InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The National Rifle Association (NRA)
https://www.nbcnews.com/tech/security/cybercriminals-claim-hacked-nra-rcna3929
Exploit: RansomwareNational Rifle Association: Gun Rights Activist Group
Risk to Business: 1.417= Severe
Guess who’s back? Cybersecurity researchers believe that the notorious Evil Corp has rebranded itself as Grief, the group that has claimed responsibility for a probable ransomware attack at The National Rifle Association (NRA). Grief posted 13 files to its news website last Wednesday after they claimed to have hacked the NRA. The gang is threatening to release more of the files if they’re not paid, but no ransom demand was specified. NBC News reported that the files it saw were related to grants. The samples provided by the gang include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, a W-9 form and the minutes from a September 24th NRA teleconference meeting.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware can be used to steal and publicize sensitive information that a company doesn’t want exposed.
PracticeMax
https://www.govinfosecurity.com/phi-stolen-in-practice-management-firms-ransomware-attack-a-17813
Exploit: RansomwarePracticeMax: Medical Practice Management Services
Risk to Business: 1.822=Severe
A ransomware attack on medical practice management services firm PracticeMax may have exposed Protected Health Information. The company notified members of Village Health that they may have been impacted by a cyberattack in April and May of 2021. VillageHealth is a care coordination program for patients with chronic conditions run by DaVita Inc. and offered through health plans including Anthem and Humana. PracticeMax indicates the breach affected more than 4,400 of its members in legal filings, but a company statement warns that they cannot say for sure that any data was actually accessed or stolen.
Individual Risk: 1.703=Severe
In breach notification letters being sent on behalf of DaVita, Humana and Anthem, PracticeMax says the incident affected PHI including members’ first and last name, date of birth, address, phone number, Social Security Number, member ID number and clinical data pertaining to services received through the VillageHealth program.
How It Could Affect Your Business: Service providers that handle a lot of valuable data have been favored targets of ransomware groups looking to profit in the booming data markets.
United States – Schreiber Foods
https://www.zdnet.com/article/schreiber-foods-back-to-normal-after-ransomware-attack-shut-down-milk-plants/Exploit: Ransomware
Schreiber Foods: Dairy Processor
Risk to Business: 1.442=Extreme
Wisconsin-based dairy powerhouse Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack ground operations to a halt over the weekend. The company announced that a “cyber event” had disrupted operations at its processing and distribution centers after critical systems were knocked or taken offline. Schreiber uses a variety of digital systems and computers to manage milk processing, so this event impacted the entire dairy supply chain in the US. This is the latest incident in a string of massive production-impacting cyberattacks against agricultural sector targets. The company is the largest milk processor in Wisconsin, and it has reportedly been hit with a $2.5 million ransom demand.
Customers Impacted: Unknown
How It Could Affect Your Business: In September, the FBI released a notice warning companies in the food and agriculture sectors to watch out for ransomware attacks aiming to disrupt supply chains.
Canada – Toronto Transit Commission (TTC)
https://www.cbc.ca/news/canada/toronto/ttc-ransomware-attack-1.6231349Exploit: Hacking
Toronto Transit Commission (TTC): Government Entity
Risk to Business: 1.615= Severe
The Toronto Transit Commission was the victim of a ransomware attack that it says began last Thursday night and expanded on Friday. Officials were quick to assure the public that the attack has not caused any significant disruption to transit service and the public and employees are not at risk. They specified that transit vehicles are continuing to service their routes, but apps and computer displays of route information are being affected. There’s no word on when those functions will be restored.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks on infrastructure targets are common, and that means that organizations that run and serve them need to step up their security game.
United Kingdom – Graff
https://www.dailymail.co.uk/news/article-10148265/Massive-cyber-heist-rocks-high-society-jeweller-Graff.htmlExploit: Ransomware
Graff: Jeweler
Risk to Business: 1.512= Severe
The Conti ransomware gang made headlines again with a successful ransomware attack against high-society jeweler Graff. The company counts clients like Donald Trump, David Beckham, Oprah Winfrey and other major-league clientele. Graff operates at the top end of the diamond jewelry market, with more than 60 retail stores worldwide. Reports say that the Conti group has already posted 69,000 confidential documents on its dark web leak site including client lists, contact data and other proprietary information. Ransom demands are reported to be in the millions of pounds.
Customers Impacted: Unknown
How it Could Affect Your Business: Firms like Graff not only have records on deep-pocketed clients, they also have records on transactions that those clients may want to have kept quiet.
Poland – C.R.E.A.M. Finance
https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.htmlExploit: Cryptojacking (Misconfiguration)
C.R.E.A.M. Finance: Decentralized Lending Platform
Risk to Business: 1.595 = Extreme
For the third time this year, cybercriminals have hit lending platform C.R.E.A.M. Finance, stealing cryptocurrency. This time, thieves made off with $130 million worth of cryptocurrency assets. According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets. This is the third successful heist from the platform this year. Crooks jacked $29 million in August 2021 and $37 million in February 2021.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are always hungry for cash and crypto is the currency that they prefer, so stealing it will continue to be a popular option.
Thailand – Centara Hotels & Resorts
https://www.zdnet.com/article/luxury-hotel-chain-in-thailand-reports-data-breach/
Exploit: RansomwareCentara Hotels & Resorts: Hotel Chain
Risk to Business: 1.637 = Severe
The Desorden ransomware group claims to have stolen over 400GB of files and databases containing information belonging to millions of hotel guests of Thailand’s Centara Hotels & Resorts. The hotel chain is part of Central Group, a conglomerate that also includes the Central Restaurants Group, which it hacked earlier this month. The hackers made it clear that this attack was in retaliation for the Central Group’s refusal to pay the ransom for the first attack after negotiating and promising payment. That incident would have provided a ransom payment of $900,000 before Central Group backed out of the deal on Tuesday, spurring the second attack.
Individual Risk: 1.818 = Severe
The company admitted that attackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. Whether or not passport data was included was not specified but it is commonly requested. The theft is said to have affected guests who stayed at the hotel chain between 2003 and 2021, including any guests that made advanced bookings up to December 2021.
How it Could Affect Your Business: Big pools of information are catnip to ransomware gangs, especially highly desirable PII or credit card data.
The Role of Compliance in Cybersecurity
The overall technology landscape is evolving at a breakneck pace. While these changes are meant to improve the quality of life, the unfortunate flip side is an increase in cyberthreats. This is why global cybersecurity spending increased from nearly $40 billion in 2019 to $54 billion in 2021.1 Unfortunately, due to a lack of spending on personnel or technology, SMBs are most likely to be targeted by threat actors.
Many organizations fall victim to cybercrime because compliance and security are not a high priority for them. For your organization to run smoothly, both compliance and security are critical. While compliance ensures that your organization stays within the bounds of industry or government laws/regulations, security ensures that your organization's integrity and vital data are safeguarded.
Know These Benefits
The following are the reasons why adhering to industry compliance regulations is so important from a cybersecurity perspective:
Encourages trust
Improves security posture
Reduces loss
Increases control
Industries and Regulations
While each industry has its own set of cybersecurity issues, some overlap. Phishing, for example, is a threat that almost all industries face. To combat these challenges, each sector has its own set of compliance and regulatory standards with specific provisions for security and privacy.
Some regulations apply to multiple industries as well. Note that compliance regulations change from one country to the next and sometimes even within the same country. Let’s take a look at some of the industries and their associated regulations:
Healthcare
In the healthcare industry, shared data is highly sensitive. Cybercriminals who steal protected health information (PHI) usually fetch a high price for it on the dark web. Therefore, there are regulations in place, like the ones mentioned below, to ensure the secure handling of data:- In the United States, the Health Insurance Portability and Accountability Act (HIPAA) prohibits the disclosure of PHI without the patient's consent.
