Threat Alerts

Data Breach, Cyber Alert Monday 06-03-19

Cyber Alert: Last week, the tech unicorn Canva endured a significant data breach and local government agencies were under attack.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…


The Georgia Institute of Technology (Georgia Tech): Public research university based in Atlanta, Georgia
Exploit: Unauthorized database access
Risk to Small Business: 1.555 = Severe: Hackers were able to infiltrate the Institute’s databases that were storing sensitive personal information on current and former students and employees. After identifying an unauthorized user sending queries through an Institute web server, Georgia Tech began an investigation and executed a few countermeasures to secure their ecosystem. Not only will Tech be on the hook for providing credit and identity monitoring services to affected individuals, but they will also deal with scrutiny from current students, employees, and even alumni.
Individual Risk: 2.285 = Severe: According to an official statement from Georgia Tech, the information accessed varies by individual, but it could include names, addresses, Institute ID numbers, dates of birth, and social security numbers. This breach could extend to students, faculty, staff, alumni, applicants, and affiliates. Anyone with ties to Georgia Tech should enroll in identity theft protection services and stay vigilant for potential compromises or fraud attempts.
Customers Impacted: 1,265
How it Could Affect Your Business: Failing to understand your organization’s threat landscape can have significant consequences in today’s digital environment. In this case, hackers had access to the university’s database for nearly four months, making it evident that their security standards were not adequate to address relevant threats. Particularly when your university is seen as a premier technological institution, failure in this regard is entirely preventable, embarrassing, and unacceptable.


 

Louisville Regional Airport Authority: Municipal corporation responsible for owning, operating, and developing Louisville International Airport and Bowman Field

Exploit: Ransomware
Risk to Small Business: 2.111 = Severe: Hackers were able to install ransomware on the airport’s network system, encrypting localized files for two airports, the Louisville Muhammad Ali International Airport and Bowman Field. Fortunately, the organization was prepared for such an incident, and they are restoring their files from backups rather than paying the ransom. While the ransomware was restricted to localized files that are unaffiliated with the organization’s operations or security systems, it’s always concerning when critical infrastructure is tangentially impacted by security vulnerabilities.
Individual Risk: 3 = Moderate: There is no indication that personal information was compromised as part of this breach.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a growing threat among SMBs. Since it is often injected into a company’s network through phishing scams or other employee errors, consider partnering with an MSP that has the tools to train employees and prevent phishing attacks.



Perceptics: Maker and distributor of license plate readers, under-vehicle cameras, and driver cameras
Exploit: Network compromise
Risk to Small Business: 1.444 = Extreme: A hacker using the pseudonym “Boris Bullet-Dodger” gained access to the company’s database and exfiltrated hundreds of gigabytes of data, which he subsequently published on the Dark Web. In total, more than 65,000 files were stolen including data directly from employee laptops. In total, the data breach included information from the access databases, ERP databases, HR records, Microsoft SQL Server data stores, business plans, financial figures, and personal information.
Individual Risk: 2.142 = Severe: The trove of data released by this hack compromised personal information, and the extent of the hack makes it difficult to know precisely what data was taken. However, evidence that hackers accessed employees’ desktops, denoted through the presence of music stored on user computers, suggests that the information exposed could be extensive.
Customers Impacted: Unknown
How it Could Affect Your Business: Responding to a breach of this scope is complicated. Managing the PR fallout is a significant responsibility, but an organization’s most important function is to support those whose information is posted on the Dark Web. In the event of a data breach, knowing what happens to your data is critical, and partnering with a qualified MSP can make all the difference.


Shubert Organization: Theatrical producing organization and owner of theaters in Manhattan and New York City
Exploit: Employee email account breach
Risk to Small Business: 1.777= Severe: Hackers gained access to several employee email accounts containing sensitive personal information. The data breach occurred last February, and it’s unclear why the company either took so long to identify the intrusion or to communicate the incident with stakeholders. Regardless, it underscores the importance of strong defenses, as the company is now responsible for providing credit monitoring services for 24 months. However, this pales in comparison to the incalculable reputational damages that can occur with the magnitude of this breach.
Individual Risk: 2.285 = Severe: Although the company can’t confirm that the intruder accessed personal information, the affected accounts included customers’ names, credit card numbers, and credit card expiration dates.
Customers Impacted: Unknown
How it Could Affect Your Business: While every company is responsible for putting up strong defenses again cybercriminals, bad actors are highly motivated and continually operate with an advantage. Therefore, it’s crucial for companies to differentiate themselves through their support services to help impacted individuals in the wake of a data disaster.


