InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Atalanta
https://portswigger.net/daily-swig/us-food-importer-atalanta-admits-ransomware-attackExploit: Ransomware
Atalanta: Food Importer
Risk to Business: 1.616= Severe
Imported foods outfit Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack in July 2021. An investigation concluded that information related to Atalanta’s current and former employees and some visitors was accessed and acquired by an unauthorized party. Atalanta is North America’s largest privately-held specialty food importer. No details were offered by the company about how many records were exposed and what personal information they contained.
Customers Impacted: Unknown
How It Could Affect Your Business: Data breach risk has become especially nasty as cybercriminals look to distributors and service providers who may maintain large stores of data for a quick score.
Cox Communications
https://www.bleepingcomputer.com/news/security/cox-discloses-data-breach-after-hacker-impersonates-support-agent/Exploit: Phishing (Vishing)
Cox Communications: Digital Cable Provider
Risk to Business: 1.773=Severe
Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The story goes that on October 11th, 2021, a bad actor impersonated a Cox support agent by phone to gain access to customer information. Cox is the third-largest cable television provider in the US with around 3 million customers.
Individual Risk: 1.813=Severe
Customers may have had information material to their Cox account exposed including name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that they receive from Cox.
How It Could Affect Your Business: Vishing has been gaining popularity as employees handle fewer phone calls, making them more likely to take the ones they do get seriously. This is the same method of attack that was used in the 2020 Twitter hack.
The Virginia Division of Legislative Automated Systems (DLAS)
https://apnews.com/article/technology-legislature-executive-branch-virginia-ralph-northam-8adc7aa73b93c91b0687b741b6acd202Exploit: Ransomware
The Virginia Division of Legislative Automated Systems (DLAS): Government Technology Services
Risk to Business: 1.318=Extreme
A ransomware attack has hit the division of Virginia’s state government that handles IT for agencies and commissions within the Virginia legislature. Hackers accessed the agency’s system late Friday, then deployed ransomware. A ransom demand was received on Monday. A Virginia state official told CNN that DLAS was shutting down many of its computer servers in an attempt to stop the spread of ransomware. No information was available at press time about the amount of the ransom demand or what if any data was stolen. AP reports that this attack is the first recorded on a state legislature.
Customers Impacted: Unknown
How It Could Affect Your Business: In an ultra-competitive sector like crypto, customers will be watching every move a company makes, especially if it could potentially cost them money.
Kronos Ultimate Group
https://www.bostonglobe.com/2021/12/14/business/businesses-face-payroll-scheduling-woes-after-ransomware-attack-kronos/Exploit: Ransomware
Kronos Ultimate Group: Payroll Services
Risk to Business: 1.619= Severe
HR management company Ultimate Kronos Group has been hit by a ransomware attack that could have devastating ongoing repercussions. The company’s Kronos Workforce Central was paralyzed in the attack. That prevents its clients, including heavyweights like Tesla and Puma, from processing payroll, handling timesheets and managing their workforce. Kronos first became aware of unusual activity on Kronos Private Cloud on Saturday evening. The company’s blog says that it is likely the issue may require several weeks to resolve.
Customers Impacted:
How it Could Affect Your Business: Once again, cybercriminals choose a target that offers them a huge stash of data, especially valuable personal and financial information.
United Kingdom – SPAR Convenience Stores
https://www.infosecurity-magazine.com/news/cyberattack-closes-uk-convenience/Exploit: Ransomware
SPAR Convenience Stores: Convenience Store Chain
Risk to Business: 1.412= Extreme
UK convenience store chain SPAR fell victim to a cyberattack that impacted operations at a store level. SPAR has around 2600 stores located across the UK. The suspected ransomware attack impacted 330 SPAR locations primarily located in the north of England. Those stores were left unable to process payments made using credit or debit cards for a time. The attack also prevented the stores from using their accounting or stock control systems. Some of the affected shops remain closed in the wake of the attack, but some have reopened accepting only cash payments. An investigation is ongoing.
Customers Impacted: Unknown
Sweden – Volvo Cars
https://www.securityweek.com/hackers-steal-research-data-swedens-volvo-cars
Exploit: HackingVolvo Cars: Automotive Manufacturer
Risk to Business: 2.112 = Severe
Swedish automotive company Volvo announced that hackers had violated its network and made off with valuable research and development data in a cyberattack. The company went on to say that its investigation confirmed that a limited amount of the company’s R&D property was stolen during the intrusion, but no other data was accessed. The company was quick to assure Volvo owners that there would be no impact on the safety or security of their cars or their personal data.
Customers Impacted: Unknown
How it Could Affect Your Business: Research and development data is a niche market on the dark web that can be very profitable for the bad guys.
Germany – Hellmann Worldwide Logistics
https://www.zdnet.com/article/german-logistics-giant-hellmann-reports-cyberattack/Exploit: Ransomware
Hellmann Worldwide Logistics: Transportation Logistics Firm
Risk to Business: 1.7684 = Severe
Hellmann Worldwide Logistics reported a cyberattack this week that packed a punch. The company said that a cyberattack, suspected to be ransomware, caused them to have to temporarily remove all connections to their central data center. Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response. The company serves clients in 173 countries, running logistics for a range of air, sea, rail and road freight services.
Customers Impacted: Unknown
How it Could Affect Your Business: Transportation companies have been squarely in cybercriminals’ sights since the start of the global pandemic, upping risk for businesses in that sector.
France – Régie Autonome des Transports Parisiens (RATP)
https://www.infosecurity-magazine.com/news/french-transport-giant-exposes/Exploit: Misconfiguration
Régie Autonome des Transports Parisiens (RATP): Transportation Authority
Risk to Business: 1.723 = Severe
A state-owned French transportation giant is in hot water after exposing personal information for nearly 60,000 employees via an unsecured HTTP server. Researchers discovered the server on October 13 left open and accessible to anyone. It contained an SQL database backup dating back to 2018 with over three million records. This featured the details of 57,000 RATP employees — including senior executives and the cybersecurity team. Source code related to RATP’s employee benefits web portal was also exposed with API keys that enabled access to the sensitive info about the website’s backend and RATP’s GitHub account.
Individual Risk: 1.723 = Severe
The exposed employee data includes full names, email addresses, logins for their RATP employee accounts and MD5-hashed passwords.
How it Could Affect Your Business: This error could have been prevented and the resulting incident will not be cheap to fix after GDPR regulators get finished slapping down penalties.
Singapore – AscendEX
https://www.coindesk.com/business/2021/12/13/crypto-exchange-ascendex-hacked-losses-estimated-at-77m/Exploit: Hacking
AscendEX: Cryptocurrency Trading Platform
Risk to Business: 1.223 = Extreme
Cryptocurrency exchange AscendEX suffered a hack for an estimated $77 million following a breach of one its hot wallets. The company announced the hack on Twitter, saying that it had identified a number of unauthorized transactions from one of its hot wallets on Saturday. Blockchain analytics firm PeckShield estimated that the stolen funds amounted to $77 million spread across three chains: Ethereum ($60 million), Binance Smart Chain ($9.2 million) and Polygon ($8.5 million). The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million. The Singapore-based exchange, which was formerly known as BitMax, claims to serve one million institutional and retail clients.
Customers Impacted: Unknown
How it Could Affect Your Business: Crypto and DeFi platforms have been getting hit right and left by bad actors looking for a quick payday, with major attacks every week for the last month.
Australia – Frontier Software
https://www.zdnet.com/article/south-australian-government-employee-data-taken-in-frontier-software-ransomware-attack/Exploit: Ransomware
Frontier Software: Payroll Services Technology Provider
Risk to Business: 2.323 = Severe
South Australia’s state government announced that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software. The company has informed the government that at least up to 80,000 government employees and 38,000 employees of other businesses may have had their data snatched by bad actors in the November 13 incident.
Individual Risk: 2.401 = Severe
The stolen employee data contained names, dates of birth, tax file numbers, home addresses, bank account details, employment start dates, payroll period, remuneration, and other payroll-related information.
How it Could Affect Your Business: The second appearance of a payrolls services firm this week is a reminder that these companies store exactly the kind of data that is cybercriminals catnip.
Planned Parenthood
https://www.washingtonpost.com/nation/2021/12/01/los-angeles-planned-parenthood-hack/Exploit: Ransomware
Planned Parenthood: Healthcare Provider
Risk to Business: 1.616= Severe
Bad actors gained access to the personal information of an estimated 400,000 patients of Planned Parenthood in Los Angeles this past October in a probable ransomware attack. A spokesperson said that someone gained access to Planned Parenthood Los Angeles’ network between October 9 and 17, deployed and exfiltrated an undisclosed number of files. The breach is limited to the Los Angeles affiliate and an investigation is underway.
Risk to Business: 1.703= Severe
PPLA told clients that PII and PHI had been exposed including the patient’s name, address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescriptions.
How It Could Affect Your Business: Medical information is valuable, especially sensitive information like this that can be used for both cybercrime and blackmail, and patients expect that healthcare providers will protect it.
Gale Healthcare Solutions
https://www.zdnet.com/article/sensitive-information-of-30k-florida-healthcare-workers-exposed-in-unprotected-database/Exploit: Misconfiguration
Gale Healthcare Solutions: Healthcare Job Placement
Risk to Business: 1.611=Severe
More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password-protected database owned by Gale Healthcare Solutions, a Florida-based healthcare staffing provider. Files containing the PII of healthcare workers that the company placed were hosted on an unsecured AWS cloud server that was uncovered by security researchers in September. Gale Health Solutions says that the environment has been deactivated and secured. The company also says that there is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused.
Individual Risk: 1.813=Severe
Researchers reported that the files they saw contained a healthcare worker’s face image or ID badge, full name and a number consistent with an SSN. Other personal data about the impacted workers may also have been exposed.
How It Could Affect Your Business: This mistake will be expensive and coveted healthcare workers may be inclined to choose a different staffing agency because of this carelessness.
MonoX
https://www.hackread.com/hackers-steal-badger-defi-monox/Exploit: Hacking
MonoX: Cryptocurrency Finance
Risk to Business: 1.318=Extreme
The MonoX DEX platform has experienced a breach that did damage to the tune of $31 million. The breach took place after hackers exploited a vulnerability in smart contract software, then exploited the vulnerability to increase the price of MONO through smart contracts and bought assets with MONO tokens. DeFi platform Badger was also reportedly hit by hackers for $120 million last week after they gained access by targeting a protocol on the Ethereum network.
Customers Impacted: Unknown
How It Could Affect Your Business: In an ultra-competitive sector like crypto, customers will be watching every move a company makes, especially if it could potentially cost them money.
DNA Diagnostics Center
Exploit: RansomwareDNA Diagnostics Center: Healthcare Services
Risk to Business: 1.819= Severe
DNA Diagnostics Center said that on August 6, the company discovered that there had been unauthorized access to its network that enabled someone to access and exfiltrate an archived database that contained patient PII collected between 2004 and 2012. The Ohio-based company says that 2,102,436 people had their information exposed. Victims may have been ordered to undergo genetic testing as part of a legal matter.
Individual Risk 1.617= Severe
The company is sending letters to impacted individuals warning them that they may have had their PII and sensitive data such as Social Security number or payment information exposed. Anyone whose personal information was accessed is being offered Experian credit monitoring.
How it Could Affect Your Business: Companies that store two kinds of valuable data like this are at high risk for an expensive and damaging ransomware incident that will have lasting financial results.
United Kingdom – BitMart
https://portswigger.net/daily-swig/crypto-exchange-bitmart-reports-150-million-theft-following-hackExploit: Hacking
BitMart: Cryptocurrency Exchange
Risk to Business: 1.212= Extreme
Cryptocurrency trading platform BitMart has been hacked resulting in the loss of an estimated $150 million in funds. Portswigger reports that Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain. BitMart said n a statement that it was temporarily suspending withdrawals until further notice after detecting a large-scale security breach centered on two ‘hot’ wallets. BitMart claims that it has more than nine million customers across more than 180 countries.
Customers Impacted: Unknown
How it Could Affect Your Business: Crypto platforms have been squarely in cybercriminals’ sights in the last few months and consumers are watching to see which ones are able to avoid trouble.
Japan – Panasonic
https://www.securitymagazine.com/articles/96615-panasonic-discloses-data-breach
Exploit: HackingPanasonic: Electronics Manufacturer
Risk to Business: 1.919 = Severe
Panasonic has confirmed that it’s had a security breach after unauthorized users accessed its network on November 11. The company says that an internal investigation revealed that some data on a file server had been accessed by intruders. No information was given about what data was accessed or how much. Panasonic says that it is working with an outside firm to get to the bottom of the matter and expressed its apologies for the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Large companies are treasure troves for data-hungry cybercriminals looking for a quick, low-risk score to turn over for fast profit.
Australia – CS Energy
https://www.itpro.co.uk/security/ransomware/361687/cs-energy-ransomware-attackExploit: Ransomware
CS Energy: Energy Company
Risk to Business: 1.723 = Severe
CS Energy confirmed it experienced a ransomware attack on November 27. The company said the incident was limited to its corporate network and did not impact operations at its Callide and Kogan Creek power stations. CS Energy’s CEO said that the company contained the ransomware attack by segregating the corporate network from other internal networks and enacting business continuity processes. CS Energy is owned by the Queensland government.
Customers Impacted: Unknown
How it Could Affect Your Business: Utility companies and other critical infrastructure businesses are tempting targets for cybercriminals because their essential nature makes the owners more likely to pay a ransom.
Planned Parenthood
https://www.washingtonpost.com/nation/2021/12/01/los-angeles-planned-parenthood-hack/Exploit: Ransomware
Planned Parenthood: Healthcare Provider
Risk to Business: 1.616= Severe
Bad actors gained access to the personal information of an estimated 400,000 patients of Planned Parenthood in Los Angeles this past October in a probable ransomware attack. A spokesperson said that someone gained access to Planned Parenthood Los Angeles’ network between October 9 and 17, deployed and exfiltrated an undisclosed number of files. The breach is limited to the Los Angeles affiliate and an investigation is underway.
Risk to Business: 1.703= Severe
PPLA told clients that PII and PHI had been exposed including the patient’s name, address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescriptions.
How It Could Affect Your Business: Medical information is valuable, especially sensitive information like this that can be used for both cybercrime and blackmail, and patients expect that healthcare providers will protect it.
Gale Healthcare Solutions
https://www.zdnet.com/article/sensitive-information-of-30k-florida-healthcare-workers-exposed-in-unprotected-database/Exploit: Misconfiguration
Gale Healthcare Solutions: Healthcare Job Placement
Risk to Business: 1.611=Severe
More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password-protected database owned by Gale Healthcare Solutions, a Florida-based healthcare staffing provider. Files containing the PII of healthcare workers that the company placed were hosted on an unsecured AWS cloud server that was uncovered by security researchers in September. Gale Health Solutions says that the environment has been deactivated and secured. The company also says that there is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused.
Individual Risk: 1.813=Severe
Researchers reported that the files they saw contained a healthcare worker’s face image or ID badge, full name and a number consistent with an SSN. Other personal data about the impacted workers may also have been exposed.
How It Could Affect Your Business: This mistake will be expensive and coveted healthcare workers may be inclined to choose a different staffing agency because of this carelessness.
MonoX
https://www.hackread.com/hackers-steal-badger-defi-monox/Exploit: Hacking
MonoX: Cryptocurrency Finance
Risk to Business: 1.318=Extreme
The MonoX DEX platform has experienced a breach that did damage to the tune of $31 million. The breach took place after hackers exploited a vulnerability in smart contract software, then exploited the vulnerability to increase the price of MONO through smart contracts and bought assets with MONO tokens. DeFi platform Badger was also reportedly hit by hackers for $120 million last week after they gained access by targeting a protocol on the Ethereum network.
Customers Impacted: Unknown
How It Could Affect Your Business: In an ultra-competitive sector like crypto, customers will be watching every move a company makes, especially if it could potentially cost them money.
DNA Diagnostics Center
Exploit: RansomwareDNA Diagnostics Center: Healthcare Services
Risk to Business: 1.819= Severe
DNA Diagnostics Center said that on August 6, the company discovered that there had been unauthorized access to its network that enabled someone to access and exfiltrate an archived database that contained patient PII collected between 2004 and 2012. The Ohio-based company says that 2,102,436 people had their information exposed. Victims may have been ordered to undergo genetic testing as part of a legal matter.
Individual Risk 1.617= Severe
The company is sending letters to impacted individuals warning them that they may have had their PII and sensitive data such as Social Security number or payment information exposed. Anyone whose personal information was accessed is being offered Experian credit monitoring.
How it Could Affect Your Business: Companies that store two kinds of valuable data like this are at high risk for an expensive and damaging ransomware incident that will have lasting financial results.
United Kingdom – BitMart
https://portswigger.net/daily-swig/crypto-exchange-bitmart-reports-150-million-theft-following-hackExploit: Hacking
BitMart: Cryptocurrency Exchange
Risk to Business: 1.212= Extreme
Cryptocurrency trading platform BitMart has been hacked resulting in the loss of an estimated $150 million in funds. Portswigger reports that Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain. BitMart said n a statement that it was temporarily suspending withdrawals until further notice after detecting a large-scale security breach centered on two ‘hot’ wallets. BitMart claims that it has more than nine million customers across more than 180 countries.
Customers Impacted: Unknown
How it Could Affect Your Business: Crypto platforms have been squarely in cybercriminals’ sights in the last few months and consumers are watching to see which ones are able to avoid trouble.
Japan – Panasonic
https://www.securitymagazine.com/articles/96615-panasonic-discloses-data-breach
Exploit: HackingPanasonic: Electronics Manufacturer
Risk to Business: 1.919 = Severe
Panasonic has confirmed that it’s had a security breach after unauthorized users accessed its network on November 11. The company says that an internal investigation revealed that some data on a file server had been accessed by intruders. No information was given about what data was accessed or how much. Panasonic says that it is working with an outside firm to get to the bottom of the matter and expressed its apologies for the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Large companies are treasure troves for data-hungry cybercriminals looking for a quick, low-risk score to turn over for fast profit.
Australia – CS Energy
https://www.itpro.co.uk/security/ransomware/361687/cs-energy-ransomware-attackExploit: Ransomware
CS Energy: Energy Company
Risk to Business: 1.723 = Severe
CS Energy confirmed it experienced a ransomware attack on November 27. The company said the incident was limited to its corporate network and did not impact operations at its Callide and Kogan Creek power stations. CS Energy’s CEO said that the company contained the ransomware attack by segregating the corporate network from other internal networks and enacting business continuity processes. CS Energy is owned by the Queensland government.
Customers Impacted: Unknown
How it Could Affect Your Business: Utility companies and other critical infrastructure businesses are tempting targets for cybercriminals because their essential nature makes the owners more likely to pay a ransom.
Cronin
https://www.websiteplanet.com/blog/cronin-leak-report/
Exploit: MisconfigurationCronin: Digital Marketing Firm
Risk to Business: 1.917= Severe
Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords and some unspecified PII and financial data were also exposed.
Customers Impacted: Unknown
How It Could Affect Your Business: Information security is challenging enough without the complications of sloppy and dangerous mistakes like this.
Supernus Pharmaceuticals
https://www.securityweek.com/ransomware-operators-threaten-leak-15tb-supernus-pharmaceuticals-dataExploit: Ransomware
Supernus Pharmaceuticals: Pharmaceutical Company
Risk to Business: 1.702=Severe
Maryland-based Supernus Pharmaceuticals fell prey to a ransomware attack that resulted in a large amount of data being exfiltrated from its networks in mid-November. The Hive ransomware group claimed responsibility for the attack over the Thanksgiving holiday weekend. The group claims to have breached Supernus Pharmaceuticals’ network on November 14 and exfiltrated a total of 1,268,906 files, totaling 1.5 terabytes of data. Supernus Pharmaceuticals says it did not plan to pay a ransom. In a statement, Supernus Pharmaceuticals also disclosed that it did not experience a significant impact on its business, they were quickly able to restore lost data and the company has enacted stronger security measures.
Customers Impacted: Unknown
How It Could Affect Your Business: Companies in the healthcare and pharma sectors have been the favorite targets of ransomware gangs since the start of the global pandemic.
Butler County Community College
https://www.wtae.com/article/butler-county-community-college-closed-ransomware-attack/38374651Exploit: Ransomware
Butler County Community College: Institution of Higher Learning
Risk to Business: 2.728=Moderate
Butler County Community College in Pennsylvania was forced to suspend classes for at least two days in the wake of a ransomware attack that has crippled the college’s systems. The college says it is working to restore databases, hard drives, servers and other devices. In a release, the college also announced the cancellation of all remote and online credit classes as it works to restore data, servers and other systems affected by the attack. Noncredit courses are canceled as well for November 29 and 30. The college will not provide services on its main campus or at its additional locations on those days. The incident is under investigation and the college is being assisted in recovery by a local cybersecurity firm.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware gangs have been taking aim at schools, colleges, school districts and similar education sector targets thanks to the it historically poor security and profit opportunities created by the adoption of widespread distance learning.
Brazil – WSpot
https://www.hackread.com/wifi-software-firm-exposed-users-data/
Exploit: MisconfigurationWSpot: WiFi Security Software Provider
Risk to Business: 2.109= Severe
Researchers uncovered a misconfigured Amazon Web Services S3 bucket containing 10 GB worth of data that belonged to Wi-Fi software services company WSpot. The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The company stated that they are in the process of notifying legal authorities including the National Data Protection Authority regarding the incident. WSpot, estimated that 5% of its customer base was impacted by this leak.
Individual Risk 2.811= Severe
An estimated 226,000 files were exposed including the personal details of at least 2.5 million users who connected to WSpot’s client’s public Wi-Fi networks.
How it Could Affect Your Business: These days consumers and businesses are paying attention to who has data security in mind when choosing business partners and service providers.
United Kingdom – BTC-Alpha
https://www.techtarget.com/searchsecurity/news/252509877/Cryptocurrency-exchange-BTC-Alpha-confirms-ransomware-attackExploit: Ransomware
BTC-Alpha: Cryptocurrency Exchange
Risk to Business: 1.512= Severe
This week’s most bizarre breach saga belongs to BTC-Alpha. The UK-based cryptocurrency exchange was hit with a ransomware attack in early November. The Lockbit ransomware group claimed responsibility and posted a threat to its leak site to expose BTC-Alpha’s data if a ransom was not paid by December 1. Here’s where it gets strange. Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm in a press release on the same day that Lockbit’s announcement was made. The release goes on to state that a rival was launching a cryptocurrency exchange on the same day as the attack and may be involved in the incident. The full text of the release is available here: https://www.prleap.com/pr/282919/vitaliy-bodnar-founder-of-btc-alpha-comments-on-the-pressure-and-threats The company disclosed that although hashed passwords were compromised, users’ balances were not impacted, and the company and its users lost no money. The company also advised users to avoid password reuse, update or reinstall their apps, and employ MFA. The odd incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that provide financial services need to provide and enforce strong security measures like the universal adoption of MFA.
Sweden – IKEA
https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/ikea-cyberattack-details/
Exploit: PhishingIKEA: Furniture & Home Goods Retailer
Risk to Business: 1.595 = Extreme
IKEA is battling a nasty phishing attack on its employee email accounts that is using reply chains to try to trick employees. A reply-chain email attack is a type of spoofing in which the bad guys steal legitimate corporate email messages and send links to malicious documents to the chain as a reply. The messages seem legit and can be hard to catch. Malicious messages are being sent from inside the main IKEA organization as well as from other compromised IKEA organizations and business partners. The fight is ongoing and no direct cause has been announced, although analysts are saying that signs point to a Microsoft Exchange on-premises server compromise.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing is the top risk for a data breach in organizations of any size and has been for the last 3 years.
Singapore – Swire Pacific Offshore
https://portswigger.net/daily-swig/maritime-giant-swire-pacific-offshore-suffers-data-breach-following-cyber-attackExploit: Ransomware
Swire Pacific Offshore: Maritime Services
Risk to Business: 1.595 = Extreme
Singapore-based shipping giant Swire Pacific Offshore has announced a data breach after it fell victim to a possible ransomware attack. The company’s press release stated that unauthorized access had resulted in the loss of some confidential proprietary commercial information and some personal data. No further specifics were given about the type or amount of data stolen. The statement went on to note that appropriate authorities have been notified. Singapore has mandatory data breach notification laws that require organizations to report incidents like this to the government. The company also announced that it is working with data security experts to investigate the incident and implement stricter security measures.
Customers Impacted: Unknown
How it Could Affect Your Business: Shipping has been beleaguered by cybercrime since the start of the global pandemic with maritime firms especially at risk. At least four other major maritime services or shipping companies have been hit by ransomware in recent months.
Cronin
https://www.websiteplanet.com/blog/cronin-leak-report/
Exploit: MisconfigurationCronin: Digital Marketing Firm
Risk to Business: 1.917= Severe
Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords and some unspecified PII and financial data were also exposed.
Customers Impacted: Unknown
How It Could Affect Your Business: Information security is challenging enough without the complications of sloppy and dangerous mistakes like this.
Supernus Pharmaceuticals
https://www.securityweek.com/ransomware-operators-threaten-leak-15tb-supernus-pharmaceuticals-dataExploit: Ransomware
Supernus Pharmaceuticals: Pharmaceutical Company
Risk to Business: 1.702=Severe
Maryland-based Supernus Pharmaceuticals fell prey to a ransomware attack that resulted in a large amount of data being exfiltrated from its networks in mid-November. The Hive ransomware group claimed responsibility for the attack over the Thanksgiving holiday weekend. The group claims to have breached Supernus Pharmaceuticals’ network on November 14 and exfiltrated a total of 1,268,906 files, totaling 1.5 terabytes of data. Supernus Pharmaceuticals says it did not plan to pay a ransom. In a statement, Supernus Pharmaceuticals also disclosed that it did not experience a significant impact on its business, they were quickly able to restore lost data and the company has enacted stronger security measures.
Customers Impacted: Unknown
How It Could Affect Your Business: Companies in the healthcare and pharma sectors have been the favorite targets of ransomware gangs since the start of the global pandemic.
Butler County Community College
https://www.wtae.com/article/butler-county-community-college-closed-ransomware-attack/38374651Exploit: Ransomware
Butler County Community College: Institution of Higher Learning
Risk to Business: 2.728=Moderate
Butler County Community College in Pennsylvania was forced to suspend classes for at least two days in the wake of a ransomware attack that has crippled the college’s systems. The college says it is working to restore databases, hard drives, servers and other devices. In a release, the college also announced the cancellation of all remote and online credit classes as it works to restore data, servers and other systems affected by the attack. Noncredit courses are canceled as well for November 29 and 30. The college will not provide services on its main campus or at its additional locations on those days. The incident is under investigation and the college is being assisted in recovery by a local cybersecurity firm.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware gangs have been taking aim at schools, colleges, school districts and similar education sector targets thanks to the it historically poor security and profit opportunities created by the adoption of widespread distance learning.
Brazil – WSpot
https://www.hackread.com/wifi-software-firm-exposed-users-data/
Exploit: MisconfigurationWSpot: WiFi Security Software Provider
Risk to Business: 2.109= Severe
Researchers uncovered a misconfigured Amazon Web Services S3 bucket containing 10 GB worth of data that belonged to Wi-Fi software services company WSpot. The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The company stated that they are in the process of notifying legal authorities including the National Data Protection Authority regarding the incident. WSpot, estimated that 5% of its customer base was impacted by this leak.
Individual Risk 2.811= Severe
An estimated 226,000 files were exposed including the personal details of at least 2.5 million users who connected to WSpot’s client’s public Wi-Fi networks.
How it Could Affect Your Business: These days consumers and businesses are paying attention to who has data security in mind when choosing business partners and service providers.
United Kingdom – BTC-Alpha
https://www.techtarget.com/searchsecurity/news/252509877/Cryptocurrency-exchange-BTC-Alpha-confirms-ransomware-attackExploit: Ransomware
BTC-Alpha: Cryptocurrency Exchange
Risk to Business: 1.512= Severe
This week’s most bizarre breach saga belongs to BTC-Alpha. The UK-based cryptocurrency exchange was hit with a ransomware attack in early November. The Lockbit ransomware group claimed responsibility and posted a threat to its leak site to expose BTC-Alpha’s data if a ransom was not paid by December 1. Here’s where it gets strange. Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm in a press release on the same day that Lockbit’s announcement was made. The release goes on to state that a rival was launching a cryptocurrency exchange on the same day as the attack and may be involved in the incident. The full text of the release is available here: https://www.prleap.com/pr/282919/vitaliy-bodnar-founder-of-btc-alpha-comments-on-the-pressure-and-threats The company disclosed that although hashed passwords were compromised, users’ balances were not impacted, and the company and its users lost no money. The company also advised users to avoid password reuse, update or reinstall their apps, and employ MFA. The odd incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that provide financial services need to provide and enforce strong security measures like the universal adoption of MFA.
Sweden – IKEA
https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/ikea-cyberattack-details/
Exploit: PhishingIKEA: Furniture & Home Goods Retailer
Risk to Business: 1.595 = Extreme
IKEA is battling a nasty phishing attack on its employee email accounts that is using reply chains to try to trick employees. A reply-chain email attack is a type of spoofing in which the bad guys steal legitimate corporate email messages and send links to malicious documents to the chain as a reply. The messages seem legit and can be hard to catch. Malicious messages are being sent from inside the main IKEA organization as well as from other compromised IKEA organizations and business partners. The fight is ongoing and no direct cause has been announced, although analysts are saying that signs point to a Microsoft Exchange on-premises server compromise.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing is the top risk for a data breach in organizations of any size and has been for the last 3 years.
Singapore – Swire Pacific Offshore
https://portswigger.net/daily-swig/maritime-giant-swire-pacific-offshore-suffers-data-breach-following-cyber-attackExploit: Ransomware
Swire Pacific Offshore: Maritime Services
Risk to Business: 1.595 = Extreme
Singapore-based shipping giant Swire Pacific Offshore has announced a data breach after it fell victim to a possible ransomware attack. The company’s press release stated that unauthorized access had resulted in the loss of some confidential proprietary commercial information and some personal data. No further specifics were given about the type or amount of data stolen. The statement went on to note that appropriate authorities have been notified. Singapore has mandatory data breach notification laws that require organizations to report incidents like this to the government. The company also announced that it is working with data security experts to investigate the incident and implement stricter security measures.
Customers Impacted: Unknown
How it Could Affect Your Business: Shipping has been beleaguered by cybercrime since the start of the global pandemic with maritime firms especially at risk. At least four other major maritime services or shipping companies have been hit by ransomware in recent months.
GoDaddy
https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/
Exploit: Credential CompromiseGoDaddy: Web Hosting Provider
Risk to Business: 1.527= Severe
GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.
Customers Impacted: 1.2 million
How It Could Affect Your Business: Third-party security risk is increasingly common in an interconnected world and building strong defenses helps protect against this unexpected danger.
California Pizza Kitchen
Exploit: HackingCalifornia Pizza Kitchen: Fast Casual Restaurant Chain
Risk to Business: 2.212=Severe
US casual dining chain California Pizza Kitchen has had a data security breach that impacts current and past employees. In a statement, the company disclosed that its systems were infiltrated by an unauthorized user on September 15. Those cybercriminals gained access to an undisclosed amount of data including employee records that contained at least employee names and SSNs.
Individual Risk: 1.907=Severe
In a filing with the Maine attorney general’s office, the company reported that 103,767 current and former employees had their names and Social Security numbers exposed.
How It Could Affect Your Business: A failure to secure employee data can be just as damaging and expensive as a failure to secure consumer data.
Lake County Board of Commissioners
https://www.washingtonpost.com/politics/attempted-breach-ohio-election/2021/11/19/12417a4c-488c-11ec-b8d9-232f4afe4d9b_story.htmlExploit: Insider Incident
Lake County Board of Commissioners: Election Regulator
Risk to Business: 1.502=Severe
The Washington Post is reporting that a data security incident occurred at the Lake County, Ohio Board of Elections. The attempted breach occurred on May 4 inside the county office of John Hamercheck (R), president of the Lake County Board of Commissioners. In this incident, a private laptop was plugged into the county network in Hamercheck’s office, capturing routine network traffic. That information was then distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell. Officials say that no sensitive data was obtained. This is substantially similar to an incident in Colorado earlier this year. Data from the Colorado incident was circulated at the same event. The FBI is investigating the incident.
Customers Impacted: Unknown
How It Could Affect Your Business: Insider threats can pop up anywhere and real havoc on an organization when they least expect it.
Cyprus – StripChat
https://therecord.media/adult-cam-site-stripchat-exposes-the-data-of-millions-of-users-and-cam-models/Exploit: Misconfiguration
StripChat: Adult Content Platform
Risk to Business: 1.615= Severe
StripChat, one of the world’s top 5 adult cam sites, has suffered a data breach that exposed more than its usual fare, including the personal data of millions of users and adult models. In a blunder discovered by security researchers, StripChat failed to properly configure an ElasticSearch database cluster, leaving data exposed for at least 3 days.
Individual Risk 1.802= Severe
Researchers listed the exposed data pertaining to 65 million users registered on the site including their username, email, IP address, ISP details, tip balance, account creation date, last login date and account status. Data for 421,000 models broadcasting on the site was also exposed including username, gender, studio ID, live status, tip menus/prices and strip scores. Other transaction data was also exposed.
How it Could Affect Your Business: The company hasn’t just failed at data security, at press time they had also failed to publicly disclose or acknowledge the incident, a sure path to a hefty GDPR fine.
Denmark – Vestas
https://portswigger.net/daily-swig/wind-turbine-giant-vestas-confirms-data-breach-following-cybersecurity-incidentExploit: Ransomware
Vestas: Wind Turbine Manufacturer
Risk to Business: 1.512= Severe
The world’s largest supplier of wind turbines Vestas has announced that it has experienced a suspected ransomware incident. The company says that its initial investigation has determined that data has been compromised, although no specifics about that data were given. The company says that the incident forced the shutdown of IT systems and has damaged parts of Vestas’ internal IT infrastructure. Recovery has begun, and the company has stressed that the impact on its manufacturing, construction and service arms has been minimal.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware and infrastructure components are going hand in hand these days, creating an elevated risk level for companies in infrastructure-related sectors.
Australia – Copyright Agency
https://www.itnews.com.au/news/australias-copyright-agency-investigates-cyber-incident-572982
Exploit: HackingCopyright Agency: Royalty Collection Agency
Risk to Business: 1.595 = Extreme
Australia’s Copyright Agency has suffered a data breach The agency which distributes royalties to authors, photographers and other creators for the reuse of their text and images, notified members of the incident last Friday. No information is yet available about what data may have been impacted, but there’s a possibility that extensive personal and financial data may have been exposed for the 37,000 creators that it services.
GoDaddy
https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/
Exploit: Credential CompromiseGoDaddy: Web Hosting Provider
Risk to Business: 1.527= Severe
GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.
Customers Impacted: 1.2 million
How It Could Affect Your Business: Third-party security risk is increasingly common in an interconnected world and building strong defenses helps protect against this unexpected danger.
California Pizza Kitchen
Exploit: HackingCalifornia Pizza Kitchen: Fast Casual Restaurant Chain
Risk to Business: 2.212=Severe
US casual dining chain California Pizza Kitchen has had a data security breach that impacts current and past employees. In a statement, the company disclosed that its systems were infiltrated by an unauthorized user on September 15. Those cybercriminals gained access to an undisclosed amount of data including employee records that contained at least employee names and SSNs.
Individual Risk: 1.907=Severe
In a filing with the Maine attorney general’s office, the company reported that 103,767 current and former employees had their names and Social Security numbers exposed.
How It Could Affect Your Business: A failure to secure employee data can be just as damaging and expensive as a failure to secure consumer data.
Lake County Board of Commissioners
https://www.washingtonpost.com/politics/attempted-breach-ohio-election/2021/11/19/12417a4c-488c-11ec-b8d9-232f4afe4d9b_story.htmlExploit: Insider Incident
Lake County Board of Commissioners: Election Regulator
Risk to Business: 1.502=Severe
The Washington Post is reporting that a data security incident occurred at the Lake County, Ohio Board of Elections. The attempted breach occurred on May 4 inside the county office of John Hamercheck (R), president of the Lake County Board of Commissioners. In this incident, a private laptop was plugged into the county network in Hamercheck’s office, capturing routine network traffic. That information was then distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell. Officials say that no sensitive data was obtained. This is substantially similar to an incident in Colorado earlier this year. Data from the Colorado incident was circulated at the same event. The FBI is investigating the incident.
Customers Impacted: Unknown
How It Could Affect Your Business: Insider threats can pop up anywhere and real havoc on an organization when they least expect it.
Cyprus – StripChat
https://therecord.media/adult-cam-site-stripchat-exposes-the-data-of-millions-of-users-and-cam-models/Exploit: Misconfiguration
StripChat: Adult Content Platform
Risk to Business: 1.615= Severe
StripChat, one of the world’s top 5 adult cam sites, has suffered a data breach that exposed more than its usual fare, including the personal data of millions of users and adult models. In a blunder discovered by security researchers, StripChat failed to properly configure an ElasticSearch database cluster, leaving data exposed for at least 3 days.
Individual Risk 1.802= Severe
Researchers listed the exposed data pertaining to 65 million users registered on the site including their username, email, IP address, ISP details, tip balance, account creation date, last login date and account status. Data for 421,000 models broadcasting on the site was also exposed including username, gender, studio ID, live status, tip menus/prices and strip scores. Other transaction data was also exposed.
How it Could Affect Your Business: The company hasn’t just failed at data security, at press time they had also failed to publicly disclose or acknowledge the incident, a sure path to a hefty GDPR fine.
Denmark – Vestas
https://portswigger.net/daily-swig/wind-turbine-giant-vestas-confirms-data-breach-following-cybersecurity-incidentExploit: Ransomware
Vestas: Wind Turbine Manufacturer
Risk to Business: 1.512= Severe
The world’s largest supplier of wind turbines Vestas has announced that it has experienced a suspected ransomware incident. The company says that its initial investigation has determined that data has been compromised, although no specifics about that data were given. The company says that the incident forced the shutdown of IT systems and has damaged parts of Vestas’ internal IT infrastructure. Recovery has begun, and the company has stressed that the impact on its manufacturing, construction and service arms has been minimal.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware and infrastructure components are going hand in hand these days, creating an elevated risk level for companies in infrastructure-related sectors.
Australia – Copyright Agency
https://www.itnews.com.au/news/australias-copyright-agency-investigates-cyber-incident-572982
Exploit: HackingCopyright Agency: Royalty Collection Agency
Risk to Business: 1.595 = Extreme
Australia’s Copyright Agency has suffered a data breach The agency which distributes royalties to authors, photographers and other creators for the reuse of their text and images, notified members of the incident last Friday. No information is yet available about what data may have been impacted, but there’s a possibility that extensive personal and financial data may have been exposed for the 37,000 creators that it services.
Federal Bureau of Investigation (FBI)
https://www.washingtonpost.com/nation/2021/11/14/fbi-hack-email-cyberattack/
Exploit: Account TakeoverFederal Bureau of Investigation (FBI): Federal Government Agency
Risk to Business: 1.417= Severe
A shocking email security breach at the US Federal Bureau of Investigation (FBI) led to the takeover of a user account. The cybercriminals that accomplished the feat were able to use that compromised email account to send tens of thousands of fraudulent emails warning recipients of impending cyberattacks. Messages reached celebrities like Jay Z and journalists including investigative reporter Brian Krebs. The Bureau later confirmed that its Law Enforcement Enterprise Portal (LEEP) was compromised in a cyberattack Friday. FBI officials were quick to stress the fact that the malicious emails originated from an FBI-operated server that was solely dedicated to pushing notifications for LEEP and not part of the FBI’s corporate email service.
Customers Impacted: Unknown
How It Could Affect Your Business: This incident shows that no organization is immune to a cyberattack, and even the best defenses can fail.
West Virginia Parkways Authority
Exploit: RansomwareWest Virginia Parkways Authority: State Government Agency
Risk to Business: 1.822=Severe
A suspected ransomware attack snarled operations at the West Virginia Parkways Authority last Friday. Officials announced that a cyberattack had hit the agency’s internal computer systems, knocking out email, telephones, and various non-critical applications for several hours. According to the statement, no data was extracted or exposed in the incident which only impacted operational technology. Systems have since been restored and the incident is under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: Using ransomware against infrastructure targets to shut down their operations has become much more common.
Robinhood
Exploit: Phishing (Vishing)Robinhood: Financial Services Platform
Risk to Business: 1.542=Extreme
Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.
Individual Risk: 1.312=Extreme
The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.
How It Could Affect Your Business: Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.
Hewlett Packer Enterprise (HPE)
https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/
Exploit: Credential CompromiseHewlett Packer Enterprise: Business Technology Services
Risk to Business: 1.615= Severe
Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.
United Kingdom – Simplify Group
Exploit: HackingSimplify Group: Conveyancing & Property Services
Risk to Business: 1.512= Severe
UK property services giant Simplify Group has been experiencing a cyberattack that impacted operations at many of its divisions. The company operates brands like Premier Property Lawyers, My Home Move and DC Law. The outage was a spanner in the works for new and prospective homebuyers, including some that were mid-move, and they were quick to take to social media. Some systems have been restored and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.
Spain – S.A. Damm
https://gadgets.ndtv.com/internet/news/cyberattack-damm-beer-barcelona-estrella-brewery-shut-down-llobregat-2609233Exploit: Ransomware
S.A. Damm: Brewing
Risk to Business: 1.595 = Extreme
Operations went flat at Spanish brewer S.A. Damm after a ransomware attack crippled production. The company disclosed that the cyberattack hit the brewery on Tuesday night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”. Operations were partially restored quickly and the rest of the recovery is expected to be completed soon.
How it Could Affect Your Business: Ransomware gangs have been stopping production in factories rather than stealing data in the hopes of scoring a quick ransom from desperate businesses.
Federal Bureau of Investigation (FBI)
https://www.washingtonpost.com/nation/2021/11/14/fbi-hack-email-cyberattack/
Exploit: Account TakeoverFederal Bureau of Investigation (FBI): Federal Government Agency
Risk to Business: 1.417= Severe
A shocking email security breach at the US Federal Bureau of Investigation (FBI) led to the takeover of a user account. The cybercriminals that accomplished the feat were able to use that compromised email account to send tens of thousands of fraudulent emails warning recipients of impending cyberattacks. Messages reached celebrities like Jay Z and journalists including investigative reporter Brian Krebs. The Bureau later confirmed that its Law Enforcement Enterprise Portal (LEEP) was compromised in a cyberattack Friday. FBI officials were quick to stress the fact that the malicious emails originated from an FBI-operated server that was solely dedicated to pushing notifications for LEEP and not part of the FBI’s corporate email service.
Customers Impacted: Unknown
How It Could Affect Your Business: This incident shows that no organization is immune to a cyberattack, and even the best defenses can fail.
West Virginia Parkways Authority
Exploit: RansomwareWest Virginia Parkways Authority: State Government Agency
Risk to Business: 1.822=Severe
A suspected ransomware attack snarled operations at the West Virginia Parkways Authority last Friday. Officials announced that a cyberattack had hit the agency’s internal computer systems, knocking out email, telephones, and various non-critical applications for several hours. According to the statement, no data was extracted or exposed in the incident which only impacted operational technology. Systems have since been restored and the incident is under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: Using ransomware against infrastructure targets to shut down their operations has become much more common.
Robinhood
Exploit: Phishing (Vishing)Robinhood: Financial Services Platform
Risk to Business: 1.542=Extreme
Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.
Individual Risk: 1.312=Extreme
The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.
How It Could Affect Your Business: Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.
Hewlett Packer Enterprise (HPE)
https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/
Exploit: Credential CompromiseHewlett Packer Enterprise: Business Technology Services
Risk to Business: 1.615= Severe
Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.
United Kingdom – Simplify Group
Exploit: HackingSimplify Group: Conveyancing & Property Services
Risk to Business: 1.512= Severe
UK property services giant Simplify Group has been experiencing a cyberattack that impacted operations at many of its divisions. The company operates brands like Premier Property Lawyers, My Home Move and DC Law. The outage was a spanner in the works for new and prospective homebuyers, including some that were mid-move, and they were quick to take to social media. Some systems have been restored and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.
Spain – S.A. Damm
https://gadgets.ndtv.com/internet/news/cyberattack-damm-beer-barcelona-estrella-brewery-shut-down-llobregat-2609233Exploit: Ransomware
S.A. Damm: Brewing
Risk to Business: 1.595 = Extreme
Operations went flat at Spanish brewer S.A. Damm after a ransomware attack crippled production. The company disclosed that the cyberattack hit the brewery on Tuesday night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”. Operations were partially restored quickly and the rest of the recovery is expected to be completed soon.
How it Could Affect Your Business: Ransomware gangs have been stopping production in factories rather than stealing data in the hopes of scoring a quick ransom from desperate businesses.
Diamond Comic Distributors
https://bleedingcool.com/comics/diamond-comic-distributors-targeted-by-ransomware-attack/
Exploit: RansomwareDiamond Comic Distributors: Periodical Distributor
Risk to Business: 1.417= Severe
It’s a bird, it’s a plane, it’s a ransomware attack at Diamond Comic Distributors. The Baltimore-based company, the exclusive distributor of DC and Image Comics and a publishing outlet for dozens of small-press comics publishers, suffered a ransomware attack last Friday that took down the company’s website and customer service platforms all weekend into Monday. Diamond said in a statement that it did not anticipate that any customer financial data had been impacted by this event. Investigation and recovery is underway with some functions already restored.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware can cost companies a fortune from operational disruption alone even if no data is snatched, not to mention incident response costs.
Electronic Warfare Associates (EWA)
Exploit: PhishingElectronic Warfare Associates (EWA): Defense Contractor
Risk to Business: 1.822=Severe
A phishing attack that snared an employee is the suspected cause of a breach at defense contractor Electronic Warfare Associates (EWA). The company is a major provider of specialized software for the US defense establishment including the Pentagon, the Department of Defense (DoD), the Department of Justice (DoJ) and the Department of Homeland Security (DHS). EWA’s investigation determined that an attacker broke into an EWA email account in August 2021 after a phishing operation. The intrusion was uncovered when the attacker attempted a wire transfer. Employee PII was exposed and concern remains that sensitive defense information may also have been exposed.
Individual Risk: 1.703=Severe
EWA has admitted that the attackers snatched files with certain personal information including name and Social Security Number and/or drivers’ license number for an undisclosed number of EWA employees, but no further information was given.
How It Could Affect Your Business: Phishing is an equal opportunity offender and no less likely to be successful against the presumably cybersecurity savvy employees of a tech company as any other business.
Newfoundland and Labrador Health
https://www.securitymagazine.com/articles/96481-canadian-healthcare-system-suffered-cyberattack
Exploit: RansomwareNewfoundland and Labrador Health: Healthcare System
Risk to Business: 1.442=Extreme
What may be the largest cyberattack in Canadian history crippled the healthcare system of the province of Newfoundland and Labrador on October 30th. The suspected ransomware attack hit scheduling and payment systems, causing widespread interruptions in patient care including the cancellation of all non-urgent imaging and medical appointments well as a reduction in chemotherapy sessions and significant complications the province’s COVID-19 response. Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack. Email and telephone capability has been restored in some locations and an investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Healthcare has been beleaguered by cyberattacks, especially ransomware, since the start of the global pandemic.
Greece – Danaos Management Consultants
https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/
Exploit: HackingDanaos Management Consultants: Maritime IT
Risk to Business: 1.615= Severe
Maritime clients who use the communication systems of Danaos Management Consultants found themselves without some communications capability after a cyberattack blocked their communication with ships, suppliers, agents, charterers and suppliers. Several Greek shipping companies were impacted. The incident also resulted in the loss of an unspecified amount of files and correspondence for the impacted shipping firms.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks have rocked the maritime world in 2021, with major attacks against the world’s four biggest shippers complicating the world’s supply chain woes.
Germany – Media Markt
https://www.bleepingcomputer.com/news/security/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom/Exploit: Ransomware
Media Markt: Electronics Retailer
Risk to Business: 1.512= Severe
Electronics retailer MediaMarkt has suffered a ransomware attack that caused the company to shut down some IT systems, impacting store operations in Netherlands and Germany. While cash registers and payment card systems in brick-and-mortar locations were disrupted, online sales were not impacted. The attack was purportedly carried out by the Hive ransomware outfit who initially demanded $240 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.
Australia – mySA Gov
https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.htmlExploit: Hacking
mySA Gov: Government Services Platform
Risk to Business: 1.595 = Extreme
South Australia’s Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. Officials went on to say that the hackers gained access to several mySA Gov accounts that were secured with recycled passwords. The department went on to say that there was no evidence of any unauthorized transactions on the impacted accounts while encouraging users to update their passwords.
Individual Risk: 1.595 = Extreme
A report from ABC says that 2,601 mySA Gov accounts were accessed in the attack, with 2,008 of them containing registration and licensing information. It is unclear if any information was exfiltrated.
How it Could Affect Your Business: Cybercriminals are always hungry for PII, especially identification card or passport data that can help them commit identity theft.
Diamond Comic Distributors
https://bleedingcool.com/comics/diamond-comic-distributors-targeted-by-ransomware-attack/
Exploit: RansomwareDiamond Comic Distributors: Periodical Distributor
Risk to Business: 1.417= Severe
It’s a bird, it’s a plane, it’s a ransomware attack at Diamond Comic Distributors. The Baltimore-based company, the exclusive distributor of DC and Image Comics and a publishing outlet for dozens of small-press comics publishers, suffered a ransomware attack last Friday that took down the company’s website and customer service platforms all weekend into Monday. Diamond said in a statement that it did not anticipate that any customer financial data had been impacted by this event. Investigation and recovery is underway with some functions already restored.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware can cost companies a fortune from operational disruption alone even if no data is snatched, not to mention incident response costs.
Electronic Warfare Associates (EWA)
Exploit: PhishingElectronic Warfare Associates (EWA): Defense Contractor
Risk to Business: 1.822=Severe
A phishing attack that snared an employee is the suspected cause of a breach at defense contractor Electronic Warfare Associates (EWA). The company is a major provider of specialized software for the US defense establishment including the Pentagon, the Department of Defense (DoD), the Department of Justice (DoJ) and the Department of Homeland Security (DHS). EWA’s investigation determined that an attacker broke into an EWA email account in August 2021 after a phishing operation. The intrusion was uncovered when the attacker attempted a wire transfer. Employee PII was exposed and concern remains that sensitive defense information may also have been exposed.
Individual Risk: 1.703=Severe
EWA has admitted that the attackers snatched files with certain personal information including name and Social Security Number and/or drivers’ license number for an undisclosed number of EWA employees, but no further information was given.
How It Could Affect Your Business: Phishing is an equal opportunity offender and no less likely to be successful against the presumably cybersecurity savvy employees of a tech company as any other business.
Newfoundland and Labrador Health
https://www.securitymagazine.com/articles/96481-canadian-healthcare-system-suffered-cyberattack
Exploit: RansomwareNewfoundland and Labrador Health: Healthcare System
Risk to Business: 1.442=Extreme
What may be the largest cyberattack in Canadian history crippled the healthcare system of the province of Newfoundland and Labrador on October 30th. The suspected ransomware attack hit scheduling and payment systems, causing widespread interruptions in patient care including the cancellation of all non-urgent imaging and medical appointments well as a reduction in chemotherapy sessions and significant complications the province’s COVID-19 response. Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack. Email and telephone capability has been restored in some locations and an investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Healthcare has been beleaguered by cyberattacks, especially ransomware, since the start of the global pandemic.
Greece – Danaos Management Consultants
https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/
Exploit: HackingDanaos Management Consultants: Maritime IT
Risk to Business: 1.615= Severe
Maritime clients who use the communication systems of Danaos Management Consultants found themselves without some communications capability after a cyberattack blocked their communication with ships, suppliers, agents, charterers and suppliers. Several Greek shipping companies were impacted. The incident also resulted in the loss of an unspecified amount of files and correspondence for the impacted shipping firms.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks have rocked the maritime world in 2021, with major attacks against the world’s four biggest shippers complicating the world’s supply chain woes.
Germany – Media Markt
https://www.bleepingcomputer.com/news/security/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom/Exploit: Ransomware
Media Markt: Electronics Retailer
Risk to Business: 1.512= Severe
Electronics retailer MediaMarkt has suffered a ransomware attack that caused the company to shut down some IT systems, impacting store operations in Netherlands and Germany. While cash registers and payment card systems in brick-and-mortar locations were disrupted, online sales were not impacted. The attack was purportedly carried out by the Hive ransomware outfit who initially demanded $240 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.
Australia – mySA Gov
https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.htmlExploit: Hacking
mySA Gov: Government Services Platform
Risk to Business: 1.595 = Extreme
South Australia’s Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. Officials went on to say that the hackers gained access to several mySA Gov accounts that were secured with recycled passwords. The department went on to say that there was no evidence of any unauthorized transactions on the impacted accounts while encouraging users to update their passwords.
Individual Risk: 1.595 = Extreme
A report from ABC says that 2,601 mySA Gov accounts were accessed in the attack, with 2,008 of them containing registration and licensing information. It is unclear if any information was exfiltrated.
How it Could Affect Your Business: Cybercriminals are always hungry for PII, especially identification card or passport data that can help them commit identity theft.
The National Rifle Association (NRA)
https://www.nbcnews.com/tech/security/cybercriminals-claim-hacked-nra-rcna3929
Exploit: RansomwareNational Rifle Association: Gun Rights Activist Group
Risk to Business: 1.417= Severe
Guess who’s back? Cybersecurity researchers believe that the notorious Evil Corp has rebranded itself as Grief, the group that has claimed responsibility for a probable ransomware attack at The National Rifle Association (NRA). Grief posted 13 files to its news website last Wednesday after they claimed to have hacked the NRA. The gang is threatening to release more of the files if they’re not paid, but no ransom demand was specified. NBC News reported that the files it saw were related to grants. The samples provided by the gang include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, a W-9 form and the minutes from a September 24th NRA teleconference meeting.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware can be used to steal and publicize sensitive information that a company doesn’t want exposed.
PracticeMax
https://www.govinfosecurity.com/phi-stolen-in-practice-management-firms-ransomware-attack-a-17813
Exploit: RansomwarePracticeMax: Medical Practice Management Services
Risk to Business: 1.822=Severe
A ransomware attack on medical practice management services firm PracticeMax may have exposed Protected Health Information. The company notified members of Village Health that they may have been impacted by a cyberattack in April and May of 2021. VillageHealth is a care coordination program for patients with chronic conditions run by DaVita Inc. and offered through health plans including Anthem and Humana. PracticeMax indicates the breach affected more than 4,400 of its members in legal filings, but a company statement warns that they cannot say for sure that any data was actually accessed or stolen.
Individual Risk: 1.703=Severe
In breach notification letters being sent on behalf of DaVita, Humana and Anthem, PracticeMax says the incident affected PHI including members’ first and last name, date of birth, address, phone number, Social Security Number, member ID number and clinical data pertaining to services received through the VillageHealth program.
How It Could Affect Your Business: Service providers that handle a lot of valuable data have been favored targets of ransomware groups looking to profit in the booming data markets.
United States – Schreiber Foods
https://www.zdnet.com/article/schreiber-foods-back-to-normal-after-ransomware-attack-shut-down-milk-plants/Exploit: Ransomware
Schreiber Foods: Dairy Processor
Risk to Business: 1.442=Extreme
Wisconsin-based dairy powerhouse Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack ground operations to a halt over the weekend. The company announced that a “cyber event” had disrupted operations at its processing and distribution centers after critical systems were knocked or taken offline. Schreiber uses a variety of digital systems and computers to manage milk processing, so this event impacted the entire dairy supply chain in the US. This is the latest incident in a string of massive production-impacting cyberattacks against agricultural sector targets. The company is the largest milk processor in Wisconsin, and it has reportedly been hit with a $2.5 million ransom demand.
Customers Impacted: Unknown
How It Could Affect Your Business: In September, the FBI released a notice warning companies in the food and agriculture sectors to watch out for ransomware attacks aiming to disrupt supply chains.
Canada – Toronto Transit Commission (TTC)
https://www.cbc.ca/news/canada/toronto/ttc-ransomware-attack-1.6231349Exploit: Hacking
Toronto Transit Commission (TTC): Government Entity
Risk to Business: 1.615= Severe
The Toronto Transit Commission was the victim of a ransomware attack that it says began last Thursday night and expanded on Friday. Officials were quick to assure the public that the attack has not caused any significant disruption to transit service and the public and employees are not at risk. They specified that transit vehicles are continuing to service their routes, but apps and computer displays of route information are being affected. There’s no word on when those functions will be restored.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks on infrastructure targets are common, and that means that organizations that run and serve them need to step up their security game.
United Kingdom – Graff
https://www.dailymail.co.uk/news/article-10148265/Massive-cyber-heist-rocks-high-society-jeweller-Graff.htmlExploit: Ransomware
Graff: Jeweler
Risk to Business: 1.512= Severe
The Conti ransomware gang made headlines again with a successful ransomware attack against high-society jeweler Graff. The company counts clients like Donald Trump, David Beckham, Oprah Winfrey and other major-league clientele. Graff operates at the top end of the diamond jewelry market, with more than 60 retail stores worldwide. Reports say that the Conti group has already posted 69,000 confidential documents on its dark web leak site including client lists, contact data and other proprietary information. Ransom demands are reported to be in the millions of pounds.
Customers Impacted: Unknown
How it Could Affect Your Business: Firms like Graff not only have records on deep-pocketed clients, they also have records on transactions that those clients may want to have kept quiet.
Poland – C.R.E.A.M. Finance
https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.htmlExploit: Cryptojacking (Misconfiguration)
C.R.E.A.M. Finance: Decentralized Lending Platform
Risk to Business: 1.595 = Extreme
For the third time this year, cybercriminals have hit lending platform C.R.E.A.M. Finance, stealing cryptocurrency. This time, thieves made off with $130 million worth of cryptocurrency assets. According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets. This is the third successful heist from the platform this year. Crooks jacked $29 million in August 2021 and $37 million in February 2021.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are always hungry for cash and crypto is the currency that they prefer, so stealing it will continue to be a popular option.
Thailand – Centara Hotels & Resorts
https://www.zdnet.com/article/luxury-hotel-chain-in-thailand-reports-data-breach/
Exploit: RansomwareCentara Hotels & Resorts: Hotel Chain
Risk to Business: 1.637 = Severe
The Desorden ransomware group claims to have stolen over 400GB of files and databases containing information belonging to millions of hotel guests of Thailand’s Centara Hotels & Resorts. The hotel chain is part of Central Group, a conglomerate that also includes the Central Restaurants Group, which it hacked earlier this month. The hackers made it clear that this attack was in retaliation for the Central Group’s refusal to pay the ransom for the first attack after negotiating and promising payment. That incident would have provided a ransom payment of $900,000 before Central Group backed out of the deal on Tuesday, spurring the second attack.
Individual Risk: 1.818 = Severe
The company admitted that attackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. Whether or not passport data was included was not specified but it is commonly requested. The theft is said to have affected guests who stayed at the hotel chain between 2003 and 2021, including any guests that made advanced bookings up to December 2021.
How it Could Affect Your Business: Big pools of information are catnip to ransomware gangs, especially highly desirable PII or credit card data.
The National Rifle Association (NRA)
https://www.nbcnews.com/tech/security/cybercriminals-claim-hacked-nra-rcna3929
Exploit: RansomwareNational Rifle Association: Gun Rights Activist Group
Risk to Business: 1.417= Severe
Guess who’s back? Cybersecurity researchers believe that the notorious Evil Corp has rebranded itself as Grief, the group that has claimed responsibility for a probable ransomware attack at The National Rifle Association (NRA). Grief posted 13 files to its news website last Wednesday after they claimed to have hacked the NRA. The gang is threatening to release more of the files if they’re not paid, but no ransom demand was specified. NBC News reported that the files it saw were related to grants. The samples provided by the gang include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, a W-9 form and the minutes from a September 24th NRA teleconference meeting.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware can be used to steal and publicize sensitive information that a company doesn’t want exposed.
PracticeMax
https://www.govinfosecurity.com/phi-stolen-in-practice-management-firms-ransomware-attack-a-17813
Exploit: RansomwarePracticeMax: Medical Practice Management Services
Risk to Business: 1.822=Severe
A ransomware attack on medical practice management services firm PracticeMax may have exposed Protected Health Information. The company notified members of Village Health that they may have been impacted by a cyberattack in April and May of 2021. VillageHealth is a care coordination program for patients with chronic conditions run by DaVita Inc. and offered through health plans including Anthem and Humana. PracticeMax indicates the breach affected more than 4,400 of its members in legal filings, but a company statement warns that they cannot say for sure that any data was actually accessed or stolen.
Individual Risk: 1.703=Severe
In breach notification letters being sent on behalf of DaVita, Humana and Anthem, PracticeMax says the incident affected PHI including members’ first and last name, date of birth, address, phone number, Social Security Number, member ID number and clinical data pertaining to services received through the VillageHealth program.
How It Could Affect Your Business: Service providers that handle a lot of valuable data have been favored targets of ransomware groups looking to profit in the booming data markets.
United States – Schreiber Foods
https://www.zdnet.com/article/schreiber-foods-back-to-normal-after-ransomware-attack-shut-down-milk-plants/Exploit: Ransomware
Schreiber Foods: Dairy Processor
Risk to Business: 1.442=Extreme
Wisconsin-based dairy powerhouse Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack ground operations to a halt over the weekend. The company announced that a “cyber event” had disrupted operations at its processing and distribution centers after critical systems were knocked or taken offline. Schreiber uses a variety of digital systems and computers to manage milk processing, so this event impacted the entire dairy supply chain in the US. This is the latest incident in a string of massive production-impacting cyberattacks against agricultural sector targets. The company is the largest milk processor in Wisconsin, and it has reportedly been hit with a $2.5 million ransom demand.
Customers Impacted: Unknown
How It Could Affect Your Business: In September, the FBI released a notice warning companies in the food and agriculture sectors to watch out for ransomware attacks aiming to disrupt supply chains.
Canada – Toronto Transit Commission (TTC)
https://www.cbc.ca/news/canada/toronto/ttc-ransomware-attack-1.6231349Exploit: Hacking
Toronto Transit Commission (TTC): Government Entity
Risk to Business: 1.615= Severe
The Toronto Transit Commission was the victim of a ransomware attack that it says began last Thursday night and expanded on Friday. Officials were quick to assure the public that the attack has not caused any significant disruption to transit service and the public and employees are not at risk. They specified that transit vehicles are continuing to service their routes, but apps and computer displays of route information are being affected. There’s no word on when those functions will be restored.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks on infrastructure targets are common, and that means that organizations that run and serve them need to step up their security game.
United Kingdom – Graff
https://www.dailymail.co.uk/news/article-10148265/Massive-cyber-heist-rocks-high-society-jeweller-Graff.htmlExploit: Ransomware
Graff: Jeweler
Risk to Business: 1.512= Severe
The Conti ransomware gang made headlines again with a successful ransomware attack against high-society jeweler Graff. The company counts clients like Donald Trump, David Beckham, Oprah Winfrey and other major-league clientele. Graff operates at the top end of the diamond jewelry market, with more than 60 retail stores worldwide. Reports say that the Conti group has already posted 69,000 confidential documents on its dark web leak site including client lists, contact data and other proprietary information. Ransom demands are reported to be in the millions of pounds.
Customers Impacted: Unknown
How it Could Affect Your Business: Firms like Graff not only have records on deep-pocketed clients, they also have records on transactions that those clients may want to have kept quiet.
Poland – C.R.E.A.M. Finance
https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.htmlExploit: Cryptojacking (Misconfiguration)
C.R.E.A.M. Finance: Decentralized Lending Platform
Risk to Business: 1.595 = Extreme
For the third time this year, cybercriminals have hit lending platform C.R.E.A.M. Finance, stealing cryptocurrency. This time, thieves made off with $130 million worth of cryptocurrency assets. According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets. This is the third successful heist from the platform this year. Crooks jacked $29 million in August 2021 and $37 million in February 2021.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are always hungry for cash and crypto is the currency that they prefer, so stealing it will continue to be a popular option.
Thailand – Centara Hotels & Resorts
https://www.zdnet.com/article/luxury-hotel-chain-in-thailand-reports-data-breach/
Exploit: RansomwareCentara Hotels & Resorts: Hotel Chain
Risk to Business: 1.637 = Severe
The Desorden ransomware group claims to have stolen over 400GB of files and databases containing information belonging to millions of hotel guests of Thailand’s Centara Hotels & Resorts. The hotel chain is part of Central Group, a conglomerate that also includes the Central Restaurants Group, which it hacked earlier this month. The hackers made it clear that this attack was in retaliation for the Central Group’s refusal to pay the ransom for the first attack after negotiating and promising payment. That incident would have provided a ransom payment of $900,000 before Central Group backed out of the deal on Tuesday, spurring the second attack.
Individual Risk: 1.818 = Severe
The company admitted that attackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. Whether or not passport data was included was not specified but it is commonly requested. The theft is said to have affected guests who stayed at the hotel chain between 2003 and 2021, including any guests that made advanced bookings up to December 2021.
How it Could Affect Your Business: Big pools of information are catnip to ransomware gangs, especially highly desirable PII or credit card data.
Sinclair Broadcast Group
https://thecyberwire.com/newsletters/week-that-was/5/42Exploit: Ransomware
Sinclair Broadcast Group: Television Station Operator
Risk to Business: 1.227 = Extreme
Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.
Customers Impacted: Unknown
How It Could Affect Your Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.
Ferrara Candy Company
https://www.forestparkreview.com/2021/10/22/candy-production-impacted-by-ransomware-attack/
Exploit: RansomwareFerrara Candy Company: Candy Manufacturer
Risk to Business: 1.822=Severe
Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.
Customers Impacted: Unknown
How It Could Affect Your Business: Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.
United States – CoinMarketCap
https://www.cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-AddressesExploit: Hacking
CoinMarketCap: Cryptoasset Tracker
Risk to Business: 1.702=Severe
Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.
United Kingdom – Tesco
https://www.bbc.com/news/business-59027423Exploit: Hacking
Tesco: Supermarket Chain
Risk to Business: 2.115=Extreme
Ubiquitous UK supermarket cain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend.The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday itermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.
Switzerland – MCH Group
https://portswigger.net/daily-swig/swiss-exhibitions-organizer-mch-group-hit-by-cyber-attackExploit: Ransomware
MCH Group: Event Management
Risk to Business: 2.763 = Moderate
Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewellery show Baselworld.
Customers Impacted: Unknown
How it Could Affect Your Business: Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.
Spain – Atento
https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/Exploit: Hacking
Atento: Customer Service Center Operator
Risk to Business: 1.615 = Severe
Customer support giant Atento was hit by a cyberattack on it’s Brazil-based systems that primarily impacted it’s operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations ahve been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.
Customers Impacted: Unknown
How it Could Affect Your Business: Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers an other businesses that store a large volume of data.
Taiwan – Gigabyte
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/Exploit: Ransomware
Gigabyte: Computer Hardware Manufacturer
Risk to Business: 1.631 = Severe
Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen dataon its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip”containing confidentail data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.
Risk to Business: 1.6808 = Severe
Researchers also noted that some emoloyee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.
How it Could Affect Your Business: Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.
Sinclair Broadcast Group
https://thecyberwire.com/newsletters/week-that-was/5/42Exploit: Ransomware
Sinclair Broadcast Group: Television Station Operator
Risk to Business: 1.227 = Extreme
Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.
Customers Impacted: Unknown
How It Could Affect Your Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.
Ferrara Candy Company
https://www.forestparkreview.com/2021/10/22/candy-production-impacted-by-ransomware-attack/
Exploit: RansomwareFerrara Candy Company: Candy Manufacturer
Risk to Business: 1.822=Severe
Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.
Customers Impacted: Unknown
How It Could Affect Your Business: Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.
United States – CoinMarketCap
https://www.cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-AddressesExploit: Hacking
CoinMarketCap: Cryptoasset Tracker
Risk to Business: 1.702=Severe
Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.
United Kingdom – Tesco
https://www.bbc.com/news/business-59027423Exploit: Hacking
Tesco: Supermarket Chain
Risk to Business: 2.115=Extreme
Ubiquitous UK supermarket cain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend.The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday itermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.
Switzerland – MCH Group
https://portswigger.net/daily-swig/swiss-exhibitions-organizer-mch-group-hit-by-cyber-attackExploit: Ransomware
MCH Group: Event Management
Risk to Business: 2.763 = Moderate
Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewellery show Baselworld.
Customers Impacted: Unknown
How it Could Affect Your Business: Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.
Spain – Atento
https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/Exploit: Hacking
Atento: Customer Service Center Operator
Risk to Business: 1.615 = Severe
Customer support giant Atento was hit by a cyberattack on it’s Brazil-based systems that primarily impacted it’s operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations ahve been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.
Customers Impacted: Unknown
How it Could Affect Your Business: Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers an other businesses that store a large volume of data.
Taiwan – Gigabyte
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/Exploit: Ransomware
Gigabyte: Computer Hardware Manufacturer
Risk to Business: 1.631 = Severe
Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen dataon its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip”containing confidentail data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.
Risk to Business: 1.6808 = Severe
Researchers also noted that some emoloyee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.
How it Could Affect Your Business: Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.
Olympus Corporation of the Americas
https://www.bleepingcomputer.com/news/security/olympus-us-systems-hit-by-cyberattack-over-the-weekend/Exploit: Ransomware
Olympus Corporation of the Americas: Medical Technology Manufacturer
Risk to Business: 2.122 = Severe
Olympus was forced to take down IT systems in the U.S., Canada, and Latin America following a cyberattack that hit its network Sunday. The medical equipment manufacturer says that it does not believe that any data was stolen. Olympus also said that the incident was contained to the Americas with no known impact to other regions. Just last month, Olympus suffered another ransomware attack on its EMEA region systems.
Customers Impacted: Unknown
How It Could Affect Your Business: Many ransomware gangs aren’t bothering to steal data anymore, opting to lock down networks and production lines to force a speedy ransom payment.
Premier Patient Healthcare
https://www.govinfosecurity.com/former-executive-accessed-phi-nearly-38000-individuals-a-17724Exploit: Malicious Insider
Premier Patient Healthcare: Medical Clinic Chain
Risk to Business: 1.712=Severe
Texas-based accountable care organization Premier Patient Healthcare filed a statement this week detailing a malicious insider incident that caused the exposure of PII for over 37,000 patients from around the country. According to the report, a terminated executive had retained credentials that enabled them to access and obtain an unspecified amount of PHI. No further details were included and a HIPAA filing has not yet appeared. When the breach first came to light, the company’s early statements pointed to a fault at a vendor, which turned out to not be the case.
Individual Risk: 1.712=Severe
The patient records that were accessed included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score for an unspecified number of patients.
How It Could Affect Your Business: This incident isn’t just a double helping of embarrassment for Premier Patient Healthcare, it’s also going to be a financial nightmare after regulators get finished with them.
Ecuador- Banco Pichincha
https://www.bleepingcomputer.com/news/security/cyberattack-shuts-down-ecuadors-largest-bank-banco-pichincha/Exploit: Ransomware
Banco Pichincha: Banking & Financial Services
Risk to Business: 1.412=Extreme
Ecuador’s largest private bank Banco Pichincha has suffered a suspected ransomware attack that has resulted in some systems being knocked offline for days. Many services of the bank were disrupted, including online banking, its mobile app and ATM network. The bank is working with national authorities at the Superintendency of Banks to investigate the incident. In an internal notification sent to the Bank’s agencies and seen by BleepingComputer, employees are notified that bank applications, email, digital channels, and self-services will not be operational for an unspecified amount of time due to a technology issue, limiting many bank services to in-person transactions. Some ATM services have been restored. The incident is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking and fintech sectors have been growing, creating complications for every financial services organization.
Argentina – Registro Nacional de las Personas (RENAPER)/National Registry of Persons
https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/Exploit: Hacking
Registro Nacional de las Personas (RENAPER): National Identity Database
Risk to Business: 1.232=Extreme
Hackers have broken into the Argentina Interior Ministry’s IT network and stolen a massive amount of data from Registro Nacional de las Personas (RENAPER)/National Registry of Persons. That extremely sensitive database contains ID card details for the country’s entire population. The leak was announced when a Twitter user posted ID card photos and personal details for 44 Argentinian celebrities including the country’s president Alberto Fernández and soccer superstars Lionel Messi and Sergio Aguero. While the Argentine government admits to the hack, they maintain that no data was stolen. However, cybersecurity experts and journalists were able to contact the threat actors through a dark web posting and confirm the authenticity of the database. The hackers appear to have gained access through a compromised VPN.
Risk to Business: 1.222= Extreme
According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.
How it Could Affect Your Business: A strong security culture helps reduce the likelihood of an incident caused by employee carelessness as this one reportedly was.
Brazil – Hariexpress
https://www.infosecurity-magazine.com/news/ecommerce-player-leaks-billion/Exploit: Misconfiguration
Hariexpress: e-Commerce Firm
Risk to Business: 1.616 = Severe
Brazilian e-commerce firm Hariexpress is in hot water after it exposed an estimated to 1.8 billion client and seller records. The problem appears to have originated with a misconfigured Elasticsearch server, according to researchers. The server was left unencrypted with no password protection in place, exposing 610GB of data and that data may have been exposed for several months.
Individual Risk: 1.616 = Severe
Exposed customer data included full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).
How it Could Affect Your Business: Human error will always be a company’s biggest cyberattack risk. It pays to make sure that everyone feels like they’re responsible for security to avoid messes like this.
Spain – Meliá Hotels International
https://therecord.media/cyberattack-hits-melia-one-of-the-largest-hotel-chains-in-the-world/Exploit: Ransomware
Meliá Hotels International: Hotel Chain
Risk to Business: 1.615 = Severe
Meliá Hotels International, one of the largest hotel chains in the world, had fallen victim to a suspected ransomware attack. Attackers took down parts of the hotel chain’s internal network and some web-based servers, including its reservation system and public websites. An investigation is underway. No ransomware gang has yet claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is always expensive. Even without the extortion demand, it can cause massive losses simply from business interruption.
Taiwan – Acer
https://www.bleepingcomputer.com/news/security/acer-confirms-breach-of-after-sales-service-systems-in-india/Exploit: Hacking
Acer: Computer Manufacturer
Risk to Business: 1.631 = Severe
Acer has just been beleaguered by cyberattacks in 2021. In its second time at the dance this year, Acer’s India after-sales service has suffered a data breach. A threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. The stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. The threat actor posted a video showcasing the stolen files and databases to a dark web forum showcasing the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that store large amounts of data are hacker catnip. The data that they can steal will not only reap a big profit, it also opens other cybercrime doors.
Olympus Corporation of the Americas
https://www.bleepingcomputer.com/news/security/olympus-us-systems-hit-by-cyberattack-over-the-weekend/Exploit: Ransomware
Olympus Corporation of the Americas: Medical Technology Manufacturer
Risk to Business: 2.122 = Severe
Olympus was forced to take down IT systems in the U.S., Canada, and Latin America following a cyberattack that hit its network Sunday. The medical equipment manufacturer says that it does not believe that any data was stolen. Olympus also said that the incident was contained to the Americas with no known impact to other regions. Just last month, Olympus suffered another ransomware attack on its EMEA region systems.
Customers Impacted: Unknown
How It Could Affect Your Business: Many ransomware gangs aren’t bothering to steal data anymore, opting to lock down networks and production lines to force a speedy ransom payment.
Premier Patient Healthcare
https://www.govinfosecurity.com/former-executive-accessed-phi-nearly-38000-individuals-a-17724Exploit: Malicious Insider
Premier Patient Healthcare: Medical Clinic Chain
Risk to Business: 1.712=Severe
Texas-based accountable care organization Premier Patient Healthcare filed a statement this week detailing a malicious insider incident that caused the exposure of PII for over 37,000 patients from around the country. According to the report, a terminated executive had retained credentials that enabled them to access and obtain an unspecified amount of PHI. No further details were included and a HIPAA filing has not yet appeared. When the breach first came to light, the company’s early statements pointed to a fault at a vendor, which turned out to not be the case.
Individual Risk: 1.712=Severe
The patient records that were accessed included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score for an unspecified number of patients.
How It Could Affect Your Business: This incident isn’t just a double helping of embarrassment for Premier Patient Healthcare, it’s also going to be a financial nightmare after regulators get finished with them.
Ecuador- Banco Pichincha
https://www.bleepingcomputer.com/news/security/cyberattack-shuts-down-ecuadors-largest-bank-banco-pichincha/Exploit: Ransomware
Banco Pichincha: Banking & Financial Services
Risk to Business: 1.412=Extreme
Ecuador’s largest private bank Banco Pichincha has suffered a suspected ransomware attack that has resulted in some systems being knocked offline for days. Many services of the bank were disrupted, including online banking, its mobile app and ATM network. The bank is working with national authorities at the Superintendency of Banks to investigate the incident. In an internal notification sent to the Bank’s agencies and seen by BleepingComputer, employees are notified that bank applications, email, digital channels, and self-services will not be operational for an unspecified amount of time due to a technology issue, limiting many bank services to in-person transactions. Some ATM services have been restored. The incident is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking and fintech sectors have been growing, creating complications for every financial services organization.
Argentina – Registro Nacional de las Personas (RENAPER)/National Registry of Persons
https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/Exploit: Hacking
Registro Nacional de las Personas (RENAPER): National Identity Database
Risk to Business: 1.232=Extreme
Hackers have broken into the Argentina Interior Ministry’s IT network and stolen a massive amount of data from Registro Nacional de las Personas (RENAPER)/National Registry of Persons. That extremely sensitive database contains ID card details for the country’s entire population. The leak was announced when a Twitter user posted ID card photos and personal details for 44 Argentinian celebrities including the country’s president Alberto Fernández and soccer superstars Lionel Messi and Sergio Aguero. While the Argentine government admits to the hack, they maintain that no data was stolen. However, cybersecurity experts and journalists were able to contact the threat actors through a dark web posting and confirm the authenticity of the database. The hackers appear to have gained access through a compromised VPN.
Risk to Business: 1.222= Extreme
According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.
How it Could Affect Your Business: A strong security culture helps reduce the likelihood of an incident caused by employee carelessness as this one reportedly was.
Brazil – Hariexpress
https://www.infosecurity-magazine.com/news/ecommerce-player-leaks-billion/Exploit: Misconfiguration
Hariexpress: e-Commerce Firm
Risk to Business: 1.616 = Severe
Brazilian e-commerce firm Hariexpress is in hot water after it exposed an estimated to 1.8 billion client and seller records. The problem appears to have originated with a misconfigured Elasticsearch server, according to researchers. The server was left unencrypted with no password protection in place, exposing 610GB of data and that data may have been exposed for several months.
Individual Risk: 1.616 = Severe
Exposed customer data included full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).
How it Could Affect Your Business: Human error will always be a company’s biggest cyberattack risk. It pays to make sure that everyone feels like they’re responsible for security to avoid messes like this.
Spain – Meliá Hotels International
https://therecord.media/cyberattack-hits-melia-one-of-the-largest-hotel-chains-in-the-world/Exploit: Ransomware
Meliá Hotels International: Hotel Chain
Risk to Business: 1.615 = Severe
Meliá Hotels International, one of the largest hotel chains in the world, had fallen victim to a suspected ransomware attack. Attackers took down parts of the hotel chain’s internal network and some web-based servers, including its reservation system and public websites. An investigation is underway. No ransomware gang has yet claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is always expensive. Even without the extortion demand, it can cause massive losses simply from business interruption.
Taiwan – Acer
https://www.bleepingcomputer.com/news/security/acer-confirms-breach-of-after-sales-service-systems-in-india/Exploit: Hacking
Acer: Computer Manufacturer
Risk to Business: 1.631 = Severe
Acer has just been beleaguered by cyberattacks in 2021. In its second time at the dance this year, Acer’s India after-sales service has suffered a data breach. A threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. The stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. The threat actor posted a video showcasing the stolen files and databases to a dark web forum showcasing the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that store large amounts of data are hacker catnip. The data that they can steal will not only reap a big profit, it also opens other cybercrime doors.
Twitch
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitorExploit: Hacking
Twitch: Streaming Platform
Risk to Business: 1.402 = Extreme
Leading streaming and gaming platform Twitch has been hacked. Source code for the company’s upcoming expansion to its streaming service, an unreleased Steam competitor from Amazon Game Studios, has appeared on message boards as well as data that details the terms and amounts of content creator payouts. Ann anonymous poster on the 4chan messaging board delivered the data in a 125GB torrent. That poster also claimed that the stream includes the entirety of Twitch and its commit history including the aforementioned creator payouts, twitch.tv, source code for the mobile, desktop and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, data on other Twitch properties like IGDB and CurseForge and, details about the AGS project and information about the platform’s internal security tools.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and this data will appeal to many different cybercriminal operations.
MoneyLion
Exploit: Credential StuffingMoneyLion: Financial Services Platform
Risk to Business: 1.712=Severe
That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.
Customers Impacted: 8.5 million
How It Could Affect Your Business: Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.
Next Level Apparel
https://portswigger.net/daily-swig/us-clothing-brand-next-level-apparel-reports-phishing-related-data-breachExploit: Phishing
Next Level Apparel: Clothing Manufacturer
Risk to Business: 2.771 = Moderate
Next Level Apparel, a US-based clothing manufacturer, has announced that several of its employee accounts were compromised in a phishing attack. In a press release late last week, the company noted that cybercriminals were able to access the contents of several employee email accounts at various times between February 17, 2021, and April 28, 2021, including viewing customer and employee PII although the company could not confirm that any data was stolen.
Individual Risk: 2.802 = Moderate
Next Level Apparel noted that the customer and employee data accessible through the compromised accounts included names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information.
How It Could Affect Your Business: More than 80% of reported security incidents in 2020 were phishing-related, making this the biggest cyberattack vector for every business.
United Kingdom – Welland Park Academy
https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/Exploit: Hacking
Welland Park Academy: Secondary School
Risk to Business: 2.883 = Moderate
Hell hath no fury like an IT employee scorned, as Welland Park Academy discovered after a fired IT admin entered its environment and wreaked havoc. After his termination, the former employee wiped data on the school’s systems and changed all employee credentials. These actions made it impossible for the school to conduct distance learning. The same malicious individual also took revenge on the next company fired from, creating lockout chaos and wiping data at an unnamed IT company, as well as mucking up the company’s phone systems.
Customers Impacted: Unknown
How It Could Affect Your Business: Malicious insider threats are a hazard that very business should remember, because vengeful employees can do serious damage quickly.
United Kingdom – The Telegraph
https://www.bleepingcomputer.com/news/security/the-telegraph-exposes-10-tb-database-with-subscriber-info/Exploit: Misconfiguration
The Telegraph: News Organization
Risk to Business: 2.122=Severe
UK news giant The Telegraph is in hot water after researchers discovered an unsecured database that exposed an enormous amount of information, an estimated 10 TB of data. Much of the data appears to apply to Apple News customers. The researcher who discovered it noted that at least 1,200 unencrypted contacts were accessible without a password. The Telegraph announced that it quickly secured the database as soon as it was informed of the issue, which impacted less than 0.1% of its subscribers.
Risk to Business: 2.801=Moderate
The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens and unique reader identifiers, mostly for users who accessed The Telegraph through Apple News.
How it Could Affect Your Business: It pays to make sure that companies are building a strong security culture to discourage neglectful practices.
Scotland – Weir
https://www.bbc.com/news/uk-scotland-scotland-business-58801753Exploit: Ransomware
Weir: Heavy Equipment Manufacturer
Risk to Business: 1.616 = Severe
Scottish heavy equipment company Weir was hit with a ransomware attack. The BBC reports the company was essentially shut down briefly by the incident, which took place sometime in September 2021, forcing the company to delay shipments of mining equipment worth more than £50m in revenue. The company noted in its release that because the attackers did not exfiltrate or encrypt any data, it was confident that no financial or sensitive data had been stolen about employees or customers.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want to steal data anymore. They’re also more than happy to shut down production lines to obatain ransoms.
Scotland – BrewDog
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Misconfiguration
BrewDog: Bar and Restaurant Chain
Risk to Business: 1.615 = Severe
Scottish bar and restaurant chain BrewDog was responsible for exposing the data of 200,000 shareholders and customers, The company, famous for its crowd-ownership model as well as its beer, exposed that data over an 18-month period through a glitch in its mobile app that hard-coded authentication tokens for users into the mobile application instead of being transmitted to it following a successful user authentication event. Interested parties could simply append any customer ID to the end of the API endpoint URL and access sensitive PII (personally identifiable information) for that customer.
Individual Risk: 1.701 = Severe
Potentially exposed customer/shareholder details include, the customer’s name, date of birth, email address, gender, all previously used delivery addresses, telephone number, number of shares held, shareholder number, bar discount amount, bar discount ID, number of referrals and types of beer previously purchased
How it Could Affect Your Business: Having this data exposed through a blunder will hurt the reputation of a company that relies on customers as investors to stay in business.
Hong Kong – Fimmick Limited
https://www.zdnet.com/article/hong-kong-firm-becomes-latest-marketing-company-hit-with-revil-ransomware/Exploit: Ransomware
Fimmick Limited: Marketing Company
Risk to Business: 1.631 = Severe
Hong Kong marketing firm Fimmick has been hit with a ransomware attack that is purportedly the work of REvil. Cybersecurity researchers caught wind of the incident after REvil claimed to have burglarized Fimmick’s databases, snatching data that pertained to Fimmick’s work with a number of major brands. Sample data provided on REvil’s website as proof of the hack included data pertaining to the company’s work with Cetaphil, Coca-Cola and Kate Spade.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that provide services like this are especially tasty targets for ransomware gangs because even if they don’t pay the ransom their data on other businesses opens new doors.
Twitch
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitorExploit: Hacking
Twitch: Streaming Platform
Risk to Business: 1.402 = Extreme
Leading streaming and gaming platform Twitch has been hacked. Source code for the company’s upcoming expansion to its streaming service, an unreleased Steam competitor from Amazon Game Studios, has appeared on message boards as well as data that details the terms and amounts of content creator payouts. Ann anonymous poster on the 4chan messaging board delivered the data in a 125GB torrent. That poster also claimed that the stream includes the entirety of Twitch and its commit history including the aforementioned creator payouts, twitch.tv, source code for the mobile, desktop and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, data on other Twitch properties like IGDB and CurseForge and, details about the AGS project and information about the platform’s internal security tools.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and this data will appeal to many different cybercriminal operations.
MoneyLion
Exploit: Credential StuffingMoneyLion: Financial Services Platform
Risk to Business: 1.712=Severe
That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.
Customers Impacted: 8.5 million
How It Could Affect Your Business: Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.
Next Level Apparel
https://portswigger.net/daily-swig/us-clothing-brand-next-level-apparel-reports-phishing-related-data-breachExploit: Phishing
Next Level Apparel: Clothing Manufacturer
Risk to Business: 2.771 = Moderate
Next Level Apparel, a US-based clothing manufacturer, has announced that several of its employee accounts were compromised in a phishing attack. In a press release late last week, the company noted that cybercriminals were able to access the contents of several employee email accounts at various times between February 17, 2021, and April 28, 2021, including viewing customer and employee PII although the company could not confirm that any data was stolen.
Individual Risk: 2.802 = Moderate
Next Level Apparel noted that the customer and employee data accessible through the compromised accounts included names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information.
How It Could Affect Your Business: More than 80% of reported security incidents in 2020 were phishing-related, making this the biggest cyberattack vector for every business.
United Kingdom – Welland Park Academy
https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/Exploit: Hacking
Welland Park Academy: Secondary School
Risk to Business: 2.883 = Moderate
Hell hath no fury like an IT employee scorned, as Welland Park Academy discovered after a fired IT admin entered its environment and wreaked havoc. After his termination, the former employee wiped data on the school’s systems and changed all employee credentials. These actions made it impossible for the school to conduct distance learning. The same malicious individual also took revenge on the next company fired from, creating lockout chaos and wiping data at an unnamed IT company, as well as mucking up the company’s phone systems.
Customers Impacted: Unknown
How It Could Affect Your Business: Malicious insider threats are a hazard that very business should remember, because vengeful employees can do serious damage quickly.
United Kingdom – The Telegraph
https://www.bleepingcomputer.com/news/security/the-telegraph-exposes-10-tb-database-with-subscriber-info/Exploit: Misconfiguration
The Telegraph: News Organization
Risk to Business: 2.122=Severe
UK news giant The Telegraph is in hot water after researchers discovered an unsecured database that exposed an enormous amount of information, an estimated 10 TB of data. Much of the data appears to apply to Apple News customers. The researcher who discovered it noted that at least 1,200 unencrypted contacts were accessible without a password. The Telegraph announced that it quickly secured the database as soon as it was informed of the issue, which impacted less than 0.1% of its subscribers.
Risk to Business: 2.801=Moderate
The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens and unique reader identifiers, mostly for users who accessed The Telegraph through Apple News.
How it Could Affect Your Business: It pays to make sure that companies are building a strong security culture to discourage neglectful practices.
Scotland – Weir
https://www.bbc.com/news/uk-scotland-scotland-business-58801753Exploit: Ransomware
Weir: Heavy Equipment Manufacturer
Risk to Business: 1.616 = Severe
Scottish heavy equipment company Weir was hit with a ransomware attack. The BBC reports the company was essentially shut down briefly by the incident, which took place sometime in September 2021, forcing the company to delay shipments of mining equipment worth more than £50m in revenue. The company noted in its release that because the attackers did not exfiltrate or encrypt any data, it was confident that no financial or sensitive data had been stolen about employees or customers.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want to steal data anymore. They’re also more than happy to shut down production lines to obatain ransoms.
Scotland – BrewDog
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Misconfiguration
BrewDog: Bar and Restaurant Chain
Risk to Business: 1.615 = Severe
Scottish bar and restaurant chain BrewDog was responsible for exposing the data of 200,000 shareholders and customers, The company, famous for its crowd-ownership model as well as its beer, exposed that data over an 18-month period through a glitch in its mobile app that hard-coded authentication tokens for users into the mobile application instead of being transmitted to it following a successful user authentication event. Interested parties could simply append any customer ID to the end of the API endpoint URL and access sensitive PII (personally identifiable information) for that customer.
Individual Risk: 1.701 = Severe
Potentially exposed customer/shareholder details include, the customer’s name, date of birth, email address, gender, all previously used delivery addresses, telephone number, number of shares held, shareholder number, bar discount amount, bar discount ID, number of referrals and types of beer previously purchased
How it Could Affect Your Business: Having this data exposed through a blunder will hurt the reputation of a company that relies on customers as investors to stay in business.
Hong Kong – Fimmick Limited
https://www.zdnet.com/article/hong-kong-firm-becomes-latest-marketing-company-hit-with-revil-ransomware/Exploit: Ransomware
Fimmick Limited: Marketing Company
Risk to Business: 1.631 = Severe
Hong Kong marketing firm Fimmick has been hit with a ransomware attack that is purportedly the work of REvil. Cybersecurity researchers caught wind of the incident after REvil claimed to have burglarized Fimmick’s databases, snatching data that pertained to Fimmick’s work with a number of major brands. Sample data provided on REvil’s website as proof of the hack included data pertaining to the company’s work with Cetaphil, Coca-Cola and Kate Spade.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that provide services like this are especially tasty targets for ransomware gangs because even if they don’t pay the ransom their data on other businesses opens new doors.
Sandhills Global
https://journalstar.com/news/local/ransomware-attack-affects-lincoln-based-sandhills-global-operations/article_aa844ea4-a3f1-5c63-8cae-c062e3283b8a.htmlExploit: Ransomware
Sandhills Global: IT & Digital Publishing
Risk to Business: 1.337 = Extreme
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and by scooping it up at service providers like publishing companies they can ensure that they profit even if no ransom is paid.
Marketron
https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/Exploit: Ransomware
Marketron: Marketing Services Company
Risk to Business: 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand. The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.
Customers Impacted: 320,000
How It Could Affect Your Business: Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.
Portpass
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749Exploit: Misconfiguration
Portpass: COVID-19 Vaccine Passport Platform
Risk to Business: 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.
Individual Risk: 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.
How It Could Affect Your Business: Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.
United Kingdom – Giant Group
https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/Exploit: Ransomware
Giant Group: Payroll Services Firm
Risk to Business: 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.
France – TiteLive
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/Exploit: Ransomware
TiteLive: Bookstore Support Platform Provider
Risk to Business: 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – E.M.I.T Aviation Consulting
Exploit: RansomwareE.M.I.T Aviation Consulting: Defense Aviation Consulting
Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.
New Zealand – Aquila Technology
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Credential Compromise
Aquila Technology: Communications Equipment Retailer
Risk to Business: 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.
Individual Risk: 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.
How it Could Affect Your Business: Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.
Japan – JVCKenwood
https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/Exploit: Ransomware
JVCKenwood: Audio Equipment Manufacturer
Risk to Business: 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.
Customers Impacted: Unknown
How it Could Affect Your Business: Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.