian users with sextortion emails. These messages contain intimate and highly personal information gleaned from the breach, and cybercriminals are threatening to publicly release the information if victims don’t pay a Bitcoin ransom. The emails are highly personalized and include sensitive personal details derived from the initial data breach. While it’s easy to write-off a data breach at an adult website, it reflects the IT environment experienced by any company that collects personal data, and the many ways that hackers exploit that information to make money.

Individual Risk: 2.142= Severe: The personalized emails include users’ names, bank account numbers, phone numbers, addresses, and dates of birth. It also contains private content and communications conducted on the website.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Data access breaches impact more than just a company’s bottom line. They often have tangible consequences for each individual compromised in a breach, and even years after a breach, they can continually reappear, causing personal, psychological, and financial trouble for victims. It should encourage every company to take every step possible to protect personal data.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

3 GDPR-Covered Countries Experience 100,000 Breaches

It’s been nearly two years since GDPR changed the data privacy landscape by bringing regulatory oversight to the digital Wild West. According to the latest reports, more than 160,000 data breaches have been reported in that span. Incredibly three countries account for 100,00 breaches – The Netherlands, Germany, and the United Kingdom.

These numbers reflect both the undeniable value of stealing sensitive personal data and the difficulty that many organizations experience when trying to protect that information. As a result, GDPR fines are becoming increasingly common for companies under the regulations’ purview. The ten most significant GDPR breaches have resulted in hefty financial penalties totaling an eye-popping sum of nearly $500 million.

Europe isn’t the only country implementing regulatory standards for data security. In the US, California’s Consumer Privacy Act and New York’s SHIELD Act both reinforce and extend GDPR’s expectations. At ID Agent, our comprehensive Compliance Manager is ready to help your organization achieve, maintain, and document compliance.

A Note From Kobargo

Human Error is a Top Cause of Data Access Breaches 

Companies face cybersecurity threats on many fronts every day, but human error may be the most pervasive – and the most preventable. A 2019 study analyzing data from the UK’s Information Commissioner’s Office found that human error played a role in 90% of data breaches last year. This represents a significant increase from just two years ago when only 61% of breaches were attributed to human error.

The study concluded that phishing scams were the primary cause of breaches with unauthorized access to systems ranking a close second. However, the study’s authors were also quick to point out that while employees represent a noteworthy data privacy risk, they can also serve as a critical defense against cybercriminals. When equipped with the right tools, like phishing scam awareness training, employees can be transformed from a potential weak point into a crucial asset in the fight against cybercriminals and fraud.

Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 2-21-2020

Last week, companies are slow to stop phishing attacks, ransomware disrupts productivity, and IBM’s latest threat analysis outlines trends for 2020.  

Multi-factor authentication attacks on the rise. Use additional authentication and educate users

United States – Altice USA 

Exploit: Phishing Attack
Altice USA: Cable and internet provider

Risk to Small Business: 2 = Severe: A phishing attack tricked an employee into providing hackers with email credentials that were used to access and download inbox content remotely. Although the breach was announced on February 5th, the phishing scam was executed in November 2019. It wasn’t discovered until December 2019, which raises questions about the company’s data security capabilities and notification strategy. As a result, Altice USA will have a difficult time restoring customer confidence, which will be critical to recovering from this preventable data breach.

Individual Risk: 2.285 = Severe: Customers’ personal information was compromised in the breach. This includes Social Security numbers, birth dates, and other personal details. The company claims that financial information was untouched by the breach and is offering free identity and credit monitoring services for affected victims to protect compromised data.

Customers Impacted: 12,000

How it Could Affect Your Customers’ Business: Phishing attacks are easy to deploy, and they are devastating to companies compromised by malicious messages. Although security processes are unlikely to keep all phishing emails out of their employees’ inboxes, they can render the attacks useless by providing comprehensive awareness training that teaches and trains employees to identify phishing scams.

United States – St. Louis Community College

Exploit: Phishing Attack
St. Louis Community College: Public academic institution

Risk to Small Business: 2.111 = Severe: Several employees fell for a phishing scam that compromised students’ personal information. The phishing attack, which took place on January 13th, happened just weeks before the school implemented two-factor authentication on January 31st. If this effective defensive measure was in place sooner, hackers would not have been able to access employee accounts, even after they provided their credentials on a phishing form. In response, the college is retraining employees who clicked on a phishing email, and they are updating their procedures to prevent a similar event in the future.

Individual Risk: 2.428 = Severe: Students’ personal data was compromised in the breach, including names, ID numbers, dates of birth, addresses, phone numbers, and email addresses. In addition, 71 students had their Social Security numbers stolen. This information can be used to execute identity fraud or to target victims with spear-phishing campaigns that could provide hackers with even more damaging personal data. Those impacted by the breach should enroll in credit and identity monitoring services to oversee the responsibility of identifying misuse, and they should carefully evaluate online communications for signs of a phishing scam.

Customers Impacted: 5,000

How it Could Affect Your Customers’ Business: This incident is a tragic reminder that, when it comes to data security, timing is everything. Phishing attacks awareness training and two-factor authentication can go a long way toward protecting the company and customer data, but they need to be in place before an attack occurs. Therefore, installing proactive measures should be a top priority in the days and weeks ahead.

Australia – Ashley Madison 

Exploit: Unauthorized database access
Ashley Madison: Adult romance website

Risk to Small Business: 2 = Severe: Cybercriminals are redeploying data from Ashley Madison’s 2016 data breach to target Australian users with sextortion emails. These messages contain intimate and highly personal information gleaned from the breach, and cybercriminals are threatening to publicly release the information if victims don’t pay a Bitcoin ransom. The emails are highly personalized and include sensitive personal details derived from the initial data breach. While it’s easy to write-off a data breach at an adult website, it reflects the IT environment experienced by any company that collects personal data, and the many ways that hackers exploit that information to make money.

Individual Risk: 2.142= Severe: The personalized emails include users’ names, bank account numbers, phone numbers, addresses, and dates of birth. It also contains private content and communications conducted on the website.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Data breaches impact more than just a company’s bottom line. They often have tangible consequences for each individual compromised in a breach, and even years after a breach, they can continually reappear, causing personal, psychological, and financial trouble for victims. It should encourage every company to take every step possible to protect personal data.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

More than Half of British Consumers Endured a Data Breach in 2019 

The latest IBM threat report examines the most prescient threats facing business in 2020, and its findings should alarm cybersecurity leaders. Notably, the report found that hackers are not turning to overly sophisticated techniques to access company IT. Rather, they are relying on the deluge of personal data already available to access an organization’s infrastructure. When those methods fail, many are deploying phishing scams as a cheap, relatively safe way to compromise employee credentials.

According to IBM, phishing attacks and unauthorized credential use were two of the most prominent attack methodologies, with the exploitation of vulnerabilities completing a risk triumvirate for companies to address in the year ahead.

The report’s silver lining is that companies are not powerless against these threats. Employee awareness training can render these attacks useless, and integrated two-factor authentication can prevent unauthorized account access even when credentials are compromised. Together, they present a meaningful way for every company to protect itself against the most likely threats in the year ahead.

A Note From Kobargo

Ransomware Attacks Are Driving Up Cyber Insurance Rates 

Ransomware attacks were one of the defining cybersecurity threats of 2019, and just one month into 2020, it’s clear that bad actors will continue to deploy this malware to capitalize on their criminality. As companies grapple with the implications of this new reality, many are turning to cybersecurity insurance as a way to offset the cost and consequences of an attack. Unfortunately, ransomware attacks have become so common that cyber insurance rates have soared in response.

According to some reports, cybersecurity insurance has increased by as much as 25% in the past year. At the same time, insurance companies are expanding their offerings, adapting their business model for shifting data security and regulatory landscape. However, companies relying on cyber insurance will likely be disappointed as payouts rarely cover the cost of an attack, and increasingly high premiums make it an affordable option to begin with.

Instead, many organizations would be better off investing in a robust defense strategy that can defend against a ransomware attack before it happens. It’s the only way to truly avoid the escalating costs and consequences of a ransomware attack.

Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
1 2 3 4 5 14 15

CATEGORIES

Categories

YOU MAY ALSO LIKE

Copyright © Kobargo Technology Partners 2019