InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
State Bar of California
https://www.latimes.com/california/story/2022-02-27/california-bar-investigates-possible-data-breach-after-discipline-records-published-onlineExploit: Hacking
State Bar of California: Legal Professional & Regulatory Body
Risk to Business: 2.177= Severe
The State Bar of California is investigating a data breach after learning that a third-party website had published confidential information about 260,000 attorney discipline cases in California and other jurisdictions. The exposed data included case numbers, file dates, information about the types of cases and their statuses, respondent and complaining witness names.
How It Could Affect Your Business: Sensitive data of this sort is a valuable commodity. This information could be used for blackmail, fraud, spear phishing, BEC and so much more nastiness.
New York State Ethics Commission
https://www.insurancejournal.com/news/east/2022/02/28/655883.htmExploit: Hacking
New York State Ethics Commission: Regulatory Authority
Risk to Business: 2.807=Moderate
New York’s ethics commission has shut down its online filing system after a cyberattack. The attack impacted several functions including a web server for the agency’s lobbying application and financial disclosure filing systems as well as other functions. The systems were taken offline late last week and will remain offline for the foreseeable future.
Nvidia
https://www.reuters.com/technology/chipmaker-nvidia-investigating-potential-cyberattack-report-2022-02-25/Exploit: Ransomware
Nvidia: Graphics Processing Units (GPU) Manufacturer
Risk to Business: 1.616 = Severe
Legendary graphics chipmaker Nvidia has been hit with ransomware that took several of the company’s functions down for days, including internal email and developer tools. Ransomware group Lapsus$ is claiming responsibility. The group claims to have some 1TB of Nvidia threatening to leak it if Nvidia doesn’t pay an unspecified sum. In a highly unusual turn of events, a few days later, Lapsus$ took to the web to indignantly complain that Nvidia had hacked them in return, encrypting the data that Lapsus$ had snatched. The group says they have backups, and they’ll start publishing Nvidia’s data soon.
How It Could Affect Your Business: Cybercriminals are having a field day attacking supply chain targets in the hope of scoring a big payday fast from an organization with no time to lose.
Bridgestone Americas
https://portswigger.net/daily-swig/bridgestone-americas-disconnects-manufacturing-facilities-following-security-incidentExploit: Hacking
Bridgestone Americas: Tire Manufacturer
Risk to Business: 1.414 = Extreme
Bridgestone is shutting down production at its factories around the US as the company deals with an unspecified cybersecurity incident. The company released a statement saying that it was immediately disconnecting and pausing production at factories in the US and Latin America, with no projected timeline for reopening provided to employees.
How it Could Affect Your Business: Supply chain disruption has been the name of the game for cybercriminals and tires are an important part of most supply chains.
France – Melijoe
https://www.safetydetectives.com/news/melijoe-leak-report/Exploit: Misconfiguration
Melijoe: Luxury Children’s Clothier
Risk to Business: 2.771=Moderate
An Amazon S3 bucket that belonged to French kids’ fashion retailer Melijoe was left accessible on the web with no authentication controls in place, exposing the sensitive and personal data of potentially hundreds of thousands of customers. The bucket has exposed almost 2 million files, totaling around 200 GB of data, including wish lists, purchases, preferences and other customer data.
Risk to Individual: 2.822=Moderate
The Preferences dataset exposed forms of customer PII and sensitive customer data, including email addresses, names of children, genders, dates of birth, preferences of brands. Other datasets included SKUs of purchased items, payment type (but not payment card or bank information), order dates and delivery preferences.
Sweden – Axis
https://www.zdnet.com/article/swedish-camera-giant-axis-still-recovering-from-cyberattack/Exploit: Hacking
Axis: Camera Manufacturer
Risk to Business: 1.719 = Severe
Axis has shut down all of its public-facing services in response to alerts from its cybersecurity and intrusion detection system on Sunday, the company said in a statement. Axis said that its Case Insight tool in the US and the Camera Station License System were dealing with partial outages as well as Device Manager Extend Device upgrades for OS and apps. The incident is under investigation and services are expected to be restored quickly.
How it Could Affect Your Business: Cloud-hosted services and data have become very attractive for hackers, with cloud data breaches up by 30% in 2021.
Taiwan – Asustor NAS
Exploit: RansomwareAsustor NAS: Computer Hardware Developer
Risk to Business: 1.231 = Extreme
Owners of Asustor NAS drives have discovered that their devices have been hit by DeadBolt ransomware. Users were greeted with a message from the DeadBolt ransomware attempting to extort 0.03 bitcoins (approximately US $1140 at current exchange rates) for the promised release of a decryption key that would allow users to access their data. Asustor is investigating the matter and in the meantime, the company has disabled functionality which can allow remote access to its NAS drives: ASUSTOR EZ-Connect, ASUSTOR EZ Sync, and ezconnect.to
Japan – Toyota
https://www.reuters.com/business/autos-transportation/toyota-suspends-all-domestic-factory-operations-after-suspected-cyber-attack-2022-02-28/Exploit: Third-Party Risk
Toyota: Automobile Manufacturer
Risk to Business: 1.892 = Severe
Toyota announced that it is shutting down its domestic factory operations briefly after a cyberattack at a supplier. The supplier, Kojima Industries Corp, has admitted to being attacked but offered no further information. It was not made clear how long Toyota’s Japanese factories, which total one-third of its production yearly, will be closed.
How it Could Affect Your Business: This is the exact scenario cybercriminals want to make quick moneywhen they attack small suppliers of large corporations and shut down production lines.
Meyer Manufacturing Co. Ltd.
https://www.securityweek.com/cookware-distribution-giant-meyer-discloses-data-breachExploit: Ransomware
Meyer Manufacturing Co. Ltd.: Cookware Manufacturing & Distribution
Risk to Business: 2.177= Severe
Meyer Manufacturing Co. Ltd recently filed a data breach notification disclosing a ransomware attack that impacted employees of its distribution arm. Bleeping Computer reports that this attack is the work of the Conti ransomware group. In its disclosure, Meyer said the initial incident occurred in October 2021 but was not discovered until December 2021. The attack affected Meyer and its subsidiaries, including Hestan Commercial Corp., Hestan Smart Cooking, Hestan Vineyards and Blue Mountain Enterprises LLC.
Risk to Business: 1.919= Severe
Employee personal information was snatched in this incident including their first and last name, address, date of birth, gender, race or ethnicity, Social Security number, health insurance information, medical information, driver’s license, passport or government-issued identification number, and Permanent Resident Card and information regarding immigration status.
How It Could Affect Your Business: Data that can be used to falsify identities is a valuable commodity on the dark web and cybercriminals never stop looking for soft targets that enable them to steal it.
The City of Baltimore
https://www.infosecurity-magazine.com/news/baltimore-conned-out-of-375k/Exploit: Business Email Compromise
The City of Baltimore: Municipality
Risk to Business: 1.251=Extreme
Buckle up because this is a saga. A report just released by the Office of the Inspector General (OIG) details a business email compromise disaster that ended up costing the city of Baltimore more than $375,000. In this incident, bad actors managed to change the bank details kept on file for a vendor who had an agreement with Baltimore’s Mayor’s Office of Children and Family Success (MOCFS). The cybercriminals contacted both MOCFS and Baltimore’s Bureau of Accounting and Payroll Services (BAPS) asking to have the vendor’s banking information updated to send payments to a different bank account at another financial institution. BAPS ultimately complied with the fraudster’s change request, then began sending electronic payments to the new address. You know how this one ends up. Ultimately, cybercriminals made off with $376,213.10. The vendor was not named, but the report noted that cybercriminals had gained access to the vendor’s email accounts through a phishing attack.
How It Could Affect Your Business: Business email compromise is the most dangerous cybercrime according to FBI IC3, 64x worse than ransomware. This is why.
The Internet Society (ISOC)
https://thecyberwire.com/newsletters/privacy-briefing/4/33Exploit: Misconfiguration
The Internet Society (ISOC): Non-Profit
Risk to Business: 2.776 = Moderate
Cybersecurity researchers recently announced the discovery of a trove of information belonging to ISOC in an unsecured Microsoft Azure blob. The blob was reported to contain contained millions of files with personal and login details belonging to ISOC members. ISOC has secured the blob but there’s no telling how long that data was exposed for or who may have seen it.
Risk to Business: 1.282= Moderate
The member data exposed includes members’ full names, preferred language, the account ID, donation history, login credentials, social media tokens, email and street addresses, genders and similar personal information.
How It Could Affect Your Business: Human error aka employee negligence is the biggest cause of a data breach because it’s what makes things like this happen.
Expeditors International
https://www.bleepingcomputer.com/news/security/expeditors-shuts-down-global-operations-after-likely-ransomware-attack/Exploit: Ransomware
Expeditors International: Logistics & Freight Forwarding
Risk to Business: 1.364 = Extreme
Expeditors International was hit by a ransomware attack over the President’s Day holiday weekend that has resulted in the company being forced to shut down most of its operations worldwide. First announced by the company on Sunday night, Expeditors International warned that services and systems may be offline until they can restore them from backups. The incident could snarl supply chains globally. Expeditors International handles warehousing and distribution, transportation, customs and compliance at 350 locations worldwide.
How it Could Affect Your Business: Supply chain disruption has been the name of the game for cybercriminals and freight forwarders on land and on the sea have been constantly targeted lately
OpenSea
https://www.cnbc.com/2022/02/20/nft-marketplace-opensea-is-investigating-a-phishing-hack.htmlExploit: Phishing
OpenSea: NFT Trading Marketplace
Risk to Business: 1.282=Extreme
Online NFT marketplace OpenSea has been embroiled in controversy after a cyberattack cost investors their NFT. There’s been a lot of back-and-forth on this one. A phishing attack perpetrated on the platform’s users is purportedly to blame for the incident that has so far left more than 30 of its users unable to access their NFTs, although some claims have been made on Twitter pointing to a flaw in the platform’s code. Reports say that the attacker has made somewhere between $1.7 – 2 million in Ethereum from selling some of the stolen NFTs. An estimated 254 tokens were stolen over three hours.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing is a danger to any business in any industry, and it can do massive damage as well as cost a fortune.
United Kingdom – National Health Service (NHS)
https://www.dailymail.co.uk/news/article-10531637/Tens-thousands-NHS-patients-private-medical-information-leaked-shocking-data-breach.htmlExploit: Third-Party Data Breach
National Health Service (NHS): National Healthcare Agency
Risk to Business: 2.919 = Moderate
A shocking report from the Daily Mail details the exposure of all sorts of sensitive data for thousands of patients served by the NHS. The information was exposed by an NHS service provider, PSL Print Management. Reports say that the exposed confidential files include hospital appointment letters for women’s health emergencies, test results of cervical screening and letters to parents of children needing urgent surgery. The information dates back as far as 2015, a huge no-no under data protection rules. The incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Third-party risk is a problem that will only continue growing worse for organizations as they increasingly farm out work to smaller specialty service providers.
Switzerland – The University of Neuchâtel
https://www.swissinfo.ch/eng/university-of-neuch%C3%A2tel-hit-by-cyberattack/47360432
Exploit: RansomwareThe University of Neuchâtel: Institution of Higher Learning
Risk to Business: 2.775 = Moderate
Swiss college The University of Neuchâtel is back online after a cyberattack that is likely ransomware knocked its systems out last week. The attack encrypted some systems making it impossible for students or employees to access materials and systems related to classwork. The university is unable to confirm if any data was stolen. Operations have since been restored.
How it Could Affect Your Business: Schools at every level have been battered by cybercrime since the start of the global pandemic.
Japan – Mizuno
https://www.bleepingcomputer.com/news/security/sports-brand-mizuno-hit-with-ransomware-attack-delaying-orders/Exploit: Ransomware
Mizuno: Sports Equipment and Sportswear Manufacturer
Risk to Business: 2.227 = Severe
Japanese brand Mizuno has experienced some business disruption after a ransomware attack on its US-based operations corporate network. The incident left the company facing phone outages and order delays as systems are restored. Customers have been left unable to place new orders or track orders in progress as well. No word on an expected timeline for restoration.
Customers Impacted: Unknown
How it Could Affect Your Business: Retailers have been experiencing a serious increase in ransomware attacks in the last 12 months.
Meyer Manufacturing Co. Ltd.
https://www.securityweek.com/cookware-distribution-giant-meyer-discloses-data-breachExploit: Ransomware
Meyer Manufacturing Co. Ltd.: Cookware Manufacturing & Distribution
Risk to Business: 2.177= Severe
Meyer Manufacturing Co. Ltd recently filed a data breach notification disclosing a ransomware attack that impacted employees of its distribution arm. Bleeping Computer reports that this attack is the work of the Conti ransomware group. In its disclosure, Meyer said the initial incident occurred in October 2021 but was not discovered until December 2021. The attack affected Meyer and its subsidiaries, including Hestan Commercial Corp., Hestan Smart Cooking, Hestan Vineyards and Blue Mountain Enterprises LLC.
Risk to Business: 1.919= Severe
Employee personal information was snatched in this incident including their first and last name, address, date of birth, gender, race or ethnicity, Social Security number, health insurance information, medical information, driver’s license, passport or government-issued identification number, and Permanent Resident Card and information regarding immigration status.
How It Could Affect Your Business: Data that can be used to falsify identities is a valuable commodity on the dark web and cybercriminals never stop looking for soft targets that enable them to steal it.
The City of Baltimore
https://www.infosecurity-magazine.com/news/baltimore-conned-out-of-375k/Exploit: Business Email Compromise
The City of Baltimore: Municipality
Risk to Business: 1.251=Extreme
Buckle up because this is a saga. A report just released by the Office of the Inspector General (OIG) details a business email compromise disaster that ended up costing the city of Baltimore more than $375,000. In this incident, bad actors managed to change the bank details kept on file for a vendor who had an agreement with Baltimore’s Mayor’s Office of Children and Family Success (MOCFS). The cybercriminals contacted both MOCFS and Baltimore’s Bureau of Accounting and Payroll Services (BAPS) asking to have the vendor’s banking information updated to send payments to a different bank account at another financial institution. BAPS ultimately complied with the fraudster’s change request, then began sending electronic payments to the new address. You know how this one ends up. Ultimately, cybercriminals made off with $376,213.10. The vendor was not named, but the report noted that cybercriminals had gained access to the vendor’s email accounts through a phishing attack.
How It Could Affect Your Business: Business email compromise is the most dangerous cybercrime according to FBI IC3, 64x worse than ransomware. This is why.
The Internet Society (ISOC)
https://thecyberwire.com/newsletters/privacy-briefing/4/33Exploit: Misconfiguration
The Internet Society (ISOC): Non-Profit
Risk to Business: 2.776 = Moderate
Cybersecurity researchers recently announced the discovery of a trove of information belonging to ISOC in an unsecured Microsoft Azure blob. The blob was reported to contain contained millions of files with personal and login details belonging to ISOC members. ISOC has secured the blob but there’s no telling how long that data was exposed for or who may have seen it.
Risk to Business: 1.282= Moderate
The member data exposed includes members’ full names, preferred language, the account ID, donation history, login credentials, social media tokens, email and street addresses, genders and similar personal information.
How It Could Affect Your Business: Human error aka employee negligence is the biggest cause of a data breach because it’s what makes things like this happen.
Expeditors International
https://www.bleepingcomputer.com/news/security/expeditors-shuts-down-global-operations-after-likely-ransomware-attack/Exploit: Ransomware
Expeditors International: Logistics & Freight Forwarding
Risk to Business: 1.364 = Extreme
Expeditors International was hit by a ransomware attack over the President’s Day holiday weekend that has resulted in the company being forced to shut down most of its operations worldwide. First announced by the company on Sunday night, Expeditors International warned that services and systems may be offline until they can restore them from backups. The incident could snarl supply chains globally. Expeditors International handles warehousing and distribution, transportation, customs and compliance at 350 locations worldwide.
