Week in Breach 04/15/20 – 04/21/20

This week, compromised email accounts expose customer data, malware compromises credentials, and the FBI releases a new warning about COVID-19-related healthcare cybercrime.  
week in breach cybersecurity

Dark Web ID Trends:


Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry:  IT, Cruise Line, and Airport
Top Employee Count: 11-50

United States – AST LLC.

Exploit: Employee Payroll breach
AST LLC.: Cloud and digital transformation service provider

cybersecurity-warning-meterRisk to Small Business:  1.871 = Severe

Using a previously compromised email account, hackers accessed employee payroll information. Hackers used their access to set up rules that diverted received messages, making it more difficult for the company to detect the breach. The incident, which occurred on March 9, 2020, has prompted the company to update its cybersecurity standards to include two-factor authentication on company email accounts. Unfortunately, this change is too-little-too-late and is unlikely to assuage the concerns of the company’s enterprise clients.

cybersecurity-warning-meterIndividual Risk: 1.690 = Severe

Hackers accessed employees’ payroll information and 2019 W-2 forms, which included their names, addresses, salary details, Social Security numbers, employer identification numbers, and other work-related information. AST has warned employees that this information will likely be transferred to the Dark Web, where it could be used to create convincing spear phishing emails. The company is offering affected personnel a year of identity theft prevention services, and victims should enroll in this service as an extra defense against additional cybercrimes related to this incident.

Customers Impacted:  Unknown

What Can You Learn from Their Mistake?

Employee email accounts are often compromised, and this can have significant repercussions for both employee and company data. Simple steps, like enabling multi-factor authentication, can help keep these accounts secure while protecting ROI.

How Can Spry Squared Help?

Our Managed IT Services can help you protect your employees’ digital identities, your data, and your clients. Our remote-ready solution packs multi-factor authentication, single sign-on, and password management tools in one affordable, easy-to-deploy package. Click here to get started or call 720.724.7730.

United States – San Francisco International Airport

Exploit: Malware Attack

San Francisco International Airport: Airport authority

week-in-breach-cybersecurity-warning-meterRisk to Small Business: 2.505 = Moderate

A malware attack on two websites related to the San Francisco International Airport, SFOConnect.com and SFOConstruction.com, compromised users’ login credentials. The breach applies specifically to users accessing the sites using Internet Explorer or a Windows-based personal device. In response, the airport has reset all account passwords, and they are encouraging everyone with an account on these platforms to update their login information for other websites that use the same information.

cybersecurity-warning-meterIndividual Risk:  2.775 = Moderate

Customers Impacted:  Unknown

What Can You Learn from Their Mistake?

Stolen login credentials are often available for sale on the Dark Web, making an awareness of this nefarious marketplace an integral part of any company’s cybersecurity strategy. By having your eyes and ears attuned to this information’s availability, companies can prevent its use before it enables a more devastating data breach.

How Can Spry Squared Help?

We go into the Dark Web to keep you out of it. Spry Squared’s Managed IT Services offers Dark Web monitoring services that combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data.  Schedule a demo today.

Canada – Holland America Line, Inc.

Exploit:  Accidental data sharing
Holland America Line, Inc.: Cruise Company

cybersecurity-warning-meter

Risk to Small Business:  1.833 = Severe

When communicating with COVID-19 patients from a recently-docked cruise ship, authorities accidentally emailed an attachment that included the personal details to all cruise line passengers impacted by the virus. Compounding the problem, many recipients forwarded the email, expanding the scope of the data exposure. Impacting COVID-19 patients, this data breach is an awful event occurring at a terrible time.

cybersecurity-warning-meterIndividual Risk:  1.905 = Severe

The breach includes patients’ personally identifiable information, including their names, addresses, dates of birth, email addresses, phone numbers, and passport numbers. The 247 passengers are also being asked to change their passport numbers. Victims should enroll in a credit and identity monitoring service to ensure the long-term integrity of this critical data.

Customers Impacted:  247

What Can You Learn from Their Mistake?

This incident is a reminder that companies need a 360-degree approach to data security that accounts for all types of data loss opportunities. In this way, holistic cybersecurity training can equip employees to rightly prioritize company data and to take appropriate steps to mitigate the risk of a data breach.

How Can Spry Squared Help?

Spry Squared Managed IT Services offers Compliance Management, so your company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone.

In Other News:

Thousands of Zoom Credentials Available on Dark Web   

Zoom and other video conferencing services have soared in popularity, but their convenience can come at a steep cost to cybersecurity. Unfortunately, these services have been subject to a litany of cyber threats. Terms like “Zoom bombing” are now part of our vernacular as Zoom takes the most heat for cybersecurity weaknesses, but other services have faced privacy concerns of their own.

This reality was underscored this week when cybersecurity researchers discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users.

Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing Dark Web monitoring is one way to stay ahead of the game during this critical time.

COVID-19 Treatment Centers Targeted by Cybercrime   

This week, the Federal Bureau of Investigation (FBI) issued a warning that hackers are increasingly targeting companies pursuing treatments for the novel Coronavirus. As a result, the FBI warned, “Now is the time to protect critical research you’re conducting.”

Of course, it’s not just researchers experiencing a surge in COVID-19-related cyberattacks. Other healthcare facilities, including hospitals, testing facilities, and specialty care units have experienced a barrage of phishing scams, ransomware attacks, and other cyberattacks. This activity is part of a concerted effort by cybercriminals to take advantage of this scary and destabilizing moment to steal valuable company and customer data.

Consequently, now is the time for every company to reassess its cyber preparedness in light of the new realities posed by COVID-19. If we can support these efforts in any way, please don’t hesitate to contact our team!

Not sure how safe your data is OR is your company data already on the Dark Web?

Contact the cybersecurity experts at Spry Squared for your complimentary Dark Web scan.

Thanks to our cybersecurity partner ID agent for this Week in Breach report!


[/av_textblock]