Security Breach Update
15 May 2020

Cybercrime Increased by 300% Since COVID-19 Pandemic BeganCybercrime Increased by 300% Since COVID-19 Pandemic Began

By now, many organizations are well aware of the increase in cybercrime since the COVID-19 pandemic began. The number of phishing scams have soared, popular virtual meeting platforms (like Zoom) have endured cybersecurity shortcomings and many more.

A report by the US Federal Bureau of Investigation (FBI) has quantified the increase in cyberattacks, detailing that the number of reported cybersecurity complaints have increased by more than 4,000 since the pandemic began. The information comes as tech platforms have similarly quantified cyber threats related to their platforms. Google says that it’s blocking 18 million COVID-19 phishing scams each day, and the US Federal Trade Commission (FTC) has recorded 18,257 fraud complaints related to the Coronavirus, collectively causing $13.44 million in losses.

These numbers are a reminder that companies need to remain vigilant about addressing the most pressing threats, especially phishing scams, during the pandemic.

However, agencies are also speculating that the significant uptick in cybercrime could be the result of a yet undisclosed data breach, which means that companies need visibility into the Dark Web where stolen credentials or other information could be used in upcoming attacks.

Recent Breaches

United States – GoDaddy – Domain service provider

Exploit: Unauthorized database access

Risk to Small Business: Severe: GoDaddy has reported an October data breach to California authorities after it identified an unauthorized individual operating within their platform. Although the company believes that files were not altered or modified, the company was forced to reset user account passwords and to provide a free year of its website security and malware service.

It’s possible that the intruder is related to an earlier cybersecurity incident stemming from an employee who engaged with a phishing scam. The hosting platform often touts its small business services, and these organizations will now have to decide if a platform with multiple cybersecurity lapses is the best place for their digital services to reside.

Risk to Exploited Individuals: GoDaddy asserts that personal data was not compromised in this breach, but customers should carefully monitor their accounts for possible misuse.

Customers Impacted: Unknown

Australia – Home Affairs – Australia’s employment department

Exploit: Unsecured database

Risk to Small Business: Severe: An unsecured database exposed the information for hundreds of thousands of users who uploaded their information to a department form for skilled workers looking to migrate to Australia.

The breach compromised peoples’ personally identifiable information for an at-risk population. The breach is especially untimely because the Australian government is asking people to trust its cybersecurity and data privacy acumen by downloading a COVID-19 tracing app that relies on peoples’ sensitive personal data. It’s a reminder that brand reputation and cybersecurity are inextricably linked, and companies that care about the former will prioritize the latter.

Risk to Exploited Individuals: Severe: The exposed database included users’ partial names, ADUserIDs, age, country of birth, marital status, and desired application outcomes. It applies to applicants as far back as 2014, and it could be used to execute additional cybercrimes or instances of fraud. Those impacted by the breach should carefully scrutinize incoming messages while also being aware that their data could quickly spread on the Dark Web where cybercriminals use that information for a variety of malicious purposes.

Customers Impacted: 774,326

Australia – Toll Group – Transportation and Logistics Company

Exploit: Ransomware

Risk to Small Business: Severe: After recovering from a ransomware attack in early 2020, Toll Group has once again been victimized by bad actors. This attack exploited vulnerabilities in a Remote Desktop Protocol to infect the company’s network. To prevent the malware’s spread, Toll Group brought many of its servers offline, compounding the cost by curtailing productivity during an already precarious time.

Risk to Exploited Individuals: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown.

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
15/05/2020

Follow us on LinkedIn:

Related Articles:
Stolen credentials to attack hospitals and medical facilities with ransomware
Human Error is a Top Cause of Data Breaches

Written by