How it Could Affect Your Business: Supply chain disruption has been the name of the game for cybercriminals and freight forwarders on land and on the sea have been constantly targeted lately
OpenSea
https://www.cnbc.com/2022/02/20/nft-marketplace-opensea-is-investigating-a-phishing-hack.htmlExploit: Phishing
OpenSea: NFT Trading Marketplace
Risk to Business: 1.282=Extreme
Online NFT marketplace OpenSea has been embroiled in controversy after a cyberattack cost investors their NFT. There’s been a lot of back-and-forth on this one. A phishing attack perpetrated on the platform’s users is purportedly to blame for the incident that has so far left more than 30 of its users unable to access their NFTs, although some claims have been made on Twitter pointing to a flaw in the platform’s code. Reports say that the attacker has made somewhere between $1.7 – 2 million in Ethereum from selling some of the stolen NFTs. An estimated 254 tokens were stolen over three hours.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing is a danger to any business in any industry, and it can do massive damage as well as cost a fortune.
United Kingdom – National Health Service (NHS)
https://www.dailymail.co.uk/news/article-10531637/Tens-thousands-NHS-patients-private-medical-information-leaked-shocking-data-breach.htmlExploit: Third-Party Data Breach
National Health Service (NHS): National Healthcare Agency
Risk to Business: 2.919 = Moderate
A shocking report from the Daily Mail details the exposure of all sorts of sensitive data for thousands of patients served by the NHS. The information was exposed by an NHS service provider, PSL Print Management. Reports say that the exposed confidential files include hospital appointment letters for women’s health emergencies, test results of cervical screening and letters to parents of children needing urgent surgery. The information dates back as far as 2015, a huge no-no under data protection rules. The incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Third-party risk is a problem that will only continue growing worse for organizations as they increasingly farm out work to smaller specialty service providers.
Switzerland – The University of Neuchâtel
https://www.swissinfo.ch/eng/university-of-neuch%C3%A2tel-hit-by-cyberattack/47360432
Exploit: RansomwareThe University of Neuchâtel: Institution of Higher Learning
Risk to Business: 2.775 = Moderate
Swiss college The University of Neuchâtel is back online after a cyberattack that is likely ransomware knocked its systems out last week. The attack encrypted some systems making it impossible for students or employees to access materials and systems related to classwork. The university is unable to confirm if any data was stolen. Operations have since been restored.
How it Could Affect Your Business: Schools at every level have been battered by cybercrime since the start of the global pandemic.
Japan – Mizuno
https://www.bleepingcomputer.com/news/security/sports-brand-mizuno-hit-with-ransomware-attack-delaying-orders/Exploit: Ransomware
Mizuno: Sports Equipment and Sportswear Manufacturer
Risk to Business: 2.227 = Severe
Japanese brand Mizuno has experienced some business disruption after a ransomware attack on its US-based operations corporate network. The incident left the company facing phone outages and order delays as systems are restored. Customers have been left unable to place new orders or track orders in progress as well. No word on an expected timeline for restoration.
Customers Impacted: Unknown
How it Could Affect Your Business: Retailers have been experiencing a serious increase in ransomware attacks in the last 12 months.
San Francisco 49ers
https://abcnews.go.com/Sports/wireStory/ransomware-gang-hacked-49ers-football-team-82865844Exploit: Ransomware
San Francisco 49ers: National Football League (NFL) Team
Risk to Business: 1.727= Severe
While everyone was focused on the big game last week, cybercriminals were focused on the San Francisco 49ers. The team was hit by a ransomware attack, purportedly by BlackByte. The cybercriminals claim they stole some of the football team’s financial data, invoices and other internal documents. The team stressed the fact that this event appeared to be limited to their corporate network and did not endanger any fan or stadium databases.
Customers Impacted: Unknown
How It Could Affect Your Business: Organizations in industries that have had historically poor security are attractive low-hanging fruit for cybercriminals.
EasyVote Solutions
https://www.govtech.com/security/georgia-voter-info-posted-online-after-software-company-breachExploit: Misconfiguration
EasyVote Solutions: Voting Software Company
Risk to Business: 1.561 =Severe
EasyVote Solutions has exposed some voter and poll worker data. The data was left unguarded and easily accessible on the internet. The software company says that exposed information does not include full voting records or registrations. The breach was discovered by South Carolina Law Enforcement Division (SLED) internet researchers. SLED and the FBI are investigating.
Individual Risk: 1.772 =Severe
Exposed data for voters can include names, addresses, races and dates of birth. Exposed data for poll workers may include those details plus identity documents, Social Security numbers and financial data.
How It Could Affect Your Business: Misconfiguration and sloppy security aren’t uncommon mistakes, but they’re always a problem and could be an expensive regulatory disaster in some industries.
Meter
https://www.zdnet.com/article/4-4-million-stolen-in-attack-on-blockchain-infrastructure-meter/Exploit: Hacking
Meter: De Fi Platform
Risk to Business: 1.279= Extreme
Another day, another DeFi hack. This time the victim was blockchain infrastructure company Meter. $4.4 million was stolen during a cyberattack on the Meter Passport platform in the form of 1391 ETH and 2.74 BTC. The incident also impacted Meter’s Moonriver Network. The company acknowledged the hack on Saturday, urging users not to trade unbacked meterBNB circulating on Moonriver. The company says that it plans to repay some investors and the incident is under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: De Fi continues to be a hotbed of hacking activity as cybercriminals seek quick scores of cryptocurrency, and there’s still no end to the danger in sight.
Memorial Hermann Health System
https://www.khou.com/article/news/local/memorial-hermann-cyberattack-security-breach/285-1cc8295d-48a4-452e-a6f2-1b4fd059f201Exploit: Third-Party Breach
Memorial Hermann Health System: Healthcare Provider
Risk to Business: 1.861 = Severe
Memorial Hermann Health System is notifying patients that their data has been exposed after a data security incident at one of their service providers, Advent Health Partners. That company has been investigating unauthorized activity on company email accounts related to Memorial Hermann data. The incident was first spotted in September 2021.
Individual Risk: 1.712 = Severe
An unauthorized third party accessed multiple files containing Memorial Hermann patients’ protected health information (PHI) that may include first names, last names, dates of birth, social security numbers, driver’s license numbers, financial information, health insurance information and treatment information.
How it Could Affect Your Business: Cybercriminals are poised to attack any company that handles or stores large amounts of valuable personal or health-related data.
Switzerland – Swissport International
https://securityaffairs.co/wordpress/127655/cyber-crime/swissport-international-ransomware-attack.htmlExploit: Ransomware
Swissport International: Aviation Services
Risk to Business: 2.171= Severe
Aviation services company Swissport International was struck with a ransomware attack that had a major impact on its operations, leading to flight delays for 22 flights out of Zurich Airport. The aviation company provides cargo handling, security, maintenance, cleaning and lounge hospitality at airports in 50 countries. The company’s website was back up and running quickly, and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against transportation and transportation infrastructure targets have been increasing as cybercriminals look for quick paydays.
Portugal – Vodafone
https://therecord.media/cyberattack-brings-down-vodafone-portugal-mobile-voice-and-tv-services/Exploit: Hacking
Vodafone: Communications Carrier
Risk to Business: 2.919 = Moderate
Wireless carrier Vodafone Portugal said that a substantial amount of its customer data services went offline for one overnight period following a cyberattack. The company’s 4G and 5G mobile networks, along with fixed voice, television, SMS and voice/digital answering services went down. The company says that customer data doesn’t appear to have been accessed or compromised. Some services still remain offline a week after the attack.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks against communications companies have been a major component of the recent wave of infrastructure and related hacking.
Croatia – A1 Hrvatska
Exploit: Unauthorized AccessA1 Hrvatska: Communications Carrier
Risk to Business: 1.904 = Severe
Croatian telecom A1 Hrvatska has disclosed a data security incident that led to the exposure of personal data for an estimated 200,000 customers. The company says that the exposure was due to unauthorized access to one of their user databases that contained sensitive personal information. The company was quick to specify that no consumer financial data was exposed. The incident has not affected A1 Hrvatska’s services or operations.
Individual Risk: 2.711 = Moderate
The customer information exposed includes users’ full names, personal identification numbers, physical addresses and telephone numbers.
How it Could Affect Your Business: Utilities/Infrastructure are at the top of the cybercriminal hit list these days, and companies in those sectors should take note.
Slovenia – Pop TV
https://therecord.media/cyber-attack-disrupts-slovenias-top-tv-station/Exploit: Ransomware
Pop TV: Television Network
Risk to Business: 1.2011 = Severe
Ransomware practitioners stole the show at Pop TV, Slovenia’s most popular TV channel. As a result news programs including the station’s news broadcast 24UR were unable to show any computer graphics. Particularly irksome for customers was the fact that the attack prevented new content from being added to the platform, impacting streaming any of its channels and live sporting events, such as the Winter Olympics. Slovenia’s Computer Emergency Response Team, SI-CERT is investigating.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals looking for fast money are likely to target businesses that are in time-sensitive industries.
New South Wales Department of Customer Service
https://www.smh.com.au/politics/federal/sensitive-business-addresses-among-500-000-published-in-covid-data-breach-20220214-p59wal.htmlExploit: Misconfiguration
New South Wales Department of Customer Service: Regional Government Agency
Risk to Business: 1.211 = Extreme
A real data exposure mess has brewed in New South Wales, Australia thanks to a government-run QR code-based COVID-19 check-in program. The COVID Safe Businesses and Organizations dataset was discovered loose on the internet and it included data for sensitive sites and organizations alongside data about run-of-the-mill companies. Some of the sensitive data posted gave details about the physical facilities and locations of prisons, critical infrastructure networks including power stations and tunnel entry sites as well as dozens of shelters and crisis accommodation centers. Even national security-related locations were exposed. In this program, businesses and organizations registered as COVID-safe to access a QR code for staff and customers to check-in at their physical locations. The program has been discontinued.
Customers Impacted: Unknown
How it Could Affect Your Business: Information is gold on the dark web. The locations of sensitive infrastructure targets will be circulating quickly and could easily fall into the wrong hands.
San Francisco 49ers
https://abcnews.go.com/Sports/wireStory/ransomware-gang-hacked-49ers-football-team-82865844Exploit: Ransomware
San Francisco 49ers: National Football League (NFL) Team
Risk to Business: 1.727= Severe
While everyone was focused on the big game last week, cybercriminals were focused on the San Francisco 49ers. The team was hit by a ransomware attack, purportedly by BlackByte. The cybercriminals claim they stole some of the football team’s financial data, invoices and other internal documents. The team stressed the fact that this event appeared to be limited to their corporate network and did not endanger any fan or stadium databases.
Customers Impacted: Unknown
How It Could Affect Your Business: Organizations in industries that have had historically poor security are attractive low-hanging fruit for cybercriminals.
EasyVote Solutions
https://www.govtech.com/security/georgia-voter-info-posted-online-after-software-company-breachExploit: Misconfiguration
EasyVote Solutions: Voting Software Company
Risk to Business: 1.561 =Severe
EasyVote Solutions has exposed some voter and poll worker data. The data was left unguarded and easily accessible on the internet. The software company says that exposed information does not include full voting records or registrations. The breach was discovered by South Carolina Law Enforcement Division (SLED) internet researchers. SLED and the FBI are investigating.
Individual Risk: 1.772 =Severe
Exposed data for voters can include names, addresses, races and dates of birth. Exposed data for poll workers may include those details plus identity documents, Social Security numbers and financial data.
How It Could Affect Your Business: Misconfiguration and sloppy security aren’t uncommon mistakes, but they’re always a problem and could be an expensive regulatory disaster in some industries.
Meter
https://www.zdnet.com/article/4-4-million-stolen-in-attack-on-blockchain-infrastructure-meter/Exploit: Hacking
Meter: De Fi Platform
Risk to Business: 1.279= Extreme
Another day, another DeFi hack. This time the victim was blockchain infrastructure company Meter. $4.4 million was stolen during a cyberattack on the Meter Passport platform in the form of 1391 ETH and 2.74 BTC. The incident also impacted Meter’s Moonriver Network. The company acknowledged the hack on Saturday, urging users not to trade unbacked meterBNB circulating on Moonriver. The company says that it plans to repay some investors and the incident is under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: De Fi continues to be a hotbed of hacking activity as cybercriminals seek quick scores of cryptocurrency, and there’s still no end to the danger in sight.
Memorial Hermann Health System
https://www.khou.com/article/news/local/memorial-hermann-cyberattack-security-breach/285-1cc8295d-48a4-452e-a6f2-1b4fd059f201Exploit: Third-Party Breach
Memorial Hermann Health System: Healthcare Provider
Risk to Business: 1.861 = Severe
Memorial Hermann Health System is notifying patients that their data has been exposed after a data security incident at one of their service providers, Advent Health Partners. That company has been investigating unauthorized activity on company email accounts related to Memorial Hermann data. The incident was first spotted in September 2021.
Individual Risk: 1.712 = Severe
An unauthorized third party accessed multiple files containing Memorial Hermann patients’ protected health information (PHI) that may include first names, last names, dates of birth, social security numbers, driver’s license numbers, financial information, health insurance information and treatment information.
How it Could Affect Your Business: Cybercriminals are poised to attack any company that handles or stores large amounts of valuable personal or health-related data.
Switzerland – Swissport International
https://securityaffairs.co/wordpress/127655/cyber-crime/swissport-international-ransomware-attack.htmlExploit: Ransomware
Swissport International: Aviation Services
Risk to Business: 2.171= Severe
Aviation services company Swissport International was struck with a ransomware attack that had a major impact on its operations, leading to flight delays for 22 flights out of Zurich Airport. The aviation company provides cargo handling, security, maintenance, cleaning and lounge hospitality at airports in 50 countries. The company’s website was back up and running quickly, and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against transportation and transportation infrastructure targets have been increasing as cybercriminals look for quick paydays.
Portugal – Vodafone
https://therecord.media/cyberattack-brings-down-vodafone-portugal-mobile-voice-and-tv-services/Exploit: Hacking
Vodafone: Communications Carrier
Risk to Business: 2.919 = Moderate
Wireless carrier Vodafone Portugal said that a substantial amount of its customer data services went offline for one overnight period following a cyberattack. The company’s 4G and 5G mobile networks, along with fixed voice, television, SMS and voice/digital answering services went down. The company says that customer data doesn’t appear to have been accessed or compromised. Some services still remain offline a week after the attack.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks against communications companies have been a major component of the recent wave of infrastructure and related hacking.
Croatia – A1 Hrvatska
Exploit: Unauthorized AccessA1 Hrvatska: Communications Carrier
Risk to Business: 1.904 = Severe
Croatian telecom A1 Hrvatska has disclosed a data security incident that led to the exposure of personal data for an estimated 200,000 customers. The company says that the exposure was due to unauthorized access to one of their user databases that contained sensitive personal information. The company was quick to specify that no consumer financial data was exposed. The incident has not affected A1 Hrvatska’s services or operations.
Individual Risk: 2.711 = Moderate
The customer information exposed includes users’ full names, personal identification numbers, physical addresses and telephone numbers.
How it Could Affect Your Business: Utilities/Infrastructure are at the top of the cybercriminal hit list these days, and companies in those sectors should take note.
Slovenia – Pop TV
https://therecord.media/cyber-attack-disrupts-slovenias-top-tv-station/Exploit: Ransomware
Pop TV: Television Network
Risk to Business: 1.2011 = Severe
Ransomware practitioners stole the show at Pop TV, Slovenia’s most popular TV channel. As a result news programs including the station’s news broadcast 24UR were unable to show any computer graphics. Particularly irksome for customers was the fact that the attack prevented new content from being added to the platform, impacting streaming any of its channels and live sporting events, such as the Winter Olympics. Slovenia’s Computer Emergency Response Team, SI-CERT is investigating.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals looking for fast money are likely to target businesses that are in time-sensitive industries.
New South Wales Department of Customer Service
https://www.smh.com.au/politics/federal/sensitive-business-addresses-among-500-000-published-in-covid-data-breach-20220214-p59wal.htmlExploit: Misconfiguration
New South Wales Department of Customer Service: Regional Government Agency
Risk to Business: 1.211 = Extreme
A real data exposure mess has brewed in New South Wales, Australia thanks to a government-run QR code-based COVID-19 check-in program. The COVID Safe Businesses and Organizations dataset was discovered loose on the internet and it included data for sensitive sites and organizations alongside data about run-of-the-mill companies. Some of the sensitive data posted gave details about the physical facilities and locations of prisons, critical infrastructure networks including power stations and tunnel entry sites as well as dozens of shelters and crisis accommodation centers. Even national security-related locations were exposed. In this program, businesses and organizations registered as COVID-safe to access a QR code for staff and customers to check-in at their physical locations. The program has been discontinued.
Customers Impacted: Unknown
How it Could Affect Your Business: Information is gold on the dark web. The locations of sensitive infrastructure targets will be circulating quickly and could easily fall into the wrong hands.
Morley Companies Inc.
https://www.safetydetectives.com/news/business-services-provider-morley-discloses-ransomware-attack/Exploit: Ransomware
Morley Companies Inc.: Business Services
Risk to Business: 1.507= Severe
Morley Companies, a business service provider to several Fortune 500 companies, announced that it had been hit with a ransomware attack that may have exposed sensitive information for more than 500,000 people. In a statement, the company said that “a ransomware-type malware had prevented access to some data files on our system beginning August 1, 2021, and there was an unauthorized access to some files that contained personal information.”, chalking up the delay in notifying possible victims of this exposure to the complexities of the incident investigation.
Individual Risk: 1.663= Severe
Morley Companies said the attack affected the information of “current employees, former employees and various clients.” The potentially compromised information leaked includes names, addresses, Social Security numbers, dates of birth, client identification numbers, medical diagnostic and treatment information and health insurance information. The company is offering credit monitoring and identity theft protection for victims.
How It Could Affect Your Business: Companies that store large quantities of personal or medical information are prime targets for the bad guys.
Civicom, Inc.
https://abcnews.go.com/International/wireStory/official-puerto-ricos-senate-targeted-cyberattack-82495236Exploit: Misconfiguration
Civicom Inc.: Business Services
Risk to Business: 2.017 =Severe
Civicom is in hot water after leaving 8 TB of data exposed in an unsecured AWS S3 bucket. The New York-based company specializes in virtual conferencing facilitation, transcription and research services. With offices in the United States, the Philippines and the United Kingdom. Ultimately, Civicom exposed records containing more than 100,000 files including thousands of hours of audio and video recordings containing private conversations as well as written transcripts of meetings and calls by the company’s clients.
Customers Impacted: Unknown
How It Could Affect Your Business: This is not an uncommon mistake, but it’s always a problem and could be an expensive regulatory disaster in some industries
Wormhole
https://indianexpress.com/article/technology/crypto/hackers-steal-nearly-320-million-worth-of-crypto-assets-from-wormhole-7758034/Exploit: Hacking
Wormhole: De Fi Platform
Risk to Business: 1.227= Extreme
Hackers swooped in and snatched up more than $320 million from De Fi platform wormhole this week. The DeFi platform, a bridge between cryptocurrency Solana (SOL) and other blockchains, was exploited for approximately 120,000 wrapped Ethereum in what is thought to be the second-largest cryptocurrency hack to date. Wormhole’s parent company Jump Crypto pledged to replace the 120,000 ether Wormhole lost. The company was quick to note that the crypto was stolen through exploiting a vulnerability in the platform, not taken from an Ethereum address and it was taken in 3 separate transactions.
Customers Impacted: Unknown
How It Could Affect Your Business: De Fi has been a hotbed of having activity as cybercriminals seek quick scores of cryptocurrency, and there’s no end to the danger in sight.
News Corp.
https://www.reuters.com/business/media-telecom/news-corp-says-one-its-network-systems-targeted-by-cyberattack-2022-02-04/Exploit: Nation-State Cybercrime
News Corp.: Media & Publishing Company
Risk to Business: 2.071 = Severe
Major media company News Corp. has disclosed that it was the target of a cyberattack by suspected Chinese nation-state hackers. The attack came to light in late January and affected News Corp. business units, including The Wall Street Journal and its parent company Dow Jones, the New York Post, News U.K. and News Corp. Headquarters. The hack affected emails and documents of what it described as a limited number of employees, including journalists. The incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Organizations should keep in mind the fact that the preferred weapon of nation-state cybercriminals is ransomware.
United Kingdom – KP Snacks
https://www.reuters.com/technology/hackers-hold-hula-hoops-hostage-cyber-raid-britains-kp-snacks-2022-02-03/Exploit: Ransomware
KP Snacks: Food Manufacturer
Risk to Business: 1.321= Extreme
Food company KP snacks, manufacturer of beloved British snacks like Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks, was hit with a ransomware attack in late January that may impact its production. Conti ransomware operators have claimed responsibility. The company informed retailers in early February that the attack had impacted its manufacturing and distribution, and that product shortages may continue into March.
Individual Risk: 1.304= Extreme
Researchers discovered samples of some of the data it had infiltrated on its dark web leak page, including confidential employee data such as home addresses and phone numbers, employment contracts, credit card statements and even birth certificates.
How it Could Affect Your Business: Ransomware attacks against manufacturing targets have become increasingly prominent as cybercriminals look for a quick payday from businesses that they shut down.
United Kingdom – British Council
https://portswigger.net/daily-swig/british-council-data-breach-leaks-10-000-student-recordsExploit: Misconfiguration
British Council: Cultural Promotion & Language Testing
Risk to Business: 2.919 = Moderate
British Council, the global organization for promoting British culture and administrators of the International English Language Testing System (IELTS) exam, leaked over 144,000 files containing student records due to an unsecured Microsoft Azure blob. Researchers determined that the blob contained the personal information of hundreds of thousands of British Council English course learners and students from around the world. The group points to a contractor as the culprit for the leak.
Risk to Business: 2.906 = Moderate
Exposed data includes a student’s full name, email address, student ID, student status, enrollment dates, duration of study and other information.
How it Could Affect Your Business: Cybercriminals have been having a field day going after education-related targets, a problem that is only growing worse.
Germany – Oiltanking
Exploit: RansomwareOiltanking: Fuel Storage
Risk to Business: 1.313 = Extreme
A ransomware attack has impacted German fuel tanking company Oiltanking. The company was ensnared in a massive ransomware attack that has disrupted operations at 17 European oil terminals including the busy Amsterdam-Rotterdam-Antwerp refining hub starting on January 29th. Other European companies are also involved including German oil trade company Mabanaft, SEA-Invest in Belgium and Evos in the Netherlands. The attack appears to have had the most impact on the processing, loading and unloading of cargoes. BlackCat ransomware is thought to be behind the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Infrastructure and utility attacks have become much more common – Utilities/Infrastructure was one of the top 3 industries for ransomware attacks in 2021.
Sweden – Securitas
https://www.zdnet.com/article/unsecured-aws-server-exposed-airport-employee-records-3tb-in-data/Exploit: Misconfiguration
Securitas: Security Company
Risk to Business: 1.2011 = Severe
Researchers have discovered an unsecured AW S3 bucket belonging to security company Securitas that left data exposed for airport employees in Colombia and Peru at four airports: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE). In addition to the exposed employee data, researchers also uncovered photographs of airline employees, planes, fuel lines, and luggage handling were in the bucket.
Individual Risk: 1.992 = Severe
The exposed records include ID card photos, names, photos, occupations, and national ID numbers for Securitas and airport employees.
How it Could Affect Your Business: Information is a currency on the dark web and cybercriminals are always hungry for more, especially personal and financial data.
Morley Companies Inc.
https://www.safetydetectives.com/news/business-services-provider-morley-discloses-ransomware-attack/Exploit: Ransomware
Morley Companies Inc.: Business Services
Risk to Business: 1.507= Severe
Morley Companies, a business service provider to several Fortune 500 companies, announced that it had been hit with a ransomware attack that may have exposed sensitive information for more than 500,000 people. In a statement, the company said that “a ransomware-type malware had prevented access to some data files on our system beginning August 1, 2021, and there was an unauthorized access to some files that contained personal information.”, chalking up the delay in notifying possible victims of this exposure to the complexities of the incident investigation.
Individual Risk: 1.663= Severe
Morley Companies said the attack affected the information of “current employees, former employees and various clients.” The potentially compromised information leaked includes names, addresses, Social Security numbers, dates of birth, client identification numbers, medical diagnostic and treatment information and health insurance information. The company is offering credit monitoring and identity theft protection for victims.
How It Could Affect Your Business: Companies that store large quantities of personal or medical information are prime targets for the bad guys.
Civicom, Inc.
https://abcnews.go.com/International/wireStory/official-puerto-ricos-senate-targeted-cyberattack-82495236Exploit: Misconfiguration
Civicom Inc.: Business Services
Risk to Business: 2.017 =Severe
Civicom is in hot water after leaving 8 TB of data exposed in an unsecured AWS S3 bucket. The New York-based company specializes in virtual conferencing facilitation, transcription and research services. With offices in the United States, the Philippines and the United Kingdom. Ultimately, Civicom exposed records containing more than 100,000 files including thousands of hours of audio and video recordings containing private conversations as well as written transcripts of meetings and calls by the company’s clients.
Customers Impacted: Unknown
How It Could Affect Your Business: This is not an uncommon mistake, but it’s always a problem and could be an expensive regulatory disaster in some industries
Wormhole
https://indianexpress.com/article/technology/crypto/hackers-steal-nearly-320-million-worth-of-crypto-assets-from-wormhole-7758034/Exploit: Hacking
Wormhole: De Fi Platform
Risk to Business: 1.227= Extreme
Hackers swooped in and snatched up more than $320 million from De Fi platform wormhole this week. The DeFi platform, a bridge between cryptocurrency Solana (SOL) and other blockchains, was exploited for approximately 120,000 wrapped Ethereum in what is thought to be the second-largest cryptocurrency hack to date. Wormhole’s parent company Jump Crypto pledged to replace the 120,000 ether Wormhole lost. The company was quick to note that the crypto was stolen through exploiting a vulnerability in the platform, not taken from an Ethereum address and it was taken in 3 separate transactions.
Customers Impacted: Unknown
How It Could Affect Your Business: De Fi has been a hotbed of having activity as cybercriminals seek quick scores of cryptocurrency, and there’s no end to the danger in sight.
News Corp.
https://www.reuters.com/business/media-telecom/news-corp-says-one-its-network-systems-targeted-by-cyberattack-2022-02-04/Exploit: Nation-State Cybercrime
News Corp.: Media & Publishing Company
Risk to Business: 2.071 = Severe
Major media company News Corp. has disclosed that it was the target of a cyberattack by suspected Chinese nation-state hackers. The attack came to light in late January and affected News Corp. business units, including The Wall Street Journal and its parent company Dow Jones, the New York Post, News U.K. and News Corp. Headquarters. The hack affected emails and documents of what it described as a limited number of employees, including journalists. The incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Organizations should keep in mind the fact that the preferred weapon of nation-state cybercriminals is ransomware.
United Kingdom – KP Snacks
https://www.reuters.com/technology/hackers-hold-hula-hoops-hostage-cyber-raid-britains-kp-snacks-2022-02-03/Exploit: Ransomware
KP Snacks: Food Manufacturer
Risk to Business: 1.321= Extreme
Food company KP snacks, manufacturer of beloved British snacks like Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks, was hit with a ransomware attack in late January that may impact its production. Conti ransomware operators have claimed responsibility. The company informed retailers in early February that the attack had impacted its manufacturing and distribution, and that product shortages may continue into March.
Individual Risk: 1.304= Extreme
Researchers discovered samples of some of the data it had infiltrated on its dark web leak page, including confidential employee data such as home addresses and phone numbers, employment contracts, credit card statements and even birth certificates.
How it Could Affect Your Business: Ransomware attacks against manufacturing targets have become increasingly prominent as cybercriminals look for a quick payday from businesses that they shut down.
United Kingdom – British Council
https://portswigger.net/daily-swig/british-council-data-breach-leaks-10-000-student-recordsExploit: Misconfiguration
British Council: Cultural Promotion & Language Testing
Risk to Business: 2.919 = Moderate
British Council, the global organization for promoting British culture and administrators of the International English Language Testing System (IELTS) exam, leaked over 144,000 files containing student records due to an unsecured Microsoft Azure blob. Researchers determined that the blob contained the personal information of hundreds of thousands of British Council English course learners and students from around the world. The group points to a contractor as the culprit for the leak.
Risk to Business: 2.906 = Moderate
Exposed data includes a student’s full name, email address, student ID, student status, enrollment dates, duration of study and other information.
How it Could Affect Your Business: Cybercriminals have been having a field day going after education-related targets, a problem that is only growing worse.
Germany – Oiltanking
Exploit: RansomwareOiltanking: Fuel Storage
Risk to Business: 1.313 = Extreme
A ransomware attack has impacted German fuel tanking company Oiltanking. The company was ensnared in a massive ransomware attack that has disrupted operations at 17 European oil terminals including the busy Amsterdam-Rotterdam-Antwerp refining hub starting on January 29th. Other European companies are also involved including German oil trade company Mabanaft, SEA-Invest in Belgium and Evos in the Netherlands. The attack appears to have had the most impact on the processing, loading and unloading of cargoes. BlackCat ransomware is thought to be behind the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Infrastructure and utility attacks have become much more common – Utilities/Infrastructure was one of the top 3 industries for ransomware attacks in 2021.
Sweden – Securitas
https://www.zdnet.com/article/unsecured-aws-server-exposed-airport-employee-records-3tb-in-data/Exploit: Misconfiguration
Securitas: Security Company
Risk to Business: 1.2011 = Severe
Researchers have discovered an unsecured AW S3 bucket belonging to security company Securitas that left data exposed for airport employees in Colombia and Peru at four airports: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE). In addition to the exposed employee data, researchers also uncovered photographs of airline employees, planes, fuel lines, and luggage handling were in the bucket.
Individual Risk: 1.992 = Severe
The exposed records include ID card photos, names, photos, occupations, and national ID numbers for Securitas and airport employees.
How it Could Affect Your Business: Information is a currency on the dark web and cybercriminals are always hungry for more, especially personal and financial data.
Advocates
https://www.scmagazine.com/analysis/breach/68k-affected-by-data-theft-sophisticated-network-hack-of-nonprofit-advocatesExploit: Hacking
Advocates: Health & Social Services Non-Profit
Risk to Business: 1.727= Severe
Advocates announced that it had been the victim of a cyberattack. A hacker gained access to the organization’s network in mid-September 2021. The attacker gained access to data tied to 68,000 clients served by Advocates and likely copied the data. The Massachusetts-based non-profit provides a range of services for individuals with autism, brain injuries, mental health, addiction, and other health conditions. Advocates is cooperating with the ongoing FBI investigation.
Individual Risk: 1.603= Severe
Current and former clients of Advocates are at risk of having their data exposed in this incident. The stolen data included names, contacts, Social Security numbers, dates of birth, client identification numbers, health insurance information, diagnoses and treatments. All impacted individuals will receive free credit monitoring and identity theft protection services.
How It Could Affect Your Business: Companies that store large quantities of personal or medical information are prime targets for the bad guys.
Senate of Puerto Rico
https://abcnews.go.com/International/wireStory/official-puerto-ricos-senate-targeted-cyberattack-82495236Exploit: Hacking
Senate of Puerto Rico: State Legislative Body
Risk to Business: 2.223 =Severe
Puerto Rico’s Senate announced Wednesday that it was the target of a cyberattack that disabled its internet provider, phone system and official online page Senate President José Luis Dalmau said in a statement that there is no evidence that hackers were able to access sensitive information belonging to employees, contractors or consultants, although the incident is still under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: Cyberattacks o government agencies have been ramping up in recent months without the impetus of added tension in Eastern Europe.
Kings County Public Health Department
https://portswigger.net/daily-swig/california-public-office-admits-covid-19-healthcare-data-breachExploit: Misconfiguration
Kings County California Public Health Department: Local Government Agency
Risk to Business: 2.711= Moderate
Kings County, California announced that the security flaw in its public webserver made limited information on COVID-19 cases available on the internet. The misconfiguration has been chalked up to a negligent third-party contractor. Discovered in mid-November 2021, officials say that the flaw was in place starting on February 15, 2021, and was corrected on December 6, 2021.
Individual Risk: 2.701= Moderate
In a statement, the county said that names, dates of birth, addresses and COVID-related health information for county COVID-19 cases was among the data that was available to view. They’ve set up a dedicated call center to answer questions from the public.
How It Could Affect Your Business: Misconfiguration incidents due to employee or contractor negligence are just as expensive and damaging as cybercrime when regulators get finished with companies that have them.
Canada – Global Affairs Canada
https://www.bleepingcomputer.com/news/security/canadas-foreign-affairs-ministry-hacked-some-services-down/Exploit: Hacking
Global Affairs Canada: National Government Agency
Risk to Business: 1.719 = Severe
Global Affairs Canada (GAK) Canada’s foreign affairs ministry has announced that it was the victim of an unnamed cyberattack on January 19, 2022. The Treasury Board of Canada Secretariat (TBS), Shared Services Canada, and Communications Security Establishment confirmed the incident in a joint statement. GAC says that critical services remain accessible, but some online services are unavailable as the recovery efforts continue. No information has been released about the identity of the attackers or the specific attack type, a subject of interest at a time of heightened risk for nation-state cyber activity.
Customers Impacted: Unknown
How it Could Affect Your Business: Organizations should keep in mind the fact that the preferred weapon of nation-state cybercriminals is ransomware.
United Kingdom – Qubit Finance
https://therecord.media/qubit-finance-platform-hacked-for-80-million-worth-of-cryptocurrency/Exploit: Hacking
Qubit Finance: De Fi Platform
Risk to Business: 1.204= Extreme
A threat actor has stolen approximately $80 million from Qubit Finance after exploiting a flaw in the De Fi platform. Qubit said the attacker was able to steal 206,809 Binance coins (BNB) from its wallet on January 27, 2022. The hacker used a vulnerability in one of its Ethereum blockchain contracts to do the deed. The company has issued a public plea for the threat actor to return the stolen funds, asking them to get in contact with its team to “disclose the bug and receive a bounty reward”. This is sometimes used as a means of circumventing legal trouble for paying a ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: DeFi has been buried under an avalanche of cybercrime lately and there doesn’t appear to be an end in sight.
France – Ministry of Justice (Chancellerie)
https://www.securityweek.com/french-ministry-justice-targeted-ransomware-attackExploit: Ransomware
Ministry of Justice: National Government Agency
Risk to Business: 2.876 = Moderate
An outfit that identifies themselves as LockBit 2.0 posted a message on their dark web leak site claiming to have hit the French Ministry of Justice’s systems, making off with data. The hackers did not specify what data was stolen or how much, but they are threatening to expose it in early February if they’re not paid an unspecified ransom. The ministry’s press office has told reporters that it is aware of the claim and that an investigation has been launched.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals have been having a field day going after government agencies, a problem that is only growing worse.
Belarus – Belarusian Railways
https://therecord.media/cyber-partisans-hacktivists-claim-credit-for-cyberattack-on-belarusian-railways/Exploit: Hacking
Belarusian Railways: Rail Transportation Authority
Risk to Business: 1.806 = Severe
As tensions mount in Eastern Europe, the hacktivist group “ Cyber Partisans” announced on Twitter that they had disrupted networks and databases related to the national rail system in Belarus on January 31, 2022. The group demanded the release of political prisoners and a guarantee preventing the use of railway transportation infrastructure to support Russian troop movements. The railroad’s website appears to confirm that online resources and systems related to issuing electronic tickets are not operational. No further details of the incident were available at press time.
Customers Impacted:
How it Could Affect Your Business: International tensions are rising, creating more opportunities for activism and nation-state cybercrime.
South Africa – Curo Fund Services
Exploit: RansomwareCuro Fund Services: Financial Services
Risk to Business: 1.621 = Severe
Curo Fund Services, South Africa’s biggest provider of investment administration services, was the victim of a ransomware attack that left the company unable to access its systems for five days. The company assured clients that no money was at risk and their sensitive data was not in jeopardy. The attack prevented Curo’s clients from processing investment-related instructions or offering other services through the company’s platform. The incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: The financial sector has been a huge target for ransomware groups, from De Fi platforms to investment banking houses, and companies should be very cautious.
Singapore – Delta Electronics
https://thestack.technology/delta-electronics-ransomware-attack/?amp=1Exploit: Ransomware
Delta Electronics: Computer Hardware Manufacturing
Risk to Business: 1.771 = Severe
Delta Electronics has disclosed that it was the victim of a ransomware attack. The company, a supplier of power management products for Dell and HP, says that they are experiencing technical difficulties that have been limited to non-critical networks. Reports say that customer support and service sites for the US and EMEA clients were unavailable for about 10 days after the attack. An unnamed threat actor has claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: Epic supply chain problems have manufacturers under stress, and cybercriminals love to take advantage of a bad situation.
Advocates
https://www.scmagazine.com/analysis/breach/68k-affected-by-data-theft-sophisticated-network-hack-of-nonprofit-advocatesExploit: Hacking
Advocates: Health & Social Services Non-Profit
Risk to Business: 1.727= Severe
Advocates announced that it had been the victim of a cyberattack. A hacker gained access to the organization’s network in mid-September 2021. The attacker gained access to data tied to 68,000 clients served by Advocates and likely copied the data. The Massachusetts-based non-profit provides a range of services for individuals with autism, brain injuries, mental health, addiction, and other health conditions. Advocates is cooperating with the ongoing FBI investigation.
Individual Risk: 1.603= Severe
Current and former clients of Advocates are at risk of having their data exposed in this incident. The stolen data included names, contacts, Social Security numbers, dates of birth, client identification numbers, health insurance information, diagnoses and treatments. All impacted individuals will receive free credit monitoring and identity theft protection services.
How It Could Affect Your Business: Companies that store large quantities of personal or medical information are prime targets for the bad guys.
Senate of Puerto Rico
https://abcnews.go.com/International/wireStory/official-puerto-ricos-senate-targeted-cyberattack-82495236Exploit: Hacking
Senate of Puerto Rico: State Legislative Body
Risk to Business: 2.223 =Severe
Puerto Rico’s Senate announced Wednesday that it was the target of a cyberattack that disabled its internet provider, phone system and official online page Senate President José Luis Dalmau said in a statement that there is no evidence that hackers were able to access sensitive information belonging to employees, contractors or consultants, although the incident is still under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: Cyberattacks o government agencies have been ramping up in recent months without the impetus of added tension in Eastern Europe.
Kings County Public Health Department
https://portswigger.net/daily-swig/california-public-office-admits-covid-19-healthcare-data-breachExploit: Misconfiguration
Kings County California Public Health Department: Local Government Agency
Risk to Business: 2.711= Moderate
Kings County, California announced that the security flaw in its public webserver made limited information on COVID-19 cases available on the internet. The misconfiguration has been chalked up to a negligent third-party contractor. Discovered in mid-November 2021, officials say that the flaw was in place starting on February 15, 2021, and was corrected on December 6, 2021.
Individual Risk: 2.701= Moderate
In a statement, the county said that names, dates of birth, addresses and COVID-related health information for county COVID-19 cases was among the data that was available to view. They’ve set up a dedicated call center to answer questions from the public.
How It Could Affect Your Business: Misconfiguration incidents due to employee or contractor negligence are just as expensive and damaging as cybercrime when regulators get finished with companies that have them.
Canada – Global Affairs Canada
https://www.bleepingcomputer.com/news/security/canadas-foreign-affairs-ministry-hacked-some-services-down/Exploit: Hacking
Global Affairs Canada: National Government Agency
Risk to Business: 1.719 = Severe
Global Affairs Canada (GAK) Canada’s foreign affairs ministry has announced that it was the victim of an unnamed cyberattack on January 19, 2022. The Treasury Board of Canada Secretariat (TBS), Shared Services Canada, and Communications Security Establishment confirmed the incident in a joint statement. GAC says that critical services remain accessible, but some online services are unavailable as the recovery efforts continue. No information has been released about the identity of the attackers or the specific attack type, a subject of interest at a time of heightened risk for nation-state cyber activity.
Customers Impacted: Unknown
How it Could Affect Your Business: Organizations should keep in mind the fact that the preferred weapon of nation-state cybercriminals is ransomware.
United Kingdom – Qubit Finance
https://therecord.media/qubit-finance-platform-hacked-for-80-million-worth-of-cryptocurrency/Exploit: Hacking
Qubit Finance: De Fi Platform
Risk to Business: 1.204= Extreme
A threat actor has stolen approximately $80 million from Qubit Finance after exploiting a flaw in the De Fi platform. Qubit said the attacker was able to steal 206,809 Binance coins (BNB) from its wallet on January 27, 2022. The hacker used a vulnerability in one of its Ethereum blockchain contracts to do the deed. The company has issued a public plea for the threat actor to return the stolen funds, asking them to get in contact with its team to “disclose the bug and receive a bounty reward”. This is sometimes used as a means of circumventing legal trouble for paying a ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: DeFi has been buried under an avalanche of cybercrime lately and there doesn’t appear to be an end in sight.
France – Ministry of Justice (Chancellerie)
https://www.securityweek.com/french-ministry-justice-targeted-ransomware-attackExploit: Ransomware
Ministry of Justice: National Government Agency
Risk to Business: 2.876 = Moderate
An outfit that identifies themselves as LockBit 2.0 posted a message on their dark web leak site claiming to have hit the French Ministry of Justice’s systems, making off with data. The hackers did not specify what data was stolen or how much, but they are threatening to expose it in early February if they’re not paid an unspecified ransom. The ministry’s press office has told reporters that it is aware of the claim and that an investigation has been launched.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals have been having a field day going after government agencies, a problem that is only growing worse.
Belarus – Belarusian Railways
https://therecord.media/cyber-partisans-hacktivists-claim-credit-for-cyberattack-on-belarusian-railways/Exploit: Hacking
Belarusian Railways: Rail Transportation Authority
Risk to Business: 1.806 = Severe
As tensions mount in Eastern Europe, the hacktivist group “ Cyber Partisans” announced on Twitter that they had disrupted networks and databases related to the national rail system in Belarus on January 31, 2022. The group demanded the release of political prisoners and a guarantee preventing the use of railway transportation infrastructure to support Russian troop movements. The railroad’s website appears to confirm that online resources and systems related to issuing electronic tickets are not operational. No further details of the incident were available at press time.
Customers Impacted:
How it Could Affect Your Business: International tensions are rising, creating more opportunities for activism and nation-state cybercrime.
South Africa – Curo Fund Services
Exploit: RansomwareCuro Fund Services: Financial Services
Risk to Business: 1.621 = Severe
Curo Fund Services, South Africa’s biggest provider of investment administration services, was the victim of a ransomware attack that left the company unable to access its systems for five days. The company assured clients that no money was at risk and their sensitive data was not in jeopardy. The attack prevented Curo’s clients from processing investment-related instructions or offering other services through the company’s platform. The incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: The financial sector has been a huge target for ransomware groups, from De Fi platforms to investment banking houses, and companies should be very cautious.
Singapore – Delta Electronics
https://thestack.technology/delta-electronics-ransomware-attack/?amp=1Exploit: Ransomware
Delta Electronics: Computer Hardware Manufacturing
Risk to Business: 1.771 = Severe
Delta Electronics has disclosed that it was the victim of a ransomware attack. The company, a supplier of power management products for Dell and HP, says that they are experiencing technical difficulties that have been limited to non-critical networks. Reports say that customer support and service sites for the US and EMEA clients were unavailable for about 10 days after the attack. An unnamed threat actor has claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: Epic supply chain problems have manufacturers under stress, and cybercriminals love to take advantage of a bad situation.
RR Donnelly
https://www.bleepingcomputer.com/news/security/marketing-giant-rrd-confirms-data-theft-in-conti-ransomware-attack/Exploit: Ransomware
RR Donnelly: Marketing & Communications Firm
Risk to Business: 1.227= Severe
Major marketing company RR Donnelly has disclosed that they had data stolen in a December cyberattack attributed to ransomware. The Conti ransomware group is suspected to be to blame. In the attack on December 27, 2021, the company experienced a systems intrusion that led it to shut down its network to prevent the attack’s spread. That led to disruptions for customers, with some unable to receive printed documents required for vendor payments, disbursement checks and motor vehicle documentation. The Conti ransomware gang claimed responsibility on January 15 and began leaking 2.5GB of the stolen data that has since been removed.
Customers Impacted: Unknown
How It Could Affect Your Business: A recent rash of ransomware attacks against media and communications organizations should have everyone in that sector on notice.
Strategic Benefits Advisors, Inc
https://www.jdsupra.com/legalnews/data-breach-alert-strategic-benefits-8267696/
Exploit: HackingStrategic Benefits Advisors: Human Resources Consulting Firm
Risk to Business: 2.223 =Severe
In a recent legal filing, Strategic Benefits Advisors disclosed that an unauthorized third party had gained access to its data and may have removed several files containing consumer information. The Georgia-based company provides full-service employee benefits consulting for companies in many industries.
Individual Risk: 2.419=Severe
Strategic Benefits Advisors sent breach notification letters to more than 58,000 people to inform them of the exposure which the company says was limited to full names and Social Security numbers.
How It Could Affect Your Business: Hackers have been especially interested in breaching companies that maintain large stores of data for other companies lately.
City of Tenino, Washington
https://www.govtech.com/security/washington-city-loses-280-309-to-successful-phishing-scamExploit: Phishing/BEC
City of Tenino, Washington: Municipality
Risk to Business: 1.717= Severe
The City of Tenino, Washington is down $280,309 in public funds according to the Washington State Auditor’s Office after a city employee fell for a phishing message that launched a business email compromise scam. Reports say that former Clerk Treasurer John Millard fell victim to a phishing message and paid cybercriminals a boatload of money, some without city council approval. The official reportedly initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts. News outlets are also reporting that a warning was sent out to clerks about the phishing scam immediately but that didn’t stop this disaster from happening.
Customers Impacted: Unknown
How It Could Affect Your Business: BEC is the most expensive cybercrime according to the FBI, 64X more expensive than ransomware – and it usually starts with phishing.
Switzerland – The International Red Cross
https://www.npr.org/2022/01/20/1074405423/red-cross-cyberattackExploit: Third Party/Supply Chain
The International Red Cross: Humanitarian Aid Organization
Risk to Business: 1.719 = Severe
The International Committee of the Red Cross has revealed that hackers have stolen data from a Swiss contractor that stores it for them. The stolen data includes information about over 515,000 highly vulnerable people that it has served, recipients of aid and services from at least 60 affiliates of the organization worldwide. The Red Cross says it typically reunites 12 missing people with their families every day through that program. As a result of this cyberattack, The International Red Cross has been forced to temporarily halt a program that reunites families torn apart by violence, migration or other tragedies. A spokesperson for the ICRC told news outlets that there have been no demands from the hackers in exchange for stolen data and that they were working with specialized firms to recover.
Customers Impacted: Unknown
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
Italy – Montcler
https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/Exploit: Ransomware
Montcler: Luxury Fashion & Outerwear
Risk to Business: 1.727= Severe
Luxury retailer Montcler has disclosed that it suffered a data breach in December 2021 after data began appearing on a cybercriminal leak site. The company confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was stolen and subsequently leaked after they refused to pay the demanded $3 million ransom. The AlphaV (BlackCat) ransomware operation has claimed responsibility. The stolen data is said to include earning statements, spreadsheets with what appears to be customer information, invoices and other documents, but no specifics were provided.
Customers Impacted: Unknown
How it Could Affect Your Business: retailers have been steadily climbing the cybercriminal’s target hit list, especially luxury brands and specialty retailers.
New Zealand- Kings Plant Barn
https://www.nzherald.co.nz/business/kings-plant-barn-the-latest-retailer-hit-by-click-and-collect-data-breach/HJ45OFWAJ7NGGICU4THWBEZYOI/Exploit: Third Party/Supply Chain
Kings Plant Barn: Garden Retailer
Risk to Business: 1.677 = Severe
Kings Plant Barn is notifying customers that it has experienced a data breach after a data security incident at FlexBooker. The garden chain says that client names, email addresses and collection times were exposed but not passwords or other sensitive data. FlexBooker experienced an attack before the holidays that resulted in the theft of more than three million user records. The platform is used for scheduling and employee calendar management by small businesses like doctor’s offices, real estate companies, service sector businesses and similar companies.