Team Viewer: Developer of proprietary software for remote desktop control, desktop sharing, online meetings, web conferencing, and file transfers
Exploit: Malware
Risk to Small Business: 2.222 = Severe: TeamViewer has acknowledged a malware attack that gave hackers access to the company’s servers, which included their software’s source code. According to an official release by the company, the threat was detected before hackers could steal any data or code. However, this incident took place in 2016, which makes their timing problematic. Consequently, the company will face heightened media scrutiny and reputational damage that could exceed the scope of the actual breach.
Individual Risk: 3 = Moderate: The company contends that personal information was not compromised during the breach, but users should be mindful of the company’s security posture, especially given the potentially sensitive information conveyed through their services.
Customers Impacted: Unknown
How it Could Affect Your Business: Regardless of actual outcomes resulting from the data breach, this episode makes it clear that TeamViewer does not prioritize clear and timely communication when it comes to their cybersecurity initiatives. While data security needs to be a top priority for every organization, communication and customer support are a close second, along with being the most controllable part of any cyber defense plan.


Canva: Graphic design website providing amateur and professional web/media design tools
Exploit: Database server compromise
Risk to Small Business: 1.555 = Severe: A now-prolific hacking group accessed Canva’s network, compromising information for millions of users. According to the hacker’s message after the breach, the theft includes extensive records up until May 17th. The company’s quick response and high cybersecurity standards will help mitigate the damage of the breach, but they are now responsible for understanding what happens to their users’ data when it’s published on the Dark Web.
Individual Risk: 2.149 = Severe: The scope of this breach is incredible, but it will impact users differently. Compromised information could include usernames, real names, email addresses, and location information. Fortunately, the passwords for 61 million users were hashed, making them more difficult to decrypt. The company encourages users to change their account passwords and to update passwords from other accounts that may be using redundant credential.
Customers Impacted: 139 million
How it Could Affect Your Business: Even companies with the best cybersecurity standards can still fall victim to a devastating data breach. Partner with an MSP that can determine where information ultimately ends up (hint: the Dark Web!) so that your customers, employees, and profit margins are always protected from cybersecurity threats.


A Note From Kobargo:
Mobile Banking Malware Increases by 58% 
According to a recent report by Kaspersky Lab, mobile banking malware is on the rise. The first quarter saw instances of mobile banking malware more than triple, and there was a 58% increase in modifications to banking trojans.
A single piece of malware, dubbed Asacub malware, accounts for more than half of the banking trojans detected during this time, attacking approximately 8,200 users a day.
In the first three months of the year, cybersecurity researchers identified 29,841 different modifications of banking trojans, underscoring the complex tasks that companies have when defending their digital infrastructure.
As more and more financial services are conducted online, it’s a troubling sign to see an uptick in the scope and complexity of mobile-focused malware attempts. It’s also a reminder that companies can’t win this battle alone. They need to partner with skilled MSPs like Kobargo Technology Partners to help them identify and eliminate the latest threats to their businesses.

Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 05-27-19

Cyber Alert:  Last week, hackers continued to phish for patient data from US healthcare providers.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…


Equitas Health: Regional, a not-for-profit healthcare provider based in Ohio
Exploit: Employee email account breach
Risk to Small Business: 1.333 = Extreme: Company officials discovered abnormal email activity on two enterprise email accounts belonging to employees, ultimately concluding that a hacker was successful in accessing personally identifiable information (PII) and patient records. The organization hired a third-party forensics firm to better understand the breach, and they are reaching out to affected individuals. Although the organization took immediate steps to contain the incident, it will now face the tangible costs of offering free identity monitoring services to patients, along with the less quantifiable losses in reputational damage.
Individual Risk: 2 = Severe: While it appears that the scope of the attack is limited, the breadth of compromised information is extensive. It includes patient names, dates of birth, patient account and medical record numbers, prescription information, medical history, procedure information, physician names, diagnoses, health insurance information, social security numbers, and driver’s license numbers.
Customers Impacted: 569 affiliated members
How it Could Affect Your Business: This data breach demonstrates the potentially expansive consequences of a single vulnerability. Since healthcare companies are legally required to protect their patients’ data, they need to conduct regular security audits and employee training that can prevent this type of breach. At the same time, Equitas explicitly serves protected classes and marginalized patient groups, making this episode especially egregious. Therefore, it’s critical to continuously monitor protected information in order to understand what happens to patient data after it’s compromised.


 

Oregon State Hospital: Public psychiatric hospital based in Salem, Oregon

Exploit: Spear phishing attack
Risk to Small Business: 1.555 = Severe: An employee clicked on a phishing email, which allowed hackers to gain access to the employee’s email account. Fortunately, IT administrators were able to identify the breach just 40 minutes after it occurred, limiting the exposure of patient information. Although the investigation isn’t complete, the company did reveal that an undetermined amount of patient information was exposed during the breach.
Individual Risk: 2 = Severe: The phishing scam compromised names, dates of birth, medical record numbers, diagnoses, and treatment care plans. Although the company plans to notify impacted individuals in 4 to 6 weeks, anyone with records as the hospital should monitor their credentials for potential misuse.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing scams are entirely avoidable, and any data breach that results from a phishing scam is a self-inflicted wound for the company’s reputation. In addition to deploying robust security software, companies should conduct regular training to avoid unnecessary data breaches. MSPs should consider partnering with third-party cybersecurity services that provide robust employee training to avoid phishing scams.



Pacers Sports and Entertainment: The parent company of the Indiana Pacers, a professional basketball team in the NBA
Exploit: Employee email phishing campaign
Risk to Small Business: 1.555 = Severe: A phishing campaign against Pacers Sports & Entertainment (PSE) resulted in hackers gaining access to several employee accounts that contained sensitive personal information between October 15 and December 4 of last year. However, the company first learned of the incident almost six months ago, which begs the question: why are they just beginning to notify customers now? Along with the damaging outcomes of a customer and employee breach, the organization will now face media scrutiny and resulting customer attrition.
Individual Risk: 1.857 = Severe: PSE did not differentiate if the compromised data belonged to employees or customers, but it does include names, addresses, dates of birth, password numbers, health insurance information, driver’s license numbers, social security numbers, debit/credit card numbers, digital signatures, usernames, and account passwords.
Customers Impacted: Unknown
How it Could Affect Your Business: It’s clear that PSE did not fully appreciate the scope of the data breach. Although the company has not received any reports of personal data misuse, the compromised information can be used to orchestrate fraud in the near future. Along with harming the reputation of their company, PSE will have to answer to the press and customers in the wake of the breach.



Southeastern Council on Alochol and Drug Dependence: Non-profit organization based in Norwich, Connecticut offering alcohol and substance abuse treatment
Exploit: Ransomware
Risk to Small Business: 1.777= Severe: The healthcare provider lost control of more than 25,000 patient records when a ransomware attack was discovered in its network. While they have procured cybersecurity assistance to deal with the issue, the company has been unable to eradicate the ransomware or secure patient records.
Individual Risk: 1.857 = Severe: The data breach compromised PII including patient names, addresses, social security numbers, medical history, and treatment information. Although affected individuals are being offered free credit monitoring services, they are encouraged to remain vigilant about potential financial or identity fraud.
Customers Impacted: 25,148
How it Could Affect Your Business: It is incredibly important for companies, especially those already dealing with a vulnerable client base, to ensure the integrity of their financials and identity after a data breach. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee.


Ada Highway County District: Independent government agency operating in Garden City, Idaho
Exploit: Ransomware
Risk to Small Business: 2 = Severe: A ransomware attack injected into the agency’s system through malicious malware restricted access to the computer networks for nearly 30 hours. While the agency hasn’t found evidence that the hackers accessed the department’s database, they can’t conclusively rule out a more extensive breach. The agency has declined to pay the undisclosed ransom demanded by the hackers.
Individual Risk: 2 = Severe: There is no indication that hackers accessed any individual data during the attack. However, since the agency can’t conclusively rule out access to their database, those with information at the agency should monitor their personal information for signs of fraud or misuse.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks are growing in frequency and sophistication, making it mandatory that companies of all sizes develop a comprehensive plan for responding to the threat and ensuring that services remain operational during an attack. These contingencies can be the difference between a temporary disruption and a major debacle. Moreover, since many ransomware attacks start with phishing emails, employee training and security contingencies are a must-have protocol in today’s digital environment.


