The Week in Breach – Make sure those online deals are not too good to be true!

Make sure to add us or contact us for the latest news

The Week in Breach: Featured – How to Safely shop online – don’t be a victim of a sale ‘too good to be true!’

Many of us get gift-cards for the holidays – and they tend to burn a hole in our pockets! We see all of the discounts that come about the day after Christmas – and we get a little giddy trying to score a deal. Problem is – if the deal is too good to be true – it probably is. Below are some good tips to keep you safe during your after Christmas shopping!


According to the National Retail Federation, 59% of the holiday shoppers surveyed plan to switch to online shopping this year. The NRF and national chains are encouraging shoppers to shop safely and early.

Because of concerns generated by the pandemic, marketing firms are predicting “exploding” online holiday sales and decreased in-store purchases. According to Forbes, national accounting firm Deloitte predicts online holiday retail sales to grow between 25% to 35% from November through January, reaching $182 billion to $196 billion in total.

Don’t forget about cyber thieves if you’re planning to make your list and check it twice online.

Check out these tips to keep your online shopping safe, merry and bright:

Only shop at trusted websites.

If you find a gift at a price that sounds too good to be true, it may be. Beware of clicking links from unfamiliar websites. Some sites exist just to collect credit card information and offer rock-bottom prices to lure shoppers.

Don’t use public Wi-Fi when shopping.

Cyber thieves like public Wi-Fi because they can intercept shoppers’ signals and collect credit card information and other personal data, like names and addresses. Do your shopping from home using your secured Wi-Fi connection.

Lock up your devices and secure your accounts.

For passwords, use a complex set of at least 10 lowercase and uppercase letters, numbers, symbols, or random words and numbers. Don’t use personal information others can guess such as your kids’ names or birthdays. Never use one password for multiple accounts.

Use secure websites and trusted app sites.

Ensure the URL begins with “https” and includes a padlock symbol before providing your credit card information. Read the permissions with any downloaded app.

Use credit, not debit cards.

You get the best liability protection when you use a credit card. Federal regulations say you don’t have to pay if a cyber thief racks up unauthorized charges while the credit card company investigates. Most credit card companies offer $0 liability for fraudulent purchases. Some banks offer virtual credit cards, which use randomly issued numbers to link to your account.

Make sure your computer is protected.

Always keep your security software, apps, and computer’s operating system updated for maximum protection. Use a security app on your mobile device.

Save your records.

This includes receipts, warranties, cancellation policies, order confirmations and delivery details. Check your bank statements for unusual charges. Report any fraudulent activity immediately to your bank or card issuer.

Don’t click on suspicious links. 

If you get an unexpected text or email that appears to be from an online shopping site or your bank, think twice before clicking any links. Cybercriminals often pose as trusted sites in an attempt to steal your information or money. Learn more about how to spot a phishing text and email, and what to do if you receive one, from the FTC.


The Week in Breach News – United States

United States – Microsoft

https://portswigger.net/daily-swig/microsoft-falls-prey-to-solarwinds-supply-chain-cyber-attacks

Exploit: Hacking (Nation-State)

Microsoft: Software & Technology Developer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

Another chapter in the SolarWinds Nation-State Hack opened when Microsoft disclosed that it had been hacked as well. The same suspected Russian hacking activity that rocked the world last week hit the software giant as well. This Microsoft compromise appears to have a direct path back to the infected updates to SolarWinds’ Orion. The company notes that it has “not found evidence of access to production services or customer data”, but that’s in dispute.

Individual Risk: No personal or consumer information was reported as impacted in this incident at this time but the incident is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Business: Nation-state hacking is a growing problem that can lead to damaging, nightmarish consequences. Every business needs to be ready for increased pressure from nation-state hackers in the future.

IntegraMSP to the Rescue: Your customers need solutions that protect their data from risks today and tomorrow, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>


United States – Cisco

https://www.crn.com/news/security/cisco-hacked-through-solarwinds-as-tech-casualties-mount

Exploit: Hacking (Nation-State)

Cisco: Technology Developer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.411 = Severe

Cisco also took a hit in last week’s disaster, but it appears to have been very small. The company has so far reported that the SolarWinds Orion software update was only impacting a small number of computers in its’ test environments. Cisco says that no customer systems or data were impacted from their end.

Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident.

How it Could Affect Your Business Nation-state hacking is a risk that can only grow, and that has to be part of every business’ risk calculus. Putting overlapping protection in place can help your clients resist these attacks.

IntegraMSP to the Rescue: Ensure that your clients are making smart cybersecurity decisions with our Security Awareness Champion’s Guide, featuring walkthroughs of today’s risks and how to beat them in an easy-to-understand videogame style. LEARN MORE>>


United States – Spotify

http://techgenix.com/spotify-data-breach/

Exploit:  Accidental Data Exposure

Spotify: Music Streaming Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223 = Severe

In their 3rd breach of the year, Spotify has announced that starting in April 2020, some user information was inadvertently exposed to third-party partners that shouldn’t have been able to access it. The leak was discovered and closed in November 2020.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.212 = Severe

The leaked information may have included email address, display name, password, gender, and date of birth for users. Customers should be alert for spear phishing and credential stuffing attempts made using this information.

Customers Impacted: Unknown

How it Could Affect Your Business: This kind of data inevitably makes its way to the Dark Web, providing fodder for cybercriminals to exploit to fuel future cyberattacks.

IntegraMSP to the Rescue: Dark Web ID helps protect businesses from Dark Web danger by watching for protected credentials to appear in Dark Web markets 24/7/365 and alerting your IT team if they appear. ASK TO SEE THE DARK WEB ID IN ACTION>>


United States – City of Independence, MO.

https://fox4kc.com/news/customers-frustrated-after-independence-utility-payment-system-goes-offline-following-cyber-attack/

Exploit: Ransomware

City of Independence, MO: Municipal Government

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.017 = Severe

Energy customers in the city of Independence, Missouri were unable to pay their utility bills after a ransomware attack spurred the city’s IT team to take all city systems offline in response to a ransomware incident. The municipal government is still conducting investigation and remediation. Citizens can currently only pay utility bills in person.

Customers Impacted: 54,000

How it Could Affect Your Business: More municipalities are finding themselves in the crosshairs of cybercriminals looking to make a quick profit than ever.

IntegraMSP to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. LEARN MORE>>


United States – Sonoma Valley Hospital

https://www.infosecurity-magazine.com/news/svh-notifies-67k-patients-of-data/

Exploit: Hacking (Nation-State)

Sonoma Valley Hospital: Medical Center

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.809 = Severe

Nation-state hackers are reportedly behind a data breach at a major California hospital. Sonoma Valley Hospital announced that it had been hit with a hacking incident involving a ransomware component as part of a wider hack by suspected Russian hackers. Ongoing forensic analysis since the October incident has revealed that patient data may have been compromised in the incident.

2.5 – 3 = Moderate Risk

 

Risk to Business: 2.667 = Moderate

It’s unclear to what extent customer data was impacted, but it is possible that some personally identifying information and treatment data was accessed or copied by the intruders. The investigation is ongoing, but people who have been treated at this facility should be alert for spearphishing attempts.

Customers Impacted: 67,000

How it Could Affect Your Business: Ransomware is a huge threat to every organization right now, and it has been so widely deployed in the healthcare sector that CISA released guidance on risk avoidance.

IntegraMSP to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>

 

The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.