Customers Impacted: Unknown
How it Could Affect Your Business: In an increasingly interconnected world, SMBs need to be prepared for the security risks that they may face from a service provider’s security incident.
Singapore – Crypto.com
https://www.vice.com/en/article/epxb8m/crypto-protocol-publicly-announces-flaw-users-relentlessly-owned-by-hackersExploit: Hacking
Crypto.com: Cryptocurrency Trading Platform
Risk to Business: 1.806 = Severe
Crypto.com, a platform that allows users to swap tokens between blockchains, publicly announced an incident in which a flaw in the platform’s security allowed cybercriminals to snatch an estimated $31 million in cryptocurrency. The company disclosed that 483 users were impacted by unauthorized cryptocurrency withdrawals on their accounts amounting to 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies. In response to this incident, the company is adjusting its protocols to include safeguards like requiring all customers to re-login and set up their 2FA token to ensure only authorized activity would occur and a new policy where the first withdrawal to a whitelisted address must wait 24 hours among other measures.
Customers Impacted: 483
How it Could Affect Your Business: The financial industry has been besieged by cybercriminals and nothing si taking more of a beating than cryptocurrency and DeFi.
Indonesia – Bank Indonesia
https://www.bleepingcomputer.com/news/security/indonesias-central-bank-confirms-ransomware-attack-conti-leaks-data/Exploit: Ransomware
Bank Indonesia: Financial Institution
Risk to Business: 2.721 = Moderate
Bank Indonesia (BI), the central bank of the Republic of Indonesia, confirmed that a ransomware attack hit its networks last month. In a statement, BI said that their operational activities were not disrupted. CNN reported that the hackers made off with non-critical data belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank’s network. Conti has claimed responsibility. It claims to have 13.88 GB worth of documents and leaked a sample of files allegedly stolen from Bank Indonesia’s network as proof.
Customers Impacted: Unknown
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
RR Donnelly
https://www.bleepingcomputer.com/news/security/marketing-giant-rrd-confirms-data-theft-in-conti-ransomware-attack/Exploit: Ransomware
RR Donnelly: Marketing & Communications Firm
Risk to Business: 1.227= Severe
Major marketing company RR Donnelly has disclosed that they had data stolen in a December cyberattack attributed to ransomware. The Conti ransomware group is suspected to be to blame. In the attack on December 27, 2021, the company experienced a systems intrusion that led it to shut down its network to prevent the attack’s spread. That led to disruptions for customers, with some unable to receive printed documents required for vendor payments, disbursement checks and motor vehicle documentation. The Conti ransomware gang claimed responsibility on January 15 and began leaking 2.5GB of the stolen data that has since been removed.
Customers Impacted: Unknown
How It Could Affect Your Business: A recent rash of ransomware attacks against media and communications organizations should have everyone in that sector on notice.
Strategic Benefits Advisors, Inc
https://www.jdsupra.com/legalnews/data-breach-alert-strategic-benefits-8267696/
Exploit: HackingStrategic Benefits Advisors: Human Resources Consulting Firm
Risk to Business: 2.223 =Severe
In a recent legal filing, Strategic Benefits Advisors disclosed that an unauthorized third party had gained access to its data and may have removed several files containing consumer information. The Georgia-based company provides full-service employee benefits consulting for companies in many industries.
Individual Risk: 2.419=Severe
Strategic Benefits Advisors sent breach notification letters to more than 58,000 people to inform them of the exposure which the company says was limited to full names and Social Security numbers.
How It Could Affect Your Business: Hackers have been especially interested in breaching companies that maintain large stores of data for other companies lately.
City of Tenino, Washington
https://www.govtech.com/security/washington-city-loses-280-309-to-successful-phishing-scamExploit: Phishing/BEC
City of Tenino, Washington: Municipality
Risk to Business: 1.717= Severe
The City of Tenino, Washington is down $280,309 in public funds according to the Washington State Auditor’s Office after a city employee fell for a phishing message that launched a business email compromise scam. Reports say that former Clerk Treasurer John Millard fell victim to a phishing message and paid cybercriminals a boatload of money, some without city council approval. The official reportedly initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts. News outlets are also reporting that a warning was sent out to clerks about the phishing scam immediately but that didn’t stop this disaster from happening.
Customers Impacted: Unknown
How It Could Affect Your Business: BEC is the most expensive cybercrime according to the FBI, 64X more expensive than ransomware – and it usually starts with phishing.
Switzerland – The International Red Cross
https://www.npr.org/2022/01/20/1074405423/red-cross-cyberattackExploit: Third Party/Supply Chain
The International Red Cross: Humanitarian Aid Organization
Risk to Business: 1.719 = Severe
The International Committee of the Red Cross has revealed that hackers have stolen data from a Swiss contractor that stores it for them. The stolen data includes information about over 515,000 highly vulnerable people that it has served, recipients of aid and services from at least 60 affiliates of the organization worldwide. The Red Cross says it typically reunites 12 missing people with their families every day through that program. As a result of this cyberattack, The International Red Cross has been forced to temporarily halt a program that reunites families torn apart by violence, migration or other tragedies. A spokesperson for the ICRC told news outlets that there have been no demands from the hackers in exchange for stolen data and that they were working with specialized firms to recover.
Customers Impacted: Unknown
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
Italy – Montcler
https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/Exploit: Ransomware
Montcler: Luxury Fashion & Outerwear
Risk to Business: 1.727= Severe
Luxury retailer Montcler has disclosed that it suffered a data breach in December 2021 after data began appearing on a cybercriminal leak site. The company confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was stolen and subsequently leaked after they refused to pay the demanded $3 million ransom. The AlphaV (BlackCat) ransomware operation has claimed responsibility. The stolen data is said to include earning statements, spreadsheets with what appears to be customer information, invoices and other documents, but no specifics were provided.
Customers Impacted: Unknown
How it Could Affect Your Business: retailers have been steadily climbing the cybercriminal’s target hit list, especially luxury brands and specialty retailers.
New Zealand- Kings Plant Barn
https://www.nzherald.co.nz/business/kings-plant-barn-the-latest-retailer-hit-by-click-and-collect-data-breach/HJ45OFWAJ7NGGICU4THWBEZYOI/Exploit: Third Party/Supply Chain
Kings Plant Barn: Garden Retailer
Risk to Business: 1.677 = Severe
Kings Plant Barn is notifying customers that it has experienced a data breach after a data security incident at FlexBooker. The garden chain says that client names, email addresses and collection times were exposed but not passwords or other sensitive data. FlexBooker experienced an attack before the holidays that resulted in the theft of more than three million user records. The platform is used for scheduling and employee calendar management by small businesses like doctor’s offices, real estate companies, service sector businesses and similar companies.
Customers Impacted: Unknown
How it Could Affect Your Business: In an increasingly interconnected world, SMBs need to be prepared for the security risks that they may face from a service provider’s security incident.
Singapore – Crypto.com
https://www.vice.com/en/article/epxb8m/crypto-protocol-publicly-announces-flaw-users-relentlessly-owned-by-hackersExploit: Hacking
Crypto.com: Cryptocurrency Trading Platform
Risk to Business: 1.806 = Severe
Crypto.com, a platform that allows users to swap tokens between blockchains, publicly announced an incident in which a flaw in the platform’s security allowed cybercriminals to snatch an estimated $31 million in cryptocurrency. The company disclosed that 483 users were impacted by unauthorized cryptocurrency withdrawals on their accounts amounting to 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies. In response to this incident, the company is adjusting its protocols to include safeguards like requiring all customers to re-login and set up their 2FA token to ensure only authorized activity would occur and a new policy where the first withdrawal to a whitelisted address must wait 24 hours among other measures.
Customers Impacted: 483
How it Could Affect Your Business: The financial industry has been besieged by cybercriminals and nothing si taking more of a beating than cryptocurrency and DeFi.
Indonesia – Bank Indonesia
https://www.bleepingcomputer.com/news/security/indonesias-central-bank-confirms-ransomware-attack-conti-leaks-data/Exploit: Ransomware
Bank Indonesia: Financial Institution
Risk to Business: 2.721 = Moderate
Bank Indonesia (BI), the central bank of the Republic of Indonesia, confirmed that a ransomware attack hit its networks last month. In a statement, BI said that their operational activities were not disrupted. CNN reported that the hackers made off with non-critical data belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank’s network. Conti has claimed responsibility. It claims to have 13.88 GB worth of documents and leaked a sample of files allegedly stolen from Bank Indonesia’s network as proof.
Customers Impacted: Unknown
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
Medical Review Institute of America (MRIoA)
https://www.securityweek.com/mrioa-discloses-data-breach-affecting-134000-peopleExploit: Ransomware
Medical Review Institute of America (MRIoA): Medical Analytics
Risk to Business: 1.227= Severe
Utah-based medical information and analysis company Medical Review Institute of America (MRIoA) announced that it has experienced a data breach. The incident was discovered on November 9, 2021, and officials were able to confirm that data had been stolen by November 16, 2021. In a data breach filing, the company said that over 134,000 individuals were impacted by the incident which is still under investigation. The company did say that it “retrieved and subsequently confirmed the deletion of” stolen data, but no information was released about a ransom amount or if they paid the ransom.
Risk to Business: 1.801= Severe
Protected health information was snatched including patients’ names, gender, physical and email addresses, phone numbers, birth dates, Social Security numbers, full clinical information (including diagnosis, treatment, medical history, and lab test results) and financial information (such as health insurance policy and group plan number).
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
The Metropolitan Detention Center (MDC)
https://www.techtimes.com/articles/270004/20220103/hospital-data-breach-personal-info-1-3-million-patients-staff-data-breach.htmExploit: Ransomware
The Metropolitan Detention Center (MDC): Prison
Risk to Business: 2.223 =Severe
New Mexico prison officials had a problem on their hands as a ransomware attack impacted county computer systems resulting in a lockdown of the Metropolitan Detention Center (MDC) in Bernalillo County, New Mexico. The prison was not directly targeted. Inmates were forced to stay in their cells since the attack impacted the facility’s security camera networks, automated doors and internet service. Inmates and jailors were also unable to videoconference for trials. Reports say that a number of databases are suspected of being compromised or corrupted including an incident tracker which records inmate fights, attacks, as well as allegations of prison rape and sexual assault.
Risk to Business: 2.419=Severe
The exposed personal data for patients and former patients at Broward health may include Social Security numbers, bank or financial account information, driver’s license numbers, names, addresses, telephone numbers and hospital payment account information. Protected health information including medical information like care history, condition, treatment and diagnosis records may also have been exposed.
How It Could Affect Your Business: Ransomware can cause serious operational problems in unexpected places in today’s connected world.
Illuminate Education
https://nypost.com/2022/01/15/nyc-schools-crippled-by-illuminate-educations-data-outage/Exploit: Hacking
Illuminate Education: Education Platform
Risk to Business: 1.717= Severe
Illuminate Education, a digital education platform used by 5,200 schools and districts in the US, is still struggling to resume services after a cyberattack. The company owns popular school management platforms Skedula and PupilPath. Illuminate Education says it has continued experiencing a service interruption affecting all IO Classroom applications for nearly 10 days following an unspecified security incident. Investigation and recovery are underway, but the platform has not provided a recent update on the expected timeline.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals have been all over targets in the education sector including companies that serve it. Companies should use caution.
TransCredit
https://www.websiteplanet.com/blog/transcredit-leak-report/Exploit: Misconfiguration
TransCredit: Credit Analysis & Reporting
Risk to Business: 1.719 = Severe
Over half a million credit reports and other financial documents held by Florida-based financial analysis firm TransCredit have been exposed. The Website Planet research team reported discovering a non-password-protected database that contained 822,789 records. Researchers cautioned that this dataset appears to be concentrated on clients in the transportation sector.
Risk to Business: 1.719 = Severe
The exposed data includes detailed information on trucking, transport companies and individual drivers. Also included in this data was information about credit accounts, loans, repayment and debt collections as well as financial data like banking information, tax ID numbers and Social Security Numbers.
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
United Kingdom – Parasol Group
https://www.theregister.com/2022/01/17/umbrella_company_parasol_group_confirms/Exploit: Hacking
Parasol Group: Business Services
Risk to Business: 1.727= Severe
UK umbrella company Parasol Group was forced to shut down some of its IT systems last week after an intrusion was detected. The outage impacted the company’s MyParasol payment portal for contractors and freelancers, leading to payroll issues that caused some folks to not get paid. The company is also having invoicing problems as a result of the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
Germany – Hensoldt
https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/Exploit: Ransomware
Hensoldt: Defense Contractor
Risk to Business: 1.677 = Severe
Multinational defense contractor Hensoldt was hit with a ransomware attack by the Lorenz ransomware group. The company’s products include radar arrays, avionics, and laser rangefinders used by the US military. The Lorenz ransomware group claims to have stolen an undisclosed number of files from Hensholdt’s network during the attack. The gang says that they have published 95% of all stolen files on their leak website. No ransom demand has been announced.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals don’t just steal personal and financial data, they also love trade secrets, research, formulas and other proprietary data.
The Philippines – Commission on Elections (Comelec)
Exploit: HackingCommission on Elections (Comelec): Government Agency
Risk to Business: 1.806 = Severe
Concerns are mounting about the possibility that sensitive voter data has been exposed after an audacious attack on the Commission on Elections (Comelec) of The Philippines. Bad actors breached the system of the Comelec on January 8 and downloaded files that included sensitive information including the usernames and PINS of vote-counting machines (VCM). The cybercriminals made off with an estimated 60 gigabytes of data. Reports say that the stolen data included network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard and QR code captures of the bureau of canvassers with login and password. The exposure of this data may impact upcoming elections in The Philippines in May.
Customers Impacted: Unknown
How it Could Affect Your Business: Government agencies have become juicy targets for cybercriminals looking to score a boatload ofsensitive information fast.
Thailand – Siriraj Hospital
https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leakedExploit: Hacking
Siriraj Hospital: Medical Center
Risk to Business: 2.721 = Moderate
An estimated 39 million patient records from Siriraj Hospital in Thailand, including VIP patients, has turned up for sale on the dark web. Threat actors offered samples from the 38.9 million patient records they claimed to have. This is the second attack on a major Thai hospital in 6 months.
Risk to Business: 2.605 = Moderate
The treasure trove of data supposedly includes names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other patient personal information.
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
Medical Review Institute of America (MRIoA)
https://www.securityweek.com/mrioa-discloses-data-breach-affecting-134000-peopleExploit: Ransomware
Medical Review Institute of America (MRIoA): Medical Analytics
Risk to Business: 1.227= Severe
Utah-based medical information and analysis company Medical Review Institute of America (MRIoA) announced that it has experienced a data breach. The incident was discovered on November 9, 2021, and officials were able to confirm that data had been stolen by November 16, 2021. In a data breach filing, the company said that over 134,000 individuals were impacted by the incident which is still under investigation. The company did say that it “retrieved and subsequently confirmed the deletion of” stolen data, but no information was released about a ransom amount or if they paid the ransom.
Risk to Business: 1.801= Severe
Protected health information was snatched including patients’ names, gender, physical and email addresses, phone numbers, birth dates, Social Security numbers, full clinical information (including diagnosis, treatment, medical history, and lab test results) and financial information (such as health insurance policy and group plan number).
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
The Metropolitan Detention Center (MDC)
https://www.techtimes.com/articles/270004/20220103/hospital-data-breach-personal-info-1-3-million-patients-staff-data-breach.htmExploit: Ransomware
The Metropolitan Detention Center (MDC): Prison
Risk to Business: 2.223 =Severe
New Mexico prison officials had a problem on their hands as a ransomware attack impacted county computer systems resulting in a lockdown of the Metropolitan Detention Center (MDC) in Bernalillo County, New Mexico. The prison was not directly targeted. Inmates were forced to stay in their cells since the attack impacted the facility’s security camera networks, automated doors and internet service. Inmates and jailors were also unable to videoconference for trials. Reports say that a number of databases are suspected of being compromised or corrupted including an incident tracker which records inmate fights, attacks, as well as allegations of prison rape and sexual assault.
Risk to Business: 2.419=Severe
The exposed personal data for patients and former patients at Broward health may include Social Security numbers, bank or financial account information, driver’s license numbers, names, addresses, telephone numbers and hospital payment account information. Protected health information including medical information like care history, condition, treatment and diagnosis records may also have been exposed.
How It Could Affect Your Business: Ransomware can cause serious operational problems in unexpected places in today’s connected world.
Illuminate Education
https://nypost.com/2022/01/15/nyc-schools-crippled-by-illuminate-educations-data-outage/Exploit: Hacking
Illuminate Education: Education Platform
Risk to Business: 1.717= Severe
Illuminate Education, a digital education platform used by 5,200 schools and districts in the US, is still struggling to resume services after a cyberattack. The company owns popular school management platforms Skedula and PupilPath. Illuminate Education says it has continued experiencing a service interruption affecting all IO Classroom applications for nearly 10 days following an unspecified security incident. Investigation and recovery are underway, but the platform has not provided a recent update on the expected timeline.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals have been all over targets in the education sector including companies that serve it. Companies should use caution.
TransCredit
https://www.websiteplanet.com/blog/transcredit-leak-report/Exploit: Misconfiguration
TransCredit: Credit Analysis & Reporting
Risk to Business: 1.719 = Severe
Over half a million credit reports and other financial documents held by Florida-based financial analysis firm TransCredit have been exposed. The Website Planet research team reported discovering a non-password-protected database that contained 822,789 records. Researchers cautioned that this dataset appears to be concentrated on clients in the transportation sector.
Risk to Business: 1.719 = Severe
The exposed data includes detailed information on trucking, transport companies and individual drivers. Also included in this data was information about credit accounts, loans, repayment and debt collections as well as financial data like banking information, tax ID numbers and Social Security Numbers.
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
United Kingdom – Parasol Group
https://www.theregister.com/2022/01/17/umbrella_company_parasol_group_confirms/Exploit: Hacking
Parasol Group: Business Services
Risk to Business: 1.727= Severe
UK umbrella company Parasol Group was forced to shut down some of its IT systems last week after an intrusion was detected. The outage impacted the company’s MyParasol payment portal for contractors and freelancers, leading to payroll issues that caused some folks to not get paid. The company is also having invoicing problems as a result of the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
Germany – Hensoldt
https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/Exploit: Ransomware
Hensoldt: Defense Contractor
Risk to Business: 1.677 = Severe
Multinational defense contractor Hensoldt was hit with a ransomware attack by the Lorenz ransomware group. The company’s products include radar arrays, avionics, and laser rangefinders used by the US military. The Lorenz ransomware group claims to have stolen an undisclosed number of files from Hensholdt’s network during the attack. The gang says that they have published 95% of all stolen files on their leak website. No ransom demand has been announced.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals don’t just steal personal and financial data, they also love trade secrets, research, formulas and other proprietary data.
The Philippines – Commission on Elections (Comelec)
Exploit: HackingCommission on Elections (Comelec): Government Agency
Risk to Business: 1.806 = Severe
Concerns are mounting about the possibility that sensitive voter data has been exposed after an audacious attack on the Commission on Elections (Comelec) of The Philippines. Bad actors breached the system of the Comelec on January 8 and downloaded files that included sensitive information including the usernames and PINS of vote-counting machines (VCM). The cybercriminals made off with an estimated 60 gigabytes of data. Reports say that the stolen data included network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard and QR code captures of the bureau of canvassers with login and password. The exposure of this data may impact upcoming elections in The Philippines in May.
Customers Impacted: Unknown
How it Could Affect Your Business: Government agencies have become juicy targets for cybercriminals looking to score a boatload ofsensitive information fast.
Thailand – Siriraj Hospital
https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leakedExploit: Hacking
Siriraj Hospital: Medical Center
Risk to Business: 2.721 = Moderate
An estimated 39 million patient records from Siriraj Hospital in Thailand, including VIP patients, has turned up for sale on the dark web. Threat actors offered samples from the 38.9 million patient records they claimed to have. This is the second attack on a major Thai hospital in 6 months.
Risk to Business: 2.605 = Moderate
The treasure trove of data supposedly includes names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other patient personal information.
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
FinalSite
https://thejournal.com/articles/2022/01/07/thousands-of-schools-affected-by-ransomware-attack-on-website-provider-finalsite.aspxExploit: Ransomware
FinalSite: Education Technology Provider
Risk to Business: 1.227=Extreme
School website services provider FinalSite has suffered a ransomware attack that disrupted access to websites for thousands of schools worldwide. FinalSite provides solutions for over 8,000 K – 12 schools and universities in 115 countries. school districts that hosted their websites with FinalSite found that they were no longer reachable or were displaying errors. Bleeping Computer reports that in addition to the website outages the attack prevented schools from sending closure notifications due to weather or COVID-19. FinalSite says that approximately 5,000 school websites went offline as a result of the ransomware attack and no data was stolen. An investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
Broward Health
https://www.techtimes.com/articles/270004/20220103/hospital-data-breach-personal-info-1-3-million-patients-staff-data-breach.htmExploit: Hacking
Broward Health: Hospital System
Risk to Business: 2.223 =Severe
Florida-based healthcare system Broward Health has disclosed a data breach affecting 1,357,879 individuals after an intruder gained unauthorized access to the hospital’s network and patient data. The organization discovered the breach four days after the initial intrusion and immediately notified the FBI and the US Department of Justice. Broward Health contracted a third-party cybersecurity expert to help with the investigations.
Risk to Business: 2.419=Severe
The exposed personal data for patients and former patients at Broward health may include Social Security numbers, bank or financial account information, driver’s license numbers, names, addresses, telephone numbers and hospital payment account information. Protected health information including medical information like care history, condition, treatment and diagnosis records may also have been exposed.
How It Could Affect Your Business: Medical data is always a win for cybercriminals and losing it is an expensive nightmare for hospitals once regulators are finished with them.
D.W. Morgan
https://www.websiteplanet.com/blog/dwmorgan-leak-report/Exploit: Hacking
D.W. Morgan: Logistics and Supply Chain Management
Risk to Business: 1.717= Severe
Researchers at Website Planet uncovered a data breach at D.W. Morgan because of a misconfigured AW3 bucket. The exposed data included more than 2.5 million files equating to over 100GB of data related to D.W. Morgan’s clients and their shipments from 2013 to late 2021. Some files also included sensitive client data and employee PII. Website Planet revealed that records pertaining to deliveries for clients including Cisco, and Life Technologies was also exposed in files.
Customers Impacted: Unknown
How It Could Affect Your Business: Service providers like this are goldmines for cybercriminals, amping up supply chain risk for everyone.
Ravkoo
https://www.bleepingcomputer.com/news/security/us-online-pharmacy-ravkoo-links-data-breach-to-aws-portal-incident/Exploit: Hacking
Ravkoo: Pharmacy
Risk to Business: 1.719 = Severe
US-based online pharmacy Ravkoo has disclosed a data breach. The company disclosed that its AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed by unauthorized parties, resulting in the potential compromise of customers’ prescription and health information.
Customers Impacted: Unknown
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
FlexBooker
https://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/Exploit: Hacking
FlexBooker: Scheduling Platform
Risk to Business: 1.806=Moderate
FlexBooker experienced an attack before the holidays that resulted in the theft of more than three million user records. The platform is used for scheduling and employee calendar management by small businesses like doctor’s offices, real estate companies, service sector businesses and similar companies. Bleeping Computer reports that a group calling themselves Uawrongteam, has claimed responsibility, providing links to archives and files with sensitive information, such as photos, driver’s licenses, and other IDs as proof.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
France – Inetum Group
https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/Exploit: Ransomware
Inetum Group: IT Services Provider
Risk to Business: 1.991 = Severe
Over the winter holidays, French IT services company Inetum Group was hit by a ransomware attack that impacted its business and its customers. The company was quick to reassure clients that none of the main infrastructures, communication, collaboration tools or delivery operations for Inetum clients has been affected. Inetum Group has notified authorities about the attack and is collaborating with specialized cybercrime units. A third party investigation is underway. Inetum provides IT services for clients in myriad industries in 26 countries.
Customers Impacted: Unknown
How it Could Affect Your Business: IT services companies are juicy targets for crooks who may be able to parlay a successful attack on them into an intrusion on one of their clients.
Switzerland – CPH Chemie + Papier
https://www.hackread.com/german-audio-tech-sennheiser-expose-customers-data/
Exploit: MalwareCPH Chemie + Papier: Industrial Packaging. Paper and Chemicals
Risk to Business: 1.806 = Severe
Swiss company CPH Chemie + Papier has announced that it was hit with a cyberattack that has impacted its IT systems and some production facilities. Production in the paper and packaging operations in Perlen LU and Müllheim, Germany was halted briefly but the company’s chemical operations were unaffected. Malware is suspected to be the culprit. Investigation and recovery efforts are underway.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware isn’t the only malware on the block. Other types of malware also pack a nasty punch that can devastate businesses.
Singapore – OG Department Stores
https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leakedExploit: Hacking
OG Department Stores: Retailer
Risk to Business: 2.721 = Moderate
OG Department Stores has announced that they’ve experienced a breach that has exposed customers’ personal data. The company said that the incident affected members who are in either the basic or gold membership tiers. OG said it has reported the matter to the police and other relevant authorities, including the Personal Data Protection Commission (PDPC) and the Cyber Security Agency of Singapore (CSA).
Risk to Business: 2.775 = Moderate
Customer data that may have been compromised includes the names, mailing addresses, email addresses, mobile numbers, genders and dates of birth. Encrypted data including NRIC numbers and passwords may also have been snatched.
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
FinalSite
https://thejournal.com/articles/2022/01/07/thousands-of-schools-affected-by-ransomware-attack-on-website-provider-finalsite.aspxExploit: Ransomware
FinalSite: Education Technology Provider
Risk to Business: 1.227=Extreme
School website services provider FinalSite has suffered a ransomware attack that disrupted access to websites for thousands of schools worldwide. FinalSite provides solutions for over 8,000 K – 12 schools and universities in 115 countries. school districts that hosted their websites with FinalSite found that they were no longer reachable or were displaying errors. Bleeping Computer reports that in addition to the website outages the attack prevented schools from sending closure notifications due to weather or COVID-19. FinalSite says that approximately 5,000 school websites went offline as a result of the ransomware attack and no data was stolen. An investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
Broward Health
https://www.techtimes.com/articles/270004/20220103/hospital-data-breach-personal-info-1-3-million-patients-staff-data-breach.htmExploit: Hacking
Broward Health: Hospital System
Risk to Business: 2.223 =Severe
Florida-based healthcare system Broward Health has disclosed a data breach affecting 1,357,879 individuals after an intruder gained unauthorized access to the hospital’s network and patient data. The organization discovered the breach four days after the initial intrusion and immediately notified the FBI and the US Department of Justice. Broward Health contracted a third-party cybersecurity expert to help with the investigations.
Risk to Business: 2.419=Severe
The exposed personal data for patients and former patients at Broward health may include Social Security numbers, bank or financial account information, driver’s license numbers, names, addresses, telephone numbers and hospital payment account information. Protected health information including medical information like care history, condition, treatment and diagnosis records may also have been exposed.
How It Could Affect Your Business: Medical data is always a win for cybercriminals and losing it is an expensive nightmare for hospitals once regulators are finished with them.
D.W. Morgan
https://www.websiteplanet.com/blog/dwmorgan-leak-report/Exploit: Hacking
D.W. Morgan: Logistics and Supply Chain Management
Risk to Business: 1.717= Severe
Researchers at Website Planet uncovered a data breach at D.W. Morgan because of a misconfigured AW3 bucket. The exposed data included more than 2.5 million files equating to over 100GB of data related to D.W. Morgan’s clients and their shipments from 2013 to late 2021. Some files also included sensitive client data and employee PII. Website Planet revealed that records pertaining to deliveries for clients including Cisco, and Life Technologies was also exposed in files.
Customers Impacted: Unknown
How It Could Affect Your Business: Service providers like this are goldmines for cybercriminals, amping up supply chain risk for everyone.
Ravkoo
https://www.bleepingcomputer.com/news/security/us-online-pharmacy-ravkoo-links-data-breach-to-aws-portal-incident/Exploit: Hacking
Ravkoo: Pharmacy
Risk to Business: 1.719 = Severe
US-based online pharmacy Ravkoo has disclosed a data breach. The company disclosed that its AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed by unauthorized parties, resulting in the potential compromise of customers’ prescription and health information.
Customers Impacted: Unknown
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
FlexBooker
https://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/Exploit: Hacking
FlexBooker: Scheduling Platform
Risk to Business: 1.806=Moderate
FlexBooker experienced an attack before the holidays that resulted in the theft of more than three million user records. The platform is used for scheduling and employee calendar management by small businesses like doctor’s offices, real estate companies, service sector businesses and similar companies. Bleeping Computer reports that a group calling themselves Uawrongteam, has claimed responsibility, providing links to archives and files with sensitive information, such as photos, driver’s licenses, and other IDs as proof.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
France – Inetum Group
https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/Exploit: Ransomware
Inetum Group: IT Services Provider
Risk to Business: 1.991 = Severe
Over the winter holidays, French IT services company Inetum Group was hit by a ransomware attack that impacted its business and its customers. The company was quick to reassure clients that none of the main infrastructures, communication, collaboration tools or delivery operations for Inetum clients has been affected. Inetum Group has notified authorities about the attack and is collaborating with specialized cybercrime units. A third party investigation is underway. Inetum provides IT services for clients in myriad industries in 26 countries.
Customers Impacted: Unknown
How it Could Affect Your Business: IT services companies are juicy targets for crooks who may be able to parlay a successful attack on them into an intrusion on one of their clients.
Switzerland – CPH Chemie + Papier
https://www.hackread.com/german-audio-tech-sennheiser-expose-customers-data/
Exploit: MalwareCPH Chemie + Papier: Industrial Packaging. Paper and Chemicals
Risk to Business: 1.806 = Severe
Swiss company CPH Chemie + Papier has announced that it was hit with a cyberattack that has impacted its IT systems and some production facilities. Production in the paper and packaging operations in Perlen LU and Müllheim, Germany was halted briefly but the company’s chemical operations were unaffected. Malware is suspected to be the culprit. Investigation and recovery efforts are underway.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware isn’t the only malware on the block. Other types of malware also pack a nasty punch that can devastate businesses.
Singapore – OG Department Stores
https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leakedExploit: Hacking
OG Department Stores: Retailer
Risk to Business: 2.721 = Moderate
OG Department Stores has announced that they’ve experienced a breach that has exposed customers’ personal data. The company said that the incident affected members who are in either the basic or gold membership tiers. OG said it has reported the matter to the police and other relevant authorities, including the Personal Data Protection Commission (PDPC) and the Cyber Security Agency of Singapore (CSA).
Risk to Business: 2.775 = Moderate
Customer data that may have been compromised includes the names, mailing addresses, email addresses, mobile numbers, genders and dates of birth. Encrypted data including NRIC numbers and passwords may also have been snatched.
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
Shutterfly
https://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/Exploit: Ransomware
Shutterfly: Digital Image & Photography Services
Risk to Business: 1.876=Severe
Shutterfly has been hit with a Conti ransomware attack that allegedly encrypted over 4,000 devices and 120 VMware ESXi servers. On the Conti leak site, they offer samples of stolen Shutterfly data including legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and customer information, including the last four digits of credit cards. Shutterfly said in a statement that their Shutterfly.com, Snapfish, TinyPrints, or Spoonflower sites were not affected by the attack. However, their corporate network, Lifetouch, BorrowLenses, and Groovebook experienced service disruptions.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses as well as retail users.
Pro Wrestling Tees
https://www.bleepingcomputer.com/news/security/pro-wrestling-tees-discloses-data-breach-after-credit-cards-stolen/Exploit: Hacking (Payment Skimmer)
Pro Wrestling Tees: Merchandise & Fan Experience Platform
Risk to Business: 1.612=Severe
Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. In a data breach notification sent to affected individuals on December 15, 2021, Pro Wrestling Tees disclosed that it was informed by law enforcement that a small portion of its customers’ credit card numbers had been compromised in a malware infection.
Risk to Business: 1.919=Severe
The unnamed cybercriminals stole full names and credit card numbers of Pro Wrestling Tees customers who processed transactions through the platform including CVV codes. The company contends that they don’t store card info within their software and that only a small number of customers who used the checkout page were affected, although users on Reddit claim that many customers have seen fraudulent charges pile up.
How It Could Affect Your Business: Payment card skimmers and other similar malware are an occupational hazard for any company that processes online payments.
Maryland Department of Health
https://www.washingtonpost.com/dc-md-va/2021/12/05/maryland-health-department-cyberattack/Exploit: Hacking
Maryland Department of Health: State Government Agency
Risk to Business: 1.717= Severe
The Maryland Department of Health experienced a cyberattack in early December that disrupted reporting of COVID-19 cases, deaths, testing and vaccination data. Some outlets are pointing to ransomware as the culprit but that has not been confirmed and state officials offered no details of the incident. The attack also impacted reporting in Baltimore. Systems were restored and the state began reporting COVID-19 data again on January 4.
Customers Impacted: Unknown
How It Could Affect Your Business: State agencies have been high on cybercriminals’ target lists throughout 2021 because they’re likely to pay the ransom and that trend is expected to continue in 2022.
UK – Gloucester City Council
https://www.bbc.com/news/uk-england-gloucestershire-59831468Exploit: Hacking
Gloucester City Council: Municipal Government Body
Risk to Business: 1.809 = Severe
Gloucester City Council is in the process of restoring municipal services in the wake of a December 20 cyberattack. Impacted functions include the council’s online revenue and benefits sections as well as planning and customer services. City residents are also unable to access interactive online application forms for housing benefits, council tax support, test and trace support payments and discretionary housing payments. The council is working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to fix the issue.
Customers Impacted: Unknown
How it Could Affect Your Business: Infrastructure targets and municipalities have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.
Norway – Amedia
https://therecord.media/cyberattack-on-one-of-norways-largest-media-companies-shuts-down-presses/Exploit: Ransomware
Amedia: Media Company
Risk to Business: 1.412= Extreme
Amedia, the largest local news publisher in Norway, experienced a suspected ransomware attack last week that shut down several of its essential systems, leaving it unable to publish its 78 printed newspapers until Friday in some cases. Amedia also said that its online news operations were unaffected, but the company suspects that unspecified that personal data belonging to employees may have been accessed during the attack. Vice Society is the ransomware gang purportedly responsible for this attack.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
Portugal – Impresa
https://www.itp.net/security/portuguese-media-group-impresa-crippled-by-ransomware-attackExploit: Ransomware
Impresa: Media Company
Risk to Business: 1.701 = Severe
Portuguese media company Impresa, the owners of the country’s largest newspaper Expresso and biggest TV channel SIC TV has been hit with a ransomware attack by the Lapsus$ ransomware group. The Impresa attack hit over the New Year holiday weekend. SIC TV’s internet streaming transmission was interrupted but broadcasts remained operational. The cybercriminals responsible also gained access to Expresso’s Twitter account, announcing their success with a pinned tweet: “Lapsus$ is officially the new president of Portugal”.
Customers Impacted: Unknown
How it Could Affect Your Business: Multiple media companies were hit this week, a reminder that cybercriminals sometimes set their sights on many targets in one industry at the same time.
Germany – Sennheiser
https://www.hackread.com/german-audio-tech-sennheiser-expose-customers-data/
Exploit: MisconfigurationSennheiser: Audio Equipment Manufacturer
Risk to Business: 1.688 = Severe
Leading German audio equipment manufacturer, Sennheiser is in hot water after it misconfigured an Amazon Web Services (AWS) server. The unsecured server stored around 55GB of information on over 28,000 Sennheiser customers. The database contained data on customers that was collected between 2015-2018. The exposed AWS server was secured by Sennheiser quickly upon discovery.
Customers Impacted: Unknown
How it Could Affect Your Business: Simple cybersecurity blunders and employee carelessness can create complicated and expensive security incidents.
Ghana – National Service Secretariate (NSS)
https://www.zdnet.com/article/nsw-government-casual-recruiter-suffers-ransomware-hit/Exploit: Misconfiguration
National Service Secretariate (NSS): National Government Agency
Risk to Business: 1.883 = Severe
Ghana’s National Service Secretariate (NSS) exposed 55GB worth of citizens’ data in a misconfigured AWS S3 bucket. The foul-up exposed 55GB of data on up to 700,000 citizens. NSS is a government program that manages a compulsory year of public service for Ghana-based graduates from specific educational institutions. The Computer Emergency Response Team of Ghana (CERT-GH) is investigating the incident and handling response.
Risk to Business: 2.105 = Severe
The exposed database contained program membership cards and identity documents of the participants, including the participant’s details for the Ghana National Health Insurance Scheme and professional IDs for the candidates’ placements. The agency also stored different types of passport photos that the participants submitted in this bucket.
How it Could Affect Your Business: Any entity that is storing large amounts of sensitive data needs to make sure that they have taken reasonable precautions to protect it.
Shutterfly
https://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/Exploit: Ransomware
Shutterfly: Digital Image & Photography Services
Risk to Business: 1.876=Severe
Shutterfly has been hit with a Conti ransomware attack that allegedly encrypted over 4,000 devices and 120 VMware ESXi servers. On the Conti leak site, they offer samples of stolen Shutterfly data including legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and customer information, including the last four digits of credit cards. Shutterfly said in a statement that their Shutterfly.com, Snapfish, TinyPrints, or Spoonflower sites were not affected by the attack. However, their corporate network, Lifetouch, BorrowLenses, and Groovebook experienced service disruptions.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses as well as retail users.
Pro Wrestling Tees
https://www.bleepingcomputer.com/news/security/pro-wrestling-tees-discloses-data-breach-after-credit-cards-stolen/Exploit: Hacking (Payment Skimmer)
Pro Wrestling Tees: Merchandise & Fan Experience Platform
Risk to Business: 1.612=Severe
Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. In a data breach notification sent to affected individuals on December 15, 2021, Pro Wrestling Tees disclosed that it was informed by law enforcement that a small portion of its customers’ credit card numbers had been compromised in a malware infection.
Risk to Business: 1.919=Severe
The unnamed cybercriminals stole full names and credit card numbers of Pro Wrestling Tees customers who processed transactions through the platform including CVV codes. The company contends that they don’t store card info within their software and that only a small number of customers who used the checkout page were affected, although users on Reddit claim that many customers have seen fraudulent charges pile up.
How It Could Affect Your Business: Payment card skimmers and other similar malware are an occupational hazard for any company that processes online payments.
Maryland Department of Health
https://www.washingtonpost.com/dc-md-va/2021/12/05/maryland-health-department-cyberattack/Exploit: Hacking
Maryland Department of Health: State Government Agency
Risk to Business: 1.717= Severe
The Maryland Department of Health experienced a cyberattack in early December that disrupted reporting of COVID-19 cases, deaths, testing and vaccination data. Some outlets are pointing to ransomware as the culprit but that has not been confirmed and state officials offered no details of the incident. The attack also impacted reporting in Baltimore. Systems were restored and the state began reporting COVID-19 data again on January 4.
Customers Impacted: Unknown
How It Could Affect Your Business: State agencies have been high on cybercriminals’ target lists throughout 2021 because they’re likely to pay the ransom and that trend is expected to continue in 2022.
UK – Gloucester City Council
https://www.bbc.com/news/uk-england-gloucestershire-59831468Exploit: Hacking
Gloucester City Council: Municipal Government Body
Risk to Business: 1.809 = Severe
Gloucester City Council is in the process of restoring municipal services in the wake of a December 20 cyberattack. Impacted functions include the council’s online revenue and benefits sections as well as planning and customer services. City residents are also unable to access interactive online application forms for housing benefits, council tax support, test and trace support payments and discretionary housing payments. The council is working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to fix the issue.
Customers Impacted: Unknown
How it Could Affect Your Business: Infrastructure targets and municipalities have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.
Norway – Amedia
https://therecord.media/cyberattack-on-one-of-norways-largest-media-companies-shuts-down-presses/Exploit: Ransomware
Amedia: Media Company
Risk to Business: 1.412= Extreme
Amedia, the largest local news publisher in Norway, experienced a suspected ransomware attack last week that shut down several of its essential systems, leaving it unable to publish its 78 printed newspapers until Friday in some cases. Amedia also said that its online news operations were unaffected, but the company suspects that unspecified that personal data belonging to employees may have been accessed during the attack. Vice Society is the ransomware gang purportedly responsible for this attack.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
Portugal – Impresa
https://www.itp.net/security/portuguese-media-group-impresa-crippled-by-ransomware-attackExploit: Ransomware
Impresa: Media Company
Risk to Business: 1.701 = Severe
Portuguese media company Impresa, the owners of the country’s largest newspaper Expresso and biggest TV channel SIC TV has been hit with a ransomware attack by the Lapsus$ ransomware group. The Impresa attack hit over the New Year holiday weekend. SIC TV’s internet streaming transmission was interrupted but broadcasts remained operational. The cybercriminals responsible also gained access to Expresso’s Twitter account, announcing their success with a pinned tweet: “Lapsus$ is officially the new president of Portugal”.
Customers Impacted: Unknown
How it Could Affect Your Business: Multiple media companies were hit this week, a reminder that cybercriminals sometimes set their sights on many targets in one industry at the same time.
Germany – Sennheiser
https://www.hackread.com/german-audio-tech-sennheiser-expose-customers-data/
Exploit: MisconfigurationSennheiser: Audio Equipment Manufacturer
Risk to Business: 1.688 = Severe
Leading German audio equipment manufacturer, Sennheiser is in hot water after it misconfigured an Amazon Web Services (AWS) server. The unsecured server stored around 55GB of information on over 28,000 Sennheiser customers. The database contained data on customers that was collected between 2015-2018. The exposed AWS server was secured by Sennheiser quickly upon discovery.
Customers Impacted: Unknown
How it Could Affect Your Business: Simple cybersecurity blunders and employee carelessness can create complicated and expensive security incidents.
Ghana – National Service Secretariate (NSS)
https://www.zdnet.com/article/nsw-government-casual-recruiter-suffers-ransomware-hit/Exploit: Misconfiguration
National Service Secretariate (NSS): National Government Agency
Risk to Business: 1.883 = Severe
Ghana’s National Service Secretariate (NSS) exposed 55GB worth of citizens’ data in a misconfigured AWS S3 bucket. The foul-up exposed 55GB of data on up to 700,000 citizens. NSS is a government program that manages a compulsory year of public service for Ghana-based graduates from specific educational institutions. The Computer Emergency Response Team of Ghana (CERT-GH) is investigating the incident and handling response.
Risk to Business: 2.105 = Severe
The exposed database contained program membership cards and identity documents of the participants, including the participant’s details for the Ghana National Health Insurance Scheme and professional IDs for the candidates’ placements. The agency also stored different types of passport photos that the participants submitted in this bucket.
How it Could Affect Your Business: Any entity that is storing large amounts of sensitive data needs to make sure that they have taken reasonable precautions to protect it.
Virginia Museum of Fine Arts
https://www.securityweek.com/virginia-museum-shuts-down-website-amid-it-breachExploit: Ransomware
Virginia Museum of Fine Arts: Art Museum
Risk to Business: 2.822=Moderate
A system security breach prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation in late November 2021. The museum, an independent agency of the state, said the Virginia Information Technologies Agency detected an intrusion by an unauthorized third party to the museum’s environment in late November. An investigation is underway, and a temporary website has been established.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector including non-profits and cultural institutions.
McMenamins
https://www.kgw.com/article/news/local/mcmenamins-ransomware-attack/283-dc039d56-cf82-4f06-8862-c2f6223e3893Exploit: Ransomware
McMenamins: Hotel and Restaurant Chain
Risk to Business: 1.612=Severe
Family-owned hotel and restaurant chain McMenamins received an unwelcome holiday gift: ransomware. The company says that it has had to shut down credit card point-of-sale systems and corporate email but can still serve customers. The Conti ransomware group is thought to be responsible but the group has not claimed responsibility. The popular chain of restaurants, pubs, breweries and hotels is located in the Pacific Northwest: specifically, Washington and Oregon. The company has announced that it is working with the FBI and a third-party cybersecurity firm to investigate the attack.
Customers Impacted: Unknown
How It Could Affect Your Business: Companies that may be holding financial data and PII for clients will be attractive targets for ransomware groups.
The Oregon Anesthesiology Group (OAG)
https://www.zdnet.com/article/oregon-medical-group-notifies-patients-of-cybersecurity-breach-says-fbi-seized-hellokitty-accounts/Exploit: Ransomware
The Oregon Anesthesiology Group (OAG): Medical Care Provider
Risk to Business: 1.717= Severe
The Oregon Anesthesiology Group (OAG) disclosed that a ransomware attack in July led to the breach of sensitive employee and patient information. The company said it was contacted by the FBI on October 21 and informed that the Bureau had seized an account that contained OAG patient and employee files from Ukrainian ransomware group HelloKitty. The FBI also told OAG that the Bureau believes the group exploited a vulnerability in OAG’s third-party firewall to gain entry to its network.
Risk to Business: 1.802=Severe
The information of 750,000 patients and 522 current and former OAG employees was impacted in this incident. Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms. OAG will provide victims of the incident 12 months of Experian identity protection services and credit monitoring.
How It Could Affect Your Business: Medical centers and providers can have big scores of data that are attractive to cybercriminals.
Superior Plus
https://www.darkreading.com/attacks-breaches/propane-distributor-hit-with-ransomwareExploit: Ransomware
Superior Plus: Propane Distributor
Risk to Business: 2.229 = Severe
Canadian propane distributor Superior Plus has fallen victim to a ransomware attack. The company announced that it was subject to a ransomware incident on Sunday, December 12, 2021, which impacted its computer system, resulting in the company temporarily disabling some computer systems and applications as it investigates this incident. The company is in the process of bringing these systems back online. The statement goes on to say that it has no evidence that the safety or security of any customer or other personal data has been compromised. Superior Plus supplies propane gas to more than 780,000 customers in the US and Canada, a hot commodity during the winter season.
Customers Impacted:
How it Could Affect Your Business: Infrastructure targets have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.
Brazil – Ministry of Health (MoH)
https://www.zdnet.com/article/brazilian-ministry-of-health-hit-by-second-cyberattack-in-less-than-a-week/Exploit: Ransomware
Ministry of Health (MoH) – National Government Agency
Risk to Business: 1.107= Extreme
Brazil’s Ministry of Health (MoH) suffered not one but two ransomware attacks in the last week, seriously impacting its operations. The agency was still in the process of recovering from a ransomware attack on 12/10 when they were hit again on 12/13. In the initial attack, all of MoH’s websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app. The Lapsus$ Group has claimed responsibility for the first attack, claiming that it has stolen some 50TB worth of data. The department was quick to assure the public that it has the relevant data backed up. The second attack set recovery back, preventing Brazil’s platform that issues COVID-19 vaccine certificates, ConecteSUS , from coming back online as scheduled. Ministry officials said that the second attack had been unsuccessful and that no data had been compromised in that incident, but it had affected that timeline for recovery. The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations.
Customers Impacted: Unknown
How it Could Affect Your Business: Getting hit with multiple attacks in a short period of time could be a death blow to many organizations.
Ireland – Coombe Hospital
Exploit: HackingCoombe Hospital: Medical Center
Risk to Business: 2.711 = Moderate
The Coombe Hospital announced that it has been hit by a ransomware attack that has impacted its IT systems. The hospital stated that it had isolated and locked down its IT services on a precautionary basis. The maternity and infants’ hospital said that services are continuing as normal and no disruptions to patient care are expected. The HSE is assessing whether this will have a broader impact on the health service.
Customers Impacted: Unknown
How it Could Affect Your Business: Targets in the medical sector have been getting absolutely pounded by ransomware since the start of the global pandemic.
Greece – VulcanForged
https://www.vice.com/en/article/4awxep/hackers-steal-dollar140-million-from-users-of-crypto-gaming-companyExploit: Ransomware
VulcanForged: Cryptocurrency Gaming Company
Risk to Business: 1.7684 = Severe
Hackers stole around $135 million from users of the blockchain gaming company VulcanForge. Blockchain games appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. VulcanForge creates games such as VulcanVerse, which it describes as an MMORPG and an online card game called Berserk. Hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, VulcanForge’s token that can be used across its ecosystem, with an estimate $135 million in value.
Customers Impacted: Unknown
How it Could Affect Your Business: Any operation that handles or stores cryptocurrency is at a very high risk for trouble. This is the third cryptocurrency outfit to be hit by hackers this month
Australia – Finite Recruitment
https://www.zdnet.com/article/nsw-government-casual-recruiter-suffers-ransomware-hit/Exploit: Ransomware
Finite Recruitment: Staffing Firm
Risk to Business: 2.223 = Severe
IT recruitment firm Finite Recruitment has confirmed it experienced a cyberattack in October 2021 that resulted in some of the company’s data getting stolen and published on the dark web. The Conti ransomware group listed Finite Recruitment as a victim on its dark web leak site, claiming to have acquired 300GB of the company’s data. Finite Recruitment services several NSW government agencies as well as private clients.
Risk to Business: 2.015 = Severe
An estimated 38,000 employees and up to 80,000 government employees may have had their data exposed and that data may include financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information.
How it Could Affect Your Business: Cybercriminals are always on the hunt for big troves of personal and financial information and companes that store it are at a high risk for ransomware.
Virginia Museum of Fine Arts
https://www.securityweek.com/virginia-museum-shuts-down-website-amid-it-breachExploit: Ransomware
Virginia Museum of Fine Arts: Art Museum
Risk to Business: 2.822=Moderate
A system security breach prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation in late November 2021. The museum, an independent agency of the state, said the Virginia Information Technologies Agency detected an intrusion by an unauthorized third party to the museum’s environment in late November. An investigation is underway, and a temporary website has been established.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector including non-profits and cultural institutions.
McMenamins
https://www.kgw.com/article/news/local/mcmenamins-ransomware-attack/283-dc039d56-cf82-4f06-8862-c2f6223e3893Exploit: Ransomware
McMenamins: Hotel and Restaurant Chain
Risk to Business: 1.612=Severe
Family-owned hotel and restaurant chain McMenamins received an unwelcome holiday gift: ransomware. The company says that it has had to shut down credit card point-of-sale systems and corporate email but can still serve customers. The Conti ransomware group is thought to be responsible but the group has not claimed responsibility. The popular chain of restaurants, pubs, breweries and hotels is located in the Pacific Northwest: specifically, Washington and Oregon. The company has announced that it is working with the FBI and a third-party cybersecurity firm to investigate the attack.
Customers Impacted: Unknown
How It Could Affect Your Business: Companies that may be holding financial data and PII for clients will be attractive targets for ransomware groups.
The Oregon Anesthesiology Group (OAG)
https://www.zdnet.com/article/oregon-medical-group-notifies-patients-of-cybersecurity-breach-says-fbi-seized-hellokitty-accounts/Exploit: Ransomware
The Oregon Anesthesiology Group (OAG): Medical Care Provider
Risk to Business: 1.717= Severe
The Oregon Anesthesiology Group (OAG) disclosed that a ransomware attack in July led to the breach of sensitive employee and patient information. The company said it was contacted by the FBI on October 21 and informed that the Bureau had seized an account that contained OAG patient and employee files from Ukrainian ransomware group HelloKitty. The FBI also told OAG that the Bureau believes the group exploited a vulnerability in OAG’s third-party firewall to gain entry to its network.
Risk to Business: 1.802=Severe
The information of 750,000 patients and 522 current and former OAG employees was impacted in this incident. Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms. OAG will provide victims of the incident 12 months of Experian identity protection services and credit monitoring.
How It Could Affect Your Business: Medical centers and providers can have big scores of data that are attractive to cybercriminals.
Superior Plus
https://www.darkreading.com/attacks-breaches/propane-distributor-hit-with-ransomwareExploit: Ransomware
Superior Plus: Propane Distributor
Risk to Business: 2.229 = Severe
Canadian propane distributor Superior Plus has fallen victim to a ransomware attack. The company announced that it was subject to a ransomware incident on Sunday, December 12, 2021, which impacted its computer system, resulting in the company temporarily disabling some computer systems and applications as it investigates this incident. The company is in the process of bringing these systems back online. The statement goes on to say that it has no evidence that the safety or security of any customer or other personal data has been compromised. Superior Plus supplies propane gas to more than 780,000 customers in the US and Canada, a hot commodity during the winter season.
Customers Impacted:
How it Could Affect Your Business: Infrastructure targets have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.
Brazil – Ministry of Health (MoH)
https://www.zdnet.com/article/brazilian-ministry-of-health-hit-by-second-cyberattack-in-less-than-a-week/Exploit: Ransomware
Ministry of Health (MoH) – National Government Agency
Risk to Business: 1.107= Extreme
Brazil’s Ministry of Health (MoH) suffered not one but two ransomware attacks in the last week, seriously impacting its operations. The agency was still in the process of recovering from a ransomware attack on 12/10 when they were hit again on 12/13. In the initial attack, all of MoH’s websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app. The Lapsus$ Group has claimed responsibility for the first attack, claiming that it has stolen some 50TB worth of data. The department was quick to assure the public that it has the relevant data backed up. The second attack set recovery back, preventing Brazil’s platform that issues COVID-19 vaccine certificates, ConecteSUS , from coming back online as scheduled. Ministry officials said that the second attack had been unsuccessful and that no data had been compromised in that incident, but it had affected that timeline for recovery. The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations.
Customers Impacted: Unknown
How it Could Affect Your Business: Getting hit with multiple attacks in a short period of time could be a death blow to many organizations.
Ireland – Coombe Hospital
Exploit: HackingCoombe Hospital: Medical Center
Risk to Business: 2.711 = Moderate
The Coombe Hospital announced that it has been hit by a ransomware attack that has impacted its IT systems. The hospital stated that it had isolated and locked down its IT services on a precautionary basis. The maternity and infants’ hospital said that services are continuing as normal and no disruptions to patient care are expected. The HSE is assessing whether this will have a broader impact on the health service.
Customers Impacted: Unknown
How it Could Affect Your Business: Targets in the medical sector have been getting absolutely pounded by ransomware since the start of the global pandemic.
Greece – VulcanForged
https://www.vice.com/en/article/4awxep/hackers-steal-dollar140-million-from-users-of-crypto-gaming-companyExploit: Ransomware
VulcanForged: Cryptocurrency Gaming Company
Risk to Business: 1.7684 = Severe
Hackers stole around $135 million from users of the blockchain gaming company VulcanForge. Blockchain games appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. VulcanForge creates games such as VulcanVerse, which it describes as an MMORPG and an online card game called Berserk. Hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, VulcanForge’s token that can be used across its ecosystem, with an estimate $135 million in value.
Customers Impacted: Unknown
How it Could Affect Your Business: Any operation that handles or stores cryptocurrency is at a very high risk for trouble. This is the third cryptocurrency outfit to be hit by hackers this month
Australia – Finite Recruitment
https://www.zdnet.com/article/nsw-government-casual-recruiter-suffers-ransomware-hit/Exploit: Ransomware
Finite Recruitment: Staffing Firm
Risk to Business: 2.223 = Severe
IT recruitment firm Finite Recruitment has confirmed it experienced a cyberattack in October 2021 that resulted in some of the company’s data getting stolen and published on the dark web. The Conti ransomware group listed Finite Recruitment as a victim on its dark web leak site, claiming to have acquired 300GB of the company’s data. Finite Recruitment services several NSW government agencies as well as private clients.
Risk to Business: 2.015 = Severe
An estimated 38,000 employees and up to 80,000 government employees may have had their data exposed and that data may include financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information.
How it Could Affect Your Business: Cybercriminals are always on the hunt for big troves of personal and financial information and companes that store it are at a high risk for ransomware.
Atalanta
https://portswigger.net/daily-swig/us-food-importer-atalanta-admits-ransomware-attackExploit: Ransomware
Atalanta: Food Importer
Risk to Business: 1.616= Severe
Imported foods outfit Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack in July 2021. An investigation concluded that information related to Atalanta’s current and former employees and some visitors was accessed and acquired by an unauthorized party. Atalanta is North America’s largest privately-held specialty food importer. No details were offered by the company about how many records were exposed and what personal information they contained.
Customers Impacted: Unknown
How It Could Affect Your Business: Data breach risk has become especially nasty as cybercriminals look to distributors and service providers who may maintain large stores of data for a quick score.
Cox Communications
https://www.bleepingcomputer.com/news/security/cox-discloses-data-breach-after-hacker-impersonates-support-agent/Exploit: Phishing (Vishing)
Cox Communications: Digital Cable Provider
Risk to Business: 1.773=Severe
Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The story goes that on October 11th, 2021, a bad actor impersonated a Cox support agent by phone to gain access to customer information. Cox is the third-largest cable television provider in the US with around 3 million customers.
Individual Risk: 1.813=Severe
Customers may have had information material to their Cox account exposed including name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that they receive from Cox.
How It Could Affect Your Business: Vishing has been gaining popularity as employees handle fewer phone calls, making them more likely to take the ones they do get seriously. This is the same method of attack that was used in the 2020 Twitter hack.
The Virginia Division of Legislative Automated Systems (DLAS)
https://apnews.com/article/technology-legislature-executive-branch-virginia-ralph-northam-8adc7aa73b93c91b0687b741b6acd202Exploit: Ransomware
The Virginia Division of Legislative Automated Systems (DLAS): Government Technology Services
Risk to Business: 1.318=Extreme
A ransomware attack has hit the division of Virginia’s state government that handles IT for agencies and commissions within the Virginia legislature. Hackers accessed the agency’s system late Friday, then deployed ransomware. A ransom demand was received on Monday. A Virginia state official told CNN that DLAS was shutting down many of its computer servers in an attempt to stop the spread of ransomware. No information was available at press time about the amount of the ransom demand or what if any data was stolen. AP reports that this attack is the first recorded on a state legislature.
Customers Impacted: Unknown
How It Could Affect Your Business: In an ultra-competitive sector like crypto, customers will be watching every move a company makes, especially if it could potentially cost them money.
Kronos Ultimate Group
https://www.bostonglobe.com/2021/12/14/business/businesses-face-payroll-scheduling-woes-after-ransomware-attack-kronos/Exploit: Ransomware
Kronos Ultimate Group: Payroll Services
Risk to Business: 1.619= Severe
HR management company Ultimate Kronos Group has been hit by a ransomware attack that could have devastating ongoing repercussions. The company’s Kronos Workforce Central was paralyzed in the attack. That prevents its clients, including heavyweights like Tesla and Puma, from processing payroll, handling timesheets and managing their workforce. Kronos first became aware of unusual activity on Kronos Private Cloud on Saturday evening. The company’s blog says that it is likely the issue may require several weeks to resolve.
Customers Impacted:
How it Could Affect Your Business: Once again, cybercriminals choose a target that offers them a huge stash of data, especially valuable personal and financial information.
United Kingdom – SPAR Convenience Stores
https://www.infosecurity-magazine.com/news/cyberattack-closes-uk-convenience/Exploit: Ransomware
SPAR Convenience Stores: Convenience Store Chain
Risk to Business: 1.412= Extreme
UK convenience store chain SPAR fell victim to a cyberattack that impacted operations at a store level. SPAR has around 2600 stores located across the UK. The suspected ransomware attack impacted 330 SPAR locations primarily located in the north of England. Those stores were left unable to process payments made using credit or debit cards for a time. The attack also prevented the stores from using their accounting or stock control systems. Some of the affected shops remain closed in the wake of the attack, but some have reopened accepting only cash payments. An investigation is ongoing.
Customers Impacted: Unknown
Sweden – Volvo Cars
https://www.securityweek.com/hackers-steal-research-data-swedens-volvo-cars
Exploit: HackingVolvo Cars: Automotive Manufacturer
Risk to Business: 2.112 = Severe
Swedish automotive company Volvo announced that hackers had violated its network and made off with valuable research and development data in a cyberattack. The company went on to say that its investigation confirmed that a limited amount of the company’s R&D property was stolen during the intrusion, but no other data was accessed. The company was quick to assure Volvo owners that there would be no impact on the safety or security of their cars or their personal data.
Customers Impacted: Unknown
How it Could Affect Your Business: Research and development data is a niche market on the dark web that can be very profitable for the bad guys.
Germany – Hellmann Worldwide Logistics
https://www.zdnet.com/article/german-logistics-giant-hellmann-reports-cyberattack/Exploit: Ransomware
Hellmann Worldwide Logistics: Transportation Logistics Firm
Risk to Business: 1.7684 = Severe
Hellmann Worldwide Logistics reported a cyberattack this week that packed a punch. The company said that a cyberattack, suspected to be ransomware, caused them to have to temporarily remove all connections to their central data center. Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response. The company serves clients in 173 countries, running logistics for a range of air, sea, rail and road freight services.
Customers Impacted: Unknown
How it Could Affect Your Business: Transportation companies have been squarely in cybercriminals’ sights since the start of the global pandemic, upping risk for businesses in that sector.
France – Régie Autonome des Transports Parisiens (RATP)
https://www.infosecurity-magazine.com/news/french-transport-giant-exposes/Exploit: Misconfiguration
Régie Autonome des Transports Parisiens (RATP): Transportation Authority
Risk to Business: 1.723 = Severe
A state-owned French transportation giant is in hot water after exposing personal information for nearly 60,000 employees via an unsecured HTTP server. Researchers discovered the server on October 13 left open and accessible to anyone. It contained an SQL database backup dating back to 2018 with over three million records. This featured the details of 57,000 RATP employees — including senior executives and the cybersecurity team. Source code related to RATP’s employee benefits web portal was also exposed with API keys that enabled access to the sensitive info about the website’s backend and RATP’s GitHub account.
Individual Risk: 1.723 = Severe
The exposed employee data includes full names, email addresses, logins for their RATP employee accounts and MD5-hashed passwords.
How it Could Affect Your Business: This error could have been prevented and the resulting incident will not be cheap to fix after GDPR regulators get finished slapping down penalties.
Singapore – AscendEX
https://www.coindesk.com/business/2021/12/13/crypto-exchange-ascendex-hacked-losses-estimated-at-77m/Exploit: Hacking
AscendEX: Cryptocurrency Trading Platform
Risk to Business: 1.223 = Extreme
Cryptocurrency exchange AscendEX suffered a hack for an estimated $77 million following a breach of one its hot wallets. The company announced the hack on Twitter, saying that it had identified a number of unauthorized transactions from one of its hot wallets on Saturday. Blockchain analytics firm PeckShield estimated that the stolen funds amounted to $77 million spread across three chains: Ethereum ($60 million), Binance Smart Chain ($9.2 million) and Polygon ($8.5 million). The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million. The Singapore-based exchange, which was formerly known as BitMax, claims to serve one million institutional and retail clients.
Customers Impacted: Unknown
How it Could Affect Your Business: Crypto and DeFi platforms have been getting hit right and left by bad actors looking for a quick payday, with major attacks every week for the last month.
Australia – Frontier Software
https://www.zdnet.com/article/south-australian-government-employee-data-taken-in-frontier-software-ransomware-attack/Exploit: Ransomware
Frontier Software: Payroll Services Technology Provider
Risk to Business: 2.323 = Severe
South Australia’s state government announced that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software. The company has informed the government that at least up to 80,000 government employees and 38,000 employees of other businesses may have had their data snatched by bad actors in the November 13 incident.
Individual Risk: 2.401 = Severe
The stolen employee data contained names, dates of birth, tax file numbers, home addresses, bank account details, employment start dates, payroll period, remuneration, and other payroll-related information.
How it Could Affect Your Business: The second appearance of a payrolls services firm this week is a reminder that these companies store exactly the kind of data that is cybercriminals catnip.