Upfort Shield Comes Up On Top Among Insurance Cybersecurity Solutions (Again!)
Upfort Shield was named a “Gold Globee® Awards Winner” at the 2025 Globee Awards
Blog
/
Threat Matrix: October Edition
Threat Matrix: October Edition
The latest news from the digital underbelly and how to protect your business
Welcome to the October edition of Upfort’s Threat Matrix, your essential guide to cybersecurity news tailored for small business owners. In this edition, we cover sophisticated social engineering attacks using Microsoft Teams, hacked robo vacuums chasing pets, and the latest round of enterprise-scale data breaches.
Want to help keep your company safe? It only takes two minutes to complete our interactive cybersecurity checklist to tell how prepared you are. Or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your network.
Following DDoS Attack and Data Breach, Internet Archive Placed in Read-Only Mode
The Internet Archive has temporarily switched to “read-only” mode, following a DDoS attack that briefly kicked the site offline in early October. The attack coincided with a data breach in which 31 million user authentication records were stolen.
While in Read-Only, access to previously archived content remains available, but updates and uploads have been paused. According to the Internet Archive, the temporary restrictions will allow the org to focus on securing its systems, preserving data integrity, and conducting a thorough investigation into the breach.
How to defend yourself: To secure your organization from similar attacks, secure backups, and monitor systems for unusual access patterns to prevent downtime.
Hackers Pose as IT Support on Microsoft Teams
A Russian ransomware group known as “Black Basta” is now incorporating Microsoft Teams into a sophisticated social engineering scheme. The attack begins by flooding targets with spam emails, creating confusion. The attackers then pose as an external IT support rep to exploit a sense of urgency so they can get the target to quickly grant remote access to their system. Once the attackers access the system they can move laterally throughout the network to gain expanded access to the whole network.
In the previous incarnation of the attack, the attackers would call employees and urge them to grant direct access to the system. In the newer version, the group reaches out via Microsoft Teams which, like the voice-based version of the attack, allows them to bypass traditional inbox-based phishing defenses like Upfort’s Inbox Defender (which have gotten very good at pinpointing phonies).
How to defend yourself: Limit external access in Microsoft Teams, train employees on identifying phishing attempts, and monitor for unusual chats or login requests. Ensure remote software installations are restricted to authorized users only.
Hackers Take Control of Ecovacs Deebot X2, Harass Pets
A recent breach involving the Ecovacs Deebot X2 robot vacuum has raised serious security alarms. Attackers reportedly exploited vulnerabilities in the device to control its movements, using it to harass household pets and broadcast offensive language throughout users’ homes. This incident demonstrates the potential risks of internet-connected smart devices, as hackers leveraged access to disrupt home environments and compromise user privacy.
How to protect yourself: To reduce the risk of device takeovers, ensure all smart home devices have the latest firmware updates, use strong, unique passwords, and consider separating smart devices onto a secure, dedicated network.
UnitedHealth Data Breach Affects 100 Million
UnitedHealth recently disclosed that a ransomware attack on Change Healthcare compromised the personal data of 100 million people. Change Healthcare, a company managing insurance claims and healthcare data processing was targeted by the BlackCat ransomware group. The attackers reportedly used stolen credentials to access sensitive information, including insurance details, medical records, and Social Security numbers.
How to defend yourself: Healthcare providers should enforce multi-factor authentication, restrict remote access, and train employees on detecting phishing attempts.
Landmark Data Breach Exposes Sensitive Data of 800,000 Individuals
Insurance administrator Landmark Admin has reported a data breach affecting over 800,000 people. As a third-party administrator, Landmark handles insurance claims and related services for major providers. During a cyberattack in May 2024, hackers accessed files containing sensitive information, including Social Security numbers, health records, and financial details. No group has claimed responsibility, and it’s unclear if ransomware was involved.
How to defend yourself: Regularly monitor credit and bank statements, use multi-factor authentication, and limit access to sensitive data systems.
APT29 Mimics AWS Domains to Steal Windows Credentials
APT29, a Russian intelligence-linked group, recently targeted Windows credentials across Europe, Africa, and Ukraine, using phishing campaigns that mimicked Amazon Web Services (AWS) domains. Disguised emails advised recipients on AWS and Microsoft integration, embedding malicious Remote Desktop Protocol (RDP) configuration files to gain system access. If launched, these files enabled attackers to connect remotely and access various system resources, from storage to communication ports.
How to defend yourself: To avoid falling for this attack, set up your email to block Remote Desktop files (RDP) as these files let attackers control your computer remotely. Encourage your team to be cautious with emails that look official but ask for unusual actions, like setting up remote access. Regularly review your network connections or ask your IT provider to check for suspicious links or unfamiliar addresses. Implementing a “zero-trust” approach, where access is limited to only what’s necessary, can also strengthen your defenses.
US Healthcare Sector Faces Growing Ransomware Threats
A recent report from Microsoft highlights a major surge in ransomware attacks targeting the U.S. healthcare sector. Hospitals and insurers are at high risk due to outdated systems and limited cybersecurity resources, making them prime targets for cybercriminals. The report said there had been a 300% increase in ransomware attacks against healthcare businesses since 2015.
How to defend yourself: Review your security setup, restrict system access to essential personnel, and prioritize regular backups.
