Cyber Alert: Last week, Chipotle accounts might be getting hacked and the Weather Channel is struck by ransomware.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
Chipotle: American chain of fast casual restaurants
Exploit: Credential stuffing
Risk to Small Business: 1.888 = Severe: Several individuals took to Twitter and Reddit to report that their Chipotle accounts were being used to place unauthorized orders at locations across the country. However, many of the customers maintain that their passwords were unique to Chipotle, which could rule out the possibility of a credential stuffing attack and shift the blame directly on Chipotle. In response, Chipotle officials stated that they don’t believe their network was breached or that personal data was revealed to outside entities. This is the company’s second data security incident in two years, and they have yet to roll out two-factor authentication for their customers.
Individual Risk: 2.571 = Moderate: In credential stuffing attacks, hackers leverage personal information retrieved from past data breaches to breach new accounts. Chipotle account holders should enlist in identity monitoring solutions and reset their passwords to protect their information going forward.
Customers Impacted: To be determined.
How it Could Affect Your Business: Being able to rule out a credential stuffing attack is crucial to identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it becomes incredibly difficult to track how compromised data is being leveraged by hackers. When developing digital platforms, companies of all sizes need to plan to protect their customer data by taking every precaution to ensure that their information is never compromised.
 
Navicent Health: Second largest hospital in Georgia and part of the Central Georgia Health System.
Exploit: Employee e-mail breach
Risk to Small Business: 1.777 = Severe: In a recent data breach notice, Navicent Health disclosed that they learned about a breach originating with their employees’ corporate email accounts, which were accessed by an unauthorized third party. Although no evidence of identity theft was revealed, the company was forced to take responsibility, notify patients, and offer free identity protection services, while also pledging to improve their security infrastructure moving forward.
Individual Risk: 2.857 = Severe Navicent doesn’t believe any of the accessed data is being used to perpetuate identity theft or other cybercrimes, but the compromised emails did include sensitive patient data including their names, birthdays, addresses, medical information, and social security numbers.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies charged with handling personal health information (PHI) need a comprehensive understanding of their IT infrastructure, including potential vulnerabilities. Since HIPAA compliance and patient trust are both on the line, any company managing PHI should prioritize risk assessment and prevention. Employees should be the first line of defense, as they manage patient data on a daily basis, and they must be armed with proper cybersecurity awareness training to prevent future incidents.
 
Verint: Global cybersecurity firm offering analytics, surveillance, and business IT service
Exploit: Ransomware attack
Risk to Small Business: 2.111 = Severe: Verint is an international cybersecurity firm headquartered in the US, and the ransomware is currently contained within their Israel offices. The company reacted quickly, issuing an on-screen message that instructs employees to immediately shut down devices if they receive a ransomware message. However, the erosion of brand reputation has the potential to spread like wildfire, especially among cybersecurity experts and customers who catch wind of the incident.
Individual Risk: 2.857 = Severe: Ransomware attacks typically affect businesses because they prevent users from accessing files until a ransom is paid. However, when hackers gain access to a company’s network, there is always a risk of revealing personal information. At this time, there is no indication that Verint employee or customer information was compromised.
Customers Impacted: Unknown
How it Could Affect Your Business: This incident is a reminder of the difficulty of managing and maintaining an international IT infrastructure. Fortunately, Verint’s security software immediately detected the breach and made employees aware of best practices for combating a ransomware attack, but a lot more could have been done. Companies should invest in solutions that can proactively and continuously monitor hacker marketplaces for compromised employee or customer data. Especially in the case of companies conducting business in cybersecurity and IT infrastructure, the risk associated with damaged brand quality is too high.
 
The Weather Channel: Television network airing 24-hour coverage of weather
Exploit: Ransomware attack
Risk to Small Business: 2.333 = Severe: The Weather Channel’s daily morning show AMHQ was unable to air at its regular time because of a ransomware attack that temporarily incapacitated the network. The downtime lasted for more than 90 minutes, and viewers saw pre-recorded footage during this time.
Individual Risk: 3 = Moderate: It is not currently believed that any personal information was revealed in the ransomware attack.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a serious problem for companies of all sizes. Critical information and operations can be cut off until the ransom is paid. Businesses must establish security protocols and source advanced security solutions in order to appropriately respond in the event of a ransomware attack.
 
Augusta: The city capital of Maine, which provides services to 18,000 residents
Exploit: Computer virus
Risk to Small Business: 2.333 = Severe: A malicious software infiltrated and damaged the city’s computer network system and individual devices, shutting down all offices for an extended period of time. Not only did the virus prevent officials from using servers and computers, but it debilitated the machines used by emergency dispatchers, which required manual tracking of emergency vehicles and responses. The phone system and public safety radio system did remain operational during the ordeal, ensuring no disruption to public safety. Additionally, all services related to the computer network including billing, tax records, and general assistance were completely offline. City officials believe the incident was perpetrated by an inside threat who wanted to destroy, not capture, government data.
Individual Risk: 2.714 = Moderate: City officials don’t believe that any personal information was compromised in the attack, but they do admit that this information has become inaccessible. Individuals with data stored on the city network should be mindful of the vulnerability by taking precautions to ensure data parity.
Customers Impacted: Unknown
How it Could Affect Your Business: The notion that this incident could be perpetrated by an insider threat is a reminder than any single employee can do significant damage to a company’s IT infrastructure. Having contingency plans in place is a veritable must-have, but companies should also be prepared to provide support to any individuals impacted by the breach.
 
A Note From Kobargo:
How Will You Handle Ransomware?
Ransomware attacks are one of the scariest and most reported cyber-security threats, and a recent report found that most victims are now prepared to pay the ransom.
The Telstra’s 2019 Security Report surveyed 320 Australian businesses, more than half of which paid ransomware attackers to retrieve their data. Interestingly, 77% of those companies successfully recovered their information after paying the ransom.
In some ways, this is a good thing. Nobody wants to lose their data to hackers. However, it also incentivizes bad actors, making it possible for them to continue victimizing more people. Having a plan to combat and address ransomware is quickly becoming a critical component of any cyber-security strategy, and it’s one that demands more than just a cache of Bitcoin for a rainy day.  Kobargo Technology Partners will prepare you with the tools to fight back.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Data Breach, Cyber Alert

Last week, phishing scams targeted US government and healthcare employees, and 60,000 digital fingerprints found their way to the Dark Web.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
BBH: Mental health service provider’s South Carolina network
Exploit: Ransomware attack
Risk to Small Business: 1.777 = Severe: After local police detected a ransomware infection, the city was forced to shut down most of its servers. While police and fire facilities remain unaffected, other services, including payments to city agencies, are significantly restricted. Consequently, city officials recommend making cash payments until the network can be restored. The city expects servers to be offline for several days as they work to determine the next steps towards rectifying the situation.
Individual Risk: 2.571= Severe: According to the city’s communications manager, Brock Letchworth, the city does not believe that the incident compromised personal information.
Customers Impacted: To be determined.
How it Could Affect Your Business:  This episode is a reminder of the fragility within local infrastructure. Although critical safety operations remain unaffected, city employees are unable to continue business as usual, and new solutions are not immediately apparent. Most importantly, it’s essential to know if data is stolen and to understand what thieves intend to do with that information.
Minnesota Department of Human Services: Minnesota state agency
Exploit: Phishing scam
Risk to Small Business: 2= Severe: In March 2018, a bad actor logged into a state agency email account and sent emails seeking personal information and invoice payments via wire transfer. The breach was detected when an agency employee received the email and flagged it as suspicious. The breach was just disclosed this week, and department officials believe that hackers gained access to the personal information of 11,000 users.
Individual Risk: 2.285 = Severe: Although the agency contends that personal information has not been misused, the perpetrator certainly had access to the data of thousands of people. Because the breach impacted the agency’s Direct Care and Treatment division, the data stolen includes treatment information and other sensitive health files.
Customers Impacted: 11,000
How it Could Affect Your Business: This most recent incident is the department’s third breach in just over a year, something that can have broad implications for data security and patient trust. The employee who received the malicious email responded appropriately, but these scams are preventable through security training and education.
A Note From Kobargo:
Coming soon – Cybersecurity for 5G
As you might imagine, many industries are gearing up to harness the widely anticipated development of 5G. Although there is much to gain, including better speeds and more consistency, we must also prepare for 5G to usher in its own showcase of security threats.
One of the immediate concerns that rises to the top is how 5G will transform data collection and protection. With fast-moving and highly customized web traffic, new technologies such as IoT devices will be enabled, creating an unmet need in security statistics and metrics.
High-level cyber-security strategies must adapt to meet these needs, but one maxim still holds true. Hackers will continue to expose the gaps within the infrastructures of small businesses or enterprises, but Kobargo Technology Partners will prepare you with the tools to fight back.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Cyber Alert: Last week, ransomware shuts down a US medical practice, freshmen hack their school’s Wi-Fi to avoid tests and UConn is hit with a $5M data breach lawsuit.

LAST WEEKS CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
BBH: Mental health service provider based in Missouri
Exploit: Unsecured business associate portal
Risk to Small Business: 2.333= Severe: BBH has sent letters to patients notifying them of a breach that occurred in August of last year. Potential attackers would be able to infiltrate a business associate’s portal to access electronic protected health information (ePHI) and compromise sensitive records. The mental health service provider noted that there was no evidence of unauthorized access, but will be providing free identity monitoring, protection, and reporting from agencies including Equifax, Experian, and TransUnion. Along with the direct costs associated with offering such services to patients, the organization will have to pour funds into reputation management.
Individual Risk: 2.571= Severe: The exposed records included names, addresses, contact information, DOBs, medical history information, driver’s license numbers and SSNs. Given the amount of time that has lapsed, patients are at high risk and should immediately begin monitoring their identity and credit reports.
Customers Impacted: 67,493 patients
How it Could Affect Your Business: As breaches continue to become more commonplace, companies are being held accountable for providing free identity protection for their customers and employees. Such damage can be disabling for small businesses, especially when combined with the costs that come with managing public relation.
Brookside: Medical practice in Battle Creek, Michigan
Exploit: Ransomware attack
Risk to Small Business: 2= Severe: The doctor’s office of Dr. William Scalf and Dr. John Bizon will be forced to close on April 30th after falling victim to a ransomware attack and refusing to pay $6,500 to regain access. Although hackers were unable to compromise their data, all information regarding appointments, patients, and payments was completely erased.
Individual Risk: 2.428= Severe: Sensitive information of individuals was not accessed, only deleted. However, none of the unrecoverable data was salvaged and the office closure will force patients to seek treatment elsewhere, even those with imminent health concerns.
Customers Impacted: Undetermined
How it Could Affect Your Business: This security incident is a perfect example of how devastating a ransomware attack can be for small businesses and their customers. Hackers are capable of wiping out infrastructure and important records, causing business owners to rebuild from the ground-up. As such, company managers must begin assessing cybersecurity threats and working with MSPs to protect themselves from compromises going forward.
Secaucus High School: New Jersey school district
Exploit: Malware
Risk to Small Business: 2.333 =Severe: Two high school freshmen were arrested for disabling their school’s Wi-Fi system to avoid taking tests. The students used a private company to execute the hack, resulting in them being charged with computer criminal activity and conspiracy to commit computer criminal activity. Although the systems are back up and running, it remains to be seen how the students will be disciplined by the school district.
Individual Risk:  2.482= Severe: None.
Customers Impacted: 2
How it Could Affect Your Business: Hacks are being commoditized, with packaged products capable of bringing down systems and stealing information becoming readily available on the Dark Web. Smaller organizations must learn to recognize such trends and protect their members, customers, and staff by investing in security providers that host solutions enabling them to understand the inner workings of online, underground marketplaces.
A Note From Kobargo:
UConn’s $5M data breach lawsuit
The University of Connecticut Health Center has been served a class action lawsuit over a data breach that resulted in the exposure of 326,000 current and former patients. Yoselin Martinez and others are seeking $5M in damages, alleging that the university not only took months to report the breach, but could have done more to prevent it. Martinez claims that her bank account has been defrauded and overdrawn due to the information that was compromised during the breach.
The attack was discovered in December of last year, when an unauthorized party was able to access an employee’s email account and compromise names, DOBs, addresses, medical information, and SSNs. With the public eye scrutinizing organizational efforts to protect their customers and employees, small businesses must catch on early and begin working with MSPs to bolster new cybersecurity initiatives.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!
 

LAST WEEK, US HEALTHCARE PROVIDER GETS BREACHED 3 TIMES AND THIRD-PARTY RANSOMWARE PARKS CANADIAN AGENCY FOR DAYS.

LAST WEEKS CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
 
Verity Medical Foundation: Healthcare provider based in San Jose, CA.
Exploit: Employee phishing scam.
Risk to Small Business: 2.333 = Severe: VMF recently notified its patients of another security breach it suffered on January 16th of this year, immediately following two similar phishing incidents. A hacker was able to compromise an employee’s Office 365 account for several hours and send phishing emails internally and externally to gather usernames and passwords. Although the organization maintains that there is no evidence of patient information being accessed, they will now face scrutiny by the media and patients, along with being forced to deploy mandatory training for employees.

Individual Risk: 2.571 = Severe: Aside from account usernames and passwords, protected health information including DOBs, patient identification numbers, phone numbers, addresses, health plans, treatments received, SSNs, and even insurance details may have been exposed. While the company believes that it was unlikely that the attacker was after the data, affected patients should enlist in identity monitoring and additional security measures.

Customers Impacted: 14,894 patients
How it Could Affect Your Business: The compounding effects of back-to-back breaches can amount to serious losses for organizations. Even worse, employee phishing attacks are entirely preventable through the implementation of security training and education. If breach occurs, businesses are forced to enroll their employees in such programs anyway, and likely at a higher cost. By then, however, the damage will have already been done.

 Earl Enterprises: Hospitality industry giant that owns Buca Di Beppo, Planet Hollywood, Earl of Sandwich, and other restaurant brands

Exploit: Malware installation on point-of-sale (POS) systems

Risk to Small Business: 2 = Severe: In a press release published last Friday, the company announced that hackers had planted malware on POS systems, affecting over 100 restaurants between May 23, 2018, and March 18, 2019. After noticing a mysteriously large card dump in February, cybersecurity researchers realized that this incident is related to a database that is already available for sale on the Dark Web. In addition to dealing with customer churn and brand degradation, the company will now have to do its best to protect the users whose card information is up for grabs on the Dark Web.

Individual Risk: 2.428 = Severe: Credit and debit card numbers, expiration dates, and cardholder names were exposed in the incident and will eventually be sold to the highest bidder on the Dark Web. Anyone who dined at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, or Tequila Taqueria should consider cancelling their cards, monitoring their financial reports, and changing their passwords.

This week, a Dutch academic publisher is exposed, US sleep companies snooze on payment fraud, UK police face ransomware attack and Uber might be spying on us (again)…

