Security Breach – 10 Dec 2020

Security Breach – 10 Dec 2020

Make sure that all of your employees are well-versed in the types of phishing schemesAmazon brings unwanted holiday gifts to businesses  

Everyone loves giving and getting gifts – it’s part of what makes this season special. It’s the most wonderful time of the year for cybercriminals too. As you and your staffers buy everything from business essentials to toys on Amazon this holiday season, you’re opening your business up to extreme risk from phishing.

While an increase in holiday-time phishing attacks isn’t unusual, the combination of people shopping from home because of the pandemic plus a huge increase in overall cybercrime spells trouble for your company in 2020. A recent report shows that Amazon-related phishing messages have more than doubled this year, and they’re continuing to climb, with a more than 60% increase in November alone.

So how can you protect your business?

By making sure that all of your employees are well-versed in the types of phishing schemes that cybercriminals are bringing to the table this year. Up-to-date training that’s regularly refreshed can lower your incidence of a cybersecurity problem by up to 70%, making it a smart investment in your business.

Recent Breaches

 

The Netherlands – Randstad – Staffing Agency

Exploit: Ransomware

Risk to Small Business: Severe: The Egregor ransomware gang is getting its work done before the holidays, with yet another major strike this week, this time on the world’s largest staffing company. Randstad states that only a limited number of servers were impacted and that their network and business operations continued to operate without disruption. The company is still assessing what data exactly was stolen, but doesn’t expect that any client or employee data was impacted.

Risk to Exploited Individuals: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.

Customers Impacted:  Unknown

Japan – Recruit Holdings – Staffing Agency

Exploit: Vulnerability in VPN Network

Risk to Small Business: Severe: Many of the organisations, which are clients of a virtual private network service provided by Fortinet Inc., had staff IDs, passwords and other authentication data stolen after a list of some 50,000 of the US firm’s unpatched VPN appliances was leaked on the internet on 19 Nov.

Fortinet released patches in May 2019 to fix vulnerabilities in its VPN service, with IT expert organisations in Japan also repeatedly issuing warnings. It is believed that the organizations that suffered security breaches had not applied the patches. VPN usage has increased as companies encourage employees to work from home due to the novel coronavirus pandemic.

Risk to Exploited Individuals: A spokesperson for Recruit said the company cannot confirm the attack but said there was no damage and updates of the system have now been put in place.

Customers Impacted:  Unknown

Australia – Loch Rannoch Highland Club – Private Resort

Exploit: Insider Threat (Employee Error)

Risk to Small Business: Extreme:  Administrators at the Lake Rannoch Highland club are in hot water after a suspected employee error exposed information about 2,400 members and visitors, including some very prominent people. Detailed personal information about people who don’t like that data circulating around was made available publically after it was posted to a publicly accessible portion of the club’s website in what the resort notes was an “employee error”.

Risk to Exploited Individuals:  Extreme:  243 pages of sensitive information about the owners of holiday homes or timeshares at the club and their guests were exposed, including the personal emails and phone numbers of more than 2,400 members plus timeshare owners’ email addresses and phone numbers, alongside their club reference numbers.

Customers Impacted:   Unknown

Protect your data and systems by implementing a solid cybersecurity plan. Talk to a TCT team member today and we can show you how.

Robert Brown
10/12/2020

Follow us on LinkedIn:

Related Articles:
Remote workers are a juicy targets for ransomware attacks!
Too many privileged credentials can lead to disaster



Log a Job: