"Your Information Technology Leader"

InTegriLogic Blog

  1. You are here:  
  2. Home
  3. Blog
  4. Authors
  5. Bruce Groen

InTegriLogic Blog

InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x
Bruce Groen

Bruce Groen is the CEO and co-founder of InTegriLogic Corp.

Bruce Groen

The Week in Breach News: 09/29/21 – 10/05/21

Sandhills Global

https://journalstar.com/news/local/ransomware-attack-affects-lincoln-based-sandhills-global-operations/article_aa844ea4-a3f1-5c63-8cae-c062e3283b8a.html
Exploit: Ransomware

Sandhills Global: IT & Digital Publishing


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.337 = Extreme
 
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and by scooping it up at service providers like publishing companies they can ensure that they profit even if no ransom is paid.

 

 

Marketron

https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/
Exploit: Ransomware

Marketron: Marketing Services Company


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand.  The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 320,000

How It Could Affect Your Business: Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.

 

 

Portpass

https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749
Exploit: Misconfiguration

Portpass: COVID-19 Vaccine Passport Platform


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.

Customers Impacted: 650,000

How It Could Affect Your Business: Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.

 

 

United Kingdom – Giant Group

https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/
Exploit: Ransomware

Giant Group: Payroll Services Firm


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.

 

 

France – TiteLive

https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/
Exploit: Ransomware

TiteLive: Bookstore Support Platform Provider


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.

 

 

Israel – E.M.I.T Aviation Consulting

https://www.haaretz.com/israel-news/tech-news/.premium-experts-iran-may-be-behind-cyberattack-on-company-serving-big-names-in-israeli-tech-1.10231555

Exploit: Ransomware

E.M.I.T Aviation Consulting: Defense Aviation Consulting


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.

 

 

New Zealand – Aquila Technology

https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breach
Exploit: Credential Compromise

Aquila Technology: Communications Equipment Retailer


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Business: Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.

 

 

Japan – JVCKenwood

https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/
Exploit: Ransomware

JVCKenwood: Audio Equipment Manufacturer


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.

 
Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time, although the sample points to employee information exposure.

Customers Impacted: Unknown

How it Could Affect Your Business: Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.

 

 
 
Continue reading
Bruce Groen

Think Beyond Basic Backups to Tackle Ransomware

Think Beyond Basic Backups to Tackle Ransomware

Although ransomware has long been a serious concern for business owners all over the world, the COVID-19 pandemic has created new opportunities for this threat to flourish, and the attack vector is likely to become even more dangerous in the coming years.

 
According to a report, 304 million ransomware attacks occurred globally in 2020, with ransomware affecting over 65% of global businesses.1 Experts suggest that this is only the tip of the iceberg. Unfortunately, even though SMBs continue to be disproportionately affected by these nefarious attacks, reporting and notifications rarely make the news.

 
When it comes to cybersecurity and ransomware, the biggest mistake SMBs make is assuming hackers only target large enterprises. This is why many SMBs still rely on simple backups and don't have a solid strategy in place.

 
The truth is that hackers are counting on smaller businesses to have fewer security measures in place, making it easier for them to get into your systems. While it’s good to have data backup, it's high time you take its security a step further.

 

The 3-2-1 Backup Strategy for Your Business

 
This is an industry best practice for reducing the risk of losing data in the event of a breach. The 3-2-1 strategy involves having at least three copies of your data, two on-site but on different mediums/devices, and one off-site. Let's examine each of the three elements and the issues they address:

 

  • Three copies of data

Having at least two additional copies of your data, in addition to your original data, is ideal. This ensures that, in the event of a disaster, you will always have additional copies. The first backup copy of data is usually kept in the same physical location as the original, if not the same physical server.

 

  • Two different mediums

Storing additional copies of your valuable data on the same server/location won’t be helpful in the event of a breach. Keep two copies of your data on different types of storage mediums such as internal hard drives, and removable storage like an external hard drive or a USB drive. If this isn't practical for your business, keep copies on two internal hard disks in separate storage locations.

 

  • One off-site copy

Keep one copy of your data off-site, far from the rest. This helps safeguard against worst-case scenarios.

 
In addition to the 3-2-1 backup strategy, consider applying the concept of layered security to keep your data and backup copies secure.

 

Importance of Layered Security in Cyber Defense

 
Most SMBs have an antivirus or firewall installed, but this is usually insufficient to combat today's sophisticated threat landscape, necessitating the application of a layered security approach.

 
Because no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization's defenses or have already done so. The goal of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.

 
The THREE ELEMENTS of layered security are:

 

  • Prevention

Security policies, controls and processes should all be devised and implemented during the PREVENTION phase.

 

  • Detection

The goal of DETECTION is to discover and notify a compromise as soon as possible.

 

  • Response

A quick RESPONSE is crucial for the detection phase to be meaningful.

 
Layered security is divided into seven layers by security experts. Hackers seeking to get into a system must break through each layer to gain access. If you want to keep cybercriminals out of your systems, concentrate on improving these seven layers:

 

  1. Information security policies

Implement security policies that restrict unauthorized access because the security and well-being of IT resources are dependent on them. This will help you raise information security awareness inside your organization and demonstrate to your clientele that you're serious about securing their data.

 

  1. Physical security

Physical security measures, such as fences and cameras, are critical to prevent unwanted intruders from breaking in. It also helps monitor employees with access to sensitive systems.

 

  1. Network security

All it takes is for hackers to exploit a single vulnerability to get access to a company’s network. They can easily break into computers and servers after they’ve gained access to your network. Therefore, establishing effective network security measures is essential.

 

  1. Vulnerability scanning

Vulnerabilities that occur because of factors such as inadequate patch management and misconfigurations open the door for cybercriminals. However, vulnerability scans help detect these missed patches and improper configurations.

 

  1. Strong identity and access management (IAM)

Because of technological advancements, acquiring passwords and hacking into networks is easier than ever. IAM restricts access to critical data and applications to certain workers, making unauthorized access hard.

 

  1. Proactive protection and reactive backup + recovery

Proactive protection detects and fixes security risks before they lead to a full-blown breach. The goal of reactive backup and recovery is to recover quickly after an attack.

 

  1. Continual monitoring and testing

Failure to regularly monitor and test your backup and disaster recovery strategy is a major oversight and can result in a breach.

 
While it’s your responsibility to make sure your business doesn't get sucked into the quicksand of data loss, it's easy to become overwhelmed if you're attempting to figure out everything on your own. Working with a specialist like us provides you with the advantage of having an expert on your side. We'll make sure your backup and security postures are capable of tackling threats.

 


 
 
 
 
Source:
  1. Statista
 
 
Continue reading
Bruce Groen

Think Beyond Basic Backups to Tackle Ransomware

Think Beyond Basic Backups to Tackle Ransomware

Although ransomware has long been a serious concern for business owners all over the world, the COVID-19 pandemic has created new opportunities for this threat to flourish, and the attack vector is likely to become even more dangerous in the coming years.

 
According to a report, 304 million ransomware attacks occurred globally in 2020, with ransomware affecting over 65% of global businesses.1 Experts suggest that this is only the tip of the iceberg. Unfortunately, even though SMBs continue to be disproportionately affected by these nefarious attacks, reporting and notifications rarely make the news.

 
When it comes to cybersecurity and ransomware, the biggest mistake SMBs make is assuming hackers only target large enterprises. This is why many SMBs still rely on simple backups and don't have a solid strategy in place.

 
The truth is that hackers are counting on smaller businesses to have fewer security measures in place, making it easier for them to get into your systems. While it’s good to have data backup, it's high time you take its security a step further.

 

The 3-2-1 Backup Strategy for Your Business

 
This is an industry best practice for reducing the risk of losing data in the event of a breach. The 3-2-1 strategy involves having at least three copies of your data, two on-site but on different mediums/devices, and one off-site. Let's examine each of the three elements and the issues they address:

 

  • Three copies of data

Having at least two additional copies of your data, in addition to your original data, is ideal. This ensures that, in the event of a disaster, you will always have additional copies. The first backup copy of data is usually kept in the same physical location as the original, if not the same physical server.

 

  • Two different mediums

Storing additional copies of your valuable data on the same server/location won’t be helpful in the event of a breach. Keep two copies of your data on different types of storage mediums such as internal hard drives, and removable storage like an external hard drive or a USB drive. If this isn't practical for your business, keep copies on two internal hard disks in separate storage locations.

 

  • One off-site copy

Keep one copy of your data off-site, far from the rest. This helps safeguard against worst-case scenarios.

 
In addition to the 3-2-1 backup strategy, consider applying the concept of layered security to keep your data and backup copies secure.

 

Importance of Layered Security in Cyber Defense

 
Most SMBs have an antivirus or firewall installed, but this is usually insufficient to combat today's sophisticated threat landscape, necessitating the application of a layered security approach.

 
Because no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization's defenses or have already done so. The goal of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.

 
The THREE ELEMENTS of layered security are:

 

  • Prevention

Security policies, controls and processes should all be devised and implemented during the PREVENTION phase.

 

  • Detection

The goal of DETECTION is to discover and notify a compromise as soon as possible.

 

  • Response

A quick RESPONSE is crucial for the detection phase to be meaningful.

 
Layered security is divided into seven layers by security experts. Hackers seeking to get into a system must break through each layer to gain access. If you want to keep cybercriminals out of your systems, concentrate on improving these seven layers:

 

  1. Information security policies

Implement security policies that restrict unauthorized access because the security and well-being of IT resources are dependent on them. This will help you raise information security awareness inside your organization and demonstrate to your clientele that you're serious about securing their data.

 

  1. Physical security

Physical security measures, such as fences and cameras, are critical to prevent unwanted intruders from breaking in. It also helps monitor employees with access to sensitive systems.

 

  1. Network security

All it takes is for hackers to exploit a single vulnerability to get access to a company’s network. They can easily break into computers and servers after they’ve gained access to your network. Therefore, establishing effective network security measures is essential.

 

  1. Vulnerability scanning

Vulnerabilities that occur because of factors such as inadequate patch management and misconfigurations open the door for cybercriminals. However, vulnerability scans help detect these missed patches and improper configurations.

 

  1. Strong identity and access management (IAM)

Because of technological advancements, acquiring passwords and hacking into networks is easier than ever. IAM restricts access to critical data and applications to certain workers, making unauthorized access hard.

 

  1. Proactive protection and reactive backup + recovery

Proactive protection detects and fixes security risks before they lead to a full-blown breach. The goal of reactive backup and recovery is to recover quickly after an attack.

 

  1. Continual monitoring and testing

Failure to regularly monitor and test your backup and disaster recovery strategy is a major oversight and can result in a breach.

 
While it’s your responsibility to make sure your business doesn't get sucked into the quicksand of data loss, it's easy to become overwhelmed if you're attempting to figure out everything on your own. Working with a specialist like us provides you with the advantage of having an expert on your side. We'll make sure your backup and security postures are capable of tackling threats.

 


 
 
 
 
Source:
  1. Statista
 
 
Continue reading
Bruce Groen

Cybersecurity: What Every Business Owner Should Know

Cybersecurity: What Every Business Owner Should Know

 
While organizations and workers have certainly benefitted from the advancement of technology, it has also introduced an unprecedented number of cybersecurity risks. Ransomware attacks, for example, hit businesses every 11 seconds in 2021.1 Therefore, if you want your business to grow and succeed, you must understand the realities of cybersecurity.

 

The Reality of the Current Threat Landscape

Did you know that the cost of cybercrime downtime is typically higher than a ransom?

 
Almost every organization will encounter cybercrime at some point. It's not a question of IF, but rather WHEN it will happen. While that reality can be alarming, there’s no need to panic. There are proactive steps you can take to protect your business and achieve peace of mind. But first, let’s discuss what you need to be aware of.

 
Here are some of the most serious and prevalent cyberthreats facing business owners right now:

 

  • Ransomware

Ransomware is malicious software that threatens to reveal sensitive data or prevent access to your files/systems until you pay a ransom payment within a set timeframe. Failure to pay on time can result in data leaks or irreversible data loss.

 

  • Phishing/Business Email Compromise (BEC)

Phishing is a cybercrime that involves a hacker impersonating a legitimate person or organization mostly through emails or through other methods such as SMS. Malicious actors employ phishing to send links or attachments that can be used to extract login credentials or install malware.

 
Similarly, business email compromise (BEC) is a scam in which cybercriminals use compromised email accounts to trick victims into sending money or revealing sensitive information.

 

  • Insider Threats

An insider threat arises from within a company. It could happen because of a current or former employee, vendor, or other business partner who has access to important corporate data and computer systems. Insider threats are hard to detect because they emerge from within and are not always intentional.

 

  • Denial-of-Service/Distributed Denial-of-Service (DoS and DDoS)

These attacks are widespread and easy to carry out. When a DoS or DDoS attack occurs, hackers flood the targeted system with repeated data requests, forcing it to slow down, crash or shut down.

 
If you are still unsure whether you should be concerned about these sophisticated threats or not, the following statistics may help you make up your mind:

 
  • It takes an average of 280 days to identify and contain a breach.2
  • Malicious attacks with financial motivations were responsible for 52% of breaches.2
  • Personal Identifiable Information (PII) is compromised in 80% of data breaches (PII).2
 

Implement These Measures to Secure Your Business

 
Now that you know what types of cyberthreats to look out for, let’s take a look at some measures you can put in place to protect your business against cybercrimes.

 

  • Strict Password Policies/Management Tools

Strict password policies and the use of proper password management solutions can help improve your organization's overall password hygiene. It is, in a way, the first line of protection against cybercriminals.

 

  • Strong Identity Controls - Multifactor Authentication (MFA)

To combat the current threat landscape, strong identity controls that go beyond traditional username-password authentication are required. Consider using Multifactor authentication, which includes features such as one-time passwords (OTPs) and security questions.

 

  • Regular Risk Assessment

This process aids in the detection, estimation and prioritization of risks to an organization's people, assets and operations.

 

  • Virtual Private Network (VPN)

To avoid a security breach, you should set up a corporate VPN that encrypts all your connections. Make sure your employees test it in their respective locations to avoid any hassles.

 

  • Business Continuity Strategy

When disaster hits, a solid business continuity strategy ensures that mission-critical operations continue uninterrupted and that IT systems, software and applications remain accessible and recoverable.

 

  • Continual Security Awareness Training

Continuous security training empowers your employees to recognize complex cyberthreats and take appropriate action, resulting in a transformative security culture within your organization.

 
If you’re ready to strengthen your cybersecurity posture but aren’t sure where to start, don’t worry. We can help your company build a digital fortress of protection solutions.

 


 
 
 
 
 
Sources:
  1. Cybersecurity Ventures (https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/)
  2. IBM Cost of Data Breach Report (https://www.ibm.com/downloads/cas/QMXVZX6R)
 
 
Continue reading
Bruce Groen

Cybersecurity: What Every Business Owner Should Know

Cybersecurity: What Every Business Owner Should Know

  While organizations and workers have certainly benefitted from the advancement of technology, it has also introduced an unprecedented number of cybersecurity risks. Ransomware attacks, for example, hit businesses every 11 seconds in 2021.1 Therefore, if you want your business to grow and succeed, you must understand the realities of cybersecurity.

 

The Reality of the Current Threat Landscape

Did you know that the cost of cybercrime downtime is typically higher than a ransom?

  Almost every organization will encounter cybercrime at some point. It's not a question of IF, but rather WHEN it will happen. While that reality can be alarming, there’s no need to panic. There are proactive steps you can take to protect your business and achieve peace of mind. But first, let’s discuss what you need to be aware of.

  Here are some of the most serious and prevalent cyberthreats facing business owners right now:

 

  • Ransomware

Ransomware is malicious software that threatens to reveal sensitive data or prevent access to your files/systems until you pay a ransom payment within a set timeframe. Failure to pay on time can result in data leaks or irreversible data loss.

 

  • Phishing/Business Email Compromise (BEC)

Phishing is a cybercrime that involves a hacker impersonating a legitimate person or organization mostly through emails or through other methods such as SMS. Malicious actors employ phishing to send links or attachments that can be used to extract login credentials or install malware.

  Similarly, business email compromise (BEC) is a scam in which cybercriminals use compromised email accounts to trick victims into sending money or revealing sensitive information.

 

  • Insider Threats

An insider threat arises from within a company. It could happen because of a current or former employee, vendor, or other business partner who has access to important corporate data and computer systems. Insider threats are hard to detect because they emerge from within and are not always intentional.

 

  • Denial-of-Service/Distributed Denial-of-Service (DoS and DDoS)

These attacks are widespread and easy to carry out. When a DoS or DDoS attack occurs, hackers flood the targeted system with repeated data requests, forcing it to slow down, crash or shut down.

  If you are still unsure whether you should be concerned about these sophisticated threats or not, the following statistics may help you make up your mind:

 

  • It takes an average of 280 days to identify and contain a breach.2
  • Malicious attacks with financial motivations were responsible for 52% of breaches.2
  • Personal Identifiable Information (PII) is compromised in 80% of data breaches (PII).2
 

Implement These Measures to Secure Your Business

  Now that you know what types of cyberthreats to look out for, let’s take a look at some measures you can put in place to protect your business against cybercrimes.

 

  • Strict Password Policies/Management Tools

Strict password policies and the use of proper password management solutions can help improve your organization's overall password hygiene. It is, in a way, the first line of protection against cybercriminals.

 

  • Strong Identity Controls - Multifactor Authentication (MFA)

To combat the current threat landscape, strong identity controls that go beyond traditional username-password authentication are required. Consider using Multifactor authentication, which includes features such as one-time passwords (OTPs) and security questions.

 

  • Regular Risk Assessment

This process aids in the detection, estimation and prioritization of risks to an organization's people, assets and operations.

 

  • Virtual Private Network (VPN)

To avoid a security breach, you should set up a corporate VPN that encrypts all your connections. Make sure your employees test it in their respective locations to avoid any hassles.

 

  • Business Continuity Strategy

When disaster hits, a solid business continuity strategy ensures that mission-critical operations continue uninterrupted and that IT systems, software and applications remain accessible and recoverable.

 

  • Continual Security Awareness Training

Continuous security training empowers your employees to recognize complex cyberthreats and take appropriate action, resulting in a transformative security culture within your organization.

  If you’re ready to strengthen your cybersecurity posture but aren’t sure where to start, don’t worry. We can help your company build a digital fortress of protection solutions.

 

          Sources:

  1. Cybersecurity Ventures (https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/)
  2. IBM Cost of Data Breach Report (https://www.ibm.com/downloads/cas/QMXVZX6R)
   

Continue reading
Bruce Groen

The Week in Breach News: 09/22/21 – 09/28/21

New Cooperative & Crystal Valley Cooperative

https://www.scmagazine.com/analysis/ransomware/food-and-agriculture-industry-needs-more-threat-intel-as-ransomware-attacks-crop-up/
Exploit: Ransomware

New Cooperative & Crystal Valley Cooperative: Agricultural Services


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.337 = Extreme
 
Twin breaches in agriculture have the potential to cause significant disruptions in the US food supply chain. Iowa-based farm service provider New Cooperative was the first ag company hit with a ransomware attack early last week, causing the company to shut down its IT systems. As part of its announcement, the company stated that there would be “public disruption” to the grain, pork and chicken supply chain if its operations are not restored quickly. New ransomware group BlackMatter claimed responsibility, releasing proof on their dark web leak site, saying that they have 1,000GB of data. BlackMatter is demanding a $5.9 million ransom. Minnesota-based farm supply and grain marketing cooperative Crystal Valley was the next hit by a ransomware attack a few days later. The company announced that all of its corporate IT systems were shut down and they were unable to process credit card payments. It also noted that this is a very bad time for cyberattacks in the industry as it is harvest season. No group has yet claimed responsibility for this incident.

Individual Impact: No personal, financial or sensitive data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: As we learned throughout the pandemic, cybercriminals are aware of when it’s the worst possible time for them to strike and they’ll use that as leverage in their attacks.

 

 

Simon Eye & US Vision

https://www.govinfosecurity.com/hacking-incidents-lead-to-2-big-eye-care-provider-breaches-a-17587
Exploit: Hacking

Simon Eye & US Vision: Optometry Clinic Operators


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.606=Severe
A pair of breaches in the optometry world by Simon Eye and US Vision has exposed the personal and health information of tens of thousands of US patients. Delaware-based Simon Eye Management, a chain of clinics that provide eye exams, eyeglasses and surgical evaluations, reported a hacking incident to the US Department of Health and Human Services (HHS) affecting more than 144,000 individuals. This incident also included an aborted business email compromise attempt. In their HIPAA filing, the breach involved an unauthorized third party accessing certain employee email accounts in May 2021 as cybercriminals attempted to pull off wire transfer and invoice manipulation attacks against the company. New Jersey-based USV Optical Inc., a division of US Vision, has also reported a breach to HHS caused by hacking. The company says the incident involved unauthorized access to certain servers and systems between April 20 and May 17, 2021.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.667= Severe
A total of 320,000 US residents may be impacted by these breach incidents. Simon Eye’s disclosure detailed patient information that had potentially been compromised by the incident including patient names, medical histories, treatment or diagnosis information, health information, health insurance information and some Social Security numbers, date of birth and/or financial account information. US Vision disclosed that patient Information potentially compromised in the incident includes patient names, addresses, date of birth and eye care insurance information.

Customers Impacted: 320,000

How It Could Affect Your Business: When companies fail to keep highly sensitive data like this safe, they take a direct hit to the wallet since it costs them a fortune in HIPAA fines once regulators get finished with them.

 

 

Marcus & Millichap

https://searchsecurity.techtarget.com/news/252507058/Marcus-Millichap-hit-with-possible-BlackMatter-ransomware
Exploit: Ransomware

Marcus & Millichap: Real Estate Firm


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.636 = Severe
Real estate giant Marcus & Millichap has suffered a ransomware attack. Suspected to be the work of the BlackMatter ransomware gang, the firm disclosed in an SEC filing that it had seen no evidence of a data breach, although Black Matter did post some authentic-looking sample files with its ransomware demand on its dark web leak site. The incident is under investigation. (The second breach in this pair is in the South America section.)

Individual Impact: No personal, financial or sensitive data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Booming dark web data markets mean that cybercriminals are hungry for all kinds of data, especially customer records and financial information.

 

 

Colombia – Coninsa Ramon H

https://thehackernews.com/2021/09/colombian-real-estate-agency-leak.html
Exploit: Misconfiguration

Coninsa Ramon H: Real Estate Firm


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.713 = Severe
A database owned by Colombian real estate firm Coninsa Ramon H has leaked data. More than one terabyte of data containing 5.5 million files was left exposed, leaking the personal information of over 100,000 customers of a Colombian real estate firm data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.605 = Severe
The data in the exposed bucket includes internal documents like invoices, proof of income documents, quotes and account statements dating between 2014 and 2021. The customer PII leaked may include names, phone numbers, email addresses, residential addresses, amounts paid for estates and asset values. The bucket may also contain a database backup that includes additional information such as profile pictures, usernames and hashed passwords.

Customers Impacted: Unknown

How It Could Affect Your Business: exposed databases are a cybersecurity incident that companies don’t need to face if everyone is on the same page about the importance of security.

 

 

Italy – Covisian

https://www.inforisktoday.com/ransomware-attack-reportedly-cripples-european-call-center-a-17619

Exploit: Ransomware

Covisian: Call Center Operator


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.661=Severe
GSS, the Spanish language division of call center giant Covisian, has informed customers that it has been subjected to a ransomware attack. The attack locked down the company’s IT systems, crippling its Spanish-language call centers. Customer service for organizations including Vodafone Spain, the Masmovil ISP, Madrid’s water supply company, television stations and many private businesses was impacted. (The second in this pair of breaches is in the Middle East section)

Customers Impacted: Unknown

How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.

 

 

Israel – Voicecenter

https://www.haaretz.com/israel-news/tech-news/.premium-experts-iran-may-be-behind-cyberattack-on-company-serving-big-names-in-israeli-tech-1.10231555

Exploit: Ransomware

Voicecenter: Call Center Operator


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli call center service company Voicenter earlier this week is suspected to be the work of the Deus ransomware outfit who has claimed responsibility for the hack. The gang Deus claimed it would release 15 TB of data concerning 8,000 companies that work with Voicenter including Mobileye, Partner, Gett and My Heritage, among others. The data that the attackers have posted on their dark web leak site includes samples of security camera and webcam footage, ID card information, photos, WhatsApp messages, emails and recordings of phone calls. Interestingly, Deus also provided a photo of its ransom message with a demand for 15 bitcoin within 12 hours of the notification on September 19, with 10 bitcoin added every 12 hours after that deadline. After a brief disruption in services, most Voicenter functions have been restored.

Customers Impacted: Unknown

How it Could Affect Your Business: service providers are goldmines for cybercriminals because they provide a wealth of data that can be used and sold for high profit.

 

 
 
Continue reading
Bruce Groen

The Week in Breach News: 09/22/21 – 09/28/21

New Cooperative & Crystal Valley Cooperative

https://www.scmagazine.com/analysis/ransomware/food-and-agriculture-industry-needs-more-threat-intel-as-ransomware-attacks-crop-up/
Exploit: Ransomware

New Cooperative & Crystal Valley Cooperative: Agricultural Services


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.337 = Extreme
 
Twin breaches in agriculture have the potential to cause significant disruptions in the US food supply chain. Iowa-based farm service provider New Cooperative was the first ag company hit with a ransomware attack early last week, causing the company to shut down its IT systems. As part of its announcement, the company stated that there would be “public disruption” to the grain, pork and chicken supply chain if its operations are not restored quickly. New ransomware group BlackMatter claimed responsibility, releasing proof on their dark web leak site, saying that they have 1,000GB of data. BlackMatter is demanding a $5.9 million ransom. Minnesota-based farm supply and grain marketing cooperative Crystal Valley was the next hit by a ransomware attack a few days later. The company announced that all of its corporate IT systems were shut down and they were unable to process credit card payments. It also noted that this is a very bad time for cyberattacks in the industry as it is harvest season. No group has yet claimed responsibility for this incident.

Individual Impact: No personal, financial or sensitive data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: As we learned throughout the pandemic, cybercriminals are aware of when it’s the worst possible time for them to strike and they’ll use that as leverage in their attacks.

 

 

Simon Eye & US Vision

https://www.govinfosecurity.com/hacking-incidents-lead-to-2-big-eye-care-provider-breaches-a-17587
Exploit: Hacking

Simon Eye & US Vision: Optometry Clinic Operators


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.606=Severe
A pair of breaches in the optometry world by Simon Eye and US Vision has exposed the personal and health information of tens of thousands of US patients. Delaware-based Simon Eye Management, a chain of clinics that provide eye exams, eyeglasses and surgical evaluations, reported a hacking incident to the US Department of Health and Human Services (HHS) affecting more than 144,000 individuals. This incident also included an aborted business email compromise attempt. In their HIPAA filing, the breach involved an unauthorized third party accessing certain employee email accounts in May 2021 as cybercriminals attempted to pull off wire transfer and invoice manipulation attacks against the company. New Jersey-based USV Optical Inc., a division of US Vision, has also reported a breach to HHS caused by hacking. The company says the incident involved unauthorized access to certain servers and systems between April 20 and May 17, 2021.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.667= Severe
A total of 320,000 US residents may be impacted by these breach incidents. Simon Eye’s disclosure detailed patient information that had potentially been compromised by the incident including patient names, medical histories, treatment or diagnosis information, health information, health insurance information and some Social Security numbers, date of birth and/or financial account information. US Vision disclosed that patient Information potentially compromised in the incident includes patient names, addresses, date of birth and eye care insurance information.

Customers Impacted: 320,000

How It Could Affect Your Business: When companies fail to keep highly sensitive data like this safe, they take a direct hit to the wallet since it costs them a fortune in HIPAA fines once regulators get finished with them.

 

 

Marcus & Millichap

https://searchsecurity.techtarget.com/news/252507058/Marcus-Millichap-hit-with-possible-BlackMatter-ransomware
Exploit: Ransomware

Marcus & Millichap: Real Estate Firm


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.636 = Severe
Real estate giant Marcus & Millichap has suffered a ransomware attack. Suspected to be the work of the BlackMatter ransomware gang, the firm disclosed in an SEC filing that it had seen no evidence of a data breach, although Black Matter did post some authentic-looking sample files with its ransomware demand on its dark web leak site. The incident is under investigation. (The second breach in this pair is in the South America section.)

Individual Impact: No personal, financial or sensitive data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Booming dark web data markets mean that cybercriminals are hungry for all kinds of data, especially customer records and financial information.

 

 

Colombia – Coninsa Ramon H

https://thehackernews.com/2021/09/colombian-real-estate-agency-leak.html
Exploit: Misconfiguration

Coninsa Ramon H: Real Estate Firm


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.713 = Severe
A database owned by Colombian real estate firm Coninsa Ramon H has leaked data. More than one terabyte of data containing 5.5 million files was left exposed, leaking the personal information of over 100,000 customers of a Colombian real estate firm data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.605 = Severe
The data in the exposed bucket includes internal documents like invoices, proof of income documents, quotes and account statements dating between 2014 and 2021. The customer PII leaked may include names, phone numbers, email addresses, residential addresses, amounts paid for estates and asset values. The bucket may also contain a database backup that includes additional information such as profile pictures, usernames and hashed passwords.

Customers Impacted: Unknown

How It Could Affect Your Business: exposed databases are a cybersecurity incident that companies don’t need to face if everyone is on the same page about the importance of security.

 

 

Italy – Covisian

https://www.inforisktoday.com/ransomware-attack-reportedly-cripples-european-call-center-a-17619

Exploit: Ransomware

Covisian: Call Center Operator


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.661=Severe
GSS, the Spanish language division of call center giant Covisian, has informed customers that it has been subjected to a ransomware attack. The attack locked down the company’s IT systems, crippling its Spanish-language call centers. Customer service for organizations including Vodafone Spain, the Masmovil ISP, Madrid’s water supply company, television stations and many private businesses was impacted. (The second in this pair of breaches is in the Middle East section)

Customers Impacted: Unknown

How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.

 

 

Israel – Voicecenter

https://www.haaretz.com/israel-news/tech-news/.premium-experts-iran-may-be-behind-cyberattack-on-company-serving-big-names-in-israeli-tech-1.10231555

Exploit: Ransomware

Voicecenter: Call Center Operator


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli call center service company Voicenter earlier this week is suspected to be the work of the Deus ransomware outfit who has claimed responsibility for the hack. The gang Deus claimed it would release 15 TB of data concerning 8,000 companies that work with Voicenter including Mobileye, Partner, Gett and My Heritage, among others. The data that the attackers have posted on their dark web leak site includes samples of security camera and webcam footage, ID card information, photos, WhatsApp messages, emails and recordings of phone calls. Interestingly, Deus also provided a photo of its ransom message with a demand for 15 bitcoin within 12 hours of the notification on September 19, with 10 bitcoin added every 12 hours after that deadline. After a brief disruption in services, most Voicenter functions have been restored.

Customers Impacted: Unknown

How it Could Affect Your Business: service providers are goldmines for cybercriminals because they provide a wealth of data that can be used and sold for high profit.

 

 
 
Continue reading
Bruce Groen

The Week in Breach News: 09/15/21 – 09/22/21

Austin Cancer Centers

https://www.beckershospitalreview.com/cybersecurity/cyberattack-leads-to-it-outage-at-texas-cancer-clinics-exposing-36-000.html

Exploit: Ransomware

Austin Cancer Centers: Specialty Medical Clinic System


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.623 = Severe
 
Austin (Texas) Cancer Centers are notifying 36,503 patients of a data breach that forced it to shut down its IT networks. The cancer treatment network, which has eight locations, discovered that hackers had deployed ransomware onto its systems. Cybersecurity experts determined that hackers had made the intrusion and remained invisible since late July 2021.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.702 = Severe
 
Exposed information may include Social Security numbers, names, addresses, birthdates, credit card numbers and health-related information. For patients affected, Austin Cancer Centers offers online credit monitoring services and fraud insurance with coverage up to $1,000,000.

Customers Impacted: 36,503

How It Could Affect Your Business: Data from medical centers is always a valuable commodity for cybercriminals because it can provide PII, financial information and other profitable tidbits.

 

 

TTEC

https://krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/
Exploit: Ransomware

TTEC: Customer Support Provider


cybersecurity news represented by a gauge indicating moderate risk


Risk to Business: 2.636 = Moderate
TTEC, a growing customer support provider, has been hit with a suspected Ragnar Locker ransomware attack. The company handles customer support calls on behalf of an array of major companies including Bank of America, Best Buy, Credit Karma, Dish Network, Kaiser Permanente, USAA and Verizon. Around September 12, company data was encrypted and business activities at several facilities were temporarily disrupted. The incident is under investigation.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware is always a disaster. Ragnar Locker operators recently threatened additional repercussions to companies that contact law enforcement officials after a successful attack.

 

 

Walgreen’s

https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerability
Exploit: Misconfiguration

Walgreen’s: Drugstore Chain


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.336=Extreme
Vox reports that the personal data of patients that had a COVID-19 test at Walgreens was stored incorrectly and exposed to anyone who cared to view it. The data exposure potentially affects millions of people who used Walgreens’ COVID-19 testing services over the course of the pandemic. The exposure came to light after a security expert checked for test results for a family member and noticed the issue. discovered the issues in March after a family member got a COVID-19 test. The vulnerability has been around since at least March 2021 when the expert discovered it, but likely longer



cybersecurity news gauge indicating extreme risk


Individual Risk: 1.217=Extreme
Patient personal data exposed include each patient’s name, date of birth, gender identity, phone number, address and email. In some cases, test results are also available.

Customers Impacted: Unknown

How It Could Affect Your Business: When a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause. It’s also going to cost them a fortune in penalties once regulators get finished with them.

 

 

Epik

https://arstechnica.com/information-technology/2021/09/anonymous-leaks-gigabytes-of-data-from-epik-web-host-of-gab-and-parler/
Exploit: Hacking

Epik: Webhosting


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.227 = Extreme
Legendary hacktivist group Anonymous has struck again, this time claiming to have snatched gigabytes of data from Epik, a domain name, hosting, and DNS service provider for a variety of right-wing sites including Texas GOP, Gab, Parler and 8chan including extremist groups. The hacktivist collective announced in a press release that the data set, which is over 180GB in size, contains a “decade’s worth of data from the company.” It has been released as a torrent. Members of the whistleblower site, Distributed Denial of Secrets (DDoSecrets), have also made the data set available via alternate means. The Ars Technica story on the incident, linked above, is absolutely worth reading and includes the press release as well as other actions by Anonymous in the same vein. The group perpetrated this hack as part of its Operation Jane campaign.



cybersecurity news gauge indicating extreme risk


Individual Risk: 1.305 = Extreme
It is unclear to what extent this hack exposed personal information for owners of sites hosted by Epik or other personal or financial data. However, reports from experts who have viewed the data say that it is highly likely that Epik customers and users should expect that their data has been stolen.

Customers Impacted: Unknown

How It Could Affect Your Business: Experts who have seen the stolen data contend that Epik was negligent in its storage of PII and passwords, making the hack easier for Anonymous.

 

 

Microsoft

https://www.bleepingcomputer.com/news/security/eventbuilder-misconfiguration-exposes-microsoft-event-registrant-data/
Exploit: Misconfiguration

Microsoft: Software Developer


cybersecurity news represented by a gauge indicating moderate risk


Risk to Business: 2.801 = Moderate
The personal information of hundreds of thousands of users of Microsoft’s EventBuilder has been exposed in a misconfiguration snafu. Researchers who discovered the leak say that the data was exposed through an improperly configured Azure blob and was available for an unknown length of time. The mistake was quickly fixed.



cybersecurity news represented by a gauge indicating moderate risk


Individual Risk: 2.727 = Moderate
Personal data for event registrants including names, email addresses and job titles was exposed in more than one million CSV and JSON files of EventBuilder driven events hosted through Microsoft Teams.

Customers Impacted: Unknown

How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake goes to show that applies to every business – even the big dogs can fumble once in a while.

 

 

France – CMA CGM

https://splash247.com/cma-cgm-hit-by-another-cyber-attack/

Exploit: Ransomware

CMA CGM: Maritime Freight Carrier


cybersecurity news represented by agauge showing severe risk


Risk to Business: 2.819 = Moderate
French container shipping giant CMA CGM has been hit by another cyber-attack. The company was breached about a year ago as well. A spate of attacks against maritime shipping companies has led to breaches at all four of the major players – Maersk, MSC, Cosco and CMA CGM – in the last 12 months. CMA CGM said its IT teams have immediately developed and installed security patches.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 2.878 = Moderate
The company revealed that customer data had been stolen in this attack including regular customers’ first and last names, employer, position, email addresses and phone numbers.

Customers Impacted: Unknown

How it Could Affect Your Business: By land, sea or air, shipping companies have been favored targets of cybercriminals since the start of the pandemic.

 

 

Japan – Olympus

https://portswigger.net/daily-swig/olympus-insists-medical-services-uninterrupted-by-malware-attack

Exploit: Malware

Olympus: Medical Technology Developer


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.802 = Severe
Japanese medical tech behemoth Olympus has disclosed a cyber-attack that prompted the shutdown of certain IT systems last week. The company announced that it had been hit with “an attempted malware attack affecting parts of our sales and manufacturing networks in EMEA (Europe, Middle East, and Africa).”

Individual Impact: Olympus contends that no data was stolen.

Customers Impacted: Unknown

How it Could Affect Your Business: Malware attacks like this are becoming increasingly more common as cybercriminals look at encryption over theft as a quick way to mount a successful attack and score a payday.

 

 
 
Continue reading
Bruce Groen

The Week in Breach News: 09/15/21 – 09/22/21

Austin Cancer Centers

https://www.beckershospitalreview.com/cybersecurity/cyberattack-leads-to-it-outage-at-texas-cancer-clinics-exposing-36-000.html

Exploit: Ransomware

Austin Cancer Centers: Specialty Medical Clinic System


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.623 = Severe
 
Austin (Texas) Cancer Centers are notifying 36,503 patients of a data breach that forced it to shut down its IT networks. The cancer treatment network, which has eight locations, discovered that hackers had deployed ransomware onto its systems. Cybersecurity experts determined that hackers had made the intrusion and remained invisible since late July 2021.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.702 = Severe
 
Exposed information may include Social Security numbers, names, addresses, birthdates, credit card numbers and health-related information. For patients affected, Austin Cancer Centers offers online credit monitoring services and fraud insurance with coverage up to $1,000,000.

Customers Impacted: 36,503

How It Could Affect Your Business: Data from medical centers is always a valuable commodity for cybercriminals because it can provide PII, financial information and other profitable tidbits.

 

 

TTEC

https://krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/
Exploit: Ransomware

TTEC: Customer Support Provider


cybersecurity news represented by a gauge indicating moderate risk


Risk to Business: 2.636 = Moderate
TTEC, a growing customer support provider, has been hit with a suspected Ragnar Locker ransomware attack. The company handles customer support calls on behalf of an array of major companies including Bank of America, Best Buy, Credit Karma, Dish Network, Kaiser Permanente, USAA and Verizon. Around September 12, company data was encrypted and business activities at several facilities were temporarily disrupted. The incident is under investigation.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware is always a disaster. Ragnar Locker operators recently threatened additional repercussions to companies that contact law enforcement officials after a successful attack.

 

 

Walgreen’s

https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerability
Exploit: Misconfiguration

Walgreen’s: Drugstore Chain


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.336=Extreme
Vox reports that the personal data of patients that had a COVID-19 test at Walgreens was stored incorrectly and exposed to anyone who cared to view it. The data exposure potentially affects millions of people who used Walgreens’ COVID-19 testing services over the course of the pandemic. The exposure came to light after a security expert checked for test results for a family member and noticed the issue. discovered the issues in March after a family member got a COVID-19 test. The vulnerability has been around since at least March 2021 when the expert discovered it, but likely longer



cybersecurity news gauge indicating extreme risk


Individual Risk: 1.217=Extreme
Patient personal data exposed include each patient’s name, date of birth, gender identity, phone number, address and email. In some cases, test results are also available.

Customers Impacted: Unknown

How It Could Affect Your Business: When a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause. It’s also going to cost them a fortune in penalties once regulators get finished with them.

 

 

Epik

https://arstechnica.com/information-technology/2021/09/anonymous-leaks-gigabytes-of-data-from-epik-web-host-of-gab-and-parler/
Exploit: Hacking

Epik: Webhosting


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.227 = Extreme
Legendary hacktivist group Anonymous has struck again, this time claiming to have snatched gigabytes of data from Epik, a domain name, hosting, and DNS service provider for a variety of right-wing sites including Texas GOP, Gab, Parler and 8chan including extremist groups. The hacktivist collective announced in a press release that the data set, which is over 180GB in size, contains a “decade’s worth of data from the company.” It has been released as a torrent. Members of the whistleblower site, Distributed Denial of Secrets (DDoSecrets), have also made the data set available via alternate means. The Ars Technica story on the incident, linked above, is absolutely worth reading and includes the press release as well as other actions by Anonymous in the same vein. The group perpetrated this hack as part of its Operation Jane campaign.



cybersecurity news gauge indicating extreme risk


Individual Risk: 1.305 = Extreme
It is unclear to what extent this hack exposed personal information for owners of sites hosted by Epik or other personal or financial data. However, reports from experts who have viewed the data say that it is highly likely that Epik customers and users should expect that their data has been stolen.

Customers Impacted: Unknown

How It Could Affect Your Business: Experts who have seen the stolen data contend that Epik was negligent in its storage of PII and passwords, making the hack easier for Anonymous.

 

 

Microsoft

https://www.bleepingcomputer.com/news/security/eventbuilder-misconfiguration-exposes-microsoft-event-registrant-data/
Exploit: Misconfiguration

Microsoft: Software Developer


cybersecurity news represented by a gauge indicating moderate risk


Risk to Business: 2.801 = Moderate
The personal information of hundreds of thousands of users of Microsoft’s EventBuilder has been exposed in a misconfiguration snafu. Researchers who discovered the leak say that the data was exposed through an improperly configured Azure blob and was available for an unknown length of time. The mistake was quickly fixed.



cybersecurity news represented by a gauge indicating moderate risk


Individual Risk: 2.727 = Moderate
Personal data for event registrants including names, email addresses and job titles was exposed in more than one million CSV and JSON files of EventBuilder driven events hosted through Microsoft Teams.

Customers Impacted: Unknown

How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake goes to show that applies to every business – even the big dogs can fumble once in a while.

 

 

France – CMA CGM

https://splash247.com/cma-cgm-hit-by-another-cyber-attack/

Exploit: Ransomware

CMA CGM: Maritime Freight Carrier


cybersecurity news represented by agauge showing severe risk


Risk to Business: 2.819 = Moderate
French container shipping giant CMA CGM has been hit by another cyber-attack. The company was breached about a year ago as well. A spate of attacks against maritime shipping companies has led to breaches at all four of the major players – Maersk, MSC, Cosco and CMA CGM – in the last 12 months. CMA CGM said its IT teams have immediately developed and installed security patches.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 2.878 = Moderate
The company revealed that customer data had been stolen in this attack including regular customers’ first and last names, employer, position, email addresses and phone numbers.

Customers Impacted: Unknown

How it Could Affect Your Business: By land, sea or air, shipping companies have been favored targets of cybercriminals since the start of the pandemic.

 

 

Japan – Olympus

https://portswigger.net/daily-swig/olympus-insists-medical-services-uninterrupted-by-malware-attack

Exploit: Malware

Olympus: Medical Technology Developer


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.802 = Severe
Japanese medical tech behemoth Olympus has disclosed a cyber-attack that prompted the shutdown of certain IT systems last week. The company announced that it had been hit with “an attempted malware attack affecting parts of our sales and manufacturing networks in EMEA (Europe, Middle East, and Africa).”

Individual Impact: Olympus contends that no data was stolen.

Customers Impacted: Unknown

How it Could Affect Your Business: Malware attacks like this are becoming increasingly more common as cybercriminals look at encryption over theft as a quick way to mount a successful attack and score a payday.

 

 
 
Continue reading
Bruce Groen

The Week in Breach News: 09/08/21 – 09/14/21

United Nations

https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/

Exploit: Credential Compromise

United Nations: Global Intergovernmental Organization


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.623 = Severe
 
Hackers have broken into the computer network of the United Nations and made off with data. The unidentified cybercriminals responsible for the hit appear to have gained access using employee login credentials stolen from a UN employee. Reports say that the bad actors logged into the employee’s Umoja account, the enterprise resource planning system implemented by the UN in 2015. This intrusion took place over an extended period of time. Investigators determined that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.

Individual Impact: No information was available at press time to clarify what type of data was stolen.

Customers Impacted: Unknown

How It Could Affect Your Business: This is a big target that regularly handles and sensitive data. The fact that it took several months to detect an intrusion is worrying.

 

 

Texas Right to Life

https://techcrunch.com/2021/09/07/texas-right-to-life-website-exposed-job-applicants-resumes/

Exploit: Misconfiguration

DuPage Medical Group: Healthcare Practice


cybersecurity news represented by a gauge indicating moderate risk


Risk to Business: 2.636 = Moderate
Anti-choice political action group Texas Right to Life is in hot water after it exposed the personal information of hundreds of job applicants on its website. Investigators have blamed a configuration error that allowed anyone to access all applicants’ resumes, which were stored in an unprotected directory. No additional information appears to have been exposed.



cybersecurity news represented by a gauge indicating moderate risk


Individual Risk: 2.712 = Moderate
Job applicants had names, phone numbers, addresses and details of their employment history exposed, as the data included complete resumes for approximately 300 people..

Customers Impacted: 300 job applicants

How It Could Affect Your Business: Sloppy setups are responsible for too any data breaches. Establishing a strong cybersecurity culture combats this problem.

 

 

Dotty’s

https://portswigger.net/daily-swig/data-breach-at-us-restaurant-and-gambling-chain-dottys-may-have-leaked-sensitive-customer-information
Exploit: Ransomware

Dotty’s: Fast Food Restaurant and Gambling Parlor Chain


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.673=Severe
Dotty’s, a fast food chain that offers gambling services across 175 locations, has experienced a cyberattack that severely impacted operations. The chain, owned and operated by Nevada Restaurant Services, announced that malware was discovered on some computer systems that allowed cybercriminals to access and copy customer data including some highly sensitive material.



cybersecurity news gauge indicating extreme risk


Individual Risk: 1.673=Severe
The data snatched includes customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates. Impacted customers are being informed by mail.

Customers Impacted:
How It Could Affect Your Business: Whe a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause.

 

 

United Kingdom – McDonald’s

https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/
Exploit: Misconfiguration

McDonald’s: Fast Food Chain


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.917 = Severe
The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.

Individual Impact: The company contends that no customer inforation was compromised.

Customers Impacted: Unknown

How It Could Affect Your Business: Human error will always be the biggest enemy of cybersecurity. Ensure that mistakes like this don’t happen by making sure everone knows that they’re responsible for security and not just the IT team.

 

 

Israel – City4U

https://www.jpost.com/israel-news/hacker-claims-to-have-stolen-information-of-7-million-israelis-678905
Exploit: Hacking

City4U: Municipal Services Platform


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.721 = Severe
Cybercriminals are claiming to have committed an audacious hack that scored them the personal information of around seven million Israelis, approximately 80% of Israel’s population, by hacking into City4U. The website is used by municipalities to allow residents to conduct business like paying utility bills, taxes and fines. The hackers made the claim through a telegram posting, providing samples of the stolen data as proof that included photos of identity cards and financial data.

Customers Impacted: 700,000

How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.

 

 

France – France-Visas

https://www.connexionfrance.com/French-news/Personal-details-of-8-700-French-visa-applicants-exposed-by-hackers
Exploit: Hacking

France-Visas: Government Services Platform


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.

Individual Impact: No clear reporting on the data stolen was available at press time, but users can safely assume that nay data they’ve entered on the platform is compromised.

Customers Impacted: 8,700

How it Could Affect Your Business: Huge data hauls like this are goldmines for cybercriminals, who can make plenty of cash by selling 2020’s number one desirable resource on the dark web: personal data.

 

 

Singapore – MyRepublic

https://www.zdnet.com/article/myrepublic-customers-compromised-in-third-party-data-breach/
Exploit: Third Party Breach

MyRepublic: Mobile Carrier


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.802 = Severe
Mobile Carrier MyRepublic has announced that 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The company disclosed that the incident was uncovered on August 29 and the relevant authorities had been informed of the breach, including industry regulator Infocomm Media Development Authority (IMDA) and the country’s Personal Data Protection Commission, which oversees Singapore’s Personal Data Protection Act (PDPA).



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.802 = Severe
Cybercriminals were able to access customer records containing PII like the identity verification documents that customers had provided for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.

Customers Impacted: 80,000 mobile subscribers

How it Could Affect Your Business: Third party risk is escalating as business operations become less centralized and more businesses rely on specialty services providers for day-to-day chores.

 

 

South Africa – Department of Justice and Constitutional Development

https://securityaffairs.co/wordpress/122128/cyber-crime/department-of-justice-and-constitutional-development-of-south-africa-ransomware.html

Exploit: Ransomware

Department of Justice and Constitutional Development: Government Agency


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.802 = Severe
A ransomware attack struck the Department of Justice and Constitutional Development of South Africa. According to a department statement, many departments have been impacted, including the issuing of letters of authority, bail services, departmental email and the departmental website. Some services are available through old-fashioned pen and paper and child support payments won’t be delayed. The department announced that its team is working to restore operations. The incident is under investigation, and no word was available at press time on who was responsible for the attack.

Individual Risk: The department claims that no data has been exfiltrated by the ransomware operators

How it Could Affect Your Business: Ransomware doesn’t always go after data. Sometimes cybercriminals want to hold the whole business to ransom, impeding operations and notching up embarrassment.

 

 
 
Continue reading
Bruce Groen

The Week in Breach News: 09/08/21 – 09/14/21

United Nations

https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/

Exploit: Credential Compromise

United Nations: Global Intergovernmental Organization


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.623 = Severe
 
Hackers have broken into the computer network of the United Nations and made off with data. The unidentified cybercriminals responsible for the hit appear to have gained access using employee login credentials stolen from a UN employee. Reports say that the bad actors logged into the employee’s Umoja account, the enterprise resource planning system implemented by the UN in 2015. This intrusion took place over an extended period of time. Investigators determined that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.

Individual Impact: No information was available at press time to clarify what type of data was stolen.

Customers Impacted: Unknown

How It Could Affect Your Business: This is a big target that regularly handles and sensitive data. The fact that it took several months to detect an intrusion is worrying.

 

 

Texas Right to Life

https://techcrunch.com/2021/09/07/texas-right-to-life-website-exposed-job-applicants-resumes/

Exploit: Misconfiguration

DuPage Medical Group: Healthcare Practice


cybersecurity news represented by a gauge indicating moderate risk


Risk to Business: 2.636 = Moderate
Anti-choice political action group Texas Right to Life is in hot water after it exposed the personal information of hundreds of job applicants on its website. Investigators have blamed a configuration error that allowed anyone to access all applicants’ resumes, which were stored in an unprotected directory. No additional information appears to have been exposed.



cybersecurity news represented by a gauge indicating moderate risk


Individual Risk: 2.712 = Moderate
Job applicants had names, phone numbers, addresses and details of their employment history exposed, as the data included complete resumes for approximately 300 people..