Medical Oncology Hematology Consultants: Healthcare network offering cancer treatment solutions
Exploit: Phishing Scam
Risk to Small Business: 1.555 = Severe: When an untrained employee inadvertently clicked on a phishing email, hackers gained access to the employee’s account, which contained sensitive data on an unknown number of patients. Although the data breach took place in June 2018, the healthcare network just reported the incident to the public, a problematic delay when personally identifiable information is involved. While the company has taken measures to secure their network, their delayed response and the preventable nature of the attack is a reminder that the greatest security risk to a company can be its own employees.
Individual Risk: 1.857 = Severe: Although just a single email account was compromised, it contained patient data including names, social security numbers, government-issued IDs, financial data, dates of birth, and medical records.
Customers Impacted: Unknown
How it Could Affect Your Business: The consequences of a data breach are amplified when companies are slow to respond. In the wake of a data loss event, companies have a responsibility to quickly react by both communicating with their customers and by repairing the technical vulnerability. Even though the company took important steps to shore up their cybersecurity by integrating things like malware blocking tools, suspicious email reporting, email encryption, and two-factor authentication, their slow response time is bad for business and bad for their customers. Not only do companies need to be proactive about prioritizing cybersecurity best practices before a breach occurs, but they must develop a strategy for communicating with their customers in a timely fashion.


A Note From Kobargo:

Australia Sees a Spike in Credential Stuffing Attacks

If you’ve ever wondered what happens to the deluge of data stolen during a cybersecurity breach, Australia’s sudden spike in credential stuffing attacks will certainly provide some clarity.
According to a recent cybersecurity report, Australians are now the fifth highest target for credential stuffing attacks, an incredible metric given their modest population.
This form of cybercrime involves hackers using previously stolen information like usernames, email addresses, or passwords in an attempt to gain access on other platforms. Since people often use the same username and password combinations, it’s often possible to apply stolen credentials across multiple accounts.
The report found a robust market for stolen credentials that are often sold in bulk on the Dark Web. Businesses are encouraged to deploy the latest security standards, like two-factor authentication, to help prevent these attacks. Moreover, it underscores the cascading consequences of a data breach, and it highlights the importance of keeping a pulse on customer and employee information. Hint: that’s our bread and butter. Ask how you can take advantage of Dark Web monitoring services 

Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 05-20-19

Cyber Alert:  Last week, a global accounting firm was afflicted by a malware attack and more media companies were brought down by ransomware.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…


Baltimore City Government: City government serving Baltimore, Maryland
Exploit: Ransomware
Risk to Small Business: 1.888 = Severe: A ransomware attack has disabled nearly all computerized functions for the Baltimore City Government, including email, online payment platforms, and more. Business operations have been interrupted for “almost every department,” and city officials have started using library computer labs to process payroll for employees. It’s entirely possible that paychecks for city employees will be delayed, which can ultimately cause staff members to leave.
Individual Risk: 2.428 = Severe: Citing concerns about revealing the network vulnerability, city officials have not disclosed information about the breach. However, there is no indication that personal data was compromised as part of this breach.
Customers Impacted: Unknown
How it Could Affect Your Business: When adding up the costs of a data breach or ransomware attack, it’s important to consider the residual effects that take shape in the wake of a security incident. After factoring in the losses that result from customer and employee attrition, the ROI of security training and awareness solutions becomes irrefutable.


