PHP Exploit, Cyber Alert Monday 02-18- 2019
2017: The Year of Cryptojacking. 2018: The Year of Ransomware. 2019 PHP Exploit? Is this year is shaping up to be the year of Phishing? See who got hacked…
Trakt: A US media service for tracking movies and shows watched online.
Exploit: PHP Exploit. (An application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context.
Risk to Small Business: Severe: The California-based media platform emailed its customers notifying them of a breach (PHP exploit) that took place over 4 years ago, in December of 2014. In their statement, they claimed that they only recently discovered the breach, and took steps to mitigate it since. Payment information was not disclosed, but usernames, emails, passwords, names, and locations were. The investigation is ongoing, but the only risk at this point seems to be that of customer attrition.
Individual Risk: Moderate: The company seems to have inadvertently mitigated the breach, migrating to a more secure version of its website in January 2015. However, users that have recycled passwords between accounts should be wary.
Customers Impacted: To be determined
How it Could Affect Your Business: Even without involving payment data, breaches that trace back multiple years can unnerve end-users into deleting their accounts forever. When they receive an email notifying them that a breach from 2014 was just now discovered, they are likely to weigh other options or stop using the service entirely. In a world where competition is cutthroat and the customer has more information and choices at their fingertips than ever before, businesses must do everything in their power to retain and build trust. Source
Olympia Financial Group: Full-service Canadian mortgage firm and trust
Exploit: Ransomware attack on IT infrastructure.
Risk to Small Business: Severe: Last week, the company reported a ransomware attack on its information technology systems, resulting in an adverse interruption to business operations. The company will continue to investigate the attack but currently believes that personal information was left intact.
Individual Risk: Moderate: The company has claimed that there is currently no evidence that suggests that customers were impacted, but clients should check for updates since the investigation is still underway.
Customers Impacted: To be determined
How it Could Affect Your Business: Ransomware attacks are trending in volume and intricacy, forcing businesses to finally realize the potential threat of losing control of their business systems. Small businesses are not exempt, and they must partner with security providers that can help prevent and mitigate such attacks.Source
Canada CarePartners: Ontario-based healthcare service provider
Exploit: PData dumping extortion
Risk to Small Business: Severe: After suffering a data breach back in June 2018 affecting patients, the Canadian firm is now facing an exposure of employee information. The recent “data dump” contains employee earnings, contractor details, and forms that include names, addresses, social security numbers, and wages. Currently, the hackers are requesting 5 bitcoins for the encryption key that unlocks most of the files, but CarePartners has not yet responded.
Individual Risk: Moderate: Personal and financial information is at stake, and CarePartners employees have reasons to be worried. If the hackers are unable to find profits from the data dumping extortion, they will likely sell the information on the Dark Web and allow fraudsters to use the data to conduct damaging cyber-attacks.
Customers Impacted: Over 12,000 files including employer information
How it Could Affect Your Business: The prospect of a double attack is becoming more probable, and businesses should take notice. Experiencing two consecutive data breaches can be a crippling blow to any business, especially when they impact both customers and employees. Retention becomes an uphill battle, as customers and employees begin to quit in droves. In order to prevent this, businesses must work with experts who use industry-leading cybersecurity solutions. Source.
Protect your business from a Ransomware Attack. Contact Kobargo Technology Partners today for a free consultation!