Make sure to add us or contact us for the latest news Ransomware Gangs are Targeting Businesses – Be…
No doubt, 2020 was a record year for phishing – phishing risks skyrocketed by more than 600%, and COVID-19 was named Google’s biggest phishing topic in history. , making it the favorite tool of cybercriminals. Phishing has damaged businesses of every size from mom-and-pop shops to corporate giants.
As 2021 gets started, this is the perfect time to talk about phishing dangers, especially spear phishing threats, because these facts about spear phishing in 2020 really speak for themselves.
Tabulations of data from BullPhish ID’s 2020 activity show some interesting conclusions. One striking thing was that users across the board were most likely to enter their credentials in response to lures that were disguised as routine security messages (like suspicious activity inquiries) or COVID-19 information.
Here are the top 3 phishing simulation emails that enticed end users to submit their credential or other sensitive data in 2020:
The total number of credentials submitted by users in training in 2020: 14,103
Total number of credentials submitted by industry in 2020: 14,103
As this data demonstrates, phishing danger is around every corner for every business in every industry. You need help fighting back against this rising tide of risk – and BullPhish ID is the perfect solution for your business.
Contact our team and let’s talk about how we can help you secure your business against today’s biggest threat with the amazing new features that are now available from BullPhish ID.
Parler: Social Media Application
Risk to Business: 1.619 = Severe
Now-defunct social media site Parler had a wild ride to the finish, including a hacking incident. Hackers were able to exploit security weaknesses in engineering and security to gain access to the membership-restricted content, scraping at least 70 TB of data. The data scrape also includes deleted posts, meaning that Parler stored user data after users deleted it. The hackers also obtained URLs for over a million video URLs, some deleted and private.
Individual Risk: 1.221 = Extreme
Data was taken from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license. The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Data like this could be used to mount spear phishing attacks, or as blackmail material, as it contains details that could connect users to criminal acts or membership in extremist groups.
Customers Impacted: 10 million
How it Could Affect Your Business: Data like this often makes its way to the Dark Web, enabling it to be used to power cybercrime like phishing and credential compromise.
IntegraMSP to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>
Taylor Made Diagnostics: Occupational Healthcare Provider
Risk to Business: 2.612 = Moderate
A Conti ransomware attack at this Virginia-based healthcare provider led to some unpleasant consequences for employees of the Norfolk Southern Railroad and UPS after 3K patient records were snatched. The stolen data included health records for employees from both firms, in addition to multiple smaller trucking companies, U.S. government agencies and defense contractors from as recently as December 2020.
Risk to Business: 2.722 = Moderate
The leaked data included completed U.S. Department of Transportation (DOT)-mandated medical exams, as well as drug and alcohol testing reports for truckers and rail workers at multiple companies. Many documents contained detailed personal information such as full names, addresses, social security numbers and scans of driver’s licenses. This information could be used for identity theft and spear phishing attacks.
Customers Impacted: Unknown
How it Could Affect Your Business Ransomware is almost always the result of a successful phishing attack. It’s an expensive nightmare for any business, especially one in the healthcare sector.
IntegraMSP to the Rescue: Learn how to protect businesses from ransomware without breaking the bank. LEARN MORE>>
Ubiquiti Networks: Communications Technology Firm
Risk to Business: 1.979 = Severe
Ubiquiti Networks announced that an intruder made its way into that company’s servers. The hacker was able to access stored data on UI.com users, such as names, email addresses, and salted and hashed passwords. It is currently unclear how many users have been affected. The company says there is no indication that there has been unauthorized activity with respect to any user’s account, and the incident is still under investigation.
Individual Risk: No personal or consumer data was reported as impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Hacking can come from many directions, but one common source is credential compromise. By adding strong access point protection, companies can add extra security against hackers like this.
IntegraMSPto the Rescue: Protect every door that hackers could use to slip into your systems and steal your data with secure identity and access management tools like single sign-on and multifactor authentication for less with Passly. LEARN MORE>>
South Country Health Alliance: Health Plan Provider
Risk to Business: 1.812 = Severe
South Country Health Alliance, a county-owned health plan based in Owatonna, MN, experienced a data breach after a successful phishing attack let cybercriminals access the protected health data and personal information of more than 60K members. The incident has been under investigation since the attack was first confirmed in September 2020, and the filing made with HIPPA regulators noted that affected patients were informed starting 12/30/20.
Individual Risk: 2.006 = Severe
The exposed information included names, Social Security numbers, addresses, Medicare and Medicaid numbers, health insurance information, diagnostic or treatment information, death dates, provider names and information about treatment costs. The health plan is offering complimentary credit monitoring and identity protection service to impacted members.
Customers Impacted: 66,874
How it Could Affect Your Business: Phishing attacks on healthcare targets have been increasing, as the demand for healthcare information and the opportunity afforded to cybercriminals by an overstressed healthcare system creates fresh opportunities.
IntegraMSP to the Rescue: Don’t be surprised by the tricks that cybercriminals are using these days to trick employees. Get the skinny on today’s common lures. LEARN MORE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.