The Week in Breach – Microsoft Makes a Rare Flub

 

Make sure to add us or contact us for the latest news

The Week in Breach: Ransomware sails a major shipping company into trouble, Microsoft makes a rare flub, Luxottica fails to see a threat and malicious insiders shop for data at Shopify

The Week in Breach: Featured Down – Microsoft

As a follow-up to the week’s main ‘kerfuffle’ – Microsoft says ‘configuration update’ caused global Outlook outage. On Monday, September 28th – calls started flooding in about users being unable to access their Microsoft accounts. Email, Outlook, Teams, etc were down or experiencing connection issues.

Microsoft did not disclose details on how many users were impacted, but outage tracking website Downdetector.com showed that at its peak nearly 8,000 individuals reported issues with Teams and Outlook on late Monday.

The issue, which persisted for several hours Monday night, had caused an uproar on Twitter, with several users complaining that the outage meant they could miss their job interviews and deadline for college assignments.*

Microsoft experienced another issue with Outlook outages on Thursday, October 1st. The outage comes as increasing numbers of people are working remotely due to the coronavirus pandemic. Microsoft users vented their frustrations on social media as the outage left them unable to send and receive important emails.

This is the second major Microsoft outage this week. It is unclear if the two outages are linked.

The Week in Breach – United States


United States –  Arbiter Sports

https://www.techtimes.com/articles/252742/20200922/hacker-breached-540-000-referees-league-officials-and-school-representatives-for-ransom-and-won.htm

Exploit: Ransomware

Arbiter Sports: Sports Software and Services Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.301 = Extreme

Arbiter Sports, a software provider for many athletic associations including the NCAA (National Collegiate Athletic Association) experienced a ransomware attack that led to significant data loss. The shifting story ultimately crystallized into the company paying the ransom to have data freed from what it classifies as a backup server containing a database of more than 540,000 540,000 of its registered members — consisting of referees, league officials, and school representatives. The data was from several applications and records including ArbiterOne, ArbiterGame, and even ArbiterWorks.

cybersecurity news represented by a gauge showing severe risk & Breach News This Week

Individual Risk: 1.816 = Severe

Arbiter Sports said the backups contained sensitive information about users who registered on these web apps, such as account usernames, passwords, real names, addresses, dates of birth, email addresses, and Social Security numbers. Social Security numbers and passwords were encrypted. The company paid the ransom, but the data could have still been copied. Users should be aware of the potential for identity theft or spear phishing using this information.

Customers Impacted: 540,000+

How it Could Affect Your Business: Ransomware is every company’s worst nightmare. Even when a company pays the ransom, there’s no guarantee that the encrypted data wasn’t copied or resold before it was released by the cybercriminals.

IntegraMSP to the Rescue: If you’ve been hit with ransomware, it probably started as a phishing attack.  LEARN HOW WE CAN HELP>>


United States – IPG Photonics

https://www.bleepingcomputer.com/news/security/leading-us-laser-developer-ipg-photonics-hit-with-ransomware/

Exploit: Ransomware

IP Photonics: Laser Developer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.305 = Severe

Defense contractor and laser developer IP Photonics was hit with a nasty ransomware attack using the RansomExx strain of ransomware, sometimes also dubbed Ransom X. IPG Photonics IT operations were affected worldwide, including internal IT, phones, manufacturing, parts, and shipping.

 

Individual Risk: No individual information was reported as compromised in this incident

Customers Impacted: Unknown

How it Could Affect Your Business Manufacturers that get shut down from ransomware don’t just lose data – they also lose production time, fulfillment capability, access to maintenance or operations technology, and other business essentials that can be hard to quantify yet devastating.

IntegraMSP to the Rescue: BullPhish ID helps companies fight back against ransomware and other phishing-related attacks with easy to deploy phishing resistance training featuring “set it and forget it” campaign management and plug-and-play training kits.  LEARN MORE>>


United States – Microsoft

https://www.zdnet.com/article/microsoft-secures-backend-server-that-leaked-bing-data/

Exploit: Unsecured Database

Microsoft: Technology Conglomerate

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.781 = Moderate

In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.

Individual Risk: No individual data is believed to have been impacted in this breach.

Customers Impacted: Unknown

How it Could Affect Your Business: Elementary security failures are embarrassing, and may lead your company’s customers to take their business elsewhere because if you’re forgetting the basics, how are you handling the more serious stuff?

IntegraMSP to the Rescue: Make sure that staffers are dotting the Is and crossing the Ts when it comes to basic security best practices with security awareness training from ID Agent, including phishing resistance with BullPhish ID LEARN MORE>>


United States – Town Sports International

https://securityboulevard.com/2020/09/town-sports-international-data-breach-exposed-personal-information-of-600000-members/

Exploit: Unsecured Database

Town Sports International: Sports Club Operator

cybersecurity news represented by a gauge showing severe risk & Breach News This Week

 

Risk to Business: 1.753 = Severe

Cybersecurity researchers discovered an unsecured database owned by Town Sports International that was unprotected for nearly one year, leaving room for unauthorized individuals to browse and steal customer information. The Amazon S3 bucket contained full names, addresses, contact information, credit card last 4 digits and expiry dates, billing histories, and other sensitive information for 60,000 members of health clubs along the East Coast, including clubs in Boston and New York. Employee records were also stored in this database, and their personal information was also likely exposed.