Customers Impacted: 300 job applicants

How It Could Affect Your Business: Sloppy setups are responsible for too any data breaches. Establishing a strong cybersecurity culture combats this problem.

 

 

Dotty’s

https://portswigger.net/daily-swig/data-breach-at-us-restaurant-and-gambling-chain-dottys-may-have-leaked-sensitive-customer-information
Exploit: Ransomware

Dotty’s: Fast Food Restaurant and Gambling Parlor Chain


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.673=Severe
Dotty’s, a fast food chain that offers gambling services across 175 locations, has experienced a cyberattack that severely impacted operations. The chain, owned and operated by Nevada Restaurant Services, announced that malware was discovered on some computer systems that allowed cybercriminals to access and copy customer data including some highly sensitive material.



cybersecurity news gauge indicating extreme risk


Individual Risk: 1.673=Severe
The data snatched includes customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates. Impacted customers are being informed by mail.

Customers Impacted:
How It Could Affect Your Business: Whe a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause.

 

 

United Kingdom – McDonald’s

https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/
Exploit: Misconfiguration

McDonald’s: Fast Food Chain


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.917 = Severe
The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.

Individual Impact: The company contends that no customer inforation was compromised.

Customers Impacted: Unknown

How It Could Affect Your Business: Human error will always be the biggest enemy of cybersecurity. Ensure that mistakes like this don’t happen by making sure everone knows that they’re responsible for security and not just the IT team.

 

 

Israel – City4U

https://www.jpost.com/israel-news/hacker-claims-to-have-stolen-information-of-7-million-israelis-678905
Exploit: Hacking

City4U: Municipal Services Platform


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.721 = Severe
Cybercriminals are claiming to have committed an audacious hack that scored them the personal information of around seven million Israelis, approximately 80% of Israel’s population, by hacking into City4U. The website is used by municipalities to allow residents to conduct business like paying utility bills, taxes and fines. The hackers made the claim through a telegram posting, providing samples of the stolen data as proof that included photos of identity cards and financial data.

Customers Impacted: 700,000

How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.

 

 

France – France-Visas

https://www.connexionfrance.com/French-news/Personal-details-of-8-700-French-visa-applicants-exposed-by-hackers
Exploit: Hacking

France-Visas: Government Services Platform


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.

Individual Impact: No clear reporting on the data stolen was available at press time, but users can safely assume that nay data they’ve entered on the platform is compromised.

Customers Impacted: 8,700

How it Could Affect Your Business: Huge data hauls like this are goldmines for cybercriminals, who can make plenty of cash by selling 2020’s number one desirable resource on the dark web: personal data.

 

 

Singapore – MyRepublic

https://www.zdnet.com/article/myrepublic-customers-compromised-in-third-party-data-breach/
Exploit: Third Party Breach

MyRepublic: Mobile Carrier


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.802 = Severe
Mobile Carrier MyRepublic has announced that 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The company disclosed that the incident was uncovered on August 29 and the relevant authorities had been informed of the breach, including industry regulator Infocomm Media Development Authority (IMDA) and the country’s Personal Data Protection Commission, which oversees Singapore’s Personal Data Protection Act (PDPA).



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.802 = Severe
Cybercriminals were able to access customer records containing PII like the identity verification documents that customers had provided for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.

Customers Impacted: 80,000 mobile subscribers

How it Could Affect Your Business: Third party risk is escalating as business operations become less centralized and more businesses rely on specialty services providers for day-to-day chores.

 

 

South Africa – Department of Justice and Constitutional Development

https://securityaffairs.co/wordpress/122128/cyber-crime/department-of-justice-and-constitutional-development-of-south-africa-ransomware.html

Exploit: Ransomware

Department of Justice and Constitutional Development: Government Agency


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.802 = Severe
A ransomware attack struck the Department of Justice and Constitutional Development of South Africa. According to a department statement, many departments have been impacted, including the issuing of letters of authority, bail services, departmental email and the departmental website. Some services are available through old-fashioned pen and paper and child support payments won’t be delayed. The department announced that its team is working to restore operations. The incident is under investigation, and no word was available at press time on who was responsible for the attack.

Individual Risk: The department claims that no data has been exfiltrated by the ransomware operators

How it Could Affect Your Business: Ransomware doesn’t always go after data. Sometimes cybercriminals want to hold the whole business to ransom, impeding operations and notching up embarrassment.

 

 
 
Continue reading
Bruce Groen

The Week in Breach News: 09/01/21 – 09/07/21


Pacific City Bank




Exploit: Ransomware




https://securityaffairs.co/wordpress/121872/cyber-crime/pacific-city-bank-avos-locker-ransomware.html




Pacific City Bank: Financial Institution




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.623 = Severe




Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.




Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.




Customers Impacted: Unknown




How It Could Affect Your Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.











DuPage Medical Group




https://www.chicagotribune.com/business/ct-biz-dupage-medical-group-breach-personal-information-20210830-frv74cy23nhftgufbwc3caknie-story.html




Exploit: Hacking




DuPage Medical Group: Healthcare Practice 




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.636 = Severe




DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.866 = Severe




The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.




Customers Impacted: 600,000 patients




How It Could Affect Your Business: Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.














Career Group, Inc. 




https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers




Exploit: Ransomware




Career Group, Inc.: Staffing Company




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.673=Severe




California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.673=Severe




The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.




Customers Impacted: 49,476




How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.














Howard University




https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack




Exploit: Ransomware




Howard University: Institution of Higher Learning




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.917 = Severe




Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.




Individual Impact: No information was available at press time about the types of data that was stolen if any.




Customers Impacted: Unknown




How It Could Affect Your Business: Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.














France – Francetest 




https://www.connexionfrance.com/French-news/700000-French-pharmacy-Covid-test-results-left-publicly-available




Exploit: Misconfiguration




Francetest: COVID-19 Test & Trace Platform 




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.721 = Severe




A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.761 = Severe




Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.




Customers Impacted: 700,000




How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.














France – France-Visas




https://www.connexionfrance.com/French-news/Personal-details-of-8-700-French-visa-applicants-exposed-by-hackers




Exploit: Hacking




France-Visas: Government Services Platform 




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.919 = Severe




A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.778 = Severe




Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.




Customers Impacted: 8,700




How it Could Affect Your Business: Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.














Japan – Fujitsu 




https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/




Exploit: Hacking




Fujitsu: Information Technology




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.802 = Severe




Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.




Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident




Customers Impacted: Unknown




How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.














Indonesia – electronic Health Alert Card




https://www.zdnet.com/article/passport-info-and-healthcare-data-leaked-from-indonesias-covid-19-test-and-trace-app-for-travellers/




Exploit: Misconfiguration 




electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.802 = Severe




A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.5882 = Severe




The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.




How it Could Affect Your Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.














Continue reading
Bruce Groen

The Week in Breach News: 09/01/21 – 09/07/21


Pacific City Bank




Exploit: Ransomware




https://securityaffairs.co/wordpress/121872/cyber-crime/pacific-city-bank-avos-locker-ransomware.html




Pacific City Bank: Financial Institution




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.623 = Severe




Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.




Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.




Customers Impacted: Unknown




How It Could Affect Your Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.











DuPage Medical Group




https://www.chicagotribune.com/business/ct-biz-dupage-medical-group-breach-personal-information-20210830-frv74cy23nhftgufbwc3caknie-story.html




Exploit: Hacking




DuPage Medical Group: Healthcare Practice 




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.636 = Severe




DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.866 = Severe




The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.




Customers Impacted: 600,000 patients




How It Could Affect Your Business: Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.














Career Group, Inc. 




https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers




Exploit: Ransomware




Career Group, Inc.: Staffing Company




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.673=Severe




California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.673=Severe




The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.




Customers Impacted: 49,476




How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.














Howard University




https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack




Exploit: Ransomware




Howard University: Institution of Higher Learning




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.917 = Severe




Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.




Individual Impact: No information was available at press time about the types of data that was stolen if any.




Customers Impacted: Unknown




How It Could Affect Your Business: Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.














France – Francetest 




https://www.connexionfrance.com/French-news/700000-French-pharmacy-Covid-test-results-left-publicly-available




Exploit: Misconfiguration




Francetest: COVID-19 Test & Trace Platform 




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.721 = Severe




A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.761 = Severe




Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.




Customers Impacted: 700,000




How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.














France – France-Visas




https://www.connexionfrance.com/French-news/Personal-details-of-8-700-French-visa-applicants-exposed-by-hackers




Exploit: Hacking




France-Visas: Government Services Platform 




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.919 = Severe




A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.778 = Severe




Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.




Customers Impacted: 8,700




How it Could Affect Your Business: Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.














Japan – Fujitsu 




https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/




Exploit: Hacking




Fujitsu: Information Technology




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.802 = Severe




Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.




Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident




Customers Impacted: Unknown




How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.














Indonesia – electronic Health Alert Card




https://www.zdnet.com/article/passport-info-and-healthcare-data-leaked-from-indonesias-covid-19-test-and-trace-app-for-travellers/




Exploit: Misconfiguration 




electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform




cybersecurity news represented by agauge showing severe risk



Risk to Business: 1.802 = Severe




A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.




cybersecurity news represented by agauge showing severe risk



Individual Risk: 1.5882 = Severe




The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.




How it Could Affect Your Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.














Continue reading
Bruce Groen

10 Dark Web Facts You Need to See Right Now

Let Dark Web Facts (Not Hype) Inform Your Security Decisions

Dark web threats are growing increasingly more dangerous as a booming dark web economy drives cybercrime to new heights, setting records for phishing, hacking and (of course) ransomware. This cybercrime wave is creating additional pressure on already overstressed cybersecurity teams. But there’s a lot of hype out there about the dark web that’s designed to scare instead of inform. Let’s cut through the noise with some real dark web facts.

 

Don’t make decisions about your organization’s security posture until you see these essential 2021 Dark Web facts.

  • Dark Web activity has increased by 300% in the last 3 years.
  • Over 30% of North Americans access the dark web regularly.
  • In 2020, credentials for about 133,927 C-level Fortune 1000 executives were available on the dark web
  • More than 22 billion new records were added to the dark web in 2020
  • Satellite affiliates of cybercrime gangs pay the boss gang 10 – 20% of the take on each successful job
  • An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps.
  • About 65% of active criminal gangs rely on spear phishing powered by dark web data to launch attacks.
  • The largest credential file to ever hit the dark web at once is the RockYou2021 password leak.
  • Hackers attack every 39 seconds, on average 2,244 times a day.
  • 60% of the information available on the Dark Web could potentially harm enterprises.
 

What’s For Sale on the Dark Web?

In addition to information, Dark Web markets also deal in other nefarious things like criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, cybercrime software, cracked credentials and other illicit items. Cybercriminals also enjoy gambling and all sorts of strange things are in the pot at dark web online poker games.

In a recent breakdown of activity in popular dark web forums, researchers noted:
  • An estimated 90% of posts on dark web forums are from buyers looking to contract someone for cybercrime.
  • Almost 70% of dark web forum hiring posts were looking for cybercriminals to do some website hacking.
  • Over 20% were looking for bad actors who could obtain specifically targeted user or client databases.
  • About 7% of forum posts were ads for hackers looking for work.
  • 2% of forum posts were made by cybercriminal developers who were selling the tools
Continue reading
Bruce Groen

10 Dark Web Facts You Need to See Right Now

Let Dark Web Facts (Not Hype) Inform Your Security Decisions

Dark web threats are growing increasingly more dangerous as a booming dark web economy drives cybercrime to new heights, setting records for phishing, hacking and (of course) ransomware. This cybercrime wave is creating additional pressure on already overstressed cybersecurity teams. But there’s a lot of hype out there about the dark web that’s designed to scare instead of inform. Let’s cut through the noise with some real dark web facts.  

Don’t make decisions about your organization’s security posture until you see these essential 2021 Dark Web facts.

  • Dark Web activity has increased by 300% in the last 3 years.
  • Over 30% of North Americans access the dark web regularly.
  • In 2020, credentials for about 133,927 C-level Fortune 1000 executives were available on the dark web
  • More than 22 billion new records were added to the dark web in 2020
  • Satellite affiliates of cybercrime gangs pay the boss gang 10 – 20% of the take on each successful job
  • An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps.
  • About 65% of active criminal gangs rely on spear phishing powered by dark web data to launch attacks.
  • The largest credential file to ever hit the dark web at once is the RockYou2021 password leak.
  • Hackers attack every 39 seconds, on average 2,244 times a day.
  • 60% of the information available on the Dark Web could potentially harm enterprises.
 

What’s For Sale on the Dark Web?

In addition to information, Dark Web markets also deal in other nefarious things like criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, cybercrime software, cracked credentials and other illicit items. Cybercriminals also enjoy gambling and all sorts of strange things are in the pot at dark web online poker games. In a recent breakdown of activity in popular dark web forums, researchers noted:
  • An estimated 90% of posts on dark web forums are from buyers looking to contract someone for cybercrime.
  • Almost 70% of dark web forum hiring posts were looking for cybercriminals to do some website hacking.
  • Over 20% were looking for bad actors who could obtain specifically targeted user or client databases.
  • About 7% of forum posts were ads for hackers looking for work.
  • 2% of forum posts were made by cybercriminal developers who were selling the tools
Continue reading
Bruce Groen

The Week in Breach News: 08/25/21 – 08/31/21

SAC Wireless

https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/
Exploit: Ransomware

SAC Wireless: Mobile Network Services


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.486 = Extreme
 
AC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack attributed to the Conti ransomware gang. The company disclosed that personal information belonging to current and former employees (and their health plans’ dependents
or beneficiaries) was also stolen during the ransomware attack. Conti ransomware gang revealed on their leak site that they stole over 250 GB of data. The investigation and remediation is ongoing.



cybersecurity news gauge indicating extreme risk


Individual Risk : 1.311 = Extreme
 
SAC Wireless has announced that they believe that the stolen files contain the following categories of personal info about current and former employees: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.

 

 

Boston Public Library (BPL)

https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/
Exploit: Ransomware

Boston Public Library (BPL): Library System


cybersecurity news represented by agauge showing severe risk


Risk to Business: 2.336 = Severe
The Boston Public Library (BPL) has disclosed that its network was hit by a cyberattack leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. The library experienced a significant system outage and as well as disruption of its online library services. Branch It has been restored and online services are slowly being recovered.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: 4 million

How It Could Affect Your Business: Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.

 

 

Envision Credit Union

https://www.tallahassee.com/story/money/2021/08/26/envision-credit-union-taking-steps-after-possible-cyber-attack-lockbit/8254377002/
Exploit: Ransomware

Envision Credit Union: Bank


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.673=Severe
The LockBit 2.0 ransomware group has threatened to publish stolen data of its newest target, Envision Credit Union in Florida, on August 30. Envision Credit Union disclosed to the media that recently began “experiencing technical difficulties on certain systems” after the LockBit announcement went up on the gang’s leak site. An investifation is ongoing and the bank has not yet disclosed exactly what (if any) data was stolen.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: Unknown

How It Could Affect Your Business: Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.

 

 

Atlanta Allergy & Asthma

https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892
Exploit: Hacking

Liquid: Cryptocurrency Exchange


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.917 = Severe
Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.835 = Severe
The data seen by researchers includes what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018 and more than 100 audits including a multi-page detailed review of a patient’s case.

Customers Impacted: 9,800

How It Could Affect Your Business: Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.

 

 

Germany – Puma

https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html

Exploit: Hacking

Puma: Sportswear Brand


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.721 = Severe
Threat actors claim to have stolen data from German sportswear giant Puma. The cybercriminals announced the score in a post on a message board at the rising dark web marketplace Marketo claims to have about 1GB of data stolen from the company. Published samples contain the source code of internal management applications potentially linked to the company’s Product Management Portal.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.

 

 

Thailand – Bangkok Airways

https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/
Exploit: Ransomware

Bangkok Airways: Airline


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.802 = Severe
Bangkok Airways has announced that it has experienced a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system”. There’s no word from the company about how many customers were involved in the breach or what timeframe the data came from, but they were quick to assure customers that no operations or aeronautics systems or data was impacted.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.761 = Severe
The company said in a statement that their initial an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline were accessed by the hackers.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.

 

 
 
Continue reading
Bruce Groen

The Week in Breach News: 08/25/21 – 08/31/21

SAC Wireless

https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/
Exploit: Ransomware

SAC Wireless: Mobile Network Services


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.486 = Extreme
 
AC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack attributed to the Conti ransomware gang. The company disclosed that personal information belonging to current and former employees (and their health plans’ dependents
or beneficiaries) was also stolen during the ransomware attack. Conti ransomware gang revealed on their leak site that they stole over 250 GB of data. The investigation and remediation is ongoing.



cybersecurity news gauge indicating extreme risk


Individual Risk : 1.311 = Extreme
 
SAC Wireless has announced that they believe that the stolen files contain the following categories of personal info about current and former employees: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names.

Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.

 

 

Boston Public Library (BPL)

https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/
Exploit: Ransomware

Boston Public Library (BPL): Library System


cybersecurity news represented by agauge showing severe risk


Risk to Business: 2.336 = Severe
The Boston Public Library (BPL) has disclosed that its network was hit by a cyberattack leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. The library experienced a significant system outage and as well as disruption of its online library services. Branch It has been restored and online services are slowly being recovered.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: 4 million

How It Could Affect Your Business: Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.

 

 

Envision Credit Union

https://www.tallahassee.com/story/money/2021/08/26/envision-credit-union-taking-steps-after-possible-cyber-attack-lockbit/8254377002/
Exploit: Ransomware

Envision Credit Union: Bank


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.673=Severe
The LockBit 2.0 ransomware group has threatened to publish stolen data of its newest target, Envision Credit Union in Florida, on August 30. Envision Credit Union disclosed to the media that recently began “experiencing technical difficulties on certain systems” after the LockBit announcement went up on the gang’s leak site. An investifation is ongoing and the bank has not yet disclosed exactly what (if any) data was stolen.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: Unknown

How It Could Affect Your Business: Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.

 

 

Atlanta Allergy & Asthma

https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892
Exploit: Hacking

Liquid: Cryptocurrency Exchange


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.917 = Severe
Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.835 = Severe
The data seen by researchers includes what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018 and more than 100 audits including a multi-page detailed review of a patient’s case.

Customers Impacted: 9,800

How It Could Affect Your Business: Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.

 

 

Germany – Puma

https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html

Exploit: Hacking

Puma: Sportswear Brand


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.721 = Severe
Threat actors claim to have stolen data from German sportswear giant Puma. The cybercriminals announced the score in a post on a message board at the rising dark web marketplace Marketo claims to have about 1GB of data stolen from the company. Published samples contain the source code of internal management applications potentially linked to the company’s Product Management Portal.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.

 

 

Thailand – Bangkok Airways

https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/
Exploit: Ransomware

Bangkok Airways: Airline


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.802 = Severe
Bangkok Airways has announced that it has experienced a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system”. There’s no word from the company about how many customers were involved in the breach or what timeframe the data came from, but they were quick to assure customers that no operations or aeronautics systems or data was impacted.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.761 = Severe
The company said in a statement that their initial an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline were accessed by the hackers.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.

 

 
 
Continue reading
Bruce Groen

How to Keep a Company Password Safe & Off the Dark Web

Take Sensible Precautions and Set Strong Password Policies or Pay the Price

What’s the fastest way for a cybercriminal to get into a company’s environment and cause chaos? If you answered “a stolen legitimate password”, you’re right. Cybercriminals love nothing more than getting their hands on an employee password that lets them slip into systems undetected to steal data, deploy ransomware or work other mischiefs – especially a privileged administrator or executive password. Unfortunately for businesses, bad actors can often accomplish their goal without phishing. It’s become easier than ever for them to make that dream a reality thanks to the boatload of password data that has traveled to the dark web. But there are a few things every organization can do to keep their company passwords safely in-house instead of on the dark web.

Dark Web Data is the Reason That It’s Always Password Season

The dark web has always been a clearinghouse for passwords. As the years have gone by, more and more stolen records, passwords, financial information and other data has made its way to the dark web through myriad data breaches. It’s a vicious cycle. Every new breach brings a fresh influx of data into the pool, and every influx of data can spawn a new breach. This pattern will keep on repeating, making the danger of credential compromise bigger every year. Credentials were the top type of information stolen in data breaches worldwide in 2020, and cybercriminals were quick to capitalize on their successes. An estimated 20 billion fresh passwords made their way to the dark web last year.

