InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Twitch
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitorExploit: Hacking
Twitch: Streaming Platform
Risk to Business: 1.402 = Extreme
Leading streaming and gaming platform Twitch has been hacked. Source code for the company’s upcoming expansion to its streaming service, an unreleased Steam competitor from Amazon Game Studios, has appeared on message boards as well as data that details the terms and amounts of content creator payouts. Ann anonymous poster on the 4chan messaging board delivered the data in a 125GB torrent. That poster also claimed that the stream includes the entirety of Twitch and its commit history including the aforementioned creator payouts, twitch.tv, source code for the mobile, desktop and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, data on other Twitch properties like IGDB and CurseForge and, details about the AGS project and information about the platform’s internal security tools.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and this data will appeal to many different cybercriminal operations.
MoneyLion
Exploit: Credential StuffingMoneyLion: Financial Services Platform
Risk to Business: 1.712=Severe
That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.
Customers Impacted: 8.5 million
How It Could Affect Your Business: Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.
Next Level Apparel
https://portswigger.net/daily-swig/us-clothing-brand-next-level-apparel-reports-phishing-related-data-breachExploit: Phishing
Next Level Apparel: Clothing Manufacturer
Risk to Business: 2.771 = Moderate
Next Level Apparel, a US-based clothing manufacturer, has announced that several of its employee accounts were compromised in a phishing attack. In a press release late last week, the company noted that cybercriminals were able to access the contents of several employee email accounts at various times between February 17, 2021, and April 28, 2021, including viewing customer and employee PII although the company could not confirm that any data was stolen.
Individual Risk: 2.802 = Moderate
Next Level Apparel noted that the customer and employee data accessible through the compromised accounts included names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information.
How It Could Affect Your Business: More than 80% of reported security incidents in 2020 were phishing-related, making this the biggest cyberattack vector for every business.
United Kingdom – Welland Park Academy
https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/Exploit: Hacking
Welland Park Academy: Secondary School
Risk to Business: 2.883 = Moderate
Hell hath no fury like an IT employee scorned, as Welland Park Academy discovered after a fired IT admin entered its environment and wreaked havoc. After his termination, the former employee wiped data on the school’s systems and changed all employee credentials. These actions made it impossible for the school to conduct distance learning. The same malicious individual also took revenge on the next company fired from, creating lockout chaos and wiping data at an unnamed IT company, as well as mucking up the company’s phone systems.
Customers Impacted: Unknown
How It Could Affect Your Business: Malicious insider threats are a hazard that very business should remember, because vengeful employees can do serious damage quickly.
United Kingdom – The Telegraph
https://www.bleepingcomputer.com/news/security/the-telegraph-exposes-10-tb-database-with-subscriber-info/Exploit: Misconfiguration
The Telegraph: News Organization
Risk to Business: 2.122=Severe
UK news giant The Telegraph is in hot water after researchers discovered an unsecured database that exposed an enormous amount of information, an estimated 10 TB of data. Much of the data appears to apply to Apple News customers. The researcher who discovered it noted that at least 1,200 unencrypted contacts were accessible without a password. The Telegraph announced that it quickly secured the database as soon as it was informed of the issue, which impacted less than 0.1% of its subscribers.
Risk to Business: 2.801=Moderate
The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens and unique reader identifiers, mostly for users who accessed The Telegraph through Apple News.
How it Could Affect Your Business: It pays to make sure that companies are building a strong security culture to discourage neglectful practices.
Scotland – Weir
https://www.bbc.com/news/uk-scotland-scotland-business-58801753Exploit: Ransomware
Weir: Heavy Equipment Manufacturer
Risk to Business: 1.616 = Severe
Scottish heavy equipment company Weir was hit with a ransomware attack. The BBC reports the company was essentially shut down briefly by the incident, which took place sometime in September 2021, forcing the company to delay shipments of mining equipment worth more than £50m in revenue. The company noted in its release that because the attackers did not exfiltrate or encrypt any data, it was confident that no financial or sensitive data had been stolen about employees or customers.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want to steal data anymore. They’re also more than happy to shut down production lines to obatain ransoms.
Scotland – BrewDog
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Misconfiguration
BrewDog: Bar and Restaurant Chain
Risk to Business: 1.615 = Severe
Scottish bar and restaurant chain BrewDog was responsible for exposing the data of 200,000 shareholders and customers, The company, famous for its crowd-ownership model as well as its beer, exposed that data over an 18-month period through a glitch in its mobile app that hard-coded authentication tokens for users into the mobile application instead of being transmitted to it following a successful user authentication event. Interested parties could simply append any customer ID to the end of the API endpoint URL and access sensitive PII (personally identifiable information) for that customer.
Individual Risk: 1.701 = Severe
Potentially exposed customer/shareholder details include, the customer’s name, date of birth, email address, gender, all previously used delivery addresses, telephone number, number of shares held, shareholder number, bar discount amount, bar discount ID, number of referrals and types of beer previously purchased
How it Could Affect Your Business: Having this data exposed through a blunder will hurt the reputation of a company that relies on customers as investors to stay in business.
Hong Kong – Fimmick Limited
https://www.zdnet.com/article/hong-kong-firm-becomes-latest-marketing-company-hit-with-revil-ransomware/Exploit: Ransomware
Fimmick Limited: Marketing Company
Risk to Business: 1.631 = Severe
Hong Kong marketing firm Fimmick has been hit with a ransomware attack that is purportedly the work of REvil. Cybersecurity researchers caught wind of the incident after REvil claimed to have burglarized Fimmick’s databases, snatching data that pertained to Fimmick’s work with a number of major brands. Sample data provided on REvil’s website as proof of the hack included data pertaining to the company’s work with Cetaphil, Coca-Cola and Kate Spade.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that provide services like this are especially tasty targets for ransomware gangs because even if they don’t pay the ransom their data on other businesses opens new doors.
PCI-DSS Compliance: What You Should Know
Over the last year, many organizations struggled to keep their private data secure against cyberthreats as they rushed to adapt to pandemic-inspired shifts in workforce and operations. Cybercrime is becoming increasingly prevalent, and the sophistication and volume of cyberattacks is escalating as well. According to a report, over 300 million ransomware attacks occurred in 2020.1Dealing with a cybersecurity disaster is difficult and brings forth a lot of uncertainty, especially when it involves financial and reputational damage. This holds true for all organizations, and especially for small and medium-sized businesses (SMBs). SMBs are increasingly becoming prime targets for hackers because they consider these organizations to have insufficient expertise and resources to prevent and respond to attacks.
Now, more than ever, it is critical for business owners to protect their customers' personal information, especially as we approach the holiday season when individuals purchase a lot more than at any other time of the year.
This is where the Payment Card Industry Data Security Standard (PCI-DSS) finds its relevance.
Why Is PCI-DSS Important?
Organizations that accept payment cards and handle, transmit or retain payment card data must comply with PCI-DSS. It is crucial for data security because practically every business accepts credit or debit cards as a form of payment.
The PCI-DSS's directives limit the risk of credit and debit card data loss. It not only helps avoid identity theft but also includes best practices for recognizing, preventing and resolving data incidents.
PCI-DSS compliance also safeguards a company in the event of a data breach in which cardholder data is exposed. SMBs that comply with PCI-DSS are recognized by Visa, Mastercard, Discover, JCB and American Express, all of which are pioneers in establishing this information security standard.
Failure to comply with PCI-DSS can result in penalties that prevent a company from dealing with card data.
PCI-DSS has 12 requirements:
Maintain firewalls for business devices
Change vendor-supplied passwords
Encrypt transmissions of consumer data
Use updated antivirus software
Protect stored consumer data
Restrict access to consumer data
Maintain secure systems and apps
Make cardholder data available only on a need-to-know basis
Create a unique ID for every person with business computer access
Monitor access to network and consumer data
Test data security regularly
Maintain a data security policy
The PCI Compliance Levels
There are four levels of PCI compliance that are determined by the number of transactions an organization processes each year.
Level 1 Merchants
Through all channels, they process over six million card transactions every year (card present, card not present, eCommerce).Level 2 Merchants
Through all channels, they process about one to six million card transactions every year (card present, card not present, eCommerce).Level 3 Merchants
They process between 20,000 and one million card transactions every year through all channels (card present, card not present, eCommerce).Level 4 Merchants
They process up to one million card transactions per year across all channels (card present, card not present,and eCommerce), with no more than 20,000 card transactions per year processed just through eCommerce.
If you own a business that accepts, transmits or stores any cardholder data, you need to take PCI-DSS seriously and comply with all regulations.
When you're trying to figure everything out on your own, it’s easy to get overwhelmed. Working with a specialist like us gives you the benefit of having a compliance expert in your corner. We can regularly conduct assessments for you to verify compliance and make your compliance journey much easier.
Source:
- Statista
PCI-DSS Compliance: What You Should Know
Over the last year, many organizations struggled to keep their private data secure against cyberthreats as they rushed to adapt to pandemic-inspired shifts in workforce and operations. Cybercrime is becoming increasingly prevalent, and the sophistication and volume of cyberattacks is escalating as well. According to a report, over 300 million ransomware attacks occurred in 2020.1Dealing with a cybersecurity disaster is difficult and brings forth a lot of uncertainty, especially when it involves financial and reputational damage. This holds true for all organizations, and especially for small and medium-sized businesses (SMBs). SMBs are increasingly becoming prime targets for hackers because they consider these organizations to have insufficient expertise and resources to prevent and respond to attacks.
Now, more than ever, it is critical for business owners to protect their customers' personal information, especially as we approach the holiday season when individuals purchase a lot more than at any other time of the year.
This is where the Payment Card Industry Data Security Standard (PCI-DSS) finds its relevance.
Why Is PCI-DSS Important?
Organizations that accept payment cards and handle, transmit or retain payment card data must comply with PCI-DSS. It is crucial for data security because practically every business accepts credit or debit cards as a form of payment.
The PCI-DSS's directives limit the risk of credit and debit card data loss. It not only helps avoid identity theft but also includes best practices for recognizing, preventing and resolving data incidents.
PCI-DSS compliance also safeguards a company in the event of a data breach in which cardholder data is exposed. SMBs that comply with PCI-DSS are recognized by Visa, Mastercard, Discover, JCB and American Express, all of which are pioneers in establishing this information security standard.
Failure to comply with PCI-DSS can result in penalties that prevent a company from dealing with card data.
PCI-DSS has 12 requirements:
Maintain firewalls for business devices
Change vendor-supplied passwords
Encrypt transmissions of consumer data
Use updated antivirus software
Protect stored consumer data
Restrict access to consumer data
Maintain secure systems and apps
Make cardholder data available only on a need-to-know basis
Create a unique ID for every person with business computer access
Monitor access to network and consumer data
Test data security regularly
Maintain a data security policy
The PCI Compliance Levels
There are four levels of PCI compliance that are determined by the number of transactions an organization processes each year.
Level 1 Merchants
Through all channels, they process over six million card transactions every year (card present, card not present, eCommerce).Level 2 Merchants
Through all channels, they process about one to six million card transactions every year (card present, card not present, eCommerce).Level 3 Merchants
They process between 20,000 and one million card transactions every year through all channels (card present, card not present, eCommerce).Level 4 Merchants
They process up to one million card transactions per year across all channels (card present, card not present,and eCommerce), with no more than 20,000 card transactions per year processed just through eCommerce.
If you own a business that accepts, transmits or stores any cardholder data, you need to take PCI-DSS seriously and comply with all regulations.
When you're trying to figure everything out on your own, it’s easy to get overwhelmed. Working with a specialist like us gives you the benefit of having a compliance expert in your corner. We can regularly conduct assessments for you to verify compliance and make your compliance journey much easier.
Source:
- Statista
Sandhills Global
https://journalstar.com/news/local/ransomware-attack-affects-lincoln-based-sandhills-global-operations/article_aa844ea4-a3f1-5c63-8cae-c062e3283b8a.htmlExploit: Ransomware
Sandhills Global: IT & Digital Publishing
Risk to Business: 1.337 = Extreme
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and by scooping it up at service providers like publishing companies they can ensure that they profit even if no ransom is paid.
Marketron
https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/Exploit: Ransomware
Marketron: Marketing Services Company
Risk to Business: 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand. The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.
Customers Impacted: 320,000
How It Could Affect Your Business: Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.
Portpass
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749Exploit: Misconfiguration
Portpass: COVID-19 Vaccine Passport Platform
Risk to Business: 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.
Individual Risk: 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.
How It Could Affect Your Business: Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.
United Kingdom – Giant Group
https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/Exploit: Ransomware
Giant Group: Payroll Services Firm
Risk to Business: 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.
France – TiteLive
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/Exploit: Ransomware
TiteLive: Bookstore Support Platform Provider
Risk to Business: 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – E.M.I.T Aviation Consulting
Exploit: RansomwareE.M.I.T Aviation Consulting: Defense Aviation Consulting
Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.
New Zealand – Aquila Technology
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Credential Compromise
Aquila Technology: Communications Equipment Retailer
Risk to Business: 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.
Individual Risk: 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.
How it Could Affect Your Business: Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.
Japan – JVCKenwood
https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/Exploit: Ransomware
JVCKenwood: Audio Equipment Manufacturer
Risk to Business: 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.
Customers Impacted: Unknown
How it Could Affect Your Business: Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.
Sandhills Global
https://journalstar.com/news/local/ransomware-attack-affects-lincoln-based-sandhills-global-operations/article_aa844ea4-a3f1-5c63-8cae-c062e3283b8a.htmlExploit: Ransomware
Sandhills Global: IT & Digital Publishing
Risk to Business: 1.337 = Extreme
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and by scooping it up at service providers like publishing companies they can ensure that they profit even if no ransom is paid.
Marketron
https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/Exploit: Ransomware
Marketron: Marketing Services Company
Risk to Business: 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand. The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.
Customers Impacted: 320,000
How It Could Affect Your Business: Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.
Portpass
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749Exploit: Misconfiguration
Portpass: COVID-19 Vaccine Passport Platform
Risk to Business: 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.
Individual Risk: 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.
How It Could Affect Your Business: Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.
United Kingdom – Giant Group
https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/Exploit: Ransomware
Giant Group: Payroll Services Firm
Risk to Business: 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.
France – TiteLive
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/Exploit: Ransomware
TiteLive: Bookstore Support Platform Provider
Risk to Business: 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – E.M.I.T Aviation Consulting
Exploit: RansomwareE.M.I.T Aviation Consulting: Defense Aviation Consulting
Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.
New Zealand – Aquila Technology
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Credential Compromise
Aquila Technology: Communications Equipment Retailer
Risk to Business: 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.
Individual Risk: 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.
How it Could Affect Your Business: Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.
Japan – JVCKenwood
https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/Exploit: Ransomware
JVCKenwood: Audio Equipment Manufacturer
Risk to Business: 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.
Customers Impacted: Unknown
How it Could Affect Your Business: Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.