The Week in Breach: Phight the Phish!

Make sure to add us or contact us for the latest news

Real-Time Service Alerts





Cybersecurity Awareness Month – 3 Hazards to Remember


These New Threats Might Be Under Your Radar


The threat landscape seems to be changing faster than ever these days as cybercriminals seek to outfox security professionals in an endless cat-and-mouse cycle. It seems like every time a new strategy to solve a cybersecurity problem appears, a new cyberattack that circumvents that security measure is only a few steps behind it, making business cybersecurity more expensive as well (but not as expensive as a cyberattack would be). In the last 12 months, 80% of businesses have experienced an increase in cyberattacks, and a stunning 47% of businesses reported experiencing five or more cyberattacks in 2020. The frantic pace and constant evolution of cybercrime threats makes it hard for businesses to keep an eye on existing threats and look ahead to new ones that might be coming down the pike.

Use These Free Tools to Raise Cybersecurity Awareness


October is Cybersecurity Awareness Month in the US. Now in its 18th year, this annual effort is spearheaded by the Cybersecurity & Infrastructure Security Agency (CISA), Cybersecurity Awareness Month aims to make everyone aware of cyberattack risks. This is especially timely this year as media attention to cybersecurity has grown more intense in the wake of huge, splashy attacks on infrastructure like the Colonial Pipeline incident. CISA has divided the month into four weekly segments that are each dedicated to a different aspect of cybersecurity.

  • Week of October 4 (Week 1): Be Cyber Smart.
  • Week of October 11 (Week 2): Phight the Phish!
  • Week of October 18 (Week 3): Explore. Experience. Share. – Cybersecurity Career Awareness Week
  • Week of October 25 (Week 4): Cybersecurity First

One thing that no  IT professional should overlook is the wealth of resources that CISA has put together to help people and businesses deal with cybersecurity challenges and learn more about cybersecurity to build good security habits. Every week features an array of tip sheets that are free for anyone to use or distribute that are designed to make it easy for anyone to understand security issues and stay out of trouble in a variety of circumstances. Excellent resources on cybersecurity while traveling, multifactor authentication (MFA), creating good passwords and more are available in the Cybersecurity Awareness Month resource center.


Three Emerging Threats to Watch


Staying aware of security dangers is important because new threats are constantly popping up for IT professionals to handle, making SMB cybersecurity extra tricky to handle – as though it really needed to be any harder. It can be too easy to have something new slip by when you’re dealing with the complications of other, threats that are more pressing right now. Here are three emerging threats that you should keep in mind as you navigate the pitfalls of security right now.


Cryptomining


Almost 70% of organizations experienced some level of unsolicited cryptomining in 2020, and that’s a big problem. The 2021 Cisco Cyber Security Threat Trends report outlines some of the risks that businesses face from cryptomining and how they can create even bigger security problems. In this report, the company noted that more than two-thirds of its customers were impacted by cryptomining in 2020. While the best-known dangers of cryptomining are reduced network capacity and lowered overall computer performance, Cisco cautioned that the discovery of cryptomining in a company’s IT environment is a major red flag that points to bigger security issues. There are a number of hazards that can be exposed by the discovery of cryptomining may indicate a security flaw that can be exploited or the presence of a bad actor – and any security gap, especially an intrusion, can lead to disaster for a business.

This is a particularly important risk to not overlook because cryptomining is often a gateway to other serious and damaging cybercrimes that can do massive damage to an organization. A cybercriminal who has penetrated security through cryptomining could then exfiltrate data or deploy ransomware. It’s also possible that the discovery of cryptomining in a company’s IT environment may indicate the presence of a malicious insider like an employee has set up a miner to earn extra income. Non-malicious employee actions can also create openings for cryptominers to sneak into an organization’s environment. Unsuspecting employees may open the door to cryptomining by doing something as seemingly harmless as adding a contaminated gaming app to their work devices or through less transparent means like falling victim to browser-based cryptojacking.


Targeted Ransomware


Ransomware is the monster under the bed for cybersecurity professionals and it’s not going away any time soon. Two in five SMBs around the world faced a ransomware threat last year, and this year isn’t looking much better – there was a massive 45% increase in ransomware attacks in April 2021 alone. Although it may be hard to believe, ransomware is an equal opportunity threat and cybercriminals aren’t always on the hunt for the biggest fish in the pond when they plan campaigns. They’re more than happy to strike smaller organizations that have historically weak security yet store large amounts of valuable data like retailers, medical practices or service providers.  An estimated 50% of ransomware attacks in last year were aimed at small businesses. Geography won’t keep a company safe either. Cybercriminals don’t discriminate – a study of cybercrime patterns noted that 30% of ransomware attacks in the last 12 months were aimed at companies located in North America, 33% targeted companies in Asia and 27% targeted companies in Europe.

