09 Dec Security Breach – 10 Dec 2020
Amazon brings unwanted holiday gifts to businesses
Everyone loves giving and getting gifts – it’s part of what makes this season special. It’s the most wonderful time of the year for cybercriminals too. As you and your staffers buy everything from business essentials to toys on Amazon this holiday season, you’re opening your business up to extreme risk from phishing.
While an increase in holiday-time phishing attacks isn’t unusual, the combination of people shopping from home because of the pandemic plus a huge increase in overall cybercrime spells trouble for your company in 2020. A recent report shows that Amazon-related phishing messages have more than doubled this year, and they’re continuing to climb, with a more than 60% increase in November alone.
So how can you protect your business?
By making sure that all of your employees are well-versed in the types of phishing schemes that cybercriminals are bringing to the table this year. Up-to-date training that’s regularly refreshed can lower your incidence of a cybersecurity problem by up to 70%, making it a smart investment in your business.
Recent Breaches
The Netherlands – Randstad – Staffing Agency
Exploit: Ransomware
Risk to Small Business: Severe: The Egregor ransomware gang is getting its work done before the holidays, with yet another major strike this week, this time on the world’s largest staffing company. Randstad states that only a limited number of servers were impacted and that their network and business operations continued to operate without disruption. The company is still assessing what data exactly was stolen, but doesn’t expect that any client or employee data was impacted.
Risk to Exploited Individuals: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.
Customers Impacted: Unknown
Japan – Recruit Holdings – Staffing Agency
Exploit: Vulnerability in VPN Network
Risk to Small Business: Severe: Many of the organisations, which are clients of a virtual private network service provided by Fortinet Inc., had staff IDs, passwords and other authentication data stolen after a list of some 50,000 of the US firm’s unpatched VPN appliances was leaked on the internet on 19 Nov.
Fortinet released patches in May 2019 to fix vulnerabilities in its VPN service, with IT expert organisations in Japan also repeatedly issuing warnings. It is believed that the organizations that suffered security breaches had not applied the patches. VPN usage has increased as companies encourage employees to work from home due to the novel coronavirus pandemic.
Risk to Exploited Individuals: A spokesperson for Recruit said the company cannot confirm the attack but said there was no damage and updates of the system have now been put in place.
Customers Impacted: Unknown
Australia – Loch Rannoch Highland Club – Private Resort
Exploit: Insider Threat (Employee Error)
Risk to Small Business: Extreme: Administrators at the Lake Rannoch Highland club are in hot water after a suspected employee error exposed information about 2,400 members and visitors, including some very prominent people. Detailed personal information about people who don’t like that data circulating around was made available publically after it was posted to a publicly accessible portion of the club’s website in what the resort notes was an “employee error”.
Risk to Exploited Individuals: Extreme: 243 pages of sensitive information about the owners of holiday homes or timeshares at the club and their guests were exposed, including the personal emails and phone numbers of more than 2,400 members plus timeshare owners’ email addresses and phone numbers, alongside their club reference numbers.
Customers Impacted: Unknown
Protect your data and systems by implementing a solid cybersecurity plan. Talk to a TCT team member today and we can show you how.
Robert Brown
10/12/2020
Follow us on LinkedIn:
Related Articles:
Remote workers are a juicy targets for ransomware attacks!
Too many privileged credentials can lead to disaster