Breach Report - April 2020

April 30, 2020 | IT Security | Breach Report

This month in cybersecurity news, Zoom credentials are for sale on the Dark Web, online retailers are prime targets for malware, and learn cybersecurity tips for working from home.

 

Security Topics of the Month

Expert Cybersecurity Tips for Working From Home

Working from home presents unique cybersecurity challenges for both companies and their employees. To help you secure data while working remotely, here are four simple steps that everyone can take.

  1. Use a trusted VPN. These services can provide a layer of protection by encrypting network traffic and making it more difficult for bad actors to spy on your activity. Choose a reputable VPN provider, as a number of VPN scams have tricked employees into downloading malicious software that steals their login credentials.
  2. Enable two-factor authentication. Account security is critical, especially when entire companies are working remotely. Enabling two-factor authentication is an affordable and effective way to keep company accounts secure at all times.
  3. Refrain from using personal devices. Many employees may be tempted to use personal devices for work-related tasks, especially when working from home. It’s always possible that these devices contain malware or other exploits that could compromise company data.
  4. Look out for phishing scams. Cybercriminals are always looking for ways to capitalize on our vulnerabilities. At this moment, COVID-19-related phishing scams abound, targeting employees’ sense of isolation and vulnerability to capture critical information.

 

Healthcare Data Breaches On the Rise

A study of the Department of Health and Human Services’ HIPAA breach reporting tool found 105 breaches impacting 2.5 million patients. However, before February 19th, only 38 incidents and 1.1 million records were affected.

Cybercriminals have upped their game to take advantage of the chaotic situation on the ground, and healthcare organizations need to be prepared. Notably, the study found that hacking incidents are, by far, the leading cause of data breaches. Many included various forms of email account compromise.

Moreover, the report predicts that, as more employees work from home, incidents of phishing attacks will increase because employees are more likely to fall for scams when they are isolated at home. Fortunately, a comprehensive employee awareness campaign can thwart these attacks, helping ensure that healthcare providers are focused on patient care rather than being inundated with cybersecurity threats.

 

Online Retailers See Surge in Cyberattacks

Online shopping has become a vital lifeline for thousands of businesses while brick-and-mortar locations are closed and millions of people shelter in place. In fact, many retailers are experiencing online traffic that is exceeding Cyber Monday activity, typically a high watermark for online shopping.

Unfortunately, bad actors are capitalizing on this moment by targeting e-commerce platforms using tricks like account takeovers, bot-powered scraping attacks, and payment card skimming malware. For example, 80% of login incidences at home goods retailers are attributed to account takeover attempts.

Online retailers need to be especially critical of their defensive posture to ensure they can retain customer goodwill and capture enough revenue to stay afloat in a challenging time for retail.

 

Thousands of Zoom Credentials On the Dark Web

Researchers have discovered more than 2,300 Zoom credentials for sale on the Dark Web. In addition to potentially embarrassing drop-ins, this information could allow hackers to execute a number of cybercrimes, including phishing scams, that could cause real problems for Zoom users.

Ultimately, it’s a reminder that this new remote reality is fraught with cybersecurity concerns that companies need to address. Being aware of potential threats through ongoing Dark Web monitoring is one way to stay ahead of the game during this critical time.

 

Hackers Use Stolen Credentials to Attack Hospitals with Ransomware

Since the onset of the COVID-19 pandemic, hospitals, and healthcare facilities have dealt with a deluge of cyberattacks, and ransomware has been especially pernicious. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), hackers infiltrated many of these organizations using stolen credentials obtained from a known vulnerability in their VPN servers.

This threat was first identified in October 2019. Unfortunately, even after repairing the vulnerability, the agencies have seen examples of cybercriminals using compromised credentials to access company networks.

The incident is a reminder of the importance of acting swiftly to address cybersecurity vulnerabilities and keeping an eye on the Dark Web, where stolen login information can quickly circulate and create chaos for your IT infrastructure.

COVID-19 is creating a more perilous digital environment for companies, making now the right time to double-down on cybersecurity initiatives that can prevent a breach.

 

The Month in Breach

Hackers Target Tupperware with Online Payment Skimmer

Payment skimming malware was injected into the checkout process of Tupperware’s online store. The malicious script was active for at least five days, and it mimicked Tupperware’s official payment form. After shoppers entered their data into the fake form, a “time out” error appeared, redirecting customers to the actual payment page and disguising the theft, which allowed it to go undetected.

The payment skimming malware collected customer data entered including names, addresses, phone numbers, credit card numbers, expiration dates, and CVV codes. This data could allow hackers to commit financial theft or identity fraud.

Online shopping is a singular respite in an otherwise bleak outlook for retailers. Companies can’t afford to lose customers because of a cybersecurity vulnerability. Many customers say they won’t return to an online store after a data breach, which means that companies looking to capitalize on their online stores need to make sure they’re secure.

 

Spear Phishers Go After GoDaddy

A spear phishing attack tricked a customer service employee into providing information that ultimately allowed hackers to view and modify customer records. As a result, several GoDaddy clients, including Escrow.com, which provides escrow services for several prominent websites, were impacted.

Thankfully no personal information was compromised. But this breach will have costly implications for both GoDaddy and its customers, who will have to decide if they want to continue partnering with a company that puts their sensitive data at risk.

This incident is a reminder that failures at other companies can have significant implications for your own. It only increases the importance of securing accounts to buttress your IT infrastructure against potential failure at third-party contractors. With simple cybersecurity features, like two-factor authentication, company accounts remain secure even when credentials or login information is exposed.

 

Sensitive Info of Holland America Line Passengers Accidentally Shared

When communicating with COVID-19 patients from a recently-docked cruise ship, Canadian authorities accidentally emailed an attachment that included the personal details of the Canadian passengers to all cruise line passengers impacted by the virus.

Compounding the problem, many recipients forwarded the email, expanding the scope of the data exposure. The breach revealed patients’ personally identifiable information, including their names, addresses, dates of birth, email addresses, phone numbers, and passport numbers.

This incident is a reminder that companies need a 360-degree approach to data security that accounts for all types of data loss opportunities. In this way, holistic cybersecurity training can equip employees to rightly prioritize company data and to take appropriate steps to mitigate the risk of a data breach.

 

The Small Business Administration Suffers a Data Breach

A cybersecurity vulnerability in the portal that processes small business owners applying for an emergency loan experienced a data breach. Detected on March 25th, the breach impacts a vital program for small businesses.

The breach exposed applicants’ names, addresses, email addresses, dates of birth, citizen status, and insurance information. This data can quickly circulate on the Dark Web, and bad actors will frequently reuse the information in phishing scams and other fraud attempts.

Organizations collecting and storing personal data can support their users during the COVID-19 pandemic by taking extra care to ensure that personal data remains private. It’s a priority that always matters, it's especially amplified during the pandemic.

 

Past Breach Reports

Breach Report – March 2020

Breach Report – February 2020