This week, compromised email accounts expose customer data, ransomware disrupts remote work, and the FBI releases a new warning about COVID-19 related healthcare cybercrime.
This Week In Breach
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: High-Tech & IT
- Top Employee Count: 11-50
United States – AST LLC.
https://www.technadu.com/ast-llc-announces-data-breach-circulates-notices-employees/99052/
Exploit: Employee payroll breach
AST LLC.: Cloud & digital transformation service provider
Risk to Small Business: 1.871 = SevereUsing a previously compromised email account, hackers accessed employee payroll information. Hackers used their access to set up rules that diverted received messages, making it more difficult for the company to detect the breach. The incident, which occurred on March 9, 2020, has prompted the company to update its cybersecurity standards to include two-factor authentication on company email accounts. Unfortunately, this change is too-little-too-late and is unlikely to assuage the concerns of the company’s enterprise clients.
Individual Risk: 1.690 = SevereHackers accessed employees’ payroll information and 2019 W-2 forms, which included their names, addresses, salary details, Social Security numbers, employer identification numbers, and other work-related information. AST has warned employees that this information will likely be transferred to the Dark Web, where it could be used to create convincing spear phishing emails. The company is offering affected personnel a year of identity theft prevention services, and victims should enroll in this service as an extra defense against additional cybercrimes related to this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Employee email accounts are often compromised, and this can have significant repercussions for both employee and company data. Simple steps, like enabling multi-factor authentication, can help keep these accounts secure while protecting ROI.
ID Agent to the Rescue: With Passly, you can protect your employees’ digital identities, your data, and your clients. Our remote-ready soultion packs multi-factor authentication, single sign-on, and password management tools in one affordable, easy-to-deploy package. Find out more at https://www.idagent.com/passly.
United States – San Francisco International Airport
Exploit: Malware attack
San Francisco International Airport: Airport authority
Risk to Small Business: 2.505 = ModerateA malware attack on two websites related to the San Francisco International Airport, SFOConnect.com and SFOConstruction.com, compromised users’ login credentials. The breach applies specifically to users accessing the sites using Internet Explorer or a Windows-based personal device. In response, the airport has reset all account passwords, and they are encouraging everyone with an account on these platforms to update their login information for other websites that use the same information.
Hackers obtained peoples’ usernames and passwords. Although the company was quick to reset these credentials, victims should be mindful that this information could be used to access other accounts that rely on the same username and password combination. Therefore, they should carefully monitor their accounts for suspicious or unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Stolen login credentials are often available for sale on the Dark Web, making an awareness of this nefarious marketplace an integral part of any company’s cybersecurity strategy. By having your eyes and ears attuned to this information’s availability, companies can prevent its use before it enables a more devastating data breach.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
In Other News
Thousands of Zoom Credentials Available on Dark Web
As we recently reported in our blog, Zoom and other video conferencing services have soared in popularity, but their convenience can come at a steep cost to cybersecurity. Unfortunately, these services have been subject to a litany of cyber threats. Terms like “Zoom bombing” are now part of our vernacular as Zoom takes the most heat for cybersecurity weaknesses, but other services have faced privacy concerns of their own.
This reality was underscored this week when cybersecurity researchers discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users.
Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing Dark Web monitoring is one way to stay ahead of the game during this critical time.
https://securityaffairs.co/wordpress/101475/deep-web/zoom-dark-web.html
A Note for Your Customers
COVID-19 Treatment Centers Targeted by Cybercrime
This week, the Federal Bureau of Investigation (FBI) issued a warning that hackers are increasingly targeting companies pursuing treatments for the novel Coronavirus. As a result, the FBI warned, “Now is the time to protect critical research you’re conducting.”
Of course, it’s not just researchers experiencing a surge in COVID-19-related cyberattacks. Other healthcare facilities, including hospitals, testing facilities, and specialty care units have experienced a barrage of phishing scams, ransomware attacks, and other cyberattacks. This activity is part of a concerted effort by cybercriminals to take advantage of this scary and destabilizing moment to steal valuable company and customer data.
Consequently, now is the time for every company to reassess its cyber preparedness in light of the new realities posed by COVID-19. If we can support these efforts in any way, please don’t hesitate to contact our team!
