Security Breach Update
15 March 2019

Small BusinessIn the past, being a small business was enough to divert hackers from targeting your company. However, cyber criminals have discovered ways to generate profit from compromised data, many times through the Dark Web.

Many small business owners are beginning to ramp up their cybersecurity efforts, but the Dark Web remains an elusive concept for most.

In some ways, the Dark Web is exactly what it sounds like: an anonymous network of websites and forums where stolen information is put up for sale. How do organizations protect themselves and their customers from ending up on the Dark Web?

By employing advanced monitoring tools through security providers and creating security training programs to foster a culture of cybersecurity education and awareness.

Recent Breaches

United States – Dun & Bradstreet – Business Analytics Company based in New Jersey.

Exploit: Trojan spam campaign

Risk to Small Business: Moderate: Emails identified as spam were found attempting to impersonate Dun & Bradstreet’s official website using a lookalike domain. These “complaint” emails contained macros that deliver Trickbot, a damaging Trojan that can be leveraged by hackers against banks. However, security researchers were able to uncover the campaign and users have been advised to disable macros from automatically opening in the Word application or open their emails in protected view.

Risk to Exploited Individuals: Moderate: If users avoid opening spam emails and attachments, there is limited risk involved. Nevertheless, if the Trickbot Trojan installs itself on a computer containing valuable files, all bets are off.

Customers Impacted: To be disclosed.

United States- Rush University Medical Centre – Academic medical centre in Chicago, IL.

Exploit: Third-party breach

Risk to Small Business: Severe: After unearthing a massive data breach on January 22nd, the hospital revoked its contract with an IT vendor and launched an investigation. Patients whose data was compromised were notified, but Rush maintains that the data was not misused after the incident.

Although the institution has offered one-year identity protection and breach helplines, this is the second security incident that Rush has suffered within the last year, causing patients and caregivers to reconsider their selection in care providers.

Risk to Exploited Individuals: Severe: According to a financial filing by the medical centre, compromised data included names, addresses, birthdays, SSNs, health insurance information, and even medical data. Patients should enrol in identity protection immediately and continue to monitor their accounts for fraudulent activity.

Customers Impacted:  45,000

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
15/03/2019

Follow us on LinkedIn:

Related Articles:
Ransomware Warning
Stopping Identity Theft

Written by