This week, a ransomware attack impacts COVID-19 care, what happens when a company ignores basic security protocols, and mitigating cybersecurity risks during the Coronavirus pandemic.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Finance and Insurance
Top Employee Count: 1-10
United States – Whisper
Exploit: Unsecured database
Whisper: Privacy-focused messaging app
Risk to Small Business: 2.111 = Severe
Developers overlooked basic security protocols when they left a database containing customer information unprotected by even a password, and hackers pounced. As a result, 900 million files dating back to the company’s launch in 2012 were made available online. Although the company was quick to secure the database, its reactive efforts will do little to assuage the doubts and concerns of its privacy-minded customer base.
Individual Risk: 2.571 = Moderate
Customers Impacted: Unknown
What Can You Learn from Their Mistake?
Data breaches are fairly common in sites that are supposedly private, so it’s always wise to never assume that anything you post will remain private. Hackers delight in taking advantage of weaknesses in any app and by compiling data and using social profiling, consumers compromised data is all just a piece of the bigger picture the cybersecurity world.
How Can Spry Squared Help?
Spry Squared is an expert in cybersecurity and helping our SMB customers understand the importance of security. We offer a free intial Dark Web scan and you can see if your business credentials have been compromised. From Dark Web monitoring to ransomeware protection and training to a recovery plan, our cybersecurity package will help with all aspects of your comany’s cybersecurity. Learn more about Spry Squared Cybersecurity here.
United States – Champaign-Urbana Public Health District
Exploit: Ransomware
Champaign-Urbana Public Health District: Healthcare service provider
Risk to Small Business: 2.111 = Severe:
A ransomware attack disabled the healthcare provider’s website as concerns over Coronavirus are reaching a fever pitch. While the incident spared the provider’s email accounts, health records, and patient records, it limited the agency’s ability to communicate with patients. The Champaign-Urbana Public Health District has begun using its social media accounts to communicate with the public, and they’ve launched a backup website to replace the disabled page. This is an expensive and potentially harmful incident at a time when quickly communicating information can be a matter of life and death.
Individual Risk: 2.714 = At this time, no personal information was compromised in the breach
Customers Impacted: Unknown
What Can You Learn from Their Mistake?
The particular malware strain that infected the Champaign-Urbana Health District targets enterprises running Windows 10. It’s a reminder that ransomware is on the rise and companies can take simple steps to ensure that malware doesn’t enter their system through outdated software, phishing attacks, or other vulnerabilities
How Can Spry Squared Help?
We have tools that simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click this link to get started.
United Kingdom – Anteus Tecnologia
Exploit: Exposed database
Anteus Tecnologia: Developer and distributor of fingerprint identifcation systems
Risk to Small Business: 1.888 = Severe
A cyberattack on February 20, 2020, compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.
Individual Risk: 2.142 = Severe
In addition to precise fingerprint data, the database also contained the email addresses and phone numbers of employees who store their information with the company. Those impacted by the breach should take every precaution to secure their data and beware of potential instances of fraud resulting from this compromised information.
Customers Impacted: 76,000
What Can You Learn from Their Mistake?
Today’s regulatory landscape promises steep penalties for companies that fail to protect customer information. In this environment careless errors, like failing to password protect a database, are especially egregious to regulators and customers – and all companies need to ensure that data security is a day-one, top-down priority.
How Can Spry Squared Help?
Spry Squared has tools that can automate regulatory compliance in maintaining required data privacy standards, eliminating guesswork, and ensuring efficiency at every stage. Learn more now.
In Other News:
Hackers Collect Millions from Stolen Payment Card Records
In an increasingly digital-first world, payment card skimming malware has been a growing threat to both customers and retailers – and a profitable business for the bad guys. Unfortunately, that trend is unlikely to abate anytime soon. According to cybersecurity researchers, hackers recently hauled in $1.6 million from selling 239,000 stolen payment cards on the Dark Web.
The card information was stolen throughout 2019 from as thousands of retailers fell victim to malware. In this web-skimming incident, attackers used malicious JavaScript to steal payment data at checkout from stores hosted on the Volusion cloud platform. Unfortunately, the high yield is likely to incentivize other cybercriminals to pursue payment card skimming, creating a serious liability for companies and customers processing payments online.
Customers routinely demonstrate an unwillingness to shop at online retailers after a data breach. Making cybersecurity at the point of sale a top priority could be the difference between a flourishing online store and a floundering operation. Any business planning to implement online sales needs to have a strong cybersecurity strategy that works mitigate some of the risk of this means of attack including regular malware assessments and Dark Web monitoring.
Not sure how safe your data is OR is your company data already on the Dark Web?
Contact the cybersecurity experts at Spry Squared for your complimentary Dark Web scan.
Thanks to our cybersecurity partner ID agent for this Week in Breach report!