LAST WEEKS HACKS, ATTACKS, BREACHES AND MORE…
Oregon Department of Human Services (DHS): State agency of Oregon.
Exploit: Employee phishing scam.
Risk to Small Business: Severe: Last Thursday, the Oregon DHS announced that it suffered a data breach after nine employees opened phishing emails and exposed their accounts to hackers. As a result, the social security and personal information of an undecided number of citizens could have been exposed. Along with having to inform the affected individuals, the state’s largest agency will be forced to upgrade security efforts and likely conduct cybersecurity training for employees.
Individual Risk: Moderate: The privacy breach could have included first and last names, addresses, DOBs, SSNs, and case numbers related to DHS programs. State residents should monitor their credit reports for possible payment fraud but will remain at risk.
Customers Impacted: To be determined
How it Could Affect Your Business: In the wake of numerous phishing attacks resulting in privacy breaches, organizations storing personal information must take notice and begin protecting individuals. Employee phishing scams are entirely preventable with proper cybersecurity training, which can effectively mitigate the risk of breach. The case and ROI for phishing security solutions becomes intuitive when we consider the potential damages and costs.
MyPillow and Amerisleep: Pillow and mattress companies in the US.
Exploit: Magecart attack on website checkout pages.
Risk to Small Business: Severe: After being targeted as early as 2017, both online retailers faced card skimming attacks. In this scheme, hackers will insert malicious code into website checkout pages and covertly swipe customer payment information. Although MyPillow discovered the first compromise almost immediately, it argued that the second attack did not result in the loss of information. On the other hand, Amerisleep has not responded to comments. Depending on what further investigations reveal, it is possible that the sleep companies will face hefty fines for their delay in responding as well as scrutiny from online shoppers.
Individual Risk:  Severe :As you can imagine, any information provided on a checkout page is up for grabs during a Magecart attack. This could include first and last names, addresses, credit card numbers, and more.
Customers Impacted: To be determined.
How it Could Affect Your Business: Most recent Magecart attacks such as those on British Airways and Newegg were targeted towards larger firms, but now hacking groups are shifting their focus to small businesses. Skimming schemes are especially dangerous since they can be hard to trace, yet able to extract valuable customer information. Once cybercriminals can get their hands on such data, they will move to the Dark Web to make profits or conduct payment fraud.
Canada-Natural Health Services: Largest referral network of medical cannabis users.
Exploit: Breach of medical records.
Risk to Small Business: Severe: Between December 4, 2018, and January 7, 2019, attackers gained access to the electronic medical records (EMR) system containing personal health information. The company was forced to notify its B2B clients, which could result in turnover and a degradation of trust.
Individual Risk: Severe: Exposed information included patient’s personal information, medical diagnoses, and referral data. At the same time, no patient prescriptions, credit card information, or SSNs were involved.
Customers Impacted: To be determined
How it Could Affect Your  Business: Organizations that store large amounts of personal data on behalf of B2B clients should be especially vigilant for cyber-attacks, given the amount of information at stake. In the event of such a breach, a security solution that employs a Dark Web monitoring tool can be crucial in determining if stolen information is trading hands between cybercriminals.
UK Police Federation: Organization that represents 119,000 police officers across England and Wales.
Exploit: Ransomware attack
Risk to Small Business: Severe: A ransomware attack hit computers at the federation’s Surrey headquarters on March 9, encrypting several databases and email systems. This led to a disruption in services, along with the deletion of all backup data. The organization will be forced to rebuild its systems and ensure that data was not compromised.
Individual Risk: Moderate Risk:  Currently there is no indication that data was extracted from their systems, but the attack has severely damaged the organization’s infrastructure.
Customers Impacted: Undisclosed
How it Could Affect Your  Business: The National Crime Agency is investigating the attack, but the police federation believes that it was not targeted specifically and was victim to a larger campaign. As the threat of ransomware continues to evolve, companies must avoid getting caught in the crosshairs by arming themselves with cybersecurity training and protocols.
Health Service Executive (HSE): National health service website.
Exploit: Unauthorized adtech.
Risk to Small Business: Severe: Webpage users are having their data “continuously and invisibly leaked to commercial actors,” including sensitive topics with health-related information. A study of adtech installed on public health service websites found that 73% of HSE landing pages contained ad trackers. Although organizations are not being held responsible for this type of data exposure, consumers are easily spooked. Because of the study and the looming threat of GDPR compliance fines, the HSE is in the process of redesigning its website.
Individual Risk: Severe: Cookies placed on the website could be used to infer sensitive information about user health information. These companies can build profiles and sell them to third-party marketers, insurers, credit raters, and more. Nevertheless, this news only brings mid-level risk since the companies involved are typically not malicious in nature.
Customers Impacted: To be determined.
How it Could Affect Your Business:  The business of leveraging customer data for precision marketing is coming under scrutiny, especially with the introduction of GDPR in Europe. As the public becomes more aware of how their data is being used, companies must adapt by implementing security solutions to protect their consumers.
Group of Italian Investors: Independent investors.
Exploit: Crypto fraud via social engineering.
Risk to Small Business: Severe: The Italian authorities recently arrested a computer expert who was able to exploit communication channels and false identities from the Dark Web to defraud crypto investors. The hacker posed as a representative of a reputable Swiss investment firm to earn the trust of the victims. Although no individual business faces risk, more crypto-related breaches may result in an eventual downturn in investments.
Individual Risk: Severe: Investors in the crypto market should be wary of such hacks, since crypto transactions are typically untraceable and irreversible. Nevertheless, personal and payment information is not at stake, so the individual risk of future breaches is not impacted.
Customers Impacted: Unknown.
How it Could Affect Your  Business: This incident is proof of how identities on the Dark Web can be leveraged by hackers to conduct payment fraud via social engineering. To stop such exploits from occurring in the first place, companies must protect employees and customers by investing in security solutions that can guard against phishing and privacy-related attacks.
Elsevier: Scholarly paper publisher and analytics company
Exploit: Server misconfiguration.
Risk to Small Business: Severe: Login credentials for users were exposed after the company’s servers were misconfigured, affecting students and teachers at universities across the world. Since it was a human error attack, Elsevier was able to secure the leaky server quickly and is issuing password reset links to users. Like other B2B breaches, such an exposure is certainly bad for business and can result in the loss of clientele.
Individual Risk: Moderate: User email addresses and passwords may have been compromised, which could jeopardize other accounts where the same passwords are used. Those affected should change their passwords across all accounts immediately.
Customers Impacted: To be determined
How it Could Affect Your Business: Organizational data can be leveraged by hackers and put up for sale on the Dark Web or used to conduct payment fraud. With the knowledge that cybercriminals are looking for targets with limited security controls and valuable data, small businesses need to work with security providers to protect themselves and their customers.
Uber: Transportation network company headquartered in San Francisco, California.
Exploit: Spyware.
Risk to Small Business: Severe: A rogue employee deployed a “secret spyware program” to help Uber get a competitive advantage against local businesses in Australian markets. Dubbed Surfcam, the software was developed in 2015 and scraped driver and vehicle data. The company spokesperson is denying any claims, but this is now the second time Surfcam has been mentioned after similar allegations were made in Singapore.
Individual Risk: Moderate: Although the spyware program is likely using rider data to optimize marketing efforts on behalf of Uber, it can have serious consequences for competitors and consumers in the long run. At the same time, users do not face immediate threat.
Customers Impacted: Unknown
How it Could Affect Your Business: The improper use of data is making headlines across the world, and companies must do everything they can to avoid being involved. The stewardship of personal and payment information should be at utmost importance for small businesses and can be accomplished by partnering with the right security solution.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!