Make sure to add us or contact us for the latest news
 |
 |
 |
 |
 |
 |
 |
Latest Threat:
The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. Find out More HERE
Cybersecurity News: Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Aerospace & Defense
- Top Employee Count: 11-50
This Week in Cybersecurity & Breach News
The Week in Breach News – United States
United States – Michigan State University
https://apnews.com/876fddc3c0b7dc1cc4ad0a7d6a19fb23
Exploit: Malware
Michigan State University: Institution of Higher Learning
Risk to Small Business: 2.171 = Severe
Just in time for back to school, attackers were able to steal credit card and personal information from roughly 2,600 users of Michigan State University’s online store. Cybercriminals used malicious scripts designed to harvest and exfiltrate customers’ payment cards between Oct. 19, 2019, and June 26, 2020.
Individual Risk: 2.311 = Severe
MSU is notifying all potentially affected customers of the data breach and is offering free identity protection and credit monitoring.
Customers Impacted: 2,600
How it Could Affect Your Business: Magecart or skimming attacks are a regular tool of the trade for cybercriminals and the data that they collect often ends up for sale on the Dark Web.
United States – Brown-Forman
https://www.infosecurity-magazine.com/news/jack-danielsmaker-suffers-revil/?&web_view=true
Exploit: Ransomware
Brown-Forman: Wine and Spirits Conglomerate
Risk to Small Business: 1.979 = Severe
REvil ransomware strikes again, this time at beverage giant Brown-Forman, the maker of Jack Daniel’s and other spirits. Although the company has been mum on the details of the attack aside from claiming it successfully prevented attackers from encrypting its files, the cybercriminal gang says that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches.
Individual Risk: No individual data has been reported as compromised in this breach.
Customers Impacted: Unknown
How it Could Affect Your Business Ransomware often makes its way into company inboxes in the form of a phishing email. Phishing resistance training must be a crucial component of any company’s cybersecurity strategy.
United States – FHN
Exploit: Email Account Compromise
FHN: Healthcare System
Risk to Small Business: 1.870 = Severe
In a just disclosed incident, an unspecified “email account compromise” of “several” employee accounts resulted in a data breach that impacted patient PII at FHN healthcare facilities in Illinois. An unauthorized party was detected accessing employee email accounts on February 12 and 13. Information that may have been exposed in the breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some instances, patients’ health insurance information and/or Social Security numbers were also identified as exposed in the compromised email accounts.
Individual Risk: 1.821 = Severe
Not all patients of FHN were impacted, and FHN has contacted those patients were as well as offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Not only will this cause customer anger, this breach will also incur a potentially substantial HIPPA violation penalty. Placing better protections, including multifactor authentication, on systems that handle sensitive data can prevent incidents like this from happening.
United States – SANS Institute
https://www.infosecurity-magazine.com/news/sans-phishing-attack/?&web_view=true
Exploit: Phishing/Accidental Data Sharing
SANS Institute: Cybersecurity Education and Certification
Risk to Small Business: 1.875 = Severe
Somebody needs to stay after class for extra tutoring at SANS Institute after an accidental data sharing incident led to a data breach that exposed over 28,000 PII records. The information was apparently mistakenly forwarded to an outside party. The forwarded emails included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence. One phishing email resulted in 513 emails full of PII being forwarded to the external address and malicious Office 365 add-on was also installed on the infected machine as part of the attack.
Individual Risk: No sensitive data or financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: The most common delivery system for ransomware is a phishing email – and 90% of incidents that end in a data breach start with a phishing email. Boosting phishing resistance is essential to lower the chance of a successful ransomware attack.
The Week in Breach Cybersecurity and New Breach News Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach Cybersecurity and New Breach News are calculated using a formula that considers a wide range of factors related to the assessed breach.