Targeted ransomware is becoming a larger threat as well. Precisely targeted ransomware, typically delivered through spear phishing, has grown by 767% and it is tricky to handle. Instead of operating generalized campaigns, many ransomware organizations are choosing to take the time to precisely target their attacks to snag targets in one particular industry or even one particular organization. Fueled by abundant dark web data that enables them to find out vital information about their targets, like a company’s email address roster or password lists obtained in old breaches, savvy cybercriminals are putting in work to make sure that their lures are as compelling as they can possibly make them. This helps them get around some security tools as well as lulling employees into a false sense of security. Targeted ransomware attacks also adhere to higher standards in the quality of the phishing email involved by making sure it doesn’t have the typical spelling or usage errors, a hallmark of phishing that is emphasized in security awareness training. Every organization needs to be cognizant of this menace.


Phishing-as-a-Service


A troubling 74% of respondents in a 2021 IT survey said that their companies had been successfully phished in the last year. As though phishing wasn’t problematic enough, new branches of the cybercrime economy have emerged to make phishing even easier for cybercriminals. Why bother going to the expense and effort of running your own phishing campaigns when you can simply farm it out, like any other business service, and concentrate on more lucrative activities. Phishing-as-a-Service (PhaaS) is an emerging area of risk for cybersecurity professionals to keep on their radar as a new sector of the dark web economy evolves.

Microsoft detailed a newly discovered PhaaS operation in a recent blog post. Their researchers discovered a phishing campaign that used a high volume of newly created and unique subdomains, boasting over 300,000 in one run. Digging deeper, the researchers uncovered phishing-as-a-service operation called BulletProofLink behind the curtain. This organization provides an easy launchpad for complex cybercrime operations like credential compromise and ransomware attacks. They offer over 100 available phishing templates an array of delivery models from one-off attacks or monthly subscription-based business models. It makes phishing affordable too, with packages starting at $800 including everything from templates to hosting – an attractive package for cybercriminals.


We Can Help Your Business Stay Out of Trouble with Improved Cyber Resilience


Cyber resilient organizations can handle unexpected or zero-day threats much more handily than organizations that haven’t devoted resources to cyber resilience. That’s because they’re more capable of rolling with the punches to keep operations humming even if they’re facing a cybersecurity challenge. More than 50% of businesses worldwide have experienced an incident that impacted their organization’s ability to function in the last year, resulting in significant business losses due to downtime and lost productivity. Several factors impact a company’s cyber resilience. These three great ways to improve cyber resilience are fast and effective.

We encourage you to use fewer security tools. More security tools does not equivalate to more security. In fact, it can mean less security and more headaches. Organizations using 50+ security tools ranked 8% lower in their ability to detect an attack and 7% lower in their ability to respond to an attack than companies with fewer tools.

We can help you create incident response plans. Just this one simple step makes a huge difference to a company’s overall security posture. Over the past two years, only 39% of companies with a formal, tested incident response plan experienced a disruptive security incident, compared to 62% of companies with less formal or consistent plans.

We can move you toward zero-trust security. Controlling and segmenting access to critical business systems and data is vital for preventing a small incident from becoming an enormous, expensive disaster. Automating security processes eliminates the need to give too many people permission to access something – 70% of the most cyber-resilient organizations use security automation.

Reach out today to learn how we can help you become more cyber resilient. 

Dark Web ID’s Top Threats This Week


Twitch

https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor

Exploit: Hacking

Twitch: Streaming Platform

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

Leading streaming and gaming platform Twitch has been hacked. Source code for the company’s upcoming expansion to its streaming service, an unreleased Steam competitor from Amazon Game Studios, has appeared on message boards as well as data that details the terms and amounts of content creator payouts. An anonymous poster on the 4chan messaging board delivered the data in a 125GB torrent. That poster also claimed that the stream includes the entirety of Twitch and its commit history including the aforementioned creator payouts, twitch.tv, source code for the mobile, desktop and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, data on other Twitch properties like IGDB and CurseForge and, details about the AGS project and information about the platform’s internal security tools.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and this data will appeal to many different cybercriminal operations.

IntegraMSP to the Rescue: Building cyber resilience helps insulate organizations from trouble. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>


MoneyLion

https://www.bleepingcomputer.com/news/security/moneylion-locks-customer-accounts-after-credential-stuffing-attacks/

Exploit: Credential Stuffing

MoneyLion: Financial Services Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.712=Severe

That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 8.5 million

How It Could Affect Your Business Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.

IntegraMSP to the Rescue: Two in five ransomware victims in 2020 were SMBs. No business is safe from this menace. Help your clients mount a strong defense with the insight gained in Ransomware Exposed. GET THIS EBOOK>>


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.