InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
SAC Wireless
https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/Exploit: Ransomware
SAC Wireless: Mobile Network Services
Risk to Business: 1.486 = Extreme
AC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack attributed to the Conti ransomware gang. The company disclosed that personal information belonging to current and former employees (and their health plans’ dependents
or beneficiaries) was also stolen during the ransomware attack. Conti ransomware gang revealed on their leak site that they stole over 250 GB of data. The investigation and remediation is ongoing.
Individual Risk : 1.311 = Extreme
SAC Wireless has announced that they believe that the stolen files contain the following categories of personal info about current and former employees: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names.
How It Could Affect Your Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.
Boston Public Library (BPL)
https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/Exploit: Ransomware
Boston Public Library (BPL): Library System
Risk to Business: 2.336 = Severe
The Boston Public Library (BPL) has disclosed that its network was hit by a cyberattack leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. The library experienced a significant system outage and as well as disruption of its online library services. Branch It has been restored and online services are slowly being recovered.
Customers Impacted: 4 million
How It Could Affect Your Business: Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
Envision Credit Union
https://www.tallahassee.com/story/money/2021/08/26/envision-credit-union-taking-steps-after-possible-cyber-attack-lockbit/8254377002/Exploit: Ransomware
Envision Credit Union: Bank
Risk to Business: 1.673=Severe
The LockBit 2.0 ransomware group has threatened to publish stolen data of its newest target, Envision Credit Union in Florida, on August 30. Envision Credit Union disclosed to the media that recently began “experiencing technical difficulties on certain systems” after the LockBit announcement went up on the gang’s leak site. An investifation is ongoing and the bank has not yet disclosed exactly what (if any) data was stolen.
Customers Impacted: Unknown
How It Could Affect Your Business: Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.
Atlanta Allergy & Asthma
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.917 = Severe
Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.
Individual Risk: 1.835 = Severe
The data seen by researchers includes what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018 and more than 100 audits including a multi-page detailed review of a patient’s case.
How It Could Affect Your Business: Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.
Germany – Puma
https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html
Exploit: HackingPuma: Sportswear Brand
Risk to Business: 1.721 = Severe
Threat actors claim to have stolen data from German sportswear giant Puma. The cybercriminals announced the score in a post on a message board at the rising dark web marketplace Marketo claims to have about 1GB of data stolen from the company. Published samples contain the source code of internal management applications potentially linked to the company’s Product Management Portal.
Customers Impacted: Unknown
How it Could Affect Your Business: Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.
Thailand – Bangkok Airways
https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/Exploit: Ransomware
Bangkok Airways: Airline
Risk to Business: 1.802 = Severe
Bangkok Airways has announced that it has experienced a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system”. There’s no word from the company about how many customers were involved in the breach or what timeframe the data came from, but they were quick to assure customers that no operations or aeronautics systems or data was impacted.
Individual Risk: 1.761 = Severe
The company said in a statement that their initial an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline were accessed by the hackers.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Take Sensible Precautions and Set Strong Password Policies or Pay the Price
What’s the fastest way for a cybercriminal to get into a company’s environment and cause chaos? If you answered “a stolen legitimate password”, you’re right. Cybercriminals love nothing more than getting their hands on an employee password that lets them slip into systems undetected to steal data, deploy ransomware or work other mischiefs – especially a privileged administrator or executive password. Unfortunately for businesses, bad actors can often accomplish their goal without phishing. It’s become easier than ever for them to make that dream a reality thanks to the boatload of password data that has traveled to the dark web. But there are a few things every organization can do to keep their company passwords safely in-house instead of on the dark web.Dark Web Data is the Reason That It’s Always Password Season
The dark web has always been a clearinghouse for passwords. As the years have gone by, more and more stolen records, passwords, financial information and other data has made its way to the dark web through myriad data breaches. It’s a vicious cycle. Every new breach brings a fresh influx of data into the pool, and every influx of data can spawn a new breach. This pattern will keep on repeating, making the danger of credential compromise bigger every year. Credentials were the top type of information stolen in data breaches worldwide in 2020, and cybercriminals were quick to capitalize on their successes. An estimated 20 billion fresh passwords made their way to the dark web last year.This year’s giant influx of fresh passwords from events like the RockYou 2021 leak just keeps priming the pump for new cybercrimes, especially password-fueled schemes like credential stuffing, the gateway to all sorts of bad outcomes like ransomware, and business email compromise, the most expensive cybercrime of 2020. Earlier this summer, the personally identifying data and user records data of 700M LinkedIn users appeared on a popular dark web forum – more than 92% of LinkedIn’s estimated total of 756M users. That created an enormous splash that will ultimately ripple out into a whole new world of opportunity for cybercrime.
Big companies aren’t doing any better. In a 2021 study, researchers found the passwords for 25.9 million Fortune 1000 business accounts floating around on the dark web. If cybercriminals felt like they really needed a privileged password to get the job done, that wasn’t a problem either. Credentials for 133,927 C-level Fortune 1000 executives were also accessible to bad actors on the dark web. Altogether, researchers determined that over 281 million records of personally identifiable information (PII) for employees of Fortune 1000 companies were readily available in dark web markets and dumps, making it easy for bad actors to find and use in hacking and fraud operations.
Reuse and Recycling is Killing Companies
Far and away, password reuse and recycling is the biggest obstacle that companies face when trying to build a strong cybersecurity culture and keep their data safe. An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused, a factor that every company should keep in mind when creating and setting password security policies. Employees aren’t making the mistake of reusing passwords from ignorance either. Over 90% of participants in a password habits survey understood the risk of password reuse but that didn’t stop them because 59% admitted to doing it anyway that disconnect is a huge problem for businesses everywhere.Bad Password Hygiene is Putting Your Data in Danger
- More than 60% of employees use the same password across multiple work and home applications.
- 82% of workers admitted sometimes reusing the same passwords and credentials
- 44 million Microsoft users admitted in a survey that they often use the same password on more than one account
- 43% of Microsoft’s survey respondents have shared their work password with someone in their home for another use
- About 20% of employees have reused their work password for online shopping, social media or streaming accounts
What Do Passwords Go for on the Dark Web Anyway?
It depends on the password, but stolen credentials can sell for a pretty penny. For a legitimate stolen corporate network credential, you’re looking at around over $3,000. But that is far from the top price a really useful password can fetch in the booming dark web data markets. Among the most valuable leaked credentials are those magic keys that unlock privileged access to corporate networks. Those types of credentials can go for as much as $120,000. That’s a price some cybercrime gangs will gladly pay to enable them to launch ransomware attacks that can fetch them millions in ransom money.What You Can Do About It
Protecting business credentials from exposure on the dark web is an important part of creating a sturdy defense for any business. Encouraging safe password generation and handling policies helps build a strong cybersecurity culture that keeps information security risks at the top of everyone’s mind, encouraging them to practice good password habits.- Enable multifactor authentication
- Never allow an employee to reuse or iterate a password
- Configure software to make password reuse impossible
- Require regular password changes
- Make it standard to create a unique password for every account
- Do not allow passwords to be written down or stored in text files
- Use a password manager and make it available for employees
Take Sensible Precautions and Set Strong Password Policies or Pay the Price
What’s the fastest way for a cybercriminal to get into a company’s environment and cause chaos? If you answered “a stolen legitimate password”, you’re right. Cybercriminals love nothing more than getting their hands on an employee password that lets them slip into systems undetected to steal data, deploy ransomware or work other mischiefs – especially a privileged administrator or executive password. Unfortunately for businesses, bad actors can often accomplish their goal without phishing. It’s become easier than ever for them to make that dream a reality thanks to the boatload of password data that has traveled to the dark web. But there are a few things every organization can do to keep their company passwords safely in-house instead of on the dark web.
Dark Web Data is the Reason That It’s Always Password Season
The dark web has always been a clearinghouse for passwords. As the years have gone by, more and more stolen records, passwords, financial information and other data has made its way to the dark web through myriad data breaches. It’s a vicious cycle. Every new breach brings a fresh influx of data into the pool, and every influx of data can spawn a new breach. This pattern will keep on repeating, making the danger of credential compromise bigger every year. Credentials were the top type of information stolen in data breaches worldwide in 2020, and cybercriminals were quick to capitalize on their successes. An estimated 20 billion fresh passwords made their way to the dark web last year.This year’s giant influx of fresh passwords from events like the RockYou 2021 leak just keeps priming the pump for new cybercrimes, especially password-fueled schemes like credential stuffing, the gateway to all sorts of bad outcomes like ransomware, and business email compromise, the most expensive cybercrime of 2020. Earlier this summer, the personally identifying data and user records data of 700M LinkedIn users appeared on a popular dark web forum – more than 92% of LinkedIn’s estimated total of 756M users. That created an enormous splash that will ultimately ripple out into a whole new world of opportunity for cybercrime.
Big companies aren’t doing any better. In a 2021 study, researchers found the passwords for 25.9 million Fortune 1000 business accounts floating around on the dark web. If cybercriminals felt like they really needed a privileged password to get the job done, that wasn’t a problem either. Credentials for 133,927 C-level Fortune 1000 executives were also accessible to bad actors on the dark web. Altogether, researchers determined that over 281 million records of personally identifiable information (PII) for employees of Fortune 1000 companies were readily available in dark web markets and dumps, making it easy for bad actors to find and use in hacking and fraud operations.
Reuse and Recycling is Killing Companies
Far and away, password reuse and recycling is the biggest obstacle that companies face when trying to build a strong cybersecurity culture and keep their data safe. An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused, a factor that every company should keep in mind when creating and setting password security policies. Employees aren’t making the mistake of reusing passwords from ignorance either. Over 90% of participants in a password habits survey understood the risk of password reuse but that didn’t stop them because 59% admitted to doing it anyway that disconnect is a huge problem for businesses everywhere.
Bad Password Hygiene is Putting Your Data in Danger
- More than 60% of employees use the same password across multiple work and home applications.
- 82% of workers admitted sometimes reusing the same passwords and credentials
- 44 million Microsoft users admitted in a survey that they often use the same password on more than one account
- 43% of Microsoft’s survey respondents have shared their work password with someone in their home for another use
- About 20% of employees have reused their work password for online shopping, social media or streaming accounts
What Do Passwords Go for on the Dark Web Anyway?
It depends on the password, but stolen credentials can sell for a pretty penny. For a legitimate stolen corporate network credential, you’re looking at around over $3,000. But that is far from the top price a really useful password can fetch in the booming dark web data markets. Among the most valuable leaked credentials are those magic keys that unlock privileged access to corporate networks. Those types of credentials can go for as much as $120,000. That’s a price some cybercrime gangs will gladly pay to enable them to launch ransomware attacks that can fetch them millions in ransom money.What You Can Do About It
Protecting business credentials from exposure on the dark web is an important part of creating a sturdy defense for any business. Encouraging safe password generation and handling policies helps build a strong cybersecurity culture that keeps information security risks at the top of everyone’s mind, encouraging them to practice good password habits.- Enable multifactor authentication
- Never allow an employee to reuse or iterate a password
- Configure software to make password reuse impossible
- Require regular password changes
- Make it standard to create a unique password for every account
- Do not allow passwords to be written down or stored in text files
- Use a password manager and make it available for employees
AT&T
https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/Exploit: Hacking
AT&T: Communications Conglomerate
Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.
Customers Impacted: Unknown
How It Could Affect Your Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.
Indiana Department of Health
https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/
Exploit: MisconfigurationIndiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
How It Could Affect Your Business: Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
St. Joseph’s/Candler Health System
https://portswigger.net/daily-swig/us-healthcare-org-sends-data-breach-warning-to-1-4m-patients-following-ransomware-attackExploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
How It Could Affect Your Business: It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
Japan – Liquid
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
Japan – Tokio Marine Holdings
https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/
Exploit: RansomwareTokio Marine Holdings: Insurer
Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