21 May Security Breach – 21 May 2021
One little email carries big risks.
The biggest danger to your company’s cybersecurity isn’t someone hacking into your systems. It’s one phishing email.
Phishing is the primary delivery system for all of today’s nastiest cyberattacks, from ransomware to business email compromise, and every organisation is at risk for falling victim to an attack.
In a record-breaking year for cybercrime, phishing risk ballooned by more than 600% in Q2 2020 and stayed elevated for the rest of the year.
Why more phishing? More email.
As businesses went remote last year (and many remain hybrid this year) an enormous increase in email volume led the way for equally enormous increases in every type of phishing attack.
Cybercriminals did not hesitate to capitalise on that opportunity.
Industry reporting notes that business email compromise attacks were up by 14%, while cloud-based attacks shot up by more than 40%. Experts estimate that one out of every 99 messages a business receives contains a phishing attack.
Did you know that an estimated 97% of employees in a wide array of industries are unable to recognise a sophisticated phishing email?
With phishing as the primary threat for most damaging cyberattacks, that’s bad news for businesses. Reduce your chance of getting caught by phishing by keeping your employees’ phishing resistance training up to date, because phishing attacks are definitely coming your way, with potentially devastating consequences.
Japan – Toshiba – Electronics Manufacturer
Risk to Small Business: Severe: European units of Japanese tech giant Toshiba are investigating a security incident in which scammers may have used a similar hacking tool to the malware used against IT systems at Colonial Pipeline. The company announced that it had been forced to disconnect network connections between Japan and Europe to stop the spread of ransomware. The attack is believed to have been perpetrated by the DarkSide ransomware gang. Toshiba Tec Group, a unit of the multinational conglomerate which makes printers and other technologies, said the firm had not yet confirmed that customer related information was leaked externally. The incident is under investigation and the company says that it has not paid any ransom.
Risk to Exploited Individuals: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
United States – US Veterans Administration (VA)
Risk to Small Business: Severe: The VA has found itself in the cybersecurity hot seat again after a data breach at a records contractor exposed more than 200,000 records for veterans. The contractor, United Valor Solutions, appears to have been the victim of a ransomware attack. Researchers found a trove of their data online, including this sensitive VA data. The VA has announced that its Veterans Benefits Administration (VBA) Privacy Office is currently working with Medical Disability Examination Officer (MDEO) and contractors to further handle the incident, with the VA Data Breach Response Service investigating independently.
Risk to Exploited Individuals: Severe: The exposed records contain included patient names, birth dates, medical information, contact information and even doctor information and appointment times, unencrypted passwords and billing details for veterans and their families, all of which could be used in socially engineered spear phishing or fraud scams.
Customers Impacted: 200,000
Protect your data and systems by implementing a solid cybersecurity plan today. Talk to a TCT team member today and we can show you how.
Follow us on LinkedIn: