InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Pacific City Bank
Exploit: Ransomware
Pacific City Bank: Financial Institution
Risk to Business: 1.623 = Severe
Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Practice
Risk to Business: 1.636 = Severe
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.
Individual Risk: 1.866 = Severe
The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.
Customers Impacted: 600,000 patients
How It Could Affect Your Business: Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.
Career Group, Inc.
https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers
Exploit: Ransomware
Career Group, Inc.: Staffing Company
Risk to Business: 1.673=Severe
California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.
Individual Risk: 1.673=Severe
The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.
Customers Impacted: 49,476
How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.
Howard University
https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack
Exploit: Ransomware
Howard University: Institution of Higher Learning
Risk to Business: 1.917 = Severe
Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.
Individual Impact: No information was available at press time about the types of data that was stolen if any.
Customers Impacted: Unknown
How It Could Affect Your Business: Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.
France – Francetest
Exploit: Misconfiguration
Francetest: COVID-19 Test & Trace Platform
Risk to Business: 1.721 = Severe
A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.
Individual Risk: 1.761 = Severe
Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.
Customers Impacted: 700,000
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
Exploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.
Japan – Fujitsu
https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/
Exploit: Hacking
Fujitsu: Information Technology
Risk to Business: 1.802 = Severe
Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Indonesia – electronic Health Alert Card
Exploit: Misconfiguration
electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform
Risk to Business: 1.802 = Severe
A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.
Individual Risk: 1.5882 = Severe
The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.
How it Could Affect Your Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.
Pacific City Bank
Exploit: Ransomware
Pacific City Bank: Financial Institution
Risk to Business: 1.623 = Severe
Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Practice
Risk to Business: 1.636 = Severe
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.
Individual Risk: 1.866 = Severe
The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.
Customers Impacted: 600,000 patients
How It Could Affect Your Business: Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.
Career Group, Inc.
https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers
Exploit: Ransomware
Career Group, Inc.: Staffing Company
Risk to Business: 1.673=Severe
California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.
Individual Risk: 1.673=Severe
The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.
Customers Impacted: 49,476
How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.
Howard University
https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack
Exploit: Ransomware
Howard University: Institution of Higher Learning
Risk to Business: 1.917 = Severe
Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.
Individual Impact: No information was available at press time about the types of data that was stolen if any.
Customers Impacted: Unknown
How It Could Affect Your Business: Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.
France – Francetest
Exploit: Misconfiguration
Francetest: COVID-19 Test & Trace Platform
Risk to Business: 1.721 = Severe
A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.
Individual Risk: 1.761 = Severe
Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.
Customers Impacted: 700,000
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
Exploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.
Japan – Fujitsu
https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/
Exploit: Hacking
Fujitsu: Information Technology
Risk to Business: 1.802 = Severe
Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Indonesia – electronic Health Alert Card
Exploit: Misconfiguration
electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform
Risk to Business: 1.802 = Severe
A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.
Individual Risk: 1.5882 = Severe
The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.
How it Could Affect Your Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.
Let Dark Web Facts (Not Hype) Inform Your Security Decisions
Dark web threats are growing increasingly more dangerous as a booming dark web economy drives cybercrime to new heights, setting records for phishing, hacking and (of course) ransomware. This cybercrime wave is creating additional pressure on already overstressed cybersecurity teams. But there’s a lot of hype out there about the dark web that’s designed to scare instead of inform. Let’s cut through the noise with some real dark web facts.Don’t make decisions about your organization’s security posture until you see these essential 2021 Dark Web facts.
- Dark Web activity has increased by 300% in the last 3 years.
- Over 30% of North Americans access the dark web regularly.
- In 2020, credentials for about 133,927 C-level Fortune 1000 executives were available on the dark web
- More than 22 billion new records were added to the dark web in 2020
- Satellite affiliates of cybercrime gangs pay the boss gang 10 – 20% of the take on each successful job
- An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps.
- About 65% of active criminal gangs rely on spear phishing powered by dark web data to launch attacks.
- The largest credential file to ever hit the dark web at once is the RockYou2021 password leak.
- Hackers attack every 39 seconds, on average 2,244 times a day.
- 60% of the information available on the Dark Web could potentially harm enterprises.
What’s For Sale on the Dark Web?
In addition to information, Dark Web markets also deal in other nefarious things like criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, cybercrime software, cracked credentials and other illicit items. Cybercriminals also enjoy gambling and all sorts of strange things are in the pot at dark web online poker games.In a recent breakdown of activity in popular dark web forums, researchers noted:
- An estimated 90% of posts on dark web forums are from buyers looking to contract someone for cybercrime.
- Almost 70% of dark web forum hiring posts were looking for cybercriminals to do some website hacking.
- Over 20% were looking for bad actors who could obtain specifically targeted user or client databases.
- About 7% of forum posts were ads for hackers looking for work.
- 2% of forum posts were made by cybercriminal developers who were selling the tools
Let Dark Web Facts (Not Hype) Inform Your Security Decisions
Dark web threats are growing increasingly more dangerous as a booming dark web economy drives cybercrime to new heights, setting records for phishing, hacking and (of course) ransomware. This cybercrime wave is creating additional pressure on already overstressed cybersecurity teams. But there’s a lot of hype out there about the dark web that’s designed to scare instead of inform. Let’s cut through the noise with some real dark web facts.Don’t make decisions about your organization’s security posture until you see these essential 2021 Dark Web facts.
- Dark Web activity has increased by 300% in the last 3 years.
- Over 30% of North Americans access the dark web regularly.
- In 2020, credentials for about 133,927 C-level Fortune 1000 executives were available on the dark web
- More than 22 billion new records were added to the dark web in 2020
- Satellite affiliates of cybercrime gangs pay the boss gang 10 – 20% of the take on each successful job
- An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps.
- About 65% of active criminal gangs rely on spear phishing powered by dark web data to launch attacks.
- The largest credential file to ever hit the dark web at once is the RockYou2021 password leak.
- Hackers attack every 39 seconds, on average 2,244 times a day.
- 60% of the information available on the Dark Web could potentially harm enterprises.
What’s For Sale on the Dark Web?
In addition to information, Dark Web markets also deal in other nefarious things like criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, cybercrime software, cracked credentials and other illicit items. Cybercriminals also enjoy gambling and all sorts of strange things are in the pot at dark web online poker games. In a recent breakdown of activity in popular dark web forums, researchers noted:- An estimated 90% of posts on dark web forums are from buyers looking to contract someone for cybercrime.
- Almost 70% of dark web forum hiring posts were looking for cybercriminals to do some website hacking.
- Over 20% were looking for bad actors who could obtain specifically targeted user or client databases.
- About 7% of forum posts were ads for hackers looking for work.
- 2% of forum posts were made by cybercriminal developers who were selling the tools
SAC Wireless
https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/Exploit: Ransomware
SAC Wireless: Mobile Network Services
Risk to Business: 1.486 = Extreme
AC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack attributed to the Conti ransomware gang. The company disclosed that personal information belonging to current and former employees (and their health plans’ dependents
or beneficiaries) was also stolen during the ransomware attack. Conti ransomware gang revealed on their leak site that they stole over 250 GB of data. The investigation and remediation is ongoing.
Individual Risk : 1.311 = Extreme
SAC Wireless has announced that they believe that the stolen files contain the following categories of personal info about current and former employees: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names.
How It Could Affect Your Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.
Boston Public Library (BPL)
https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/Exploit: Ransomware
Boston Public Library (BPL): Library System
Risk to Business: 2.336 = Severe
The Boston Public Library (BPL) has disclosed that its network was hit by a cyberattack leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. The library experienced a significant system outage and as well as disruption of its online library services. Branch It has been restored and online services are slowly being recovered.
Customers Impacted: 4 million
How It Could Affect Your Business: Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
Envision Credit Union
https://www.tallahassee.com/story/money/2021/08/26/envision-credit-union-taking-steps-after-possible-cyber-attack-lockbit/8254377002/Exploit: Ransomware
Envision Credit Union: Bank
Risk to Business: 1.673=Severe
The LockBit 2.0 ransomware group has threatened to publish stolen data of its newest target, Envision Credit Union in Florida, on August 30. Envision Credit Union disclosed to the media that recently began “experiencing technical difficulties on certain systems” after the LockBit announcement went up on the gang’s leak site. An investifation is ongoing and the bank has not yet disclosed exactly what (if any) data was stolen.
Customers Impacted: Unknown
How It Could Affect Your Business: Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.
Atlanta Allergy & Asthma
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.917 = Severe
Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.
Individual Risk: 1.835 = Severe
The data seen by researchers includes what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018 and more than 100 audits including a multi-page detailed review of a patient’s case.
How It Could Affect Your Business: Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.
Germany – Puma
https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html
Exploit: HackingPuma: Sportswear Brand
Risk to Business: 1.721 = Severe
Threat actors claim to have stolen data from German sportswear giant Puma. The cybercriminals announced the score in a post on a message board at the rising dark web marketplace Marketo claims to have about 1GB of data stolen from the company. Published samples contain the source code of internal management applications potentially linked to the company’s Product Management Portal.
Customers Impacted: Unknown
How it Could Affect Your Business: Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.
Thailand – Bangkok Airways
https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/Exploit: Ransomware
Bangkok Airways: Airline
Risk to Business: 1.802 = Severe
Bangkok Airways has announced that it has experienced a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system”. There’s no word from the company about how many customers were involved in the breach or what timeframe the data came from, but they were quick to assure customers that no operations or aeronautics systems or data was impacted.
Individual Risk: 1.761 = Severe
The company said in a statement that their initial an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline were accessed by the hackers.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.