- In the European Union (EU), generic data protection laws, such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), regulate the handling of health-related data.
Finance
Finance is often the most regulated sector because a big chunk of data revolves around payments and financial transfers. Some of the most popular regulations in this industry are listed below.- The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard aimed at reducing payment card fraud for organizations that deal with branded payment cards. The scope of this regulation goes beyond the financial industry.
- In Japan, the Act on the Protection of Personal Information (APPI) regulates the commercial usage of personal data.
- The EU's Payment Services Directive (PSD2) governs data transfer during end-to-end payments.
Defense
There are strict regulations in the defense sector since a breach could result in the disclosure of national secrets.- The Cybersecurity Maturity Model Certification (CMMC) governs the Defense Industrial Base (DIB) in the United States.
- In Australia, the Defense Industry Security Program (DISP) assists organizations in understanding and meeting their security duties when working on defense projects, contracts and tenders.
Upgrading the compliance and security posture of your business is no more an option but rather a necessary undertaking. However, it takes significant time and effort. Our expertise and knowledge can take a considerable load off your shoulders as you factor compliance into your organization’s cybersecurity posture.
Sources:
- Statista
- IBM CDBR 2020
The Role of Compliance in Cybersecurity
The overall technology landscape is evolving at a breakneck pace. While these changes are meant to improve the quality of life, the unfortunate flip side is an increase in cyberthreats. This is why global cybersecurity spending increased from nearly $40 billion in 2019 to $54 billion in 2021.1 Unfortunately, due to a lack of spending on personnel or technology, SMBs are most likely to be targeted by threat actors.
Many organizations fall victim to cybercrime because compliance and security are not a high priority for them. For your organization to run smoothly, both compliance and security are critical. While compliance ensures that your organization stays within the bounds of industry or government laws/regulations, security ensures that your organization's integrity and vital data are safeguarded.
Know These Benefits
The following are the reasons why adhering to industry compliance regulations is so important from a cybersecurity perspective:
Encourages trust
Improves security posture
Reduces loss
Increases control
Industries and Regulations
While each industry has its own set of cybersecurity issues, some overlap. Phishing, for example, is a threat that almost all industries face. To combat these challenges, each sector has its own set of compliance and regulatory standards with specific provisions for security and privacy.
Some regulations apply to multiple industries as well. Note that compliance regulations change from one country to the next and sometimes even within the same country. Let’s take a look at some of the industries and their associated regulations:
Healthcare
In the healthcare industry, shared data is highly sensitive. Cybercriminals who steal protected health information (PHI) usually fetch a high price for it on the dark web. Therefore, there are regulations in place, like the ones mentioned below, to ensure the secure handling of data:
- In the United States, the Health Insurance Portability and Accountability Act (HIPAA) prohibits the disclosure of PHI without the patient's consent.
- In the European Union (EU), generic data protection laws, such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), regulate the handling of health-related data.
Finance
Finance is often the most regulated sector because a big chunk of data revolves around payments and financial transfers. Some of the most popular regulations in this industry are listed below.
- The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard aimed at reducing payment card fraud for organizations that deal with branded payment cards. The scope of this regulation goes beyond the financial industry.
- In Japan, the Act on the Protection of Personal Information (APPI) regulates the commercial usage of personal data.
- The EU's Payment Services Directive (PSD2) governs data transfer during end-to-end payments.
Defense
There are strict regulations in the defense sector since a breach could result in the disclosure of national secrets.
- The Cybersecurity Maturity Model Certification (CMMC) governs the Defense Industrial Base (DIB) in the United States.
- In Australia, the Defense Industry Security Program (DISP) assists organizations in understanding and meeting their security duties when working on defense projects, contracts and tenders.
Sources:
- Statista
- IBM CDBR 2020
Sinclair Broadcast Group
https://thecyberwire.com/newsletters/week-that-was/5/42Exploit: Ransomware
Sinclair Broadcast Group: Television Station Operator
Risk to Business: 1.227 = Extreme
Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.
