The Week in Breach – Business email compromise scams are taking a new turn

Make sure to add us or contact us for the latest news

The Week in Breach: Featured – Business email scams are evolving to pose a nastier threat than ever before

Business email compromise (BEC) scams have been around for years. While they take more time and effort than other cybercrimes like ransomware or credential stuffing, BEC scams make up for it with a handsome payoff – and in a challenging economy, even cybercriminals are looking for new ways to turn a quick profit.

That’s why BEC has become both more favored and more dangerous. Bad actors are using the opportunities created by chaotic world conditions and an increased amount of information about businesses that’s readily available on the Dark Web to evolve their attacks, creating scams that are harder to spot and more efficient.

One unexpected facet of this uptick in BEC is that the operators of these scams aren’t based in some of the most expected locations for cybercrime gangs. Five US states are the home of more than 50% of BEC scammers: California, Florida, Georgia, New York, and Texas. Researchers note that BEC scams have launched in 45 states across the US in the last 12 months.

BEC scams have also been increasing is profitability for scammers. Analysts have determined that more than $64 million in stolen funds from BEC victims was transferred through 2,900 “money mule” accounts (a common tool of money laundering) in 39 countries. More than 900 US-based money mules were used in BEC scams between May 2019 and July 2020, with at least one mule spotted in every state.

Attacks that perpetrated invoice or payment fraud jumped by 155%

After a booming spring and summer for cybercrime, BEC scams show no signs of slowing down. In Q3 2020 the median number of BEC attacks received per company each week rose by 15% over Q2 2020. Attacks that perpetrated invoice or payment fraud jumped by 155% as well, with COVID-19 themed scams up by 81% during the quarter. A huge increase in Dark Web activity and large quantities of fresh data hitting Dark Web markets and dumps helped fuel the trend.

With this increased activity in BEC scams, you need to have your security ducks in a row to avoid potential disasters, and no business is too small to be at risk.

First things first: If you aren’t already using multifactor authentication, you need to add it immediately. One of the most widely recommended mitigations for all types of cybercrime, multifactor authentication as part of a secure identity and access management solution is a vital defensive tool for every business of every size.

The second component of a strategy to mitigate BEC danger is increased security awareness and phishing resistance training. Almost all BEC scams start with a phishing message. Some deploy malware, some steal passwords, but they’re all intended to do the same thing: give cybercriminals access to company systems and data.

Increasing security awareness and phishing resistance training is ideal for guarding against phishing-based cybercrime like BEC scams. Regularly updated training (at least every 4 months) transforms a company’s staff from its largest attack surface into its largest defense asset. As an added benefit, phishing resistance training also helps mitigate ransomware and credential compromise danger.

With such a handsome payoff for their work in a difficult economy, cybercriminals aren’t going to be giving up on BEC scams anytime soon. It’s time to make sure that you understand the danger that your company faces from this growing threat – and we’re here to help. Contact us to learn more about protecting  your business from BEC risks.

The Week in Breach News – United States


United States – Baltimore County Public Schools

https://www.bizjournals.com/baltimore/news/2020/11/25/ransomware-attack-baltimore-county-public-schools.html

Exploit: Ransomware

Baltimore County Public Schools: School System

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.222 = Extreme

Ransomware attacks on school systems around the country have grown exponentially, and that lesson was driven home for Baltimore County Public Schools last week. A ransomware attack forced the system to shut down completely for three days, disrupting online learning for K – 12 students. The district has 115,000 students.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Approximately 115,000 students and 7,300 teachers

How it Could Affect Your Business: Ransomware can unleash extreme devastation, going beyond stealing data to shutting down an organization’s operations completely.

IntegraMSP to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale.  LEARN MORE>>


United States – Belden

https://www.securityweek.com/belden-discloses-data-breach-affecting-employee-business-information

Exploit: Unauthorized Database Access

Belden: Signal Transmission Solutions Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.992 = Severe

An unauthorized user gained access to at least one database full of employee and client information. The company noted in a statement that attackers apparently accessed a “limited number” of Belden’s file servers, but the firm said the breach did not have any impact on production in manufacturing plants, quality control, or shipping.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.990 = Severe

The company went on to state that filched employee information may have included names, birthdates, government-issued identification numbers (for example, social security / national insurance), bank account information of North American employees on the Belden payroll, home addresses, and email addresses. potentially compromised information for business partners includes bank account data and tax ID numbers.

