By Kevin Lancaster
on May 1, 2019 3:55:19 PM
This week, employee phishing runs rampant, ransomware brings an airport offline, an NBA team’s online store leaks credit card information, and another Dark Web marketplace takes a dive.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums (99%)
Top Compromise Type: Domain (99%)
Top Industry: Manufacturing
Top Employee Count: 11 – 50 Employees
United States – EmCare
https://www.scmagazine.com/home/security-news/data-breach/emcare-data-breach-exposes-60000-employees-patients/
Exploit: Employee email account breach
EmCare: Dallas-based healthcare provider that offers physician services and other healthcare functions
 |
Risk to Small Business: 1.666 = Severe: An unauthorized third party accessed employee emails, allowing them to view sensitive personal information and confidential patient data. Through this vulnerability, hackers were able to access as many as 60,000 individual records, including 31,000 patient records. The company was quick to indicate that they don’t believe any personal data has or will be misused, and it’s unclear why this information was accessed. Nevertheless, EmCare will now bear the costs of providing free credit monitoring services and managing public relations. |
|
Individual Risk: 2.149 = Severe: Employees and patients who received care from the company could have had their name, birth date, age, social security number, and driver’s license number exposed. In some cases, protected health information was also made vulnerable. |
Customers Impacted: 60,000
How it Could Affect Your Customers’ Business: This episode is a reminder that even minor vulnerabilities can have extensive consequences. In this case, accessing just a few email accounts compromised thousands of patient records, creating serious problems for both the victims and the company. Since healthcare organizations are explicitly charged with protecting this information, they need to take every precaution to make sure that their systems are secure. By monitoring where and how hackers use patient and employee information on the Dark Web, providers can offer lasting protection.
United States – Atlanta Hawks Shop
https://labs.sansec.io/2019/04/24/atlanta-hawks-magecart/
Exploit: Malware
Atlanta Hawks Shop: Online store for the Atlanta Hawks, a professional basketball team in the NBA
|
Risk to Small Business: 1.888 = Severe: A malicious code bearing the signature of Magecart, a well-known collective of online credit card thieves, was planted on the online store for the Atlanta Hawks. The malware records keystrokes on the payment platform, allowing the thieves to acquire sensitive payment information from buyers. It’s believed that hackers accessed the store through unprotected third-party extensions affiliated with the shop’s cloud hosting service. |
|
Individual Risk: 2.248 = Severe The Atlanta Hawks online store has more than seven million visitors each year, and this particular strain of malware was introduced on April 20th. Anyone who made purchases through the online store on or after that date should assume that their name, address, and credit card information was compromised. As a result, those impacted should immediately sign up for credit monitoring services while staying vigilant for other misuses of this sensitive data. |
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
United States – Doctors’ Management Service
https://www.zdnet.com/article/cyber-security-firm-verint-hit-by-ransomware/
Exploit: Ransomware attack
Doctors’ Management Service: Medical billing service provider
 |
Risk to Small Business: 1.444 = Extreme: Nearly 40 healthcare centers were significantly impacted by a ransomware attack that compromised patient data. Although the company deployed a network backup to avoid paying the ransom, the hackers had access to sensitive patient information including names, addresses, dates of birth, social security numbers, driver’s license numbers, and health insurance information. |
 |
Individual Risk: 2 = Severe: The company was unable to determine if personal health information was viewed or downloaded, and patients at any of the healthcare providers working with Doctors’ Management System could be impacted by the breach. Therefore, all patients within this network are encouraged to obtain credit and identity monitoring services. |
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
United States – BodyBuilding.com
https://www.zdnet.com/article/bodybuilding-com-discloses-security-breach/
Exploit: Employee phishing scam
BodyBuilding.com: Idaho-based online forum and retailer for supplements
|
Risk to Small Business: 1.888 = Severe: A single phishing email targeting staff members managed to compromise an entire network, allowing hackers to access the personal information of the platform’s users. Even more alarmingly, the company was unable to confirm if data was actually stolen, signaling a lack of privacy stewardship. Along with the threat of fines or lawsuits, the company stands to lose the trust of customers who catch wind of the breach. |
|
Individual Risk: 2.428 = Severe: While the platform contends that credit card and social security numbers were not compromised in the breach, they acknowledged that it’s possible that hackers accessed customers names, email addresses, billing/shipping addresses, phone numbers, order history, and company communications. |
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Ransomware attack
Cleveland Hopkins International Airport: A public airport located in Cleveland, Ohio.
|
Risk to Small Business: 2.111 = Severe: A ransomware attack on the airport disabled information screens that provide information about incoming arrivals, imminent departures, and baggage claim status. At the same time, other network components including email, electronic payroll, and record keeping services were also affected. These disruptions occurred for many days, and the FBI is investigating the source of the attack. |
 |
Individual Risk: 3 = Moderate: There is no indication that any personal information was compromised in this attack, but users with information stored on this network should be mindful of its vulnerabilities while monitoring for possible misuse of stored information. |
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Exploit: Compromised email accounts
Partners for Quality: Pennsylvania-based agency providing educational services for children with intellectual and developmental disabilities
|
Risk to Small Business: 1.222 = Extreme: A malicious third party gained access to several employee email accounts, giving them broad access to their users’ sensitive personal information. This is the company’s second data breach this year, and, since the company handles uniquely sensitive information about their customers, the responsibility to secure this data is magnified. |
|
Individual Risk: 2 = Severe: Hackers gain access to protected health information (PHI) including names, social security numbers, diagnosis/treatment, medical records, billing claims, health insurance credentials, passport information, and banking numbers. Those impacted by the breach should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes. |
Customers Impacted: 3,673
How it Could Affect Your Customers’ Business: Every company managing PHI needs to be especially aware of their cybersecurity vulnerabilities, since a breach not only imperils their users but it also casts doubt on their competence. Since most email-based threats are preventable, companies handling PHI should take every action to educate their employees and to secure their networks.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Cyber-attacks are soaring in 2019
It’s no surprise that cyber criminals are always looking for new vulnerabilities to take advantage of, and we are now becoming inundated, and even accepting, of breaches making daily news headlines. However, their swift increase in the first quarter of 2019 is shocking even by today’s standards.
According to recent report by Malwarebytes, cyber threats are up 235% year-over-year, primarily the result of a surge in ransomware and trojans.
However, bad actors aren’t just increasing the frequency of their attacks. They are changing their focus. The study found that cyber criminals are targeting SMBs because they have less money and resources to spend on cyber defense.
Most prominently, cyber criminals are relying on ransomware. Corporate ransomware attacks are up 195% from the last quarter, and they have grown at an astonishing 500% since April 2018.
It’s no secret that today’s threat landscape is always evolving, and protecting small businesses requires a continual reevaluation of your organization’s most prominent vulnerabilities. However, in order to fight fire with fire, companies must enlist the help of security solutions that are designed to keep a pulse on hacker activities and employee/customer information.
https://www.infosecurity-magazine.com/news/attacks-on-businesses-soar-235-in-1/