The Week in Breach: How much is the average ransom? $130K? Really? Really.

Make sure to add us or contact us for the latest news

Real-Time Service Alerts



Money Makes the World Go Round


Cybercriminals love ransomware because it’s got a stellar risk/reward ratio, and everyone involved in the scheme gets paid handsomely – even a freelancer in a ransomware attack will profit. Major gangs like REvil actively solicit smaller gangs, referred to as affiliates, to do their dirty work. Those affiliates pay on average 20% of their take to the parent gang.  They’ll be responsible for running everything about the operation from planning to execution, while the parent gang typically supplies the tech and can assist in obtaining introductions and resources if needed. The affiliates hire freelancers through dark web forums and gather resources from dark web data markets and dumps.

How Much Money Are We Talking About?

 

At the root of many damaging cybersecurity incidents, you’ll find phishing. In fact, 90% of incidents that end in a data breach start with a phishing email. Researchers at leading organizations have been sounding the alarm about phishing forever, but many organizations still fail to really take the threat seriously to their detriment. As phishing rates worldwide continue to climb, escalating risk for devastating cyberattacks like ransomware and business email compromise, there’s a new impetus for businesses to fight back against phishing.

While it may not seem like it on the surface, phishing is a complex hazard for businesses to navigate. One reason for that complexity is that phishing is a rapidly evolving area of cybercrime. The bad guys are always trotting out new scams. In fact, researchers at the University of Maryland estimate that cybercriminals launch a new cyberattack like phishing every 39 seconds. These statistics offer a starting point when considering the way that phishing impacts the business world right now.

Phishing Quick Hits 

  • 94% of malware is delivered by email.
  • More than 80 % of reported security incidents are phishing-related
  • 40% of phishing messages aren’t caught by conventional security or a SEG
  • One-fifth of employees in a 2020 survey fell for phishing tricks and interacted with spurious emails
  • 45% of employees click emails they consider to be suspicious “just in case it’s important.” 

Social Engineering Powered by Abundant Dark Web Data 

Bad actors use all sorts of psychological tricks to lure their victims into the number one type of social engineering attack: phishing. These attacks are typically powered by abundant dark web data. About 60% of the data on the dark web at the beginning of 2020 could be used to harm businesses and more than 22 billion new records have been added including 103 GB in this year’s RockYou2021 dump. Socially engineered phishing attacks use that data to lure employees into opening dodgy emails, clicking suspicious links, handing over passwords, downloading sketchy attachments and engaging in other unsafe behaviors that can put your business at risk of damaging disasters.

How Can Businesses Reduce Data Breach Risk from Phishing?

With the world operating remotely during the pandemic lockdowns last year, email volume skyrocketed. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies continue to grapple with the implications of the ongoing pandemic and virus variants that could lead to long-term remote work becoming the norm. If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025. How to mitigate?

Step Up Security Awareness Training  

In a UK study on companies running phishing simulations, researchers discovered that 40 – 60% of their employees are likely to open malicious links or attachments. However, after about 6 months of training, the percentage of employees who took the bait dropped 20% to 25% – and after 6 months more training, the percentage of employees who opened phishing messages dropped to only 10% to 18%. A solution like BullPhish ID empowers companies to choose either expert-crafted plug-and-play security awareness training campaigns or fully customized lessons to fit their unique industry needs.

Strip the Power from a Phished Password

Even the best trained and most aware employees make mistakes – the single biggest cause of all cybersecurity incidents including data breaches will always be human error. But you can prevent an employee’s mistake in giving up their password to a scam from unleashing an expensive disaster for your business just by adding multifactor authentication, which stops 99% of password-based cyberattacks, using a dynamic identity and access management multitool.

Get More Help in the Fight Against Phishing

No business needs to go it alone in the fight against phishing-related cybercrime.  An estimated 34% of business IT leaders in an employee behavior survey admitted that a simple lack of employee understanding of today’s sophisticated phishing threats was their biggest problem. We can help. Get the power of smart, award-winning defense including top-notch security awareness training that meets your employees where they are on your side when you choose IntegraMSP. Contact Us and let’s get started on your improving your protection right away.

Dark Web ID’s Top Threats This Week


 

Accenture

https://threatpost.com/accenture-lockbit-ransomware-attack/168594/

Exploit: Ransomware

Accenture: Consulting Firm

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.437 = Extreme

The LockBit ransomware gang has hit consulting giant Accenture. In a post on its dark web announcement site, the gang is offering multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company. The LockBit ransomware gang reports theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. News outlets are reporting that the hack was the result of an insider job.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware hits against big service providers are attractive for cybercriminals because they often open up fresh avenues of attack, creating third-party risk.

IntegraMSP to the Rescue: As companies become more connected in today’s business landscape, third-party risk is escalating and every business must be ready. Download our ebook on third-party risk. GET THE EBOOK>>

Ford Motor Company

https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/

Exploit: Misconfiguration

Ford Motor Company: Automobile Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.033 = Severe

A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.371 = Severe

The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history and other details.

Customers Impacted: Unknown

How It Could Affect Your Business Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.

IntegraMSP to the Rescue: Developing a strong security culture that is savvy about phishing is essential for maintaining security in today’s volatile threat atmosphere. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>

T- Mobile

https://gizmodo.com/hacker-claims-to-have-data-on-more-than-100-million-t-m-1847491056

Exploit: Hacking

T-Mobile: Mobile Phone Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673=Severe

Hackers are claiming that they’ve obtained data related to more than 100 million US T-Mobile customers in a post on a popular dark web forum. They’re selling access to part of the information for 6 Bitcoin which translates into roughly $277,000. T-Mobile has confirmed the incident after some back-and-forth.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.737=Severe

The data purportedly stolen is records and information for consumers including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.

Customers Impacted: 100 million

How It Could Affect Your Business Cybercriminals love personal data, the number one type of data stolen in 2020. Protecting customer data is critical to maintaining good customer relationships.

IntegraMSP to the Rescue:  Organizations are safer when everyone is on the cybersecurity team. Let us show you how to expand your menu into security awareness training in just 15 minutes! CONTACT US>>

Maine Department of Environmental Protection

https://bangordailynews.com/2021/08/15/news/in-a-first-for-maine-ransomware-hackers-hit-2-public-wastewater-plants/

Exploit: Ransomware

Maine Department of Environmental Protection: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.825 = Severe

Ransomware attacks endangered operations at two Maine wastewater treatment facilities this week. The attacks occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. Officials were quick to note that the attacks presented no threat to public health and safety, characterizing them as minor.  Operations have been restored.

Customers Impacted: Unknown

How It Could Affect Your Business Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.

IntegraMSP to the Rescue: What happens when you pay a ransom? Nothing good. See how the cash shakes down and how gangs make their money in Ransomware Exposed!. DOWNLOAD IT>>

 


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.