 

Wyzant: Online education marketplace that matches tutors with students

Exploit: Database infiltration
Risk to Small Business: 1.777 = Severe: Hackers took advantage of a database anomaly to steal personally identifiable information (PII) from an undisclosed number of users on April 27, 2019. The tutoring company issued a patch to the database, and a more in-depth investigation is underway.
Individual Risk: 2.248 = Severe: Although it’s unclear how many users were impacted by the breach, PII was definitely made available to hackers. This data includes names, email addresses, zip codes, and more. The company’s platform lets users sign in using their Facebook credentials, enabling hackers to siphon off .jpegs of Facebook profile pictures, which can be leveraged to facilitate phishing scams.
Customers Impacted: Unknown
How it Could Affect Your Business: Failing to understand the security vulnerabilities that impact your IT infrastructure can have significant consequences for your users. Especially for companies handling PII for minors, protecting customer information has to remain a top priority. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee data.



Watertown Daily Times: Daily newspaper published in Watertown, New York
Exploit: Ransomware
Risk to Small Business: 2 = Severe: A company employee discovered ransomware on the company’s network while working on computer systems that are responsible for ad design and newspaper production. In addition to disabling certain publication capabilities, the ransomware restricted access to the company’s email servers and internet-based phones. While the newspaper was able to publish its latest edition, some sections were inaccessible, and reporters were forced to work from home.
Individual Risk: 3 = Moderate Risk: There is no indication that individual data was compromised in this breach.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks are on the rise in every industry. Companies should proactively assess their threat landscape while establishing protocols for restoring operations and protecting sensitive data. Meanwhile, understanding what happens to sensitive data after it’s accessed is a natural next step for repairing the product and reputation damage that frequently follows a data breach.



Augustana College: Private liberal arts college in Rock Island, Illinois
Exploit: Ransomware
Risk to Small Business: 2.111= Severe: A university server housing personal information of students was hijacked by a ransomware attack. Although the server was taken offline and existing data was migrated to a new server, the hackers were able to view student information before the breach was detected. A third-party forensic investigation team has been hired to review the incident, and the organization is undergoing new initiatives to prevent an attack like this in the future.
Individual Risk: 2.571 = Moderate: Augustana did not reveal the exact nature of the personal information compromised in the attack, but university staff and students should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes.
Customers Impacted: Unknown
How it Could Affect Your Business: When it comes to preventing malicious hacking attempts, the best offense is a strong defense. This means that all campus dwellers at a university should be enrolled in ongoing security training. Untrained employees are a significant security risk, but they can be transformed into an organization’s best defense against cybercrime.


A Note From Kobargo:
As you’ve probably noticed from tuning into our weekly newsletter, ransomware attacks are increasing in scope and severity at an alarming rate.
Security researchers are now tracking a new ransomware that is infecting computers by disguising itself as anti-virus software. Talk about a malicious advancement for an already meticulous cybersecurity threat!
This latest file-locking malware is disguised as an anti-virus installation that users willingly download on their computers. Victims are lured by the false request  through phishing emails that prompt users to “update and verify” their anti-virus software with an embedded link.
When users click on the link, the malware downloads ransomware and an outdated anti-virus software. The download begins encrypting files in the background while unknowing users complete the anti-virus software installation.
While this tactic isn’t necessarily new, its reemergence should compel companies to train their employees to spot malicious materials and to create a comprehensive plan for dealing with phishing scams, malware, and ransomware attacks. Consider partnering with an MSP that can offer phishing simulation training, like Kobargo Technology Partners, that can help support such initiatives with state-of-the-art solutions.
Protect your business from Ransomware. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 05-13-19

Cyber Alert:  Last week, software companies were put under siege by ransomware and a flaw in Google Chrome may lead to phishing scams.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…

 

Partners in Care: Healthcare provider based in Bend, Oregon
Exploit: Phishing Attack
Risk to Small Business: 1.777 = Severe: A phishing attack compromised an employee’s email account towards the end of 2018, providing hackers with access to patients’ health information between November 17 and December 12. After completing a manual email review, the company concluded that sensitive patient information was exposed during the breach.
Individual Risk: 2 = Severe: Although it is unclear how many records were compromised in the breach, hackers were able to access patients’ personal information including names, birth dates, medical records, and social security numbers. Patient records related to diagnosis, medications, and insurance details were also revealed. The organization notified those impacted by the breach and are encouraging them to monitor their account statements for suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies managing sensitive healthcare information are expected to have mechanisms in place to protect their patients, so a preventable data breach is particularly egregious. While phishing scams are used to gain access to a company’s IT infrastructure, they can be prevented through training and monitoring tools.


