InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Medical Review Institute of America (MRIoA)
https://www.securityweek.com/mrioa-discloses-data-breach-affecting-134000-peopleExploit: Ransomware
Medical Review Institute of America (MRIoA): Medical Analytics
Risk to Business: 1.227= Severe
Utah-based medical information and analysis company Medical Review Institute of America (MRIoA) announced that it has experienced a data breach. The incident was discovered on November 9, 2021, and officials were able to confirm that data had been stolen by November 16, 2021. In a data breach filing, the company said that over 134,000 individuals were impacted by the incident which is still under investigation. The company did say that it “retrieved and subsequently confirmed the deletion of” stolen data, but no information was released about a ransom amount or if they paid the ransom.
Risk to Business: 1.801= Severe
Protected health information was snatched including patients’ names, gender, physical and email addresses, phone numbers, birth dates, Social Security numbers, full clinical information (including diagnosis, treatment, medical history, and lab test results) and financial information (such as health insurance policy and group plan number).
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
The Metropolitan Detention Center (MDC)
https://www.techtimes.com/articles/270004/20220103/hospital-data-breach-personal-info-1-3-million-patients-staff-data-breach.htmExploit: Ransomware
The Metropolitan Detention Center (MDC): Prison
Risk to Business: 2.223 =Severe
New Mexico prison officials had a problem on their hands as a ransomware attack impacted county computer systems resulting in a lockdown of the Metropolitan Detention Center (MDC) in Bernalillo County, New Mexico. The prison was not directly targeted. Inmates were forced to stay in their cells since the attack impacted the facility’s security camera networks, automated doors and internet service. Inmates and jailors were also unable to videoconference for trials. Reports say that a number of databases are suspected of being compromised or corrupted including an incident tracker which records inmate fights, attacks, as well as allegations of prison rape and sexual assault.
Risk to Business: 2.419=Severe
The exposed personal data for patients and former patients at Broward health may include Social Security numbers, bank or financial account information, driver’s license numbers, names, addresses, telephone numbers and hospital payment account information. Protected health information including medical information like care history, condition, treatment and diagnosis records may also have been exposed.
How It Could Affect Your Business: Ransomware can cause serious operational problems in unexpected places in today’s connected world.
Illuminate Education
https://nypost.com/2022/01/15/nyc-schools-crippled-by-illuminate-educations-data-outage/Exploit: Hacking
Illuminate Education: Education Platform
Risk to Business: 1.717= Severe
Illuminate Education, a digital education platform used by 5,200 schools and districts in the US, is still struggling to resume services after a cyberattack. The company owns popular school management platforms Skedula and PupilPath. Illuminate Education says it has continued experiencing a service interruption affecting all IO Classroom applications for nearly 10 days following an unspecified security incident. Investigation and recovery are underway, but the platform has not provided a recent update on the expected timeline.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals have been all over targets in the education sector including companies that serve it. Companies should use caution.
TransCredit
https://www.websiteplanet.com/blog/transcredit-leak-report/Exploit: Misconfiguration
TransCredit: Credit Analysis & Reporting
Risk to Business: 1.719 = Severe
Over half a million credit reports and other financial documents held by Florida-based financial analysis firm TransCredit have been exposed. The Website Planet research team reported discovering a non-password-protected database that contained 822,789 records. Researchers cautioned that this dataset appears to be concentrated on clients in the transportation sector.
Risk to Business: 1.719 = Severe
The exposed data includes detailed information on trucking, transport companies and individual drivers. Also included in this data was information about credit accounts, loans, repayment and debt collections as well as financial data like banking information, tax ID numbers and Social Security Numbers.
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
United Kingdom – Parasol Group
https://www.theregister.com/2022/01/17/umbrella_company_parasol_group_confirms/Exploit: Hacking
Parasol Group: Business Services
Risk to Business: 1.727= Severe
UK umbrella company Parasol Group was forced to shut down some of its IT systems last week after an intrusion was detected. The outage impacted the company’s MyParasol payment portal for contractors and freelancers, leading to payroll issues that caused some folks to not get paid. The company is also having invoicing problems as a result of the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
Germany – Hensoldt
https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/Exploit: Ransomware
Hensoldt: Defense Contractor
Risk to Business: 1.677 = Severe
Multinational defense contractor Hensoldt was hit with a ransomware attack by the Lorenz ransomware group. The company’s products include radar arrays, avionics, and laser rangefinders used by the US military. The Lorenz ransomware group claims to have stolen an undisclosed number of files from Hensholdt’s network during the attack. The gang says that they have published 95% of all stolen files on their leak website. No ransom demand has been announced.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals don’t just steal personal and financial data, they also love trade secrets, research, formulas and other proprietary data.
The Philippines – Commission on Elections (Comelec)
Exploit: HackingCommission on Elections (Comelec): Government Agency
Risk to Business: 1.806 = Severe
Concerns are mounting about the possibility that sensitive voter data has been exposed after an audacious attack on the Commission on Elections (Comelec) of The Philippines. Bad actors breached the system of the Comelec on January 8 and downloaded files that included sensitive information including the usernames and PINS of vote-counting machines (VCM). The cybercriminals made off with an estimated 60 gigabytes of data. Reports say that the stolen data included network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard and QR code captures of the bureau of canvassers with login and password. The exposure of this data may impact upcoming elections in The Philippines in May.
Customers Impacted: Unknown
How it Could Affect Your Business: Government agencies have become juicy targets for cybercriminals looking to score a boatload ofsensitive information fast.
Thailand – Siriraj Hospital
https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leakedExploit: Hacking
Siriraj Hospital: Medical Center
Risk to Business: 2.721 = Moderate
An estimated 39 million patient records from Siriraj Hospital in Thailand, including VIP patients, has turned up for sale on the dark web. Threat actors offered samples from the 38.9 million patient records they claimed to have. This is the second attack on a major Thai hospital in 6 months.
Risk to Business: 2.605 = Moderate
The treasure trove of data supposedly includes names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other patient personal information.
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
Medical Review Institute of America (MRIoA)
https://www.securityweek.com/mrioa-discloses-data-breach-affecting-134000-peopleExploit: Ransomware
Medical Review Institute of America (MRIoA): Medical Analytics
Risk to Business: 1.227= Severe
Utah-based medical information and analysis company Medical Review Institute of America (MRIoA) announced that it has experienced a data breach. The incident was discovered on November 9, 2021, and officials were able to confirm that data had been stolen by November 16, 2021. In a data breach filing, the company said that over 134,000 individuals were impacted by the incident which is still under investigation. The company did say that it “retrieved and subsequently confirmed the deletion of” stolen data, but no information was released about a ransom amount or if they paid the ransom.
Risk to Business: 1.801= Severe
Protected health information was snatched including patients’ names, gender, physical and email addresses, phone numbers, birth dates, Social Security numbers, full clinical information (including diagnosis, treatment, medical history, and lab test results) and financial information (such as health insurance policy and group plan number).
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
The Metropolitan Detention Center (MDC)
https://www.techtimes.com/articles/270004/20220103/hospital-data-breach-personal-info-1-3-million-patients-staff-data-breach.htmExploit: Ransomware
The Metropolitan Detention Center (MDC): Prison
Risk to Business: 2.223 =Severe
New Mexico prison officials had a problem on their hands as a ransomware attack impacted county computer systems resulting in a lockdown of the Metropolitan Detention Center (MDC) in Bernalillo County, New Mexico. The prison was not directly targeted. Inmates were forced to stay in their cells since the attack impacted the facility’s security camera networks, automated doors and internet service. Inmates and jailors were also unable to videoconference for trials. Reports say that a number of databases are suspected of being compromised or corrupted including an incident tracker which records inmate fights, attacks, as well as allegations of prison rape and sexual assault.
Risk to Business: 2.419=Severe
The exposed personal data for patients and former patients at Broward health may include Social Security numbers, bank or financial account information, driver’s license numbers, names, addresses, telephone numbers and hospital payment account information. Protected health information including medical information like care history, condition, treatment and diagnosis records may also have been exposed.
How It Could Affect Your Business: Ransomware can cause serious operational problems in unexpected places in today’s connected world.
Illuminate Education
https://nypost.com/2022/01/15/nyc-schools-crippled-by-illuminate-educations-data-outage/Exploit: Hacking
Illuminate Education: Education Platform
Risk to Business: 1.717= Severe
Illuminate Education, a digital education platform used by 5,200 schools and districts in the US, is still struggling to resume services after a cyberattack. The company owns popular school management platforms Skedula and PupilPath. Illuminate Education says it has continued experiencing a service interruption affecting all IO Classroom applications for nearly 10 days following an unspecified security incident. Investigation and recovery are underway, but the platform has not provided a recent update on the expected timeline.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals have been all over targets in the education sector including companies that serve it. Companies should use caution.
TransCredit
https://www.websiteplanet.com/blog/transcredit-leak-report/Exploit: Misconfiguration
TransCredit: Credit Analysis & Reporting
Risk to Business: 1.719 = Severe
Over half a million credit reports and other financial documents held by Florida-based financial analysis firm TransCredit have been exposed. The Website Planet research team reported discovering a non-password-protected database that contained 822,789 records. Researchers cautioned that this dataset appears to be concentrated on clients in the transportation sector.