 

cybersecurity news represented by a gauge showing severe risk & Breach News This Week

 

Individual Risk: 1.601 = Severe

This database was left wide open for at least a year, giving cybercriminals and databrokers ample time to harvest it for fuel to empower phishing attacks, identity theft, and other cybercrime.

 

Customers Impacted: 600,000

How it Could Affect Your Business: Minor security errors happen, but colossal blunders like this speak to a culture of sloppy security and lack of regard for data privacy across an organization.

IntegraMSP to the Rescue: Password reuse is an epidemic, and incidents like this are how huge lists of passwords end up on the Dark Web. Make sure yours aren’t there with 24/7/365 Dark Web monitoring. LEARN MORE>>


United States – Universal Health Services

https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/

Exploit: Ransomware

Universal Health Services: Healthcare System Operator

cybersecurity news gauge indicating extreme risk

 

Risk to Business: 1.442 = Extreme

Ryuk Ransomware did massive damage at Universal Health Services (UHS), resulting in damage that left UHS hospitals in the US including those from California, Florida, Texas, Arizona, and Washington D.C. without access to computers and phone systems. The healthcare giant operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees, and provides healthcare to approximately 3.5 million patients each year. The affected systems are still not fully restored, but patient care impacts are reported as minimal.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services – and attacks are escalating.

ID Agent to the Rescue: Ransomware typically arrives with a phishing email. Automate your company’s defense against phishing  LEARN MORE>>


United States – Tyler Technologies

https://dfw.cbslocal.com/2020/09/23/texas-company-software-local-governments-schools-data-breach/

Exploit: Ransomware

Tyler Technologies – Public and Defense Sector Software Provider

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 1.779 = Severe

North Texas company Tyler Technologies, provider of software services for everything from jail and court management systems to payroll, human resources, tax, and bill collection and land records, experienced a devastating ransomware attack. The company says that the impact of the incident is limited to internal corporate network and phone systems and that there has been no impact on hosted client environments, including its election results reporting software, although some clients are reporting escalating login problems since the attack.

Individual Risk: No personal data was reported as part of this incident.

How it Could Affect Your Business: An event like this at a technology provider is not a good look, especially for a contractor that handles both defense sector jobs and election reporting software.

IntegraMSP to the Rescue: Security awareness training with cutting-edge solutions like BullPhish ID reduces a company’s chance of suffering a cybersecurity incident by up to 70%.  LEARN MORE>>

The Week in Breach – Canada


Canada – Shopify

https://www.reuters.com/article/us-shopify-cyber/shopify-says-customer-data-likely-exposed-as-employees-accessed-records-idUSKCN26D36J

Exploit: Malicious Insider

Shopify: e -Commerce Platform

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.314 = Severe

The data of customers for an estimated 200 merchants on Shopify was exposed in an insider incident at the e-commerce giant. Two employees who were working a scheme to steal transaction data are to blame. The data exposed includes client details like email, name, and street address, as well as order details, but does not involve complete payment card numbers or financial information. The company hosts over one million businesses across more than 175 countries on its platform.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.603 = Moderate

The rogue staffers were only able to expose a small amount of information from a few businesses. Merchants on the platform are being informed by Shopify as the investigation continues. Users who think they may be at risk should be alert for spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: The economy in the rest of the world may be challenged, but the Dark Web data markets are thriving, and staffers who need a little extra cash can be tempted to expose company data, sell their logins, or dip their feet into the cybercrime as-a-service market.

ID Agent to the Rescue: Are your staffers selling their credentials on the Dark Web – or even worse, your customers’ credentials? Find out fast with human and machine powered always on credential monitoring from Dark Web ID.  LEARN MORE>>

The Week in Breach – United Kingdom & European Union


France – CMA CGM

https://gcaptain.com/shipping-giant-cma-cgm-hit-by-cyber-attack/

Exploit: Ransomware

CMA CGM: Maritime Shipping and Logistics

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 1.702 = Severe

Ragnar Locker ransomware sailed into the systems of French cargo giant CMA CGM, leaving havoc in its wake. The company’s website and external access to all applications was taken offline. This is the latest in a series of attacks against logistics targets, including major shipping and trucking companies. No ransom has been named in the attack, and CMA CGMis still experiencing outages.

Individual Risk: No personal information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: The number one cause of ransomware flooding your systems is a phishing email. Increasing security awareness training including phishing resistance training with BullPhish ID can prevent these types of cybersecurity disasters.

ID Agent to the Rescue: BullPhish ID makes your staffers more wary of suspicious messages.  LEARN MORE>>


Italy- Luxottica

https://www.insurancebusinessmag.com/asia/news/cyber/eyewear-giant-gets-blindsided-by-cyberattack-234390.aspx

Exploit: Ransomware

University Hospital Dusseldorf: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.752 = Severe

Ransomware definitely blindsided Italian eyewear giant Luxottica, producer of popular brands including Ray-Ban, Oakley, Armani, Bulgari, Chanel, Prada, Ferrari, Giorgio Armani, Michael Kors, Burberry, Versace, Dolce and Gabbana, Miu Miu, and Tory Burch. The company’s brand websites and service provider websites for Ray-Ban, EyeMed, Pearle Vision, and Sunglass Hut went down after a ransomware attack disrupted operations worldwide. Investigation and restoration is ongoing.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware can shut an organization down entirely, and these days bad actors are just as interested in disrupting business and manufacturing operations as stealing data.

ID Agent to the Rescue: Add 3 layers of protection against email threats like ransomware that can devastate your business  LEARN MORE>>

The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.