Categories
The Week in Breach

The Week in Breach News: 15/12/21 – 21/12/21

Cryptocurrency handlers continue to get pounded as cybercriminals steal an estimated $135 million from a blockchain game developer & Brazil’s Ministry of Health was creamed by ransomware two times in one week!


Virginia Museum of Fine Arts

Exploit: Ransomware

Virginia Museum of Fine Arts: Art Museum 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.822=Moderate

A system security breach prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation in late November 2021. The museum, an independent agency of the state, said the Virginia Information Technologies Agency detected an intrusion by an unauthorized third party to the museum’s environment in late November. An investigation is underway, and a temporary website has been established.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


McMenamins

Exploit: Ransomware 

McMenamins: Hotel and Restaurant Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612=Severe

Family-owned hotel and restaurant chain McMenamins received an unwelcome holiday gift: ransomware. The company says that it has had to shut down credit card point-of-sale systems and corporate email but can still serve customers. The Conti ransomware group is thought to be responsible but the group has not claimed responsibility. The popular chain of restaurants, pubs, breweries and hotels is located in the Pacific Northwest: specifically, Washington and Oregon. The company has announced that it is working with the FBI and a third-party cybersecurity firm to investigate the attack. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


The Oregon Anesthesiology Group (OAG)

Exploit: Ransomware

The Oregon Anesthesiology Group (OAG): Medical Care Provider  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

 The Oregon Anesthesiology Group (OAG) disclosed that a ransomware attack in July led to the breach of sensitive employee and patient information. The company said it was contacted by the FBI on October 21 and informed that the Bureau had seized an account that contained OAG patient and employee files from Ukrainian ransomware group HelloKitty. The FBI also told OAG that the Bureau believes the group exploited a vulnerability in OAG’s third-party firewall to gain entry to its network.   

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802=Severe

The information of 750,000 patients and 522 current and former OAG employees was impacted in this incident. Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms. OAG will provide victims of the incident 12 months of Experian identity protection services and credit monitoring.  

Customers Impacted: Unknown



Superior Plus

Exploit: Ransomware

Superior Plus: Propane Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.229 = Severe

Canadian propane distributor Superior Plus has fallen victim to a ransomware attack. The company announced that it was subject to a ransomware incident on Sunday, December 12, 2021, which impacted its computer system, resulting in the company temporarily disabling some computer systems and applications as it investigates this incident. The company is in the process of bringing these systems back online. The statement goes on to say that it has no evidence that the safety or security of any customer or other personal data has been compromised. Superior Plus supplies propane gas to more than 780,000 customers in the US and Canada, a hot commodity during the winter season. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted:



Brazil – Ministry of Health (MoH)

Exploit: Ransomware

Ministry of Health (MoH) – National Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.107= Extreme

Brazil’s Ministry of Health (MoH) suffered not one but two ransomware attacks in the last week, seriously impacting its operations. The agency was still in the process of recovering from a ransomware attack on 12/10 when they were hit again on 12/13. In the initial attack, all of MoH’s websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app. The Lapsus$ Group has claimed responsibility for the first attack, claiming that it has stolen some 50TB worth of data. The department was quick to assure the public that it has the relevant data backed up. The second attack set recovery back, preventing Brazil’s platform that issues COVID-19 vaccine certificates, ConecteSUS , from coming back online as scheduled. Ministry officials said that the second attack had been unsuccessful and that no data had been compromised in that incident, but it had affected that timeline for recovery. The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations.    

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Ireland – Coombe Hospital

Exploit: Hacking

Coombe Hospital: Medical Center 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.711 = Moderate

The Coombe Hospital announced that it has been hit by a ransomware attack that has impacted its IT systems. The hospital stated that it had isolated and locked down its IT services on a precautionary basis.  The maternity and infants’ hospital said that services are continuing as normal and no disruptions to patient care are expected. The HSE is assessing whether this will have a broader impact on the health service. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Greece – VulcanForged

Exploit: Ransomware

VulcanForged: Cryptocurrency Gaming Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.7684 = Severe

Hackers stole around $135 million from users of the blockchain gaming company VulcanForge. Blockchain games appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. VulcanForge creates games such as VulcanVerse, which it describes as an MMORPG and an online card game called Berserk. Hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, VulcanForge’s token that can be used across its ecosystem, with an estimate $135 million in value.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Australia – Finite Recruitment

Exploit: Ransomware

Finite Recruitment: Staffing Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223 = Severe

IT recruitment firm Finite Recruitment has confirmed it experienced a cyberattack in October 2021 that resulted in some of the company’s data getting stolen and published on the dark web. The Conti ransomware group listed Finite Recruitment as a victim on its dark web leak site, claiming to have acquired 300GB of the company’s data. Finite Recruitment services several NSW government agencies as well as private clients.  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.015 = Severe

An estimated 38,000 employees and up to 80,000 government employees may have had their data exposed and that data may include financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information. 

Customers Impacted: Unknown



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 08/12/21 – 14/12/21

Cox Communications gets caught by phishing, Atalanta imports some ransomware, another crypto exchange gets hacked for millions & a shocking ransomware attack on the Virginia Legislature.



Atalanta

Exploit: Ransomware

Atalanta: Food Importer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616= Severe

Imported foods outfit Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack in July 2021. An investigation concluded that information related to Atalanta’s current and former employees and some visitors was accessed and acquired by an unauthorized party. Atalanta is North America’s largest privately-held specialty food importer. No details were offered by the company about how many records were exposed and what personal information they contained. 

