InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 03/09/22 – 03/15/22
South Denver Cardiology Associates
https://www.databreaches.net/287652-south-denver-cardiology-associates-patients-notified-of-breach/
Exploit: Hacking
South Denver Cardiology Associates: Medical Clinic
Risk to Business: 2.214 = Severe
South Denver Cardiology Associates apparently kicked off 2022 with a data breach that they’ve just disclosed to their patients on their website. The medical practice believes that an unauthorized party gained access to its systems between January 2, 2022, and January 5, 2022. During that time, certain files stored on the system were accessed that contained the protected health information of patients. They were careful to note that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.
Individual Risk: 2.371 = Severe
Information potentially exposed includes names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates/types of service and diagnoses. South Denver Cardiology Associates is offering credit monitoring to impacted patients who have been informed by mail.
How It Could Affect Your Business: This incident could end up being very expensive even if no real damage was done to the practice after regulators get finished with them.
Argentina – Mercado Libre
https://www.bleepingcomputer.com/news/security/e-commerce-giant-mercado-libre-confirms-source-code-data-breach/
Exploit: Ransomware
Mercado Libre: E-commerce & Payments
Risk to Business: 1.872 = Severe
E-commerce giant Mercado Libre has confirmed that an unauthorized party accessed its systems last week, snatching up a part of its source code. The ransomware gang Lapsus$ has claimed responsibility. Mercado admitted that threat actors had accessed data of around 300,000 of its users but stopped short of disclosing that this was a ransomware attack, clarifying what data was stolen or sharing ransom demands. The company said that they do not believe “any users’ passwords, account balances, investments, financial information, or credit card information were obtained”.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Ransomware gangs have been quick to snatch data from large repositories, especially personal data or payment card information.
United Kingdom – Vodafone
https://www.securityweek.com/vodafone-investigating-source-code-theft-claims
Exploit: Ransomware
Vodafone: Telecom
Risk to Business: 2.311 = Severe
Lapsus$ was busy this week. The group also claimed responsibility for a hack at Vodafone. In a Telegram message to its subscribers, Lapsus$ claimed to have 200GB of Vodafone source code in its possession, allegedly the fruit of 5,000 GitHub repositories. No word on the specifics of the stolen data. Lapsus$ is reportedly a South American gang that also claimed responsibility for recent attacks on Nvidia and Impresa.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Source code can be very profitable for ransomware gangs, and companies need to ensure that they’re protecting their proprietary resources well.
France – Ubisoft
Exploit: Ransomware
Ubisoft: Video Game Studio
Risk to Business: 1.867 = Severe
French video game company Ubisoft has admitted that a cyber security incident knocked many games, services and systems offline. Guess who claimed responsibility? If you answered “Lapsus$”, you’re right! Ubisoft says that no customer information was accessed, and games should be operating normally now. Credential compromise appears to have been a factor as Ubisoft employees have reportedly been required to change their passwords.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Protecting proprietary digital assets is especially important for companies like this who rely on them completely to do business.
Russia – Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media)
https://www.hackread.com/anonymous-hacks-roskomnadzor-russia-agency/
Exploit: Nation-State Hacking
Roskomnadzor (aka Federal Service for Supervision of Communications, Information Technology and Mass Media): Government Agency
Risk to Business: 1.661 = Severe
Hacktivist collective Anonymous is still hard at work disrupting Russia’s technology infrastructure in response to that country’s continued aggression in Ukraine. This week, Anonymous chose to hit Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media). That agency is the watchdog that censors media outlets within Russia. The group leaked around 820 GB of data, available on the website Distributed Denial of Secrets (aka DDoSecrets). Roskomnadzor was recently tasked by the Putin regime to block Facebook, Twitter, and other online platforms within Russia. Anonymous had been loud, open and very busy in its support of Ukraine, claiming attacks on more than 300 Russian strategic targets within the first 72 hours of the Russian invasion of Ukraine.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Nation-state cybercriminals are highly likely to strategically attack Government, Utilities and Infrastructure targets during times of trouble but every business is at risk.
Russia – PJSC Rosneft Oil Company (Rosneft)
Exploit: Nation-State Cyberattack
PJSC Rosneft Oil Company (Rosneft): Oil Company
Risk to Business: 2.601 = Severe
The German subsidiary of the Russian energy company Rosneft has disclosed that they’d experienced a cyberattack. The attack snarled operations from last Friday night through the weekend. Reuters reports that German news outlet Die Welt points to “Anonymous” as the source behind the attack as part of its ongoing campaign against Russia in opposition to its invasion of Ukraine.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Political upheaval can place organizations within hacktivist sights, creating unforeseen security complications.
Japan – Denso
https://www.channelnewsasia.com/business/japans-denso-hit-apparent-ransomware-attack-report-2561246
Exploit: Ransomware
Denso: Automotive Parts Manufacturer
Risk to Business: 1.402 = Extreme
Cybercrime group Pandora released a statement on Sunday saying it had snatched sensitive data from Denso, a supplier to Toyota. Just two weeks ago, Toyota had been forced to halt production in Japan because of a supply chain cybersecurity incident and this appears to be it. The company disclosed that it had detected unauthorized access to its network using ransomware at DENSO Automotive Deutschland GmbH, an associated firm in Germany. No information about the ransom or specifics on stolen data were available.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Supply chain issues have plagued businesses as cybercriminals seek fast ransom payments from manufacturers or critically needed goods.
Japan – Toei Animation
Exploit: Ransomware
Toei Animation: Animation Studio
Risk to Business: 1.436 = Extreme
Major Japanese animation studio Toei announced that there will be delays in the release of several popular anime series, including the long-awaited episode 1000 of ONE PIECE, because of a cyberattack. The anime studio said that they detected unauthorized access to their systems on March 6th, 2022, forcing a system-wide shutdown that impacted their production schedule. In a statement, Toei revealed that new releases for series including Dragon Quest Dai no Daibouken, Delicious Party Precure, Digimon Ghost Game and ONE PIECE will be delayed until further notice.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Cybercriminals love to hit organizations that are under time pressure or handle time-sensitive products because of the higher chance they’ll get paid.
About the author