Customers Impacted: Unknown

How it Could Affect Your Business Password compromise is often the culprit behind an intrusion like this, and that’s a matter that needs to be taken seriously in order to prevent this kind of drama.

IntegraMSP to the Rescue: Passly adds essential security tools like multifactor authentication to throw up roadblocks between unauthorized users and your sensitive employee and client data. LEARN MORE>>


United States – Spotify

https://blog.malwarebytes.com/reports/2020/11/spotify-resets-some-user-logins-after-hacker-database-found-floating-online/

Exploit: Credential Stuffing

Spotify: Digital Music Streaming Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.992 = Severe

Spotify ended up with egg on its face last week after security researchers uncovered an unsecured Elasticsearch database containing more than 380 million records. The exposed data contained login credentials and other information belonging to Spotify users. The researchers in concert with Spotify investigators determined that whoever owned the database had probably obtained the login credentials from an external site and used them on Spotify accounts in a credential stuffing operation.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.801 = Moderate

The data that was exposed includes customers’ usernames and passwords for Spotify, as well as email addresses and countries of residence. Information like this could be used to fuel spear phishing attempts. Spotify users should reset their passwords.

Customers Impacted: 80,000

How it Could Affect Your Business: Credential stuffing is a threat that becomes more serious every day as new dumps of passwords hit the Dark Web. If you’re not watching for potential trouble, you’re leaving your business open to disaster.

IntegraMSP to the Rescue: Millions of passwords are available in Dark Web dumps just waiting for cybercriminals to use for password-based cyberattacks like credential stuffing. With Dark Web ID, you’re alerted if your protected passwords show up in Dark Web dumps. BOOK A DEMO>>


United States – LSU Health New Orleans

https://www.infosecurity-magazine.com/news/louisiana-hospitals-report-data/

Exploit: Unauthorized Systems Access

LSU Health New Orleans: Medical System

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.802 = Severe

A major attack on another healthcare target, LSU Health New Orleans disclosed that an unauthorized intrusion into an employee email inbox occurred on September 15, 2020. The mailbox access was discovered and disabled on September 18, 2020, but not before sensitive information was potentially snatched about patients who received care at Lallie Kemp Regional Medical Center in Independence; Leonard J. Chabert Medical Center in Houma; W. O. Moss Regional Medical Center in Lake Charles; the former Earl K. Long Medical Center in Baton Rouge; Bogalusa Medical Center in Bogalusa; University Medical Center in Lafayette; and Interim LSU Hospital in New Orleans.

cybersecurity news represented by agauge showing severe risk

 

Individual Risk: 1.616 = Severe

Data exposed in the attack may have included patients’ names, medical record numbers, account numbers, dates of birth, Social Security numbers, dates of service, types of services received, phone numbers and/or addresses, and insurance identification numbers. The type and amount of patient information compromised in the incident varied and a limited number of exposed emails may have contained a patient’s bank account number and health information including a diagnosis. Patients treated by LSU health New Orleans should be alert to potential identity theft and spear phishing risks.

Customers Impacted: Unknown

How it Could Affect Your Business: Controlling access to your company’s systems and data is even more important when the data that you’re storing is especially sensitive and its exposure could incur major penalties.

IntegraMSP to the Rescue: Control your access points effectively with Passly to ensure that the right people have access to the right things at the right times – and only the right people. SEE HOW IT WORKS>>

 


United States – US Fertility

https://securityaffairs.co/wordpress/111513/data-breach/ransomware-hits-us-fertility.html

Exploit: Ransomware

US Fertility: Specialty Medical Clinic Operator

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.229 = Severe

Ransomware disrupted operations at the largest provider of fertility services in the US after a number of servers and workstations became encrypted by ransomware. While US Fertility was able to restore operations quickly, the healthcare company determined that some patient data had been exfiltrated in the incident.

cybersecurity news represented by agauge showing severe risk

 

Individual Risk: 2.312 = Severe

Cybercriminals were able to steal an indeterminate number of files containing patient information including names, addresses, dates of birth, MPI numbers, and for some individuals Social Security numbers. Clients should be alert to the possibility of spear phishing and identity theft using this data.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a huge threat to healthcare targets right now, as was disclosed in a recent CISA alert. Healthcare sector businesses need to be alert to the danger and using their resources wisely to combat it.

IntegraMSP to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>


The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.