InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 02/09/22 – 02/15/22
San Francisco 49ers
https://abcnews.go.com/Sports/wireStory/ransomware-gang-hacked-49ers-football-team-82865844Exploit: Ransomware
San Francisco 49ers: National Football League (NFL) Team
Risk to Business: 1.727= Severe
While everyone was focused on the big game last week, cybercriminals were focused on the San Francisco 49ers. The team was hit by a ransomware attack, purportedly by BlackByte. The cybercriminals claim they stole some of the football team’s financial data, invoices and other internal documents. The team stressed the fact that this event appeared to be limited to their corporate network and did not endanger any fan or stadium databases.
Customers Impacted: Unknown
How It Could Affect Your Business: Organizations in industries that have had historically poor security are attractive low-hanging fruit for cybercriminals.
EasyVote Solutions
https://www.govtech.com/security/georgia-voter-info-posted-online-after-software-company-breachExploit: Misconfiguration
EasyVote Solutions: Voting Software Company
Risk to Business: 1.561 =Severe
EasyVote Solutions has exposed some voter and poll worker data. The data was left unguarded and easily accessible on the internet. The software company says that exposed information does not include full voting records or registrations. The breach was discovered by South Carolina Law Enforcement Division (SLED) internet researchers. SLED and the FBI are investigating.
Individual Risk: 1.772 =Severe
Exposed data for voters can include names, addresses, races and dates of birth. Exposed data for poll workers may include those details plus identity documents, Social Security numbers and financial data.
How It Could Affect Your Business: Misconfiguration and sloppy security aren’t uncommon mistakes, but they’re always a problem and could be an expensive regulatory disaster in some industries.
Meter
https://www.zdnet.com/article/4-4-million-stolen-in-attack-on-blockchain-infrastructure-meter/Exploit: Hacking
Meter: De Fi Platform
Risk to Business: 1.279= Extreme
Another day, another DeFi hack. This time the victim was blockchain infrastructure company Meter. $4.4 million was stolen during a cyberattack on the Meter Passport platform in the form of 1391 ETH and 2.74 BTC. The incident also impacted Meter’s Moonriver Network. The company acknowledged the hack on Saturday, urging users not to trade unbacked meterBNB circulating on Moonriver. The company says that it plans to repay some investors and the incident is under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: De Fi continues to be a hotbed of hacking activity as cybercriminals seek quick scores of cryptocurrency, and there’s still no end to the danger in sight.
Memorial Hermann Health System
https://www.khou.com/article/news/local/memorial-hermann-cyberattack-security-breach/285-1cc8295d-48a4-452e-a6f2-1b4fd059f201Exploit: Third-Party Breach
Memorial Hermann Health System: Healthcare Provider
Risk to Business: 1.861 = Severe
Memorial Hermann Health System is notifying patients that their data has been exposed after a data security incident at one of their service providers, Advent Health Partners. That company has been investigating unauthorized activity on company email accounts related to Memorial Hermann data. The incident was first spotted in September 2021.
Individual Risk: 1.712 = Severe
An unauthorized third party accessed multiple files containing Memorial Hermann patients’ protected health information (PHI) that may include first names, last names, dates of birth, social security numbers, driver’s license numbers, financial information, health insurance information and treatment information.
How it Could Affect Your Business: Cybercriminals are poised to attack any company that handles or stores large amounts of valuable personal or health-related data.
Switzerland – Swissport International
https://securityaffairs.co/wordpress/127655/cyber-crime/swissport-international-ransomware-attack.htmlExploit: Ransomware
Swissport International: Aviation Services
Risk to Business: 2.171= Severe
Aviation services company Swissport International was struck with a ransomware attack that had a major impact on its operations, leading to flight delays for 22 flights out of Zurich Airport. The aviation company provides cargo handling, security, maintenance, cleaning and lounge hospitality at airports in 50 countries. The company’s website was back up and running quickly, and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against transportation and transportation infrastructure targets have been increasing as cybercriminals look for quick paydays.
Portugal – Vodafone
https://therecord.media/cyberattack-brings-down-vodafone-portugal-mobile-voice-and-tv-services/Exploit: Hacking
Vodafone: Communications Carrier
Risk to Business: 2.919 = Moderate
Wireless carrier Vodafone Portugal said that a substantial amount of its customer data services went offline for one overnight period following a cyberattack. The company’s 4G and 5G mobile networks, along with fixed voice, television, SMS and voice/digital answering services went down. The company says that customer data doesn’t appear to have been accessed or compromised. Some services still remain offline a week after the attack.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks against communications companies have been a major component of the recent wave of infrastructure and related hacking.
Croatia – A1 Hrvatska
Exploit: Unauthorized AccessA1 Hrvatska: Communications Carrier
Risk to Business: 1.904 = Severe
Croatian telecom A1 Hrvatska has disclosed a data security incident that led to the exposure of personal data for an estimated 200,000 customers. The company says that the exposure was due to unauthorized access to one of their user databases that contained sensitive personal information. The company was quick to specify that no consumer financial data was exposed. The incident has not affected A1 Hrvatska’s services or operations.
Individual Risk: 2.711 = Moderate
The customer information exposed includes users’ full names, personal identification numbers, physical addresses and telephone numbers.
How it Could Affect Your Business: Utilities/Infrastructure are at the top of the cybercriminal hit list these days, and companies in those sectors should take note.
Slovenia – Pop TV
https://therecord.media/cyber-attack-disrupts-slovenias-top-tv-station/Exploit: Ransomware
Pop TV: Television Network
Risk to Business: 1.2011 = Severe
Ransomware practitioners stole the show at Pop TV, Slovenia’s most popular TV channel. As a result news programs including the station’s news broadcast 24UR were unable to show any computer graphics. Particularly irksome for customers was the fact that the attack prevented new content from being added to the platform, impacting streaming any of its channels and live sporting events, such as the Winter Olympics. Slovenia’s Computer Emergency Response Team, SI-CERT is investigating.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals looking for fast money are likely to target businesses that are in time-sensitive industries.
New South Wales Department of Customer Service
https://www.smh.com.au/politics/federal/sensitive-business-addresses-among-500-000-published-in-covid-data-breach-20220214-p59wal.htmlExploit: Misconfiguration
New South Wales Department of Customer Service: Regional Government Agency
Risk to Business: 1.211 = Extreme
A real data exposure mess has brewed in New South Wales, Australia thanks to a government-run QR code-based COVID-19 check-in program. The COVID Safe Businesses and Organizations dataset was discovered loose on the internet and it included data for sensitive sites and organizations alongside data about run-of-the-mill companies. Some of the sensitive data posted gave details about the physical facilities and locations of prisons, critical infrastructure networks including power stations and tunnel entry sites as well as dozens of shelters and crisis accommodation centers. Even national security-related locations were exposed. In this program, businesses and organizations registered as COVID-safe to access a QR code for staff and customers to check-in at their physical locations. The program has been discontinued.
Customers Impacted: Unknown
How it Could Affect Your Business: Information is gold on the dark web. The locations of sensitive infrastructure targets will be circulating quickly and could easily fall into the wrong hands.
About the author
