09 Jul Security Breach – 9 July 2020
No industry is immune to ransomware attacks. Just last week, hackers attempted to breach more than 30 news sites owned by a major US media company in an audacious attempt to deploy WastedLocker ransomware.
The hacking gang, known as Evil Corp, was attempting to use this method to infect the systems of employees of over 30 major US private firms using fake software update alerts that popped up after the targeted employee browsed news at the affected news sites.
It’s common for employees to access non-work websites from their work machines during the workday. Everyone checks a few headlines or looks up the weather.
In this case, the employees’ computers were set up to be used as a stepping point into their companies’ networks. There hasn’t been any reported further action, but that doesn’t mean that there wasn’t a successful compromise at one of the targeted firms.
By 2021, it’s estimated that a ransomware attack will take place every 11 seconds.
So, what’s the most common way that ransomware is delivered? Phishing. Whether it’s a malicious link, a spurious PDF, a poisoned SMS, or the old classic infected attachment, ransomware is the threat that really keeps IT staffers up at night.
A phishing resistance training and testing solution that is consistently updated with the latest threats can help companies effectively defend against ransomware attacks by improving their defence against phishing.
You need to get every employee enlisted in the effort to guard against ransomware.
United States – Department of Education – Federal Government Agency
Exploit: Unsecured Database
Risk to Small Business: Severe: A large number of Americans may have had their personally identifiable data compromised by the United States Department of Education. According to reports, the agency left the Social Security numbers of tens of thousands of people seeking student debt relief unprotected and susceptible to a data breach for at least six months. While the information was stored securely enough to prevent an external breach, any users of the agency’s systems could freely access the information in a simple shared folder, including outside contractors.
Risk to Exploited Individuals: Severe: The breached information was collected from complaints filing for student debt relief after paying for years of education of dubious value from for-profit colleges. Personally identifiable information, including Social Security numbers, was not secured correctly. The information was easily obtained by anyone with access to agency or contractor systems. Those who suspect that they may be at risk should watch their credit reports and be on alert for spear phishing attacks.
Customers Impacted: 240,000
India – Limeroad – Apparel Marketplace
Exploit: Unauthorized Database Access
Risk to Small Business: Moderate: Approximately 1.29 million customers of popular Indian social shopping site Limeroad had their personal data compromised last week in a database break-in, and the stolen information is already up for sale on the Dark Web. Cyber researchers report that the database contained the full names of users, phone numbers, and email addresses of users. No financial data was noted as compromised.
Risk to Exploited Individuals: Moderate: While some personal information was compromised in the breach, no financial data or sensitive identity information was stolen. Limeroad users should be on the lookout for potential spear phishing attempts using this data.
Customers Impacted: 1.29 Million
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: