InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 02/02/22 – 02/08/22
Morley Companies Inc.
https://www.safetydetectives.com/news/business-services-provider-morley-discloses-ransomware-attack/Exploit: Ransomware
Morley Companies Inc.: Business Services
Risk to Business: 1.507= Severe
Morley Companies, a business service provider to several Fortune 500 companies, announced that it had been hit with a ransomware attack that may have exposed sensitive information for more than 500,000 people. In a statement, the company said that “a ransomware-type malware had prevented access to some data files on our system beginning August 1, 2021, and there was an unauthorized access to some files that contained personal information.”, chalking up the delay in notifying possible victims of this exposure to the complexities of the incident investigation.
Individual Risk: 1.663= Severe
Morley Companies said the attack affected the information of “current employees, former employees and various clients.” The potentially compromised information leaked includes names, addresses, Social Security numbers, dates of birth, client identification numbers, medical diagnostic and treatment information and health insurance information. The company is offering credit monitoring and identity theft protection for victims.
How It Could Affect Your Business: Companies that store large quantities of personal or medical information are prime targets for the bad guys.
Civicom, Inc.
https://abcnews.go.com/International/wireStory/official-puerto-ricos-senate-targeted-cyberattack-82495236Exploit: Misconfiguration
Civicom Inc.: Business Services
Risk to Business: 2.017 =Severe
Civicom is in hot water after leaving 8 TB of data exposed in an unsecured AWS S3 bucket. The New York-based company specializes in virtual conferencing facilitation, transcription and research services. With offices in the United States, the Philippines and the United Kingdom. Ultimately, Civicom exposed records containing more than 100,000 files including thousands of hours of audio and video recordings containing private conversations as well as written transcripts of meetings and calls by the company’s clients.
Customers Impacted: Unknown
How It Could Affect Your Business: This is not an uncommon mistake, but it’s always a problem and could be an expensive regulatory disaster in some industries
Wormhole
https://indianexpress.com/article/technology/crypto/hackers-steal-nearly-320-million-worth-of-crypto-assets-from-wormhole-7758034/Exploit: Hacking
Wormhole: De Fi Platform
Risk to Business: 1.227= Extreme
Hackers swooped in and snatched up more than $320 million from De Fi platform wormhole this week. The DeFi platform, a bridge between cryptocurrency Solana (SOL) and other blockchains, was exploited for approximately 120,000 wrapped Ethereum in what is thought to be the second-largest cryptocurrency hack to date. Wormhole’s parent company Jump Crypto pledged to replace the 120,000 ether Wormhole lost. The company was quick to note that the crypto was stolen through exploiting a vulnerability in the platform, not taken from an Ethereum address and it was taken in 3 separate transactions.
Customers Impacted: Unknown
How It Could Affect Your Business: De Fi has been a hotbed of having activity as cybercriminals seek quick scores of cryptocurrency, and there’s no end to the danger in sight.
News Corp.
https://www.reuters.com/business/media-telecom/news-corp-says-one-its-network-systems-targeted-by-cyberattack-2022-02-04/Exploit: Nation-State Cybercrime
News Corp.: Media & Publishing Company
Risk to Business: 2.071 = Severe
Major media company News Corp. has disclosed that it was the target of a cyberattack by suspected Chinese nation-state hackers. The attack came to light in late January and affected News Corp. business units, including The Wall Street Journal and its parent company Dow Jones, the New York Post, News U.K. and News Corp. Headquarters. The hack affected emails and documents of what it described as a limited number of employees, including journalists. The incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Organizations should keep in mind the fact that the preferred weapon of nation-state cybercriminals is ransomware.
United Kingdom – KP Snacks
https://www.reuters.com/technology/hackers-hold-hula-hoops-hostage-cyber-raid-britains-kp-snacks-2022-02-03/Exploit: Ransomware
KP Snacks: Food Manufacturer
Risk to Business: 1.321= Extreme
Food company KP snacks, manufacturer of beloved British snacks like Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks, was hit with a ransomware attack in late January that may impact its production. Conti ransomware operators have claimed responsibility. The company informed retailers in early February that the attack had impacted its manufacturing and distribution, and that product shortages may continue into March.
Individual Risk: 1.304= Extreme
Researchers discovered samples of some of the data it had infiltrated on its dark web leak page, including confidential employee data such as home addresses and phone numbers, employment contracts, credit card statements and even birth certificates.
How it Could Affect Your Business: Ransomware attacks against manufacturing targets have become increasingly prominent as cybercriminals look for a quick payday from businesses that they shut down.
United Kingdom – British Council
https://portswigger.net/daily-swig/british-council-data-breach-leaks-10-000-student-recordsExploit: Misconfiguration
British Council: Cultural Promotion & Language Testing
Risk to Business: 2.919 = Moderate
British Council, the global organization for promoting British culture and administrators of the International English Language Testing System (IELTS) exam, leaked over 144,000 files containing student records due to an unsecured Microsoft Azure blob. Researchers determined that the blob contained the personal information of hundreds of thousands of British Council English course learners and students from around the world. The group points to a contractor as the culprit for the leak.
Risk to Business: 2.906 = Moderate
Exposed data includes a student’s full name, email address, student ID, student status, enrollment dates, duration of study and other information.
How it Could Affect Your Business: Cybercriminals have been having a field day going after education-related targets, a problem that is only growing worse.
Germany – Oiltanking
Exploit: RansomwareOiltanking: Fuel Storage
Risk to Business: 1.313 = Extreme
A ransomware attack has impacted German fuel tanking company Oiltanking. The company was ensnared in a massive ransomware attack that has disrupted operations at 17 European oil terminals including the busy Amsterdam-Rotterdam-Antwerp refining hub starting on January 29th. Other European companies are also involved including German oil trade company Mabanaft, SEA-Invest in Belgium and Evos in the Netherlands. The attack appears to have had the most impact on the processing, loading and unloading of cargoes. BlackCat ransomware is thought to be behind the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Infrastructure and utility attacks have become much more common – Utilities/Infrastructure was one of the top 3 industries for ransomware attacks in 2021.
Sweden – Securitas
https://www.zdnet.com/article/unsecured-aws-server-exposed-airport-employee-records-3tb-in-data/Exploit: Misconfiguration
Securitas: Security Company
Risk to Business: 1.2011 = Severe
Researchers have discovered an unsecured AW S3 bucket belonging to security company Securitas that left data exposed for airport employees in Colombia and Peru at four airports: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE). In addition to the exposed employee data, researchers also uncovered photographs of airline employees, planes, fuel lines, and luggage handling were in the bucket.
Individual Risk: 1.992 = Severe
The exposed records include ID card photos, names, photos, occupations, and national ID numbers for Securitas and airport employees.
How it Could Affect Your Business: Information is a currency on the dark web and cybercriminals are always hungry for more, especially personal and financial data.
About the author
