Cyber Alert Monday 6-8-2020 – Malware attack

Last week, slow breach responses put customers at risk, a malware attack undermines the benefits of shopping online, and a new study reveals that frequently resetting passwords is essential even if they haven’t been directly compromised.  

computer code, malware attack

United States – Quidd

Exploit: Unauthorized database access 
Quidd: Digital collectibles app 

Risk to Small Business: 2.137 = Severe

Bad actors infiltrated a Quidd database and shared its contents online, exposing users’ account credentials. The database was circulating on private forums for months, but the platform didn’t identify the breach until it appeared on a public board this week. The passwords were encrypted, but hackers have already cracked more than 135,000 passwords. Quidd’s slow response was further exacerbated by delayed notification procedures, as victims still haven’t been notified of the incident. 

Individual Risk: 2.795 = Moderate

The data breach compromised usernames and passwords. All platform members should immediately update their credentials while assessing the integrity of other online accounts. Quidd users should continue evaluating their accounts for unusual or suspicious activity. 

Customers Impacted: 4,000,000

How it Could Affect Your Customers’ Business: Rapidly identifying and responding to potential data breaches is a critical component of any defensive posture. In this case, the company could have acted much sooner if the Dark Web was being monitored for their information. Being able to identify the sale or transfer of company data enables businesses to respond before an incident escalates.

United States – Arbonne International 

Exploit: Unauthorized database access
Arbonne International: Multi-level marketing (MLM) platform

Risk to Small Business: 1.692 = Severe

A data breach has exposed personal information for thousands of MLM participants. The data loss event began when the company detected unusual network activity on April 20th, but the incident was not revealed publicly until this week. The breach specifically applies to California employees, which means regulatory authorities will likely scrutinize the incident under the California Consumer Privacy Regulation

Individual Risk: 2.591 = Severe

The breach compromised MLM members’ names, email addresses, mailing addresses, phone numbers, purchase histories, and account passwords. Those impacted need to reset their Arbonne account password, and they should update other credentials using the same details. At the same time, victims should carefully monitor their accounts and communications for suspicious activity, since personal data is often used in subsequent phishing scams and other fraud attempts.   

Customers Impacted:  3,527

How it Could Affect Your Customers’ Business: Consumer sentiment has quickly shifted toward a privacy-first approach to personal information, and regulatory efforts are enforcing that priority. Data privacy laws already apply in many places, and companies should expect more regulatory scrutiny in the years ahead

United States – Minted

Exploit: Unauthorized database access
Minted: Online marketplace for independent artists 

Risk to Small Business: 1.980 = Severe

After a database was made available on the Dark Web, Minted acknowledged a data breach that compromised customer information. The breach happened when hackers accessed a company database on May 6th, and it’s unclear why it took the company more than three weeks to identify and respond. Customers are increasingly willing to walk away from platforms that can’t protect their data, and the company’s slow response could make it more challenging to regain users’ trust. 

Individual Risk: 2.602 = Moderate

The incident compromised users’ data, including their names, addresses, phone numbers. Less than 1% of victims also had their dates of birth exposed. In addition, users’ login credentials were impacted. In response, those affected by the breach need to update their Minted passwords and any other platform passwords that use similar information.  

Customers Impacted: 5,000,000

How it Could Affect Your Customers’ Business: Data beaches are a public relations nightmare, and a fast, effective response can be the difference between restoring trust and watching customers walk away. At the same time, equipping employees and customers with tools to secure their accounts demonstrates a tangible commitment to data security.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:    

Small Businesses Suffer More Than A Quarter of all Breaches  

According to Verizon’s 2020 Data Breach Investigations Report, small businesses are increasingly the target of cybercriminals. The report, which analyzed more than 157,000 cybersecurity incidents, found that 28% were directed at small businesses. Previously, cybercriminals have targeted larger organizations as the rate of return was often higher. However, a transition to cloud computing and the use of social engineering attacks, like phishing scams, has increased the risk for small businesses.  

In response, it’s clear that small businesses need to prioritize cybersecurity as a data breach has an outsized effect on smaller organizations. Among other recommendations, the report encourages small businesses to invest in continuous vulnerability management, secure their email infrastructure to protect themselves from the growing threat of phishing attacks. It’s also essential that companies recognize and identify insider threat sources and eliminate them as quickly as possible.

Knowing that small businesses often lack the in-house cybersecurity resources to implement a 360-degree defensive strategy, MSPs have an opportunity to reach out to small business customers to build a partnership that fills that gap effectively and affordably to provide essential cybersecurity support in this tumultuous time.  .

Using tools and services that support good password hygiene, offering things like single sign-on, two-factor authentication, and other password-oriented enhancements, and enforcing stricter password reuse and sharing policies can help mitigate the risk of password compromise through password reuse and weakness.

https://smallbiztrends.com/2020/05/small-business-data-breaches-2020.html


A Note From Kobargo

New Trouble Comes From Users Who Rarely Update Their Passwords   

Despite years of advocacy and continual advice to update passwords frequently, the majority of victims fail to follow through on this priority. According to research by the Carnegie Mellon University’s CyLap, even after a data breach, users rarely voluntarily update their credentials, and only 13% even did so within three months of a known breach.

Updating passwords consistently is an essential security tool. Part of protecting a company’s data and systems from bad actors requires knowing when that company’s credentials have been compromised – and that compromise isn’t always on them. A third party breach could put corporate passwords at risk unexpectedly. 

Given the high number of compromised credentials available on the Dark Web, updating passwords after a breach is a critical recovery act that can help limit the scope and impact of the breach. Dark Web ID is an essential tool for finding out if company credentials have been compromised in someone else’s breach.    

https://techxplore.com/news/2020-05-breach-users-rarely-passwords-theyre.amp


Contact Kobargo Technology Partners to schedule a free consultation today!

CATEGORIES

YOU MAY ALSO LIKE

sign up for our newsletter

Be the first to hear about our services, collaborations and online exclusive content. Join the Kobargo Family email list!

    [md-form spacing="tight"]

    [md-text label="E-mail"]

    [/md-text]

    [md-submit style="outlined"]

    [/md-submit]

    [/md-form]

    By submitting this form, you are consenting to receive marketing emails from Kobargo Technology Partners. You can revoke your consent to receive emails at any time by using the SafeUnsuscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.