This year’s giant influx of fresh passwords from events like the RockYou 2021 leak just keeps priming the pump for new cybercrimes, especially password-fueled schemes like credential stuffing, the gateway to all sorts of bad outcomes like ransomware, and business email compromise, the most expensive cybercrime of 2020. Earlier this summer, the personally identifying data and user records data of 700M LinkedIn users appeared on a popular dark web forum – more than 92% of LinkedIn’s estimated total of 756M users. That created an enormous splash that will ultimately ripple out into a whole new world of opportunity for cybercrime.

Big companies aren’t doing any better. In a 2021 study, researchers found the passwords for 25.9 million Fortune 1000 business accounts floating around on the dark web. If cybercriminals felt like they really needed a privileged password to get the job done, that wasn’t a problem either. Credentials for 133,927 C-level Fortune 1000 executives were also accessible to bad actors on the dark web. Altogether, researchers determined that over 281 million records of personally identifiable information (PII) for employees of Fortune 1000 companies were readily available in dark web markets and dumps, making it easy for bad actors to find and use in hacking and fraud operations.

Reuse and Recycling is Killing Companies

Far and away, password reuse and recycling is the biggest obstacle that companies face when trying to build a strong cybersecurity culture and keep their data safe. An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused, a factor that every company should keep in mind when creating and setting password security policies. Employees aren’t making the mistake of reusing passwords from ignorance either. Over 90% of participants in a password habits survey understood the risk of password reuse but that didn’t stop them because 59% admitted to doing it anyway that disconnect is a huge problem for businesses everywhere.

Bad Password Hygiene is Putting Your Data in Danger

  • More than 60% of employees use the same password across multiple work and home applications.
  • 82% of workers admitted sometimes reusing the same passwords and credentials
  • 44 million Microsoft users admitted in a survey that they often use the same password on more than one account
  • 43% of Microsoft’s survey respondents have shared their work password with someone in their home for another use
  • About 20% of employees have reused their work password for online shopping, social media or streaming accounts
That sloppy password handling is directly responsible for data breaches. In fact, over 30% of the respondents in Microsoft’s survey admitted that their organization has experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies. That danger is has grown. People worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic. That’s a lot of new passwords to create and remember. It also means that many more passwords were recycled or reused in 2020 than in past years making password exposure through cybercrime a strong possibility.

What Do Passwords Go for on the Dark Web Anyway?

It depends on the password, but stolen credentials can sell for a pretty penny. For a legitimate stolen corporate network credential, you’re looking at around over $3,000. But that is far from the top price a really useful password can fetch in the booming dark web data markets. Among the most valuable leaked credentials are those magic keys that unlock privileged access to corporate networks. Those types of credentials can go for as much as $120,000. That’s a price some cybercrime gangs will gladly pay to enable them to launch ransomware attacks that can fetch them millions in ransom money.

What You Can Do About It

Protecting business credentials from exposure on the dark web is an important part of creating a sturdy defense for any business. Encouraging safe password generation and handling policies helps build a strong cybersecurity culture that keeps information security risks at the top of everyone’s mind, encouraging them to practice good password habits.
  • Enable multifactor authentication
  • Never allow an employee to reuse or iterate a password
  • Configure software to make password reuse impossible
  • Require regular password changes
  • Make it standard to create a unique password for every account
  • Do not allow passwords to be written down or stored in text files
  • Use a password manager and make it available for employees
These may seem like commonsense procedures for people who regularly handle information security but making sure that everyone knows that the company takes password reuse and handling seriously gives employees a sense of how seriously they need to take it too. Do a little social engineering of your own to make sure that everyone feels like they’re part of the security team.

 
Continue reading
Bruce Groen

How to Keep a Company Password Safe & Off the Dark Web

Take Sensible Precautions and Set Strong Password Policies or Pay the Price

What’s the fastest way for a cybercriminal to get into a company’s environment and cause chaos? If you answered “a stolen legitimate password”, you’re right. Cybercriminals love nothing more than getting their hands on an employee password that lets them slip into systems undetected to steal data, deploy ransomware or work other mischiefs – especially a privileged administrator or executive password. Unfortunately for businesses, bad actors can often accomplish their goal without phishing. It’s become easier than ever for them to make that dream a reality thanks to the boatload of password data that has traveled to the dark web. But there are a few things every organization can do to keep their company passwords safely in-house instead of on the dark web.

Dark Web Data is the Reason That It’s Always Password Season

The dark web has always been a clearinghouse for passwords. As the years have gone by, more and more stolen records, passwords, financial information and other data has made its way to the dark web through myriad data breaches. It’s a vicious cycle. Every new breach brings a fresh influx of data into the pool, and every influx of data can spawn a new breach. This pattern will keep on repeating, making the danger of credential compromise bigger every year. Credentials were the top type of information stolen in data breaches worldwide in 2020, and cybercriminals were quick to capitalize on their successes. An estimated 20 billion fresh passwords made their way to the dark web last year.

This year’s giant influx of fresh passwords from events like the RockYou 2021 leak just keeps priming the pump for new cybercrimes, especially password-fueled schemes like credential stuffing, the gateway to all sorts of bad outcomes like ransomware, and business email compromise, the most expensive cybercrime of 2020. Earlier this summer, the personally identifying data and user records data of 700M LinkedIn users appeared on a popular dark web forum – more than 92% of LinkedIn’s estimated total of 756M users. That created an enormous splash that will ultimately ripple out into a whole new world of opportunity for cybercrime.

Big companies aren’t doing any better. In a 2021 study, researchers found the passwords for 25.9 million Fortune 1000 business accounts floating around on the dark web. If cybercriminals felt like they really needed a privileged password to get the job done, that wasn’t a problem either. Credentials for 133,927 C-level Fortune 1000 executives were also accessible to bad actors on the dark web. Altogether, researchers determined that over 281 million records of personally identifiable information (PII) for employees of Fortune 1000 companies were readily available in dark web markets and dumps, making it easy for bad actors to find and use in hacking and fraud operations.

Reuse and Recycling is Killing Companies

Far and away, password reuse and recycling is the biggest obstacle that companies face when trying to build a strong cybersecurity culture and keep their data safe. An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused, a factor that every company should keep in mind when creating and setting password security policies. Employees aren’t making the mistake of reusing passwords from ignorance either. Over 90% of participants in a password habits survey understood the risk of password reuse but that didn’t stop them because 59% admitted to doing it anyway that disconnect is a huge problem for businesses everywhere.

Bad Password Hygiene is Putting Your Data in Danger

  • More than 60% of employees use the same password across multiple work and home applications.
  • 82% of workers admitted sometimes reusing the same passwords and credentials
  • 44 million Microsoft users admitted in a survey that they often use the same password on more than one account
  • 43% of Microsoft’s survey respondents have shared their work password with someone in their home for another use
  • About 20% of employees have reused their work password for online shopping, social media or streaming accounts
That sloppy password handling is directly responsible for data breaches. In fact, over 30% of the respondents in Microsoft’s survey admitted that their organization has experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies. That danger is has grown. People worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic. That’s a lot of new passwords to create and remember. It also means that many more passwords were recycled or reused in 2020 than in past years making password exposure through cybercrime a strong possibility.

What Do Passwords Go for on the Dark Web Anyway?

It depends on the password, but stolen credentials can sell for a pretty penny. For a legitimate stolen corporate network credential, you’re looking at around over $3,000. But that is far from the top price a really useful password can fetch in the booming dark web data markets. Among the most valuable leaked credentials are those magic keys that unlock privileged access to corporate networks. Those types of credentials can go for as much as $120,000. That’s a price some cybercrime gangs will gladly pay to enable them to launch ransomware attacks that can fetch them millions in ransom money.

What You Can Do About It

Protecting business credentials from exposure on the dark web is an important part of creating a sturdy defense for any business. Encouraging safe password generation and handling policies helps build a strong cybersecurity culture that keeps information security risks at the top of everyone’s mind, encouraging them to practice good password habits.
  • Enable multifactor authentication
  • Never allow an employee to reuse or iterate a password
  • Configure software to make password reuse impossible
  • Require regular password changes
  • Make it standard to create a unique password for every account
  • Do not allow passwords to be written down or stored in text files
  • Use a password manager and make it available for employees
These may seem like commonsense procedures for people who regularly handle information security but making sure that everyone knows that the company takes password reuse and handling seriously gives employees a sense of how seriously they need to take it too. Do a little social engineering of your own to make sure that everyone feels like they’re part of the security team.

 

Continue reading
Bruce Groen

The Week in Breach News: 08/18/21 – 08/24/21

AT&T

https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/
Exploit: Hacking

AT&T: Communications Conglomerate


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.

Individual Impact: ShinyHunters provided what looks like customer information in the sample posted to their announcement, but the full spectrum of the leaked data is unclear.

Customers Impacted: Unknown

How It Could Affect Your Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.

 

 

Indiana Department of Health

https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/

Exploit: Misconfiguration

Indiana Department of Health: State Agency


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.



cybersecurity news represented by agauge showing severe risk


Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.

Customers Impacted: 750,000

How It Could Affect Your Business: Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.

 

 

St. Joseph’s/Candler Health System

https://portswigger.net/daily-swig/us-healthcare-org-sends-data-breach-warning-to-1-4m-patients-following-ransomware-attack
Exploit: Ransomware

St. Joseph’s/Candler(SJ/C): Health System


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.



cybersecurity news represented by agauge showing severe risk


Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.

Customers Impacted: 100 million

How It Could Affect Your Business: It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.

 

 

Japan – Liquid

https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892
Exploit: Hacking

Liquid: Cryptocurrency Exchange


cybersecurity news gauge indicating extreme risk


Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.

Customers Impacted: Unknown

How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.

 

 

Japan – Tokio Marine Holdings

https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/

Exploit: Ransomware

Tokio Marine Holdings: Insurer


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms

 

 

Brazil – Lojas Renner

https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/
Exploit: Ransomware

Lojas Renner: Fashion Retailer


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.

 

 

Brazil – National Treasury (Tesouro Nacional Brasil)

https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/

Exploit: Hacking

National Treasury (Tesouro Nacional Brasil): National Government Agency


cybersecurity news represented by agauge showing severe risk


Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.

 

 
 
 
Continue reading

News & Updates

InTegriLogic launches new website!
InTegriLogic is proud to announce the launch of our new website at www.integrilogic.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...
Read More

Contact Us

Learn more about what InTegriLogic can do for your business.

InTegriLogic
1931 W Grant Road Suite 310
Tucson, Arizona 85745