Individual Impact: No details were offered by the company about how many records were exposed and what personal information they contained. 

Customers Impacted: Unknown


Cox Communications 

Exploit: Phishing (Vishing)

Cox Communications: Digital Cable Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.773=Severe

Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The story goes that on October 11th, 2021, a bad actor impersonated a Cox support agent by phone to gain access to customer information. Cox is the third-largest cable television provider in the US with around 3 million customers. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.813=Severe

Customers may have had information material to their Cox account exposed including name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that they receive from Cox. 

Customers Impacted: 3 million


The Virginia Division of Legislative Automated Systems (DLAS)

Exploit: Ransomware

The Virginia Division of Legislative Automated Systems (DLAS): Government Technology Services 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.318=Extreme

A ransomware attack has hit the division of Virginia’s state government that handles IT for agencies and commissions within the Virginia legislature. Hackers accessed the agency’s system late Friday, then deployed ransomware. A ransom demand was received on Monday. A Virginia state official told CNN that DLAS was shutting down many of its computer servers in an attempt to stop the spread of ransomware. No information was available at press time about the amount of the ransom demand or what if any data was stolen. AP reports that this attack is the first recorded on a state legislature.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


Kronos Ultimate Group 

Exploit: Ransomware

Kronos Ultimate Group: Payroll Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.619= Severe

HR management company Ultimate Kronos Group has been hit by a ransomware attack that could have devastating ongoing repercussions. The company’s Kronos Workforce Central was paralyzed in the attack. That prevents its clients, including heavyweights like Tesla and Puma, from processing payroll, handling timesheets and managing their workforce. Kronos first became aware of unusual activity on Kronos Private Cloud on Saturday evening. The company’s blog says that it is likely the issue may require several weeks to resolve. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted:



United Kingdom – SPAR Convenience Stores

Exploit: Ransomware

SPAR Convenience Stores: Convenience Store Chain 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.412= Extreme

UK convenience store chain SPAR fell victim to a cyberattack that impacted operations at a store level. SPAR has around 2600 stores located across the UK. The suspected ransomware attack impacted 330 SPAR locations primarily located in the north of England. Those stores were left unable to process payments made using credit or debit cards for a time. The attack also prevented the stores from using their accounting or stock control systems. Some of the affected shops remain closed in the wake of the attack, but some have reopened accepting only cash payments. An investigation is ongoing. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Sweden – Volvo Cars

Exploit: Hacking

Volvo Cars: Automotive Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.112 = Severe

Swedish automotive company Volvo announced that hackers had violated its network and made off with valuable research and development data in a cyberattack. The company went on to say that its investigation confirmed that a limited amount of the company’s R&D property was stolen during the intrusion, but no other data was accessed. The company was quick to assure Volvo owners that there would be no impact on the safety or security of their cars or their personal data. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Germany – Hellmann Worldwide Logistics

Exploit: Ransomware

Hellmann Worldwide Logistics: Transportation Logistics Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.7684 = Severe

Hellmann Worldwide Logistics reported a cyberattack this week that packed a punch. The company said that a cyberattack, suspected to be ransomware, caused them to have to temporarily remove all connections to their central data center. Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response.  The company serves clients in 173 countries, running logistics for a range of air, sea, rail and road freight services. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


France – Régie Autonome des Transports Parisiens (RATP) 

Exploit: Misconfiguration

Régie Autonome des Transports Parisiens (RATP): Transportation Authority 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.723 = Severe

A state-owned French transportation giant is in hot water after exposing personal information for nearly 60,000 employees via an unsecured HTTP server. Researchers discovered the server on October 13 left open and accessible to anyone. It contained an SQL database backup dating back to 2018 with over three million records. This featured the details of 57,000 RATP employees — including senior executives and the cybersecurity team. Source code related to RATP’s employee benefits web portal was also exposed with API keys that enabled access to the sensitive info about the website’s backend and RATP’s GitHub account. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.723 = Severe

The exposed employee data includes full names, email addresses, logins for their RATP employee accounts and MD5-hashed passwords. 

Customers Impacted: Unknown



Singapore – AscendEX 

Exploit: Hacking

AscendEX: Cryptocurrency Trading Platform 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.223 = Extreme

Cryptocurrency exchange AscendEX suffered a hack for an estimated $77 million following a breach of one its hot wallets. The company announced the hack on Twitter, saying that it had identified a number of unauthorized transactions from one of its hot wallets on Saturday. Blockchain analytics firm PeckShield estimated that the stolen funds amounted to $77 million spread across three chains: Ethereum ($60 million), Binance Smart Chain ($9.2 million) and Polygon ($8.5 million). The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million. The Singapore-based exchange, which was formerly known as BitMax, claims to serve one million institutional and retail clients.   

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Australia – Frontier Software 

Exploit: Ransomware 

Frontier Software: Payroll Services Technology Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.323 = Severe

 South Australia’s state government announced that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software. The company has informed the government that at least up to 80,000 government employees and 38,000 employees of other businesses may have had their data snatched by bad actors in the November 13 incident.    

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.401 = Severe

 The stolen employee data contained names, dates of birth, tax file numbers, home addresses, bank account details, employment start dates, payroll period, remuneration, and other payroll-related information.  

Customers Impacted: Unknown



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 01/12/21 – 07/12/21

Cybercriminals snatched millions from three cryptocurrency platforms, PII and PHI were exposed in major medical clinic snafus.



Planned Parenthood

Exploit: Ransomware

Planned Parenthood: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616= Severe

Bad actors gained access to the personal information of an estimated 400,000 patients of Planned Parenthood in Los Angeles this past October in a probable ransomware attack.  A spokesperson said that someone gained access to Planned Parenthood Los Angeles’ network between October 9 and 17, deployed and exfiltrated an undisclosed number of files. The breach is limited to the Los Angeles affiliate and an investigation is underway. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.703= Severe

PPLA told clients that PII and PHI had been exposed including the patient’s name, address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescriptions.

Customers Impacted: 400,000

How It Could Affect Your Business: Medical information is valuable, especially sensitive information like this that can be used for both cybercrime and blackmail, and patients expect that healthcare providers will protect it.


Gale Healthcare Solutions

Exploit: Misconfiguration

Gale Healthcare Solutions: Healthcare Job Placement

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.611=Severe

More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password-protected database owned by Gale Healthcare Solutions, a Florida-based healthcare staffing provider. Files containing the PII of healthcare workers that the company placed were hosted on an unsecured AWS cloud server that was uncovered by security researchers in September. Gale Health Solutions says that the environment has been deactivated and secured. The company also says that there is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.813=Severe

Researchers reported that the files they saw contained a healthcare worker’s face image or ID badge, full name and a number consistent with an SSN. Other personal data about the impacted workers may also have been exposed.  

Customers Impacted: 300,000

How It Could Affect Your Business This mistake will be expensive and coveted healthcare workers may be inclined to choose a different staffing agency because of this carelessness.


MonoX

Exploit: Hacking

MonoX: Cryptocurrency Finance

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.318=Extreme

The MonoX DEX platform has experienced a breach that did damage to the tune of $31 million. The breach took place after hackers exploited a vulnerability in smart contract software, then exploited the vulnerability to increase the price of MONO through smart contracts and bought assets with MONO tokens. DeFi platform Badger was also reportedly hit by hackers for $120 million last week after they gained access by targeting a protocol on the Ethereum network.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


DNA Diagnostics Centre

Exploit: Ransomware

DNA Diagnostics Center: Healthcare Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.819= Severe

DNA Diagnostics Center said that on August 6, the company discovered that there had been unauthorized access to its network that enabled someone to access and exfiltrate an archived database that contained patient PII collected between 2004 and 2012. The Ohio-based company says that 2,102,436 people had their information exposed. Victims may have been ordered to undergo genetic testing as part of a legal matter.

cybersecurity news represented by agauge showing severe risk

Individual Risk 1.617= Severe

The company is sending letters to impacted individuals warning them that they may have had their PII and sensitive data such as Social Security number or payment information exposed. Anyone whose personal information was accessed is being offered Experian credit monitoring.

Customers Impacted: 2,102,436

How it Could Affect Your Business Companies that store two kinds of valuable data like this are at high risk for an expensive and damaging ransomware incident that will have lasting financial results.



United Kingdom – BitMart

Exploit: Hacking

BitMart: Cryptocurrency Exchange 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.212= Extreme

Cryptocurrency trading platform BitMart has been hacked resulting in the loss of an estimated $150 million in funds. Portswigger reports that Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain. BitMart said n a statement that it was temporarily suspending withdrawals until further notice after detecting a large-scale security breach centered on two ‘hot’ wallets. BitMart claims that it has more than nine million customers across more than 180 countries. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business Crypto platforms have been squarely in cybercriminals’ sights in the last few months and consumers are watching to see which ones are able to avoid trouble.



Japan – Panasonic

Exploit: Hacking

Panasonic: Electronics Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919 = Severe

Panasonic has confirmed that it’s had a security breach after unauthorized users accessed its network on November 11. The company says that an internal investigation revealed that some data on a file server had been accessed by intruders. No information was given about what data was accessed or how much. Panasonic says that it is working with an outside firm to get to the bottom of the matter and expressed its apologies for the incident.  

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Australia – CS Energy

Exploit: Ransomware

CS Energy: Energy Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.723 = Severe

CS Energy confirmed it experienced a ransomware attack on November 27.  The company said the incident was limited to its corporate network and did not impact operations at its Callide and Kogan Creek power stations. CS Energy’s CEO said that the company contained the ransomware attack by segregating the corporate network from other internal networks and enacting business continuity processes. CS Energy is owned by the Queensland government.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 24/11/21 – 30/11/21

Cybercriminals haven’t had any trouble assembling a phishing campaign at IKEA, the NCSC sounds the alarm about escalating ransomware danger, wild accusations of treachery and sabotage add a whole new twist to a ransomware attack at BTC Alpha.



Cronin

Exploit: Misconfiguration

Cronin: Digital Marketing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917= Severe

Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords and some unspecified PII and financial data were also exposed.

Individual Impact: Reports of this breach include mention of exposed employee financial data and PIIbut no details were available as of press time.

Customers Impacted: Unknown


Supernus Pharmaceuticals

Exploit: Ransomware

Supernus Pharmaceuticals: Pharmaceutical Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702=Severe

Maryland-based Supernus Pharmaceuticals fell prey to a ransomware attack that resulted in a large amount of data being exfiltrated from its networks in mid-November. The Hive ransomware group claimed responsibility for the attack over the Thanksgiving holiday weekend. The group claims to have breached Supernus Pharmaceuticals’ network on November 14 and exfiltrated a total of 1,268,906 files, totaling 1.5 terabytes of data. Supernus Pharmaceuticals says it did not plan to pay a ransom. In a statement, Supernus Pharmaceuticals also disclosed that it did not experience a significant impact on its business, they were quickly able to restore lost data and the company has enacted stronger security measures.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Butler County Community College

Exploit: Ransomware

Butler County Community College: Institution of Higher Learning

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.728=Moderate

Butler County Community College in Pennsylvania was forced to suspend classes for at least two days in the wake of a ransomware attack that has crippled the college’s systems. The college says it is working to restore databases, hard drives, servers and other devices. In a release, the college also announced the cancellation of all remote and online credit classes as it works to restore data, servers and other systems affected by the attack. Noncredit courses are canceled as well for November 29 and 30. The college will not provide services on its main campus or at its additional locations on those days. The incident is under investigation and the college is being assisted in recovery by a local cybersecurity firm.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown



Brazil – WSpot

Exploit: Misconfiguration

WSpot: WiFi Security Software Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.109= Severe

Researchers uncovered a misconfigured Amazon Web Services S3 bucket containing 10 GB worth of data that belonged to Wi-Fi software services company WSpot. The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The company stated that they are in the process of notifying legal authorities including the National Data Protection Authority regarding the incident. WSpot, estimated that 5% of its customer base was impacted by this leak. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk 2.811= Severe

 An estimated 226,000 files were exposed including the personal details of at least 2.5 million users who connected to WSpot’s client’s public Wi-Fi networks. 

Customers Impacted: 2.5 million users




United Kingdom – BTC-Alpha 

Exploit: Ransomware

BTC-Alpha: Cryptocurrency Exchange

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

This week’s most bizarre breach saga belongs to BTC-Alpha. The UK-based cryptocurrency exchange was hit with a ransomware attack in early November. The Lockbit ransomware group claimed responsibility and posted a threat to its leak site to expose BTC-Alpha’s data if a ransom was not paid by December 1. Here’s where it gets strange. Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm in a press release on the same day that Lockbit’s announcement was made. The release goes on to state that a rival was launching a cryptocurrency exchange on the same day as the attack and may be involved in the incident. The full text of the release is available here: https://www.prleap.com/pr/282919/vitaliy-bodnar-founder-of-btc-alpha-comments-on-the-pressure-and-threats The company disclosed that although hashed passwords were compromised, users’ balances were not impacted, and the company and its users lost no money. The company also advised users to avoid password reuse, update or reinstall their apps, and employ MFA. The odd incident is under investigation.  

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Sweden – IKEA 

Exploit: Phishing

IKEA:  Furniture & Home Goods Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.595 = Extreme

IKEA is battling a nasty phishing attack on its employee email accounts that is using reply chains to try to trick employees. A reply-chain email attack is a type of spoofing in which the bad guys steal legitimate corporate email messages and send links to malicious documents to the chain as a reply. The messages seem legit and can be hard to catch. Malicious messages are being sent from inside the main IKEA organization as well as from other compromised IKEA organizations and business partners. The fight is ongoing and no direct cause has been announced, although analysts are saying that signs point to a Microsoft Exchange on-premises server compromise. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.



Singapore – Swire Pacific Offshore 

Exploit: Ransomware

Swire Pacific Offshore: Maritime Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.712 = Moderate

Singapore-based shipping firm Swire Pacific Offshore has announced a data breach after it fell victim to a possible ransomware attack. The company’s press release stated that unauthorized access had resulted in the loss of some confidential proprietary commercial information and some personal data. The statement went on to note that appropriate authorities have been notified. Singapore has mandatory data breach notification laws that require organizations to report incidents like this to the government. The company also announced that it is working with data security experts to investigate the incident and implement stricter security measures.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 17/11/21 – 23/11/21

GoDaddy is back in the hot seat after another massive breach exposes data for more than 1 million users, an insider incident in Ohio raises election security concerns & a data breach at Australia’s copyright authority.


GoDaddy

Exploit: Credential Compromise

GoDaddy: Web Hosting Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.527= Severe

GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 1.2 million


California Pizza Kitchen

Exploit: Hacking

California Pizza Kitchen: Fast Casual Restaurant Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.212=Severe

US casual dining chain California Pizza Kitchen has had a data security breach that impacts current and past employees. In a statement, the company disclosed that its systems were infiltrated by an unauthorized user on September 15. Those cybercriminals gained access to an undisclosed amount of data including employee records that contained at least employee names and SSNs.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.907=Severe

In a filing with the Maine attorney general’s office, the company reported that 103,767 current and former employees had their names and Social Security numbers exposed.

Customers Impacted: 103,767


Lake County Board of Commissioners 

Exploit: Insider Incident

Lake County Board of Commissioners: Election Regulator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.502=Severe

The Washington Post is reporting that a data security incident occurred at the Lake County, Ohio Board of Elections. The attempted breach occurred on May 4 inside the county office of John ­Hamercheck (R), president of the Lake County Board of Commissioners. In this incident, a private laptop was plugged into the county network in Hamercheck’s office, capturing routine network traffic. That information was then distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell. Officials say that no sensitive data was obtained. This is substantially similar to an incident in Colorado earlier this year. Data from the Colorado incident was circulated at the same event. The FBI is investigating the incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown



Cyprus – StripChat 

Exploit: Misconfiguration

StripChat: Adult Content Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615= Severe

StripChat, one of the world’s top 5 adult cam sites, has suffered a data breach that exposed more than its usual fare, including the personal data of millions of users and adult models. In a blunder discovered by security researchers, StripChat failed to properly configure an ElasticSearch database cluster, leaving data exposed for at least 3 days.

cybersecurity news represented by agauge showing severe risk

Individual Risk 1.802= Severe

Researchers listed the exposed data pertaining to 65 million users registered on the site including their username, email, IP address, ISP details, tip balance, account creation date, last login date and account status. Data for 421,000 models broadcasting on the site was also exposed including username, gender, studio ID, live status, tip menus/prices and strip scores. Other transaction data was also exposed.

Customers Impacted: Unknown


Denmark – Vestas

Exploit: Ransomware

Vestas: Wind Turbine Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

The world’s largest supplier of wind turbines Vestas has announced that it has experienced a suspected ransomware incident. The company says that its initial investigation has determined that data has been compromised, although no specifics about that data were given. The company says that the incident forced the shutdown of IT systems and has damaged parts of Vestas’ internal IT infrastructure. Recovery has begun, and the company has stressed that the impact on its manufacturing, construction and service arms has been minimal.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Exploit: Hacking

Copyright Agency: Royalty Collection Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.595 = Extreme

Australia’s Copyright Agency has suffered a data breach The agency which distributes royalties to authors, photographers and other creators for the reuse of their text and images, notified members of the incident last Friday. No information is yet available about what data may have been impacted, but there’s a possibility that extensive personal and financial data may have been exposed for the 37,000 creators that it services.

Customers Impacted: 37,000



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
Cyber Security Education

Improve your Business IT Security

3 Ways to Improve business IT Security

security-4498306_1920

Computers, devices and the internet are woven into the fabric of our daily lives, making it easy for us to forget that online interactions and email messages aren’t always benign.

The unfortunate results of a barrage of cyberattacks in the past year alone has clearly demonstrated that cybercriminals are putting in work to expand their operations. In fact, recent cyberattacks have illustrated just how many aspects of our daily lives are impacted by cybersecurity from shopping to seeing the doctor.

Protecting your business from cyberattacks may seem like a daunting prospect – in an IBM blog post, 25% of SME business owners said that they didn’t even know where to start with cybersecurity. However, no one has extra budget these days – a third of those SME IT decision-makers pointed to a lack of budget or resources as their biggest blocker to cybersecurity success. But businesses don’t have to blow their budgets to make security improvements.

These three tips can help every business be Cybersmart and stand tall in the face of surging cybercrime for less.

1. Build Better Passwords

The first action that businesses can take doesn’t cost a penny: improve password security.

Cybercriminals know that the easiest, fastest way for them to gain entry to your systems and data is with a legitimate password and they’re doing everything possible to snag one – the more privileged that password is, the better. That’s why it’s paramount that you establish and enforce strict rules about generating passwords in your business. The Verizon/Ponemon Institute Data Breach Investigations Report 2021 revealed that bad, cracked, stolen and recycled passwords were the biggest data breach menace that businesses of every size face. More than 60% of the businesses that they analysed had suffered a cyberattack that began with a compromised credential and ended in a data breach.

3 Fast Facts About Password Danger

Credentials were the top type of information stolen in data breaches worldwide in 2020.

About 60% of passwords that appeared in more than one breach in 2020 were recycled or reused.

An estimated 65% of employees use the same password across multiple work and home applications.

It’s not hard for cybercriminals to find a company’s legitimate passwords through password cracking software or even just outright guessing. How does that work? People love to talk about themselves and their interests online. Does your LinkedIn profile talk about how devoted you are to your favourite football team? Is your Facebook full of Baby Yoda memes? Do you share makeup tips from Instagram influencers every day? All of these things give cybercriminals clues that help them figure out your password.

Simple, common, recycled passwords make a cybercriminal’s job easy if they’re using password cracking or credential stuffing too. Why? Based on an analysis of the data that was collected in 2020, an overwhelming majority of passwords fit into one of 20 common categories. That fact allows cybercriminals to use huge lists of passwords stolen in earlier breaches to conduct future cybercrime operations.

Almost 60% of employees use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. On top of that, 49% of users will only change one letter or digit in one of their preferred passwords when required to make a new password. Don’t make it that easy for the bad guys.  

Password Dos & Don’ts

Don’t reuse or recycle a password anywhere for any reason.

Do build strong unique passwords for every online account

Don’t make passwords that fall into a common category

Do make sure your password isn’t easy to guess

Do consider using a password manager to maintain your list if unique passwords

2. Include everybody on the Security Team

Cybersecurity isn’t just a job for the IT department, but that can be hard for employees to recognise, especially if they don’t consider themselves “tech people”. Unfortunately, that perception often leads to employees not engaging with security awareness training and not carrying the good cybersecurity practices that they learn over into their everyday actions. That expectation may also be at work on the executive end of the equation too. By not running regular training sessions or only giving a few employees training against certain threats, companies fail to utilise all of their human resources to keep an eye out for trouble. Internal blockers can also discourage employees from taking an interest in cybersecurity, a tragedy in a time when businesses need all the help that they can get. Eliminating those blockers will create a stronger security culture, making your business more cyber resilient.

3 Facts About Employee Security Attitudes

Just under 30% of employees fail to report cybersecurity mistakes out of fear. 

A full 50% of employees don’t report clicking on a phishing email to avoid disciplinary action.

An estimated 60% of employees open suspicious emails for fear of misidentifying a message.

No employee should be afraid to ask for help around security issues. When employees fear losing their jobs because of a security mishap, small problems don’t get reported, giving them time to grow into giant disasters. Improved security awareness can also quickly reduce a company’s risk of malicious insider incidents. In a business with a healthy cybersecurity culture, employees feel confident that they can ask for help freely whether they just have a question, they made a mistake, they are unsure about something or think that they have spotted a phishing attempt, and that brings benefits that can’t be measured. 

Security Culture Dos and Don’ts

Don’t threaten employees with termination if they make a security mistake

Do make it easy for employees to ask questions or get help around security

Don’t just make cybersecurity the IT department’s job

Do make every employee feel that they are invested in company security

Don’t fail to set policies that encourage smart security behavior

Don’t have one set of policies for employees and another for executives

3. Empower Employees with the Right Training and Tools

If you want your employees to protect your business from cyberattacks, they’re going to need a quality toolkit and the training to notice potential trouble spots. The power of security awareness training is immense, and it starts right away.

In a UK study on the effectiveness of phishing simulations, researchers discovered that 40 – 60% of the surveyed employees were likely to open a phishing message at the beginning of the study. However, after about 6 months of training, the percentage of employees who took the bait dropped 20% to 25%. Even better, after 3 to 6 months more training, only 10% to 18% were likely to open a phishing message, a steep decline. 

Regular security awareness training clearly works. Having the right tools available is also essential. If you’re relying on old, clunky, hard-to-use tools for your day-to-day operations, you’re not only opening your business up to security risks from potential cyberattacks, you’re also making it hard for your employees to follow safe behaviours or take security seriously – and that can mean the difference between a crisis averted and a disaster landing on your doorstep.

3 Facts About Security Tools

One tool, multifactor authentication, stops 99% of password-based cybercrime

Automated email security catches 40% more phishing messages than conventional security or a SEG

Security awareness training reduces the chance of a damaging security incident by up to 70%

It’s not necessary for businesses to splash out cash on dozens of fancy security tools. Having too many security tools is just as bad as having too few. But it is essential that you provide the right tools and training to build a foundation for cybersecurity success. However, a stunning one in three small businesses with 50 or fewer employees relies solely on free or consumer-grade cybersecurity tools for protection. Even worse, an astonishing 60% of business leaders revealed that their companies didn’t have a cyberattack prevention plan in place at all and had no foundation for incident response. Give your employees the tools, training and support that they need to succeed and they will help keep your business safe in a stormy cybersecurity landscape.

Training and Tools Dos and Don’ts

Don’t use security awareness training as a punishment

Do run security awareness training at least 11 times per year

Don’t make employees afraid to lose their jobs if they report issues

Do make sure that everyone from the Directors to the apprentices receives regular training

Don’t rely on a patchwork of old tools that make maintaining security more challenging

Do make it easy for employees to get help when they have a security issue

Protect your Business from Cybercrime

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below

Categories
Cyber Security Education

Gone Phishing?

Gone Phishing

Phishing is the most common cybercrime and the most dangerous for your business. Some of today’s most devastating cyberattacks, including incidents like the Colonial Pipeline ransomware disaster in May 2021, started with a phishing email.

Employees may encounter phishing attempts daily if action isn’t taken to keep phishing messages out of your business.

An estimated 6 billion phishing emails were sent to businesses daily in 2020!

What is a Phishing Attack?

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information or to deploy malicious software.

Phishing is the type of cyberattack employees see the most, the reason cybercriminals favour phishing is because it has a low barrier to entry, it’s cheap and it’s effective. Phishing is an easy way for Cybercriminals to obtain passwords, user data and other credentials, enabling them to undertake other cybercrime operations like business email compromise or deploy ransomware.

An estimated 75% of organizations in the United States were hit by a phishing attack that resulted in a data breach in 2020.

 

How to spot a phishing attack?

Phishing can be tricky to spot, but these red flags should always give you pause as they’re common indicators that an e-mail is actually a phishing attempt. 

Subject Line

Is the subject line accurate? Subject lines that feature oddities like “Warning”, “Your funds have” or “Message is for a trusted” should set off alarm bells. If the subject or pre-header of the email contains spelling mistakes, usage errors, unexpected elements like emojis or other things that make it stand out from emails you regularly receive from the sender, it’s probably phishing. 

Greeting

If the greeting seems strange, be suspicious. Are the grammar, punctuation and spelling correct? Is the greeting in a different style than you usually see from this sender? Is it generic when it is usually personalised, or vice versa? Anomalies in the greeting are red flags that a message may not be legitimate.

Domain

Check the sender’s domain by looking at the email address of the sender. A message from a major corporation is going to come from that company’s usual, official domain. 

For example, If the message says it is from Sender@microsoftsecurity.com instead of Sender@microsoft.com, you should be wary. 

Word Choices, Spelling & Grammar

This is a hallmark test for a phishing message and the easiest way to uncover an attack. If the message contains a bunch of spelling and usage errors, it’s definitely suspicious. Check for grammatical errors, data that doesn’t make sense, strange word choices and problems with capitalisation or punctuation. We all make the occasional spelling error, but a message riddled with them is probably phishing. 

Style

Does this look like other messages you’ve received from this sender? Fraudulent messages may have small variations in style from the purported sender’s usual email style. Beware of unusual fonts, colors that are just a little off, logos that are odd or formats that aren’t quite right. 

Links

Using malicious links to capture credentials or send victims to a web page that can be used to steal their personally identifiable information (PII) or financial information is a classic phishing scam. Hovering your mouse or finger over a link will usually enable you to see the path. If the link doesn’t look like it is going to a legitimate page, don’t click on it. If you have interacted with it, definitely don’t provide any information on the page that you’re directed to because it’s almost certainly phishing. 

Attachments

Never open or download an unexpected attachment, even if it looks like a normal Microsoft 365 (formerly Office) file. Almost 50% of malicious email attachments that were sent out in 2020 were Microsoft Office files. The most popular formats are the ones that employees regularly exchange every day — Word, PowerPoint and Excel — accounted for 38% of phishing attacks. Archived files, such as .zip and .jar, account for about 37% of malicious transmissions. 

Origin

Is this someone or a company that you’ve dealt with before? Does the message claim to be from an important executive, politician or celebrity? A bank manager or tax agent you’ve never heard of? Be cautious about interacting with messages that seem too good to be true. Messages from government agencies should also be handled with care. Phishing practitioners love using fake government messages.

How Can I Protect My Business from Phishing Attacks

Cybersecurity requires a multi-layered approach to fully protect your business.

Protecting your employees from phishing equally requires a number of different layers of protection.

  1. The first should be training! Security Awareness training, prepares employees to recognise the threat of cybercrime and how to avoid the dangers. 
  2. The second is simulated Phishing E-mails. Test phishing E-mails are sent to employees to allow them to review and fine tune their new knowledge.
  3. Lastly an integrated threat protection service to filter and remove dangerous E-mails and files from reaching employees in the first place.

 

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below

Categories
Cyber Security Education

SME Data Breaches

SME Data Breaches in 2021

Security words as a concept

A data breach is a nightmare for any company, and it’s one that more businesses in more industries are having to face today. About 85% of IT professionals foresee a data breach at their business in the next 12 months.

Cybercriminals are hungry for data that they can sell in the booming dark web data markets for a hefty profit, spawning an unprecedented increase in data-focused cybercrime that’s rocking businesses of every size and it isn’t going to stop anytime soon!

Top 10 SME Data Breach Statistics from 2021

  1. The number of recorded data breaches in 2021 has exceeded the total number of events 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020
  2. More than 60% of breaches result from misused, stolen or purchased credentials
  3. An estimated 85% of data breaches involve a human element.
  4. Phishing is the top threat action that results in a breach
  5. The number of breaches that involve ransomware has doubled
  6. 34% of data breaches involve internal actors
  7. Over 80% of breaches are discovered by external parties.
  8. An estimated 36% of businesses worldwide had a cloud data breach in the past 12 months
  9. 74% of businesses in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months
  10. The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.

The Cost of a Data Breach

In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at £3.1 million per incident, the highest ever recorded in the 17 years of the study.

The cost of a data breach can change significantly depending upon the initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).

The cost of a breach can be impacted by the type of data stolen or leaked, like customer personally identifiable information (Pii) – the most frequently breached and the most expensive at £125 per record.

The top country in the world for data breach costs in 2021 (so far) is the US with an average cost of $9.05 million.

Thanks to the hot market for COVID-19 data in 2020, medical data is in second place as the most desirable data to snatch, and healthcare at £6.8 million is the industry with the most expensive data breach costs.

Businesses that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days.

Companies supporting a remote or hybrid workforce experienced an increase of up to £750,000 more when a data breach occurred, with the highest rates of £3.5 million in comparison to £2.8 million.

Cloud Data Breaches

The State of Cloud Security 2021” Verizon report asked IT professionals about the circumstances that influence a company’s chance of a possible cloud data breach and these were the factors that they pointed to:

32% say too many APIs and interfaces to govern

31% cite lack of adequate controls and database oversight

27% point to lack of policy awareness around data security

23% blamed old-fashioned negligence

21% said they are not checking Infrastructure as Code (IaC) prior to deployment

20% admitted outright that human factors were at fault

Booming Dark Web Data Markets Drive Data Theft

Most Prevalent Types of Data Stolen in Breaches: 

Credentials: 60%  

Personally Identifying Data (PII): 40%  

Medical Data: 10%  

Bank Data: 10%  

Internal Data: 10%  

Payment Data: 10% 

Is Your Business Protecting Its Valuable Data?

Cybersecurity requires a multi-layered approach to fully protect your business.

Protecting your business Data is a critical priority for any business, not only form a regulatory stance (I.E GDPR, PCI-DSS etc) but also in protecting your customers and employees.

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below

Categories
Cyber Security Education

Password Danger

Password Danger is Escalating

Hooded cyber crime hacker using mobile phone and internet hacking in to cyberspace for username and password,online personal data security concept.

The struggle to get users to make good, strong, unique passwords and actually keep them secret is real!

It can be hard to demonstrate to users just how dangerous their bad password decisions can be to the entire business, even though an estimated 60% of data breaches involved the improper use of credentials in 2020.

There’s no rhyme or reason to why employees create and handle passwords unsafely. Employees at every level are unfortunately drawn to making bad passwords and playing fast and loose with them – and that predilection doesn’t look like it’s going away anytime soon.

Managing Too Many Passwords ?

The average adult has an estimated 100 passwords floating around that they’re using. That’s a bewildering tangle of passwords to manage. About 300 billion passwords are currently in use by humans and machines worldwide. The global pandemic helped put even more passwords into circulation as people on stay-at-home orders created an abundance of new online accounts. According to the conclusions of a global study conducted by Morning Consult for IBM, people worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic.

Many of those logins were compromised from the start thanks to abundant dark web data. An estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, businesses had to contend with a 429% increase in the number of business login details with plaintext passwords exposed on the dark web. That dramatic increase in risk per user comes back to haunt a business.

The average business is now likely to have about 17 sets of login details available on the dark web for cybercriminals to enjoy and that number is only going to continue to grow thanks to events like this year’s giant influx of fresh passwords from the RockYou 2021 leak!

Bad Passwords

Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member, 13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favourite sports team as their password.

That makes cybercriminals’ jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles.

Password Sharing Is Rampant

Worse yet, employees are sharing their passwords with other people at an alarming rate, even if the people they’re sharing a password with don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their business had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people externally.

43% of survey respondents have shared their password with someone in their home
22% of employees surveyed have shared their email password for a streaming site
17% of employees surveyed have shared their email password for a social media platform
17% of employees surveyed have shared their email password for an online shopping account

Top Password fails

Analysis of the top 250 passwords found on the dark web, found the top categories for the weakest passwords in 2020 were:

Weakest Password Categories in 2020

  1. Family Names (I.E Maggie)
  2. Sports Teams (I.E Arsenal)
  3. Favourite Food (I.E Cookie)
  4. Place Names (I.E. London)
  5. Names of Pets (I.E. Rocky)
  6. Famous People/Characters (I.E Tigger)

Top 20 Most Common Passwords found on The Dark Web in 2020

  1. 123456
  2. password
  3. 12345678
  4. 12341234
  5. 1asdasdasdasd
  6. Qwerty123
  7. Password1
  8. 123456789
  9. Qwerty1
  10. :12345678secret
  11. Abc123
  12. 111111
  13. stratfor
  14. lemonfish
  15. sunshine
  16. 123123123
  17. 1234567890
  18. Password123
  19. 123123
  20. 1234567

Stolen Passwords on the Dark Web

Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and Cybercriminals didn’t hesitate to grab batches of credentials from all over the world. Cybercriminals snatched them up in about 70% of EMEA breaches, 90% of APAC region breaches and 60% of North American breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every business owner chills.

An abundance of records on the dark web has spawned an abundance of passwords for cybercriminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. That giant dump of of data is estimated to contain 8.4 billion passwords. Cybercriminals make use of that bounty quickly and effectively.

In the aftermath of an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cybercriminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.

Protect your Business from Password Danger

Password shenanigans can put any business at risk of a devastating and expensive cyberattack, but protecting your business from password-related danger isn’t hard to do or expensive.

Protecting your business from password dangers requires a multi-layered approach, incorporating both training and technology.

Training will educate your employees into the dangers of Cybercrime and what they can do to recognise the threat and how to avoid the dangers.

Technology and policy ensures a correct framework is in place to remove the complications around employee passwords, ensuring a robust and centralised credential management system is in place to protect your business. 

MSnet was founded with a passion to assist businesses from the threat of Cybercrime.

Our Mission is to empower businesses with the knowledge, Training and Services required in safeguarding them from Cybercriminal activity.

If you would like more information please reach out our team on 01489 539700 or use the Contact US button below

Categories
The Week in Breach

The Week in Breach News: 10/11/21 – 16/11/21

Hackers manage a shocking breach that leads to ATO at the FBI, beer production goes flat after a cyberattack at S.A. Damm, Robinhood takes a beating and welcome good news about business security spending increases.


Federal Bureau of Investigation (FBI) 

Exploit: Account Takeover

 Federal Bureau of Investigation (FBI): Federal Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.417= Severe

A shocking email security breach at the US Federal Bureau of Investigation (FBI) led to the takeover of a user account. The cybercriminals that accomplished the feat were able to use that compromised email account to send tens of thousands of fraudulent emails warning recipients of impending cyberattacks. Messages reached celebrities like Jay Z and journalists including investigative reporter Brian Krebs. The Bureau later confirmed that its Law Enforcement Enterprise Portal (LEEP) was compromised in a cyberattack Friday. FBI officials were quick to stress the fact that the malicious emails originated from an FBI-operated server that was solely dedicated to pushing notifications for LEEP and not part of the FBI’s corporate email service.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: This incident shows that no organization is immune to a cyberattack, and even the best defenses can fail.


West Virginia Parkways Authority

Exploit: Ransomware

West Virginia Parkways Authority: State Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

A suspected ransomware attack snarled operations at the West Virginia Parkways Authority last Friday. Officials announced that a cyberattack had hit the agency’s internal computer systems, knocking out email, telephones, and various non-critical applications for several hours. According to the statement, no data was extracted or exposed in the incident which only impacted operational technology. Systems have since been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Using ransomware against infrastructure targets to shut down their operations has become much more common.


Robinhood

Exploit: Phishing (Vishing)

Robinhood: Financial Services Platform 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.542=Extreme

Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.312=Extreme

The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.


Hewlett Packer Enterprise (HPE)

Exploit: Credential Compromise

Hewlett Packer Enterprise: Business Technology Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615= Severe

Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.



United Kingdom – Simplify Group

Exploit: Hacking

Simplify Group: Conveyancing & Property Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

UK property services giant Simplify Group has been experiencing a cyberattack that impacted operations at many of its divisions. The company operates brands like Premier Property Lawyers, My Home Move and DC Law. The outage was a spanner in the works for new and prospective homebuyers, including some that were mid-move, and they were quick to take to social media. Some systems have been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.


Spain – S.A. Damm 

Exploit: Ransomware 

S.A. Damm: Brewing  

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.595 = Extreme

Operations went flat at Spanish brewer S.A. Damm after a ransomware attack crippled production. The company disclosed that the cyberattack hit the brewery on Tuesday night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”. Operations were partially restored quickly and the rest of the recovery is expected to be completed soon.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs have been stopping production in factories rather than stealing data in the hopes of scoring a quick ransom from desperate businesses.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.