 

Citrix: Multinational software company providing application and software services

Exploit: Password Spraying
Risk to Small Business: 2.333 = Severe: Hackers took advantage of weak employee passwords and gained entrance to the company’s network via password spraying. Once inside, they were able to access internal documents and information on former and current employees for about six months. The bad actors were expelled from the network, and the company took measures to improve the company’s password security.
Individual Risk: 2.248 = Severe:  As part of an ongoing investigation, it was revealed that financial information and social security numbers of employees were at risk, in addition to internal business assets. Even worse, the company also disclosed that hackers were able to view personal information of employees’ beneficiaries and dependents. Current and former employees are encouraged to sign up for identity protection services to monitor their credentials.
Customers Impacted: Unknown
How it Could Affect Your Business:  Recovering from a data breach that not only compromises employee information but also that of their dependents and beneficiaries can be an arduous process. Employees lose trust and goodwill in their employer, and it becomes difficult for them to discern the long-term consequences once personal data is accessed. Therefore, proactively providing identity monitoring services can go a long way in demonstrating a commitment to employees while mitigating security risks for the company as a whole.



Microsoft: Multinational technology company based in Redmond, Washington
Exploit: Account takeover attack
Risk to Small Business: 2.111 = Extreme: Hackers used many different maneuvers including brand impersonation, social engineering, and phishing scams to gain access to the email accounts of Office 365 users. Once inside, the cybercriminals implemented a variety of inbox rules to hide their behavior as they sent thousands of emails intended to facilitate spear phishing, BEC attacks, and malvertising campaigns.
Individual Risk: 2.284 = Severe: While hackers gained access to user email accounts, it appears that their primary purpose was to proliferate the scam by sending emails to unsuspecting recipients. However, users with compromised Office 365 accounts should immediately change their passwords while also being mindful of the potential for data misuse.
Customers Impacted: 4,000
How it Could Affect Your Business: Email account compromises are the center of many data breaches today, and it’s time that small businesses take notice. The good news is, securing employee and user accounts can be achieved by partnering up with the right cybersecurity training solution.



Docker Hub: Online platform for procuring container applications
Exploit: Unauthorized database access
Risk to Small Business: 1.777 = Severe: When an unauthorized third party breached Docker Hub’s database, they gained access to sensitive data including usernames, passwords, and other account features. Although the company immediately notified users of the attack, the hackers gained extensive system access, ultimately compromising nearly 200,000 accounts. Even worse, it’s possible that the software applications that users built on the platform could be impacted by the breach.
Individual Risk: 2.571 = Moderate: The organization insists that financial information was not accessed during the breach, but hackers did gain extensive information about Docker Hub customers. Anyone with a Docker Hub account should enroll in identity and financial monitoring services.
Customers Impacted: 190,000
How it Could Affect Your Business: Docker Hub is being scrutinized for avoiding the implementation of industry’s security best practices, such as two-factor authentication, which could have allowed them protect users from this breach. Small businesses operating in the B2B space need to ensure that they are doing everything possible to protect customer data by partnering up with MSPs with state-of-the-art cybersecurity technology.



St. Ambrose Cathalic Parish: Local Catholic Parish based in Brunswick, Ohio
Exploit: Fraudelent email scam
Risk to Small Business: 2.444 = Severe: Bad actors sent fraudulent emails on behalf of a construction company that was contracted to complete work on the church building. The emails claimed that the parish was two months behind on project payments and included instructions for wiring payment to an external bank account. To execute the fraud, hackers first gained access to the email accounts for the construction company, extending the cybersecurity event beyond just the church.
Individual Risk: 3 = Moderate: There is no indication that any personal information was compromised in this breach.
Customers Impacted: 1
How it Could Affect Your Business: As this episode demonstrates, email scams can be a convincing way to execute fraud, and companies need to educate their employees about the signs of deception while also equipping them with training in best practices to avoid being a victim of a cybercrime. Unfortunately, events like this are incredibly commonplace and can happen to anyone, but companies are still responsible for protecting their systems.


A Note From Kobargo:
E-retail theft is a lucrative business 
Traditionally, payment credentials stolen from brick-and-mortar stores were able to command a higher price on the Dark Web than card-not-present data (also known as CNP). However, it seems like the market dynamics have recently shifted, as this information is now being used to target online retailers.
Consequently, the demand for these credentials is far outpacing supply, driving up the price. The economics can be explained by the recent US migration towards chip-based payment cards, which offer a superior level of fraud protection for in-store purchases.
Such news has broad implications for both consumers and companies operating in today’s digital ecosystem. Security has to be a constant priority, since payment trends will give way to new threats, and tomorrow’s vulnerabilities will not be the same as those existing today. In order to keep a continuous pulse on your employee and customer data, consider partnering up with an MSP that implements proactive Dark Web monitoring.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more
Data Breach, Cyber Alert Monday 05-06-19

Cyber Alert: Last week, employee phishing runs rampant, ransomware brings an airport offline, an NBA team’s online store leaks credit card information, and another Dark Web marketplace takes a dive.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
EmCare:  Dallas-based healthcare provider that offers physician services and other healthcare functions
Exploit: Employee Email Account Breach
Risk to Small Business: 1.666 = Severe: An unauthorized third party accessed employee emails, allowing them to view sensitive personal information and confidential patient data. Through this vulnerability, hackers were able to access as many as 60,000 individual records, including 31,000 patient records. The company was quick to indicate that they don’t believe any personal data has or will be misused, and it’s unclear why this information was accessed. Nevertheless, EmCare will now bear the costs of providing free credit monitoring services and managing public relations.
Individual Risk: 2.149 = Severe: Employees and patients who received care from the company could have had their name, birth date, age, social security number, and driver’s license number exposed. In some cases, protected health information was also made vulnerable.
Customers Impacted: 60,000
How it Could Affect Your Business: This episode is a reminder that even minor vulnerabilities can have extensive consequences. In this case, accessing just a few email accounts compromised thousands of patient records, creating serious problems for both the victims and the company. Since healthcare organizations are explicitly charged with protecting this information, they need to take every precaution to make sure that their systems are secure. By monitoring where and how hackers use patient and employee information on the Dark Web, providers can offer lasting protection.
 
Atlanta Hawks Shop: Online store for the Atlanta Hawks, a professional basketball team in the NBA
Exploit: Malware
Risk to Small Business: 1.888 = Severe: A malicious code bearing the signature of Magecart, a well-known collective of online credit card thieves, was planted on the online store for the Atlanta Hawks. The malware records keystrokes on the payment platform, allowing the thieves to acquire sensitive payment information from buyers. It’s believed that hackers accessed the store through unprotected third-party extensions affiliated with the shop’s cloud hosting service.
Individual Risk: 2.248 = Severe:  The Atlanta Hawks online store has more than seven million visitors each year, and this particular strain of malware was introduced on April 20th. Anyone who made purchases through the online store on or after that date should assume that their name, address, and credit card information was compromised. As a result, those impacted should immediately sign up for credit monitoring services while staying vigilant for other misuses of this sensitive data.
Customers Impacted: Unknown
How it Could Affect Your Business:  E-commerce has quickly become the shopping method of choice for many consumers, and securing this process is critical for any company looking to capitalize on this trend. To put it simply, if customers don’t trust that your checkout is secure, they are less likely to make a purchase on your platform. Businesses must vet their third-party payment processing providers and implement additional layers of security through MSPs who can navigate digital marketplaces to understand how compromised payment data is being used by hackers.
 
Doctors’ Management Service: Medical billing service provider
Exploit: Ransomware attack
Risk to Small Business: 1.444 = Extreme: Nearly 40 healthcare centers were significantly impacted by a ransomware attack that compromised patient data. Although the company deployed a network backup to avoid paying the ransom, the hackers had access to sensitive patient information including names, addresses, dates of birth, social security numbers, driver’s license numbers, and health insurance information.
Individual Risk: 2 = Severe: The company was unable to determine if personal health information was viewed or downloaded, and patients at any of the healthcare providers working with Doctors’ Management System could be impacted by the breach. Therefore, all patients within this network are encouraged to obtain credit and identity monitoring services.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a serious problem for healthcare companies and those tasked with managing patient data. Having the right backup infrastructure in place is important, and, in this case, allowed the company to avoid paying a ransom to reclaim its data. However, implementing the right security measures for proactive detection is even more critical for preventing attacks from occurring in the first place.
 
Cleveland Hopkins International Airport: A public airport located in Cleveland, Ohio
Exploit: Ransomware attack
Risk to Small Business: 2.111 = Severe: A ransomware attack on the airport disabled information screens that provide information about incoming arrivals, imminent departures, and baggage claim status. At the same time, other network components including email, electronic payroll, and record keeping services were also affected. These disruptions occurred for many days, and the FBI is investigating the source of the attack.
Individual Risk: 3 = Moderate: There is no indication that any personal information was compromised in this attack, but users with information stored on this network should be mindful of its vulnerabilities while monitoring for possible misuse of stored information.
Customers Impacted: Unknown
How it Could Affect Your Business: When data breaches occur at companies providing critical services like air travel, the prospect of a disruptive data breach can have far-reaching consequences. While this data breach didn’t compromise any critical infrastructure, travelers might be less likely to trust the company’s infrastructure to guard against more progressive or intrusive tasks. When public safety is concerned, preventing a breach becomes an even more critical concern.
 
BodyBuilding.com: Idaho-based online forum and retailer for supplements
Exploit: Employee phishing scam
Risk to Small Business: 1.888 = Severe: A single phishing email targeting staff members managed to compromise an entire network, allowing hackers to access the personal information of the platform’s users. Even more alarmingly, the company was unable to confirm if data was actually stolen, signaling a lack of privacy stewardship. Along with the threat of fines or lawsuits, the company stands to lose the trust of customers who catch wind of the breach.
Individual Risk: 2.428 = Moderate: While the platform contends that credit card and social security numbers were not compromised in the breach, they acknowledged that it’s possible that hackers accessed customers names, email addresses, billing/shipping addresses, phone numbers, order history, and company communications.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing scams are preventable, and the right training coupled with proactive security software can stop such an attack before it compromises the entire network. This incident serves as reminder that untrained and unfamiliar staff can be a point of vulnerability that hackers tap into, creating significant security risks for any company.
 
 
Partners for Quality: Pennsylvania-based agency providing educational services for children with intellectual and developmental disabilities
Exploit: Compromised email accounts
Risk to Small Business: 1.222 = Extreme: A malicious third party gained access to several employee email accounts, giving them broad access to their users’ sensitive personal information. This is the company’s second data breach this year, and, since the company handles uniquely sensitive information about their customers, the responsibility to secure this data is magnified.
Individual Risk: 2 = Severe: Hackers gain access to protected health information (PHI) including names, social security numbers, diagnosis/treatment, medical records, billing claims, health insurance credentials, passport information, and banking numbers. Those impacted by the breach should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes.
Customers Impacted: 3,673
How it Could Affect Your Business: Every company managing PHI needs to be especially aware of their cybersecurity vulnerabilities, since a breach not only imperils their users but it also casts doubt on their competence. Since most email-based threats are preventable, companies handling PHI should take every action to educate their employees and to secure their networks.
 
A Note From Kobargo:
Cyber-attacks are soaring in 2019
It’s no surprise that cyber criminals are always looking for new vulnerabilities to take advantage of, and we are now becoming inundated, and even accepting, of breaches making daily news headlines. However, their swift increase in the first quarter of 2019 is shocking even by today’s standards.
According to recent report by Malwarebytes, cyber threats are up 235% year-over-year, primarily the result of a surge in ransomware and trojans.
However, bad actors aren’t just increasing the frequency of their attacks. They are changing their focus. The study found that cyber criminals are targeting SMBs because they have less money and resources to spend on cyber defense.
Most prominently, cyber criminals are relying on ransomware. Corporate ransomware attacks are up 195% from the last quarter, and they have grown at an astonishing 500% since April 2018.
It’s no secret that today’s threat landscape is always evolving, and protecting small businesses requires a continual reevaluation of your organization’s most prominent vulnerabilities. However, in order to fight fire with fire, companies must enlist the help of security solutions that are designed to keep a pulse on hacker activities and employee/customer information.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Read more