Risk to Business: 1.719 = Severe
The exposed data includes detailed information on trucking, transport companies and individual drivers. Also included in this data was information about credit accounts, loans, repayment and debt collections as well as financial data like banking information, tax ID numbers and Social Security Numbers.
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
United Kingdom – Parasol Group
https://www.theregister.com/2022/01/17/umbrella_company_parasol_group_confirms/Exploit: Hacking
Parasol Group: Business Services
Risk to Business: 1.727= Severe
UK umbrella company Parasol Group was forced to shut down some of its IT systems last week after an intrusion was detected. The outage impacted the company’s MyParasol payment portal for contractors and freelancers, leading to payroll issues that caused some folks to not get paid. The company is also having invoicing problems as a result of the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
Germany – Hensoldt
https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/Exploit: Ransomware
Hensoldt: Defense Contractor
Risk to Business: 1.677 = Severe
Multinational defense contractor Hensoldt was hit with a ransomware attack by the Lorenz ransomware group. The company’s products include radar arrays, avionics, and laser rangefinders used by the US military. The Lorenz ransomware group claims to have stolen an undisclosed number of files from Hensholdt’s network during the attack. The gang says that they have published 95% of all stolen files on their leak website. No ransom demand has been announced.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals don’t just steal personal and financial data, they also love trade secrets, research, formulas and other proprietary data.
The Philippines – Commission on Elections (Comelec)
Exploit: HackingCommission on Elections (Comelec): Government Agency
Risk to Business: 1.806 = Severe
Concerns are mounting about the possibility that sensitive voter data has been exposed after an audacious attack on the Commission on Elections (Comelec) of The Philippines. Bad actors breached the system of the Comelec on January 8 and downloaded files that included sensitive information including the usernames and PINS of vote-counting machines (VCM). The cybercriminals made off with an estimated 60 gigabytes of data. Reports say that the stolen data included network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard and QR code captures of the bureau of canvassers with login and password. The exposure of this data may impact upcoming elections in The Philippines in May.
Customers Impacted: Unknown
How it Could Affect Your Business: Government agencies have become juicy targets for cybercriminals looking to score a boatload ofsensitive information fast.
Thailand – Siriraj Hospital
https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leakedExploit: Hacking
Siriraj Hospital: Medical Center
Risk to Business: 2.721 = Moderate
An estimated 39 million patient records from Siriraj Hospital in Thailand, including VIP patients, has turned up for sale on the dark web. Threat actors offered samples from the 38.9 million patient records they claimed to have. This is the second attack on a major Thai hospital in 6 months.
Risk to Business: 2.605 = Moderate
The treasure trove of data supposedly includes names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other patient personal information.
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
Why You Should Prioritize Your Technology Gaps
Technology is an unavoidable component of most businesses these days, helping them achieve their goals and vision. However, if you are not cautious, technological flaws could allow cybercriminals to access your network and cause harm to your company. Technology auditing is the solution to this problem.
A technology audit can assist you in better understanding and identifying gaps in your organization's security, compliance and backup postures. But if you don't have a background in IT, the results of a technology audit can be confusing. You may be overwhelmed by the number of items that need to be refreshed or replaced, and you may not know where to start.
Having a managed service provider (MSP) by your side can help you avoid these stumbling blocks. An MSP can provide you with a prioritized list of the most urgent to least urgent gaps, allowing you to decide how to proceed and allocate funds.
Why should you prioritize your organization’s technology gaps?
Here are some reasons why prioritizing technology gaps is critical:To fix the most critical gaps immediately
Following an audit, you may discover hundreds of vulnerabilities, prompting the question, "Should all of these be fixed at once?"
To make an improvement on a major highway, you wouldn't close every lane at the same time. Instead, you would first block and repair the most damaged one during non-peak hours. The same is true for vulnerabilities, and it is always better to bridge the most critical one first.
Bridging all the gaps at once is rarely practical, both financially and in terms of time and effort. Furthermore, if you prioritize a lower-priority vulnerability first, cybercriminals can swoop in and exploit critical flaws in the blink of an eye.
To promote better budgetary decisions
Budgets, when properly planned, can serve as a tool to assist you in meeting organizational objectives.
Randomly allocating funds to bridge gaps will neither help defend against threats nor be a wise budgetary decision. Instead, prioritize gaps and distribute financial resources based on vulnerability severity.
