The Week in Breach: Your Microsoft Office 365 Email Account is at Risk of a Hack. Ask us how we know.

Make sure to add us or contact us for the latest news



Microsoft Office 365 Email Accounts are the new ‘IT’ hacker focus


We have seen a sharp uptick in the past few weeks of Office 365 email accounts being compromised. This is obviously concerning, as often these bad actors are performing actions that the end-user is unaware of until they are alerted by those outside of their company when they have received an errant communication. We are being extremely proactive about this and as such, we would love to have a phone conversation with you about what our course of action is going forward to help further protect your organization. Let us know if you would like to discuss and we can set up a call.

Below are some ‘highlights’ from recent news and some statistics that we are seeing that illustrate the types of compromises we are seeing. As always, end-user vigilance is the first line of defense against being targeted.

‘Sandeep Chandana, director at McAfee’s MVISION Cloud group, says a large portion of the cloud attacks in Q4 were targeted at Microsoft Office 365 accounts. The attacks could be classified as either distributed login attacks on hundreds or thousands of Office 365 accounts via compromised consumer devices, or targeted attacks on a small number of potentially high-value accounts.” – April 15, 2021 report entitled Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

The U.S. Federal Bureau of Investigation has issued a new warning that hackers are currently targeting users of Microsoft Officer 365 and Google G Suite in so-called business email compromise attacks. The warning, issued via a Private Industry Notification March 3, noted that the scams were costing U.S. businesses billions of dollars, according to a March 6 article in Bleeping Computer.

The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds,” the FBI said. “Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite.”’ – FBI: Hackers are targeting Office 365, G Suite users with business email compromise attacks

For people, he added, “having a robust security awareness program that educates employees to be aware of the red flags and spot fake emails is important. You should also check the email address, and verify the user by specifically asking yourself if you were expecting the email. Trust but verify is a good way to make sure you don’t fall victim to any email scams.”
Finally, he said, “within organizations that are setup to send money to vendors or suppliers, have procedures in place and do not rely solely on email for account changes, payments or financial changes. Using a verification method, with multiple parties and based on a tiered payment system can help reduce the risk of money being scammed by criminals.” – FBI: Hackers are targeting Office 365, G Suite users with business email compromise attacks

Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organizations using typo-squatted domains registered a few days before the attacks started.

BEC scammers use various tactics (including social engineering, phishing, or hacking) to compromise business email accounts, later used to redirect payments to bank accounts under their control or target employees in gift card scams. Microsoft used the typo-squatted domains to send emails impersonating managers of employees working at companies from various industry sectors, including real estate, discrete manufacturing, and professional services. – Microsoft: Business email compromise attack targeted dozens of orgs


Dark Web ID’s Top Threats This Week


 

United States – MedNetwoRX

https://www.healthcareitnews.com/news/reported-ransomware-attack-leads-weeks-aprima-ehr-outages

Exploit: Ransomware

MedNetwoRX: Medical Information Processing

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.607= Severe

A reported ransomware attack on MedNetwoRX has impeded medical providers’ access to their Aprima electronic health record systems for more than two weeks. This hack impacts medical practices, clinics and hospitals of all sizes, from solo providers to conglomerates that rely on MedNetworx to host the Aprima electronic medical records system from vendor CompuGroup eMDs. MedNetworx says that on April 22, it experienced a network outage that resulted in a temporary disruption to its servers and other IT systems. Two major clients, Arthritis & Osteoporosis Center of Kentucky, the Alpine Center for Diabetes, Endocrinology and Metabolism, have been identified as victims as well as many small single and partner practices. The incident is under investigation and some functionality has been restored.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Business: This is the kind of third-party service provider incident that reverberates for months as rolling damage becomes apparent. With no clear word on what if any data was stolen, your clients could be waiting for a nasty surprise.

IntegraMSP to the Rescue: Are your clients taking the right precautions to minimize damage from third-party data incidents like this? Get expert advice in our ebook Breaking Up with Third Party and Supply Chain RiskGET THE BOOK>>


United States – City of Tulsa

https://therecord.media/city-of-tulsa-hit-by-ransomware-over-the-weekend/

Exploit: Ransomware

City of Tulsa: Municipality

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.722= Severe

The city of Tulsa, Oklahoma, has been hit by a ransomware attack that affected the city government’s network and brought down official websites. The attack, which took place on the night between Friday and Saturday, is under investigation and city IT crews have begun restoring functionality and data from backups. This follows a string of ransomware attacks on other US municipalities in recent weeks. City officials were careful to note that no customer information has been compromised, but residents will see delays in-network services. While emergency response is not hampered, 311, some credit card payment systems and the city’s new online utility billing system were impacted.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware has been an especially nasty foe for government entities, especially cities and towns. Cybercriminals know that these targets are likely to pay ransoms and unlikely to have strong security or security awareness training in place.

IntegraMSP to the Rescue: Don’t take chances! Double-and triple-check to make sure that each of your clients is covering all of the bases with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


United States – Fermilab

https://www.govinfosecurity.com/us-physics-laboratory-exposed-documents-credentials-a-16536

Exploit: Credential Compromise

Fermilab: Research Laboratory

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.523 = Severe

The Fermilab physics laboratory has taken action to lock down its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details and credentials. Fermilab, which is part of the US Department of Energy, is a world-famous particle accelerator and physics laboratory in Batavia, Illinois. One database the researchers discovered allowed unauthenticated access to 5,795 documents and 53,685 file entries. One entry point led into Fermilab’s IT ticketing system, which displayed 4,500 trouble tickets. Also found was an FTP server that required no password and allowed anyone to log in anonymously. Other impacted systems exposed credentials, experiment data and other proprietary information that were stored with no security.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Proprietary data needs to be stored securely. Not only does it give your competition an edge if they can see what you’re doing, but it also gives cybercriminals an edge when they’re crafting a cyberattack against your company.

IntegraMSP to the Rescue: Keep your data in and the bad guys out with MFA. Contact us to let us help you keep the bad guys out. CONTACT US


United States – BlueForce Inc.

Exploit: Ransomware

https://searchsecurity.techtarget.com/news/252500356/US-defense-contractor-BlueForce-apparently-hit-by-ransomware

BlueForce: Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.668 = Severe

Someone who runs training programs may need to upgrade their security awareness training. Defense contractor BlueForce has been hit by the Conti ransomware group. The gang posted data from the operation on its leak site along with supposed chat records from its negotiation with BlueForce. The Conti gang has demanded 17 bitcoin for the decryption key. BlueForce is a Virginia-based defense veteran-owned contractor that works with the US Department of Defense and the US Department of State on program management, training and development initiatives.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Increased security awareness training makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.

IntegraMSP to the Rescue: Security awareness training including phishing resistance  is easy and painless for trainers and employees if you have the right tools. CONTACT US TO FIND OUT HOW>>


United States – CaptureRX

https://www.infosecurity-magazine.com/news/capturerx-data-breach-impacts/

Exploit: Ransomware

CaptureRX: Medical Software Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.907 = Severe

Texas-based CaptureRx, fell victim to a ransomware attack in which cybercriminals snatched files containing the personal health information (PHI) of more than 24,000 individuals. The security breach impacted 17,655 patients of Faxton St. Luke’s Healthcare and a further 6,777 patients at Gifford Health Care as well as an indeterminate number of Thrifty Drug Store patients. CaptureRx is currently unclear how many of its healthcare provider clients have been affected by the attack. Nor has the company finished its final tally of how many individuals had their PHI exposed because of the incident.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.959 = Severe

Data exposed and stolen by the ransomware attackers included names, dates of birth, prescription information, and, for a limited number of patients, medical record numbers. Affected healthcare provider clients were notified of the incident by CaptureRx between March 30 and April 7.

Customers Impacted: 24K +

How it Could Affect Your Business: The medical sector has been absolutely battered by ransomware in the last 12 months. Breaches at service providers like this and Accellion show that cybercriminals are playing smart by hitting targets that offer them access to a variety of information that has value for future attacks.

IntegraMSP to the Rescue: Stopping ransomware starts with stopping phishing. in “The Phish Files“, you’ll learn strategies to spot and stop phishing attacks fast. READ THIS BOOK>>


United States – Alaska Court System (ACS)

https://thehill.com/policy/cybersecurity/551463-alaska-court-system-forced-offline-by-cyberattack

Exploit: Ransomware

Alaska Court System: Judicial Body

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.572 = Severe

The Alaska Court System (ACS) was forced to temporarily disconnect its online servers this week due to a cyberattack that installed malware on their systems, disrupting virtual court hearings. The court’s website had been taken offline and the ability to search court cases had been suspended while it worked to remove malware that had been installed on its servers. Activities that may be impacted by the ACS taking its website offline include the ability of the public to view court hearings over Zoom, online bail payments, submitting juror questionnaires and sending or receiving emails to or from an ACS email address.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your  Business: Ransomware is the weapon of choice for cybercrime especially against local, state and municipal governments with often weak or outmoded IT departments.

IntegraMSP to the Rescue: Don’t let cybercriminals slow your business down – learn to mitigate the risk of trouble. DOWNLOAD FREE EBOOK>>


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.