Your Organization May Be at Risk of a Data Breach

Each week, organizations are breached by hackers who have one goal: extort money.

In May 2021, at least 160 organizations in the United States informed their customers and partners that they had been breached.  While data breaches are typically thought of as opportunities to steal and resell data, many incidents have fraud or some other direct monetization method as their primary motive. Ransomware and business email compromise attacks are the best examples of these types of events, but many identity fraud schemes are much easier to commit when bad actors gain direct access to a business’s systems.

In one case, detailed below, the “hacker” was actually a former employee. Insider threats like these can be especially pernicious. With authorized access to customer or employee personal information, employees are able to overcome many of the countermeasures in place to stop malicious external actors. Unlike external fraud threats, insiders have a much greater ability to manipulate the system, making it far easier to commit certain types of fraud that are typically too labor-intensive to be profitable for external actors.

Notable Breaches

• Financial: Smith & Company CPAs

Smith & Company’s Electronic Filing ID number, used for tax filings on behalf of clients, was compromised, allowing the perpetrator of the breach to submit fraudulent tax returns as well as access clients’ tax returns. Exposed data types include Social Security numbers, financial account numbers, and other tax identification information. (Fraudulently filed tax returns intended to maximize tax refunds and either have them directed to an account under the fraudsters’ control or claim them in prepaid cards. Because tax returns also contain core data types used across identity verification in financial services, they also provide a treasure trove of information for groups that later intend to resell the data.)

• Law Firm: Phillip Galyen P.C.

A cyberattack against Phillip Galyen P.C. allowed the perpetrator to access the law firm’s network and exposed sensitive personal information on clients and employees of the law firm. Compromised data types include Social Security numbers, credit, and debit card numbers, medical records including diagnosis and treatment information, and more.

• Government: County of Orange Social Services Agency

A former employee of the County of Orange Social Services Agency inappropriately accessed and used information on individuals. Exposed data types include Social Security numbers, contact information, legal documents such as marriage certificates and tax and immigration records, medical records, and more. While the data breach occurred in April 2018, it was not reported until May 2021.

• Medical: Health Plan of San Joaquin

Unauthorized access to business email accounts at Health Plan of San Joaquin allowed the perpetrator to gain access to patients’ sensitive personal and medical information contained in messages and attachments that passed through unencrypted email accounts. Exposed data types include Social Security numbers, driver’s license numbers, login information, medical records such as lab results and treatment information, and more.

The reality is that not every phishing attack or ransomware strain has been spotted before. Without Indicators of Compromise (IOCs) and other threat intelligence, your organization is not prepared with appropriate security safeguards. That’s why organizations need to be able to spot an attack that’s in progress—regardless of whether someone has detected it before. They can do this by investing in Managed Endpoint Detection and Response (MDR/ EDR) solutions that leverage detections based on Indicators of Behavior (IOBs). As such, ICS uses and recommends Blackpoint Security as an MDR solution that identifies threats quickly using behavioral analysis that leverages cross-machine correlations and enriched data from across all endpoints in real-time. Correlating these events and activities instantly delivers the indicators of an attack, which can then be terminated before any damage is done.

Optionally, the Blackpoint MDR can also monitor your Microsoft 365 email environment for policy violations, suspicious activities, and other anomalous events.

The ICS Security Team wants to help prevent your organization from becoming another statistic, and avoid the financial, legal, and reputational damage that comes from being exposed by hackers. Please speak with us today to schedule a demonstration on what Blackpoint can accomplish for you.