To improve control over transformation and upgrade
Timely upgrades and associated transformation are crucial for a business to stay competitive in constantly evolving business landscapes. Even so, it is critical to maintain control over such transitions. Otherwise, it could lead to confusion and poor decisions, ultimately harming your company's growth.
Get a better understanding of upgrades and transformation by prioritizing gaps and systematically bridging them based on their severity.
To avoid overburdening key stakeholders
Tending to all gaps at once can overwhelm your employees, in turn lowering their productivity and deteriorating customer service. Avoid this to the greatest extent possible. If your customers and employees are dissatisfied, your business can suffer serious setbacks such as employee attrition, customer churn, accidental data breaches and so on.
Collaborate for success
Not sure where to start? We can help you prioritize technology gaps in order to optimize IT platforms and help you get the most out of your technology investment, all while ensuring uptime and productivity.
Contact us to learn how we can help your organization successfully prioritize technology gaps to achieve targeted goals in a sustainable manner.
Why You Should Prioritize Your Technology Gaps
Technology is an unavoidable component of most businesses these days, helping them achieve their goals and vision. However, if you are not cautious, technological flaws could allow cybercriminals to access your network and cause harm to your company. Technology auditing is the solution to this problem.
A technology audit can assist you in better understanding and identifying gaps in your organization's security, compliance and backup postures. But if you don't have a background in IT, the results of a technology audit can be confusing. You may be overwhelmed by the number of items that need to be refreshed or replaced, and you may not know where to start.
Having a managed service provider (MSP) by your side can help you avoid these stumbling blocks. An MSP can provide you with a prioritized list of the most urgent to least urgent gaps, allowing you to decide how to proceed and allocate funds.
Why should you prioritize your organization’s technology gaps?
Here are some reasons why prioritizing technology gaps is critical:To fix the most critical gaps immediately
To make an improvement on a major highway, you wouldn't close every lane at the same time. Instead, you would first block and repair the most damaged one during non-peak hours. The same is true for vulnerabilities, and it is always better to bridge the most critical one first. Bridging all the gaps at once is rarely practical, both financially and in terms of time and effort. Furthermore, if you prioritize a lower-priority vulnerability first, cybercriminals can swoop in and exploit critical flaws in the blink of an eye.
To promote better budgetary decisions
Randomly allocating funds to bridge gaps will neither help defend against threats nor be a wise budgetary decision. Instead, prioritize gaps and distribute financial resources based on vulnerability severity.
To improve control over transformation and upgrade
Get a better understanding of upgrades and transformation by prioritizing gaps and systematically bridging them based on their severity.
To avoid overburdening key stakeholders
Collaborate for success
Not sure where to start? We can help you prioritize technology gaps in order to optimize IT platforms and help you get the most out of your technology investment, all while ensuring uptime and productivity.Contact us to learn how we can help your organization successfully prioritize technology gaps to achieve targeted goals in a sustainable manner.
All You Need to Know About Least Privilege
In IT, the principle of least privilege (PoLP) refers to the concept that any process, program or user must be provided with only the bare minimum privileges (access or permissions) needed to perform a function. For instance, if a user account has been created for accessing database records, it need not have admin rights. Also, a programmer responsible for updating lines of legacy code can do so without access to the company’s financial records.
PoLP is a cybersecurity best practice and often considered a critical step for protecting privileged access to a businesses’ high-value assets and data (including customer/employee records). Since this principle extends beyond the scope of human access, it is also applicable to systems, applications and connected devices that require certain permissions or privileges to perform a task.
What Least Privilege is Used For
Did you know that two of the most infamous data breaches on record, namely the ones at Home Depot[i] and Target[ii], occurred due to a compromise of their network credentials? In both the cases, hackers used privileged accounts to access critical business data and private records of customers. Taking cue from the breaches in the past, you need to understand that your informational security professionals and network managers must deploy security strategies for users and applications to perform critical functions within the network.
For ensuring efficient enforcement of the principle of least privilege, you need to devise a strategy to manage and secure your privileged credentials centrally and deploy flexible controls to strike a balance between your operational and end-user needs and your compliance and cybersecurity requirements.
Securing Your Business
The Vectra 2020 Attacker Behavior Industry Report[iii] highlights that privileged access is a key aspect that hackers leverage for lateral movement in cyberattacks. They use these privileges to gain access to the most critical assets that a business relies on.PoLP is an efficient cybersecurity strategy that can be used to restrict unauthorized access of data from the different levels within your IT environment including applications, end users, systems, networks, databases, processes and so on. You can grant permissions to your users to execute, read or write only those resources or files that they need to perform their job. Additionally, you can restrict access rights for devices, processes, systems and applications to privileges required to carry out authorized activities.
