The Week in Breach – Deepfakes; what are they? And are they really a threat?

Make sure to add us or contact us for the latest news

The Week in Breach: Featured – What are Deepfakes and how do you spot them?

So the first question that comes to mind is: What IS a Deepfake? Well, a deepfake is an AI (Artificial Intelligence)  generated fake video or photo. The ever increasing sophistication of AI generated videos; voice and photo manipulation have made it easier (for hackers/nefarious characters) and harder (for us) to tell what is ‘REAL’ and what is fake.

If you have ever seen a video of Jon Snow apologizing for the ending of Game of Thrones, or of Mark Zuckberg bragging about having “total control of billion’s of people’s stolen data“: then you have seen a deepfake video. (For more examples – click here for an in-depth article on deepfakes)

With that being said; how are deepfakes impacting businesses? With the detection of deepfakes becoming harder to decipher, and the sharing of media content more prevalent, deepfakes will start to become a ‘go-to’ for causing political, business and social unrest. Imagine a ‘press conference’ with a CEO stating a major business decision that will impact the stock market. The havoc that would create, as well as the PR nightmare to negate the deepfake, clearly shows how dangerous they can be.

With Covid-19, the sharing of important information through webinars has allowed the wider public to gain valuable information about cybersecurity concerns. Infosec is hosting a free, virtual seminar today (11/13/20) on strategies to combat deepfakes and more generalized attack patterns. Find out more information or register for the event here

The Week in Breach News – United States


United States –  JM Bullion

https://www.bankinfosecurity.com/precious-metal-trader-jm-bullion-admits-to-data-breach-a-15294

Exploit: Skimming (Magecart)

JM Bullion: Precious Metals Dealer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

This Texas precious metals trader discovered that someone was cashing in on their clients’ transactions and it wasn’t them. In a recent regulatory filing, the company disclosed that malicious payment skimming code was present and active on their website from February 18, 2020, to July 17, 2020.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.624 = Severe

The information stolen in this attack includes customers’ names, addresses, and payment card information, including the account number, expiration date, and security codes. Customers should be alert to potential identity theft and spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: Failing to notice a payment card skimmer operating on your site for 6 months does not speak well to your company’s commitment to keeping client data secure.

IntegraMSP to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. LEARN MORE>>


United States – University of Vermont Medical Center

https://www.idagent.com/passly-digital-risk-protection

Exploit: Ransomware

University of Vermont Medical Center: Hospital System

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

In the wake of recent warnings from US government agencies about increased ransomware risk for healthcare targets, University of Vermont Medical Center (UVM) has landed in that trap. A ransomware attack has led to significant, ongoing tech problems for the University of Vermont Health Network, affecting its six hospitals in Vermont and New York. The Vermont National Guard and the FBI have been working with the tech team at UVM to restore service since the attack first began affecting systems on October 30th. Damage assessment and recovery are ongoing, and some systems are still offline. The hospital says that urgent patient care was not impacted.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your  Business Healthcare targets are in increasing danger from money-hungry cybercriminals who know that medical targets don’t have time for a long, complex recovery procedure, but they do have money.

IntegraMSP to the Rescue: Ransomware is typically delivered as the nasty cargo of a phishing attack. Improve your staff’s phishing resistance to fight back against ransomware threats. LEARN MORE>>


United States – GrowDiaries

https://www.zdnet.com/article/configuration-snafu-exposes-passwords-for-two-million-marijuana-growers/

Exploit: Misconfiguration

GrowDiaries:  Industry Blogging Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.237 = Severe

Leading cannabis industry blogging platform GrowDiaries may need to clear its head after a configuration error in Kibana apps left two Elasticsearch databases unlocked and leaking data. Those open gates allowed attackers to dive into two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding more than two million user data points.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.612 = Moderate

One open database exposed usernames, email addresses, and IP addresses for platform users, and the other exposed user articles posted on the GrowDiaries site and users’ account passwords. Users should be aware of spear phishing and blackmail risks.

Customers Impacted: 1.4 million

How it Could Affect Your Business: Cyberattacks can have cascading consequences, with information stolen in cyberattacks coming back to haunt businesses months or years later. Data like login credentials can live on in Dark Web data dumps to haunt you later.

IntegraMSP to the Rescue: Dark Web ID helps keep credentials safe with 24/7/365 human and machine monitoring using real-time data analysis. to find compromised credentials and alert you fast.  LEARN MORE>>


United States – Mattel

https://www.bleepingcomputer.com/news/security/leading-toy-maker-mattel-hit-by-ransomware/

Exploit: Ransomware

Mattel: Toymaker

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.327 = Severe

In a recent regulatory filing, Mattel told regulators that it suffered a ransomware attack in July 2020 that shut down some systems but did not include a significant data loss. Only business systems were impacted, production and distribution were not affected. Experts believe that TrickBot ransomware was used in the incident.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your  Business: Cybersecurity awareness starts with phishing resistance. It’s the most likely delivery system for ransomware, but training only sticks if it’s refreshed at least every 4 months.

IntegraMSP to the Rescue: Don’t get caught in cybercriminal nets by ransomware lures. BullPhish ID had more than 80 plug-and-play phishing simulation campaigns ready to train your staff to spot and stop phishing now, with 4 new ones added every month. SEE HOW IT WORKS>>


United States – GEO Group

https://www.natlawreview.com/article/geo-group-hit-ransomware-attack

Exploit: Ransomware

GEO Group: Private Prison Developer

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.066 = Severe

GEO Group has begun informing impacted individuals and facilities that the Florida-based prison developer was struck by ransomware in July 2020. The company notes that some personally identifiable information and protected health information for some inmates and residents was exposed in the incident. The impacted people connected to the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville Pennsylvania, and an unnamed defunct facility in California. Employee data was also obtained in the incident.

cybersecurity news represented by agauge showing severe risk

 

Individual Risk: 2.221 = Severe

Residents and former residents of the impacted facilities should be alert to spear phishing, identity theft, or blackmail attempts using the stolen data. Employees of GEO group should also be on the lookout for similar activity.

Customers Impacted: Unknown

How it Could Affect Your Business: failure to stop ransomware attacks from landing on your business is a fast track to a long, messy, and expensive recovery.

IntegraMSP to the Rescue: Don’t set yourself up for disaster by failing to train everyone in your organization. From interns to the C-suite, everyone’s a potential phishing target. BullPhish Id uses fast, effective training tools like engaging videos to make sure everyone is up to speed. LEARN MORE>>

The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.