Customers Impacted: Unknown
How It Could Affect Your Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.
Ferrara Candy Company
https://www.forestparkreview.com/2021/10/22/candy-production-impacted-by-ransomware-attack/
Exploit: RansomwareFerrara Candy Company: Candy Manufacturer
Risk to Business: 1.822=Severe
Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.
Customers Impacted: Unknown
How It Could Affect Your Business: Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.
United States – CoinMarketCap
https://www.cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-AddressesExploit: Hacking
CoinMarketCap: Cryptoasset Tracker
Risk to Business: 1.702=Severe
Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.
United Kingdom – Tesco
https://www.bbc.com/news/business-59027423Exploit: Hacking
Tesco: Supermarket Chain
Risk to Business: 2.115=Extreme
Ubiquitous UK supermarket cain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend.The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday itermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.
Switzerland – MCH Group
https://portswigger.net/daily-swig/swiss-exhibitions-organizer-mch-group-hit-by-cyber-attackExploit: Ransomware
MCH Group: Event Management
Risk to Business: 2.763 = Moderate
Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewellery show Baselworld.
Customers Impacted: Unknown
How it Could Affect Your Business: Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.
Spain – Atento
https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/Exploit: Hacking
Atento: Customer Service Center Operator
Risk to Business: 1.615 = Severe
Customer support giant Atento was hit by a cyberattack on it’s Brazil-based systems that primarily impacted it’s operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations ahve been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.
Customers Impacted: Unknown
How it Could Affect Your Business: Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers an other businesses that store a large volume of data.
Taiwan – Gigabyte
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/Exploit: Ransomware
Gigabyte: Computer Hardware Manufacturer
Risk to Business: 1.631 = Severe
Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen dataon its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip”containing confidentail data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.
Risk to Business: 1.6808 = Severe
Researchers also noted that some emoloyee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.
How it Could Affect Your Business: Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.
Sinclair Broadcast Group
https://thecyberwire.com/newsletters/week-that-was/5/42Exploit: Ransomware
Sinclair Broadcast Group: Television Station Operator
Risk to Business: 1.227 = Extreme
Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.
Customers Impacted: Unknown
How It Could Affect Your Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.
Ferrara Candy Company
https://www.forestparkreview.com/2021/10/22/candy-production-impacted-by-ransomware-attack/
Exploit: RansomwareFerrara Candy Company: Candy Manufacturer
Risk to Business: 1.822=Severe
Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.
Customers Impacted: Unknown
How It Could Affect Your Business: Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.
United States – CoinMarketCap
https://www.cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-AddressesExploit: Hacking
CoinMarketCap: Cryptoasset Tracker
Risk to Business: 1.702=Severe
Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.
United Kingdom – Tesco
https://www.bbc.com/news/business-59027423Exploit: Hacking
Tesco: Supermarket Chain
Risk to Business: 2.115=Extreme
Ubiquitous UK supermarket cain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend.The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday itermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.
Switzerland – MCH Group
https://portswigger.net/daily-swig/swiss-exhibitions-organizer-mch-group-hit-by-cyber-attackExploit: Ransomware
MCH Group: Event Management
Risk to Business: 2.763 = Moderate
Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewellery show Baselworld.
Customers Impacted: Unknown
How it Could Affect Your Business: Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.
Spain – Atento
https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/Exploit: Hacking
Atento: Customer Service Center Operator
Risk to Business: 1.615 = Severe
Customer support giant Atento was hit by a cyberattack on it’s Brazil-based systems that primarily impacted it’s operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations ahve been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.
Customers Impacted: Unknown
How it Could Affect Your Business: Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers an other businesses that store a large volume of data.
Taiwan – Gigabyte
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/Exploit: Ransomware
Gigabyte: Computer Hardware Manufacturer
Risk to Business: 1.631 = Severe
Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen dataon its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip”containing confidentail data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.
Risk to Business: 1.6808 = Severe
Researchers also noted that some emoloyee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.
How it Could Affect Your Business: Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.