Managing Access Levels
In some cases, the assignment of privileges is done on role-based attributes such as the business unit, time of day, seniority and other special circumstances. Some examples of role-based privileges include:Least privileged user accounts — These are standard user accounts that operate with a limited set of privileges. Under normal circumstances, most of your users should be operating under these accounts, 90 to 100 percent of the time.
Superuser accounts — These are essentially admin accounts that are used by specialized IT users and often come with unlimited privileges. In addition to the read/write/execute privileges, these accounts have the permission to execute systemic changes in your IT network.
Guest user accounts — These accounts are created on a situational basis and often have the least number of privileges — lower than those of the standard user accounts.
Managing Third-Party Vendor Risk
An interesting thing to note about the Target data breach is that it started with the hackers gaining access to nearly 70 million customer accounts through an HVAC contractor who had access to Target’s network and the permission to upload executables.[iv] What this implies is that you must not ignore third-party vendor risk management. Apart from your internal users, you must also implement principle of least privilege for your third-party vendors as they can be a major security risk for your business. Limiting third-party vendor access to your critical data can be an efficient strategy towards minimizing the associated risk.Benefits of Principle of Least Privilege
We have rounded up a list of benefits of leveraging the principle of least privilege for your business. Read on:
Diminishes the Attack Surface
As mentioned earlier, the role of an HVAC contractor was critical to the Target data breach. Given the fact that the third-party vendor had elevated privileges, one can safely say that Target failed to implement PoLP, which consequently created a broad attack surface for the hacker to leverage.Under PoLP, restricting privileges for your applications, processes and users significantly diminishes the attack surface and limits the ingresses and pathways for exploit.
Reduces the Impact of Breaches
By implementing PoLP, you can significantly reduce the impact of a breach that might occur as a result of unauthorized or unwanted use of network privileges. For instance, if a user account that has only limited privileges is compromised, the scope of catastrophic harm is relatively low.Reduces Malware Propagation and Infection
Hackers usually target applications and systems with unrestricted privileges. As one of the most common web applications cyberattacks out there, a SQL injection attacks by inserting malicious instructions within SQL statements. The hacker can then enhance his privileges and acquire unauthorized control over your critical systems. However, by implementing PoLP, you can efficiently stunt and contain such malware attacks to where they first entered your system.Ensures Superior Data Security Capabilities
In addition to eliminating any security flaws on the periphery of your business, you also need to focus on minimizing the risk of proprietary data thefts and insider leaks. That being said, it is imperative to monitor and control the activity of your authorized users to reinforce your cybersecurity stance.Since PoLP restricts privilege elevations as well as the number of users that are given access to confidential information, it inherently enhances the security of your critical data.
PoLP Best Practices
There are certain best practices that you must follow to efficiently implement PoLP in your security policies.
Here is a list:
- For starters, you must conduct a privilege audit for all your existing programs, processes and user accounts to make sure that they have only the bare minimum permissions required to do their jobs.
- Make sure that you start all your user accounts with privileges set to the lowest possible level. Implement least privilege as the default for all your existing as well as new user accounts, applications and systems.
- You must elevate account privileges as needed and only for a specific time period that is required to do the job. An efficient strategy to provide the required access while also maintaining control is using one-time-use credentials and expiring privileges.
- Keep track of all the activity on your network including access requests, systems changes and individual logins. Having a comprehensive understanding of who is operating on your network and what they are doing is critical to maintaining control over who can access what.
- Maintain a management platform that allows flexibility to securely elevate and downgrade privileged credentials.
- Conduct regular audits to check if there are any old accounts, users or processes that have accumulated privileges over time and analyze whether or not the elevated privileges are still relevant
According to PoLP, organizations should operate under the zero-trust framework by not blindly trusting anything within or outside their network and verifying everything before granting permissions for access.
Implement PoLP across your IT environment today to strengthen your cybersecurity posture. Don’t know how? Contact us now to help you understand how you can implement and leverage the powerful capabilities of PoLP.
Article curated and used by permission.
[i] https://www.webtitan.com/blog/cost-retail-data-breach-179-million-home-depot/#:~:text=The%20Home%20Depot%20data%20breach,one%20of%20the%20retailer's%20vendors
[ii] https://arxiv.org/pdf/1701.04940.pdf#:~:text=1%20INTRODUCTION,of%20personal%20information%20were%20stolen
[iii] https://www.securitymagazine.com/articles/91830-surge-in-attacker-access-to-privileged-accounts-and-services-puts-businesses-at-risk
[iv] https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/