Make sure to add us or contact us for the latest news
 |
 |
 |
 |
 |
 |
 |
The Week in Breach: Featured – Amazon Brings Unwanted Holiday Gifts to Businesses
Everyone loves giving and getting gifts – it’s part of what makes this season special. It’s the most wonderful time of the year for cybercriminals too. As you and your staffers buy everything from business essentials to toys on Amazon this holiday season, you’re opening your business up to extreme risk from phishing.
While an increase in holiday-time phishing attacks isn’t unusual, the combination of people shopping from home because of the pandemic plus a huge increase in overall cybercrime spells trouble for your company in 2020. A recent report shows that Amazon-related phishing messages have more than doubled this year, and they’re continuing to climb, with a more than 60% increase in November alone.
So how can you protect your business? By making sure that all of your employees are well-versed in the types of phishing schemes that cybercriminals are bringing to the table this year. Up-to-date training that’s regularly refreshed can lower your incidence of a cybersecurity problem by up to 70%, making it a smart investment in your business.
Get your business a gift this holiday season – improved cyber resilience with a commitment to security awareness training that reduces your chances of becoming a victim of cybercrime. Your team will thank you when your well-trained staff avoids major cybersecurity blunders that would have caused huge problems – and your accounting department will thank you too because it could save you a fortune if you avoid even one cybersecurity disaster. To Learn More – Contact Us.
The Week in Breach News – United States
United States – Greater Baltimore Medical Center
https://www.securityweek.com/greater-baltimore-medical-center-hit-ransomware-attack
Exploit: Ransomware
Greater Baltimore Medical Center: Hospital
Risk to Business: 1.622 = Severe
A ransomware attack left Greater Baltimore Medical Center (GBMC) scrambling after many of its systems were knocked offline, impacting patient care. Procedures scheduled for 12/07/20 had to be rescheduled. Backups and workarounds enabled the hospital to keep functioning as the attack was investigated and mitigated. Recovery is ongoing.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is increasingly being used as a way to cause operational disruptions instead of just snatching data, complicating its impact.
IntegraMSP to the Rescue: BullPhish ID keeps staffers on alert for potentially ransomware-laced phishing email with engaging, easy-to-understand video training. LEARN MORE>>
United States – AspenPointe
Exploit: Unauthorized Database Access
AspenPointe: Healthcare Non-Profit
Risk to Business: 1.613 = Severe
AspenPointe has disclosed a large data breach that exposed personally identifying information (PII) of patients working with non-profit organizations that it manages including participants in its mental health and substance misuse programs. The unauthorized access took place in early September 2020 and it’s unclear how much data was stolen. AspenPointe is a nonprofit funded by Medicaid, state, federal, and local government contracts, as well as donations, that manages 12 organizations providing care and counseling in Colorado.
Individual Risk: 1.820 = Severe
Patients may have had extensive personal and private information exposed including PPI like their date of birth, Social Security number, Medicaid ID number, date of the last visit (if any), admission date, discharge date, and/or diagnosis code. AspenPointe is providing those affected by the data breach IDX identity theft protection services including “12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.”
Customers Impacted: 295,617
How it Could Affect Your Business Data breaches at any business are bad news, but at a business like this, it’s a nightmare. Not only will AspenPointe have to deal with the corporate fallout, but regulators are also going to come calling with fines as well, making this incident extra expensive.
IntegraMSP to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>
United States – Philabundance
https://www.phillyvoice.com/philabundance-cyberattack-theft-1-million-dollars/
Exploit: Business Email Compromise
Philabundance: Hunger Relief Non-Profit
Risk to Business: 2.017 = Severe
Hunger relief charity Philabundance got bilked by BEC scammers at the worst possible time. The charity, which fed 54,700 Philadelphians weekly in 2019, is now feeding 134,800 people each week. This incident occurred when the organization paid a construction bill of over $923,000 for a new $12 million facility built in North Philly for its Community Kitchen program, only to discover that they’d paid scammers instead. It’s believed that the con was enabled by a hack on the charity’s computer systems in July that enabled scammers to divert legitimate email from the construction company and replace it with their own fakes. Philabundance says that daily operations will not be impacted by the incident, but it remains a huge problem for this organization at a time when so many Americans rely on programs like this to keep their families fed.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: 134,800 Philadelphians daily
How it Could Affect Your Business: Business email compromise scams are some of the thorniest problems that every business faces. Good regularly refreshed security awareness training will help employees spot and stop BEC scams.
IntegraMSP to the Rescue: Learn more about defending against BEC and other damaging attacks when you become a Security Awareness Champion with the tips, tricks, and scam walkthroughs in our Security Awareness Champion’s Guide. LEARN MORE>>
United States – Kmart
https://threatpost.com/kmart-egregor-ransomware/161881/
Exploit: Ransomware
Kmart: Retail Store Chain
Risk to Business: 1.802 = Severe
Already beleaguered retailer Kmart did not need the extra complications that came with the Egregor ransomware attack that was delivered to their door. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services and corporate operations functions. Retail stores are operating normally and no consumer impact has been reported.
Individual Risk: No personal or consumer information was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a disaster for any business, but it’s an especially cruel problem for a non-profit these days.
IntegraMSP to the Rescue: Many Business Email Compromise scams arrive as the cargo of a phishing attack, like this one. Learn how to defend your organization against them with BullPhish ID. LEARN MORE>>
United States – Alaska Division of Elections
https://www.juneauempire.com/news/113000-alaskan-voter-ids-exposed-in-data-breach/
Exploit: Hacking
Alaska Division of Elections: State Agency
Risk to Business: 2.336 = Severe
An election-time data breach involving voter registration information was recently disclosed in Alaska. State and federal officials say that the election process was not impacted, but voter data was obtained for more than 100K Alaskan voters. Officials suspect nation-state hackers may be involved.
Individual Risk: 2.114 = Severe
The database snatched included some PII like birth dates, driver’s license or state identification numbers, the last four digits of social security numbers, full legal names, party affiliation, and official mailing addresses.
Customers Impacted: 113,000 voters
How it Could Affect Your Business: Nation-state hacking is an especially serious problem for government agencies and infrastructure targets. Adding extra security with MFA and similar tools helps combat this risk.
IntegraMSP to the Rescue: Protecting your data and systems with more than one layer of security keeps hackers out no matter where they’re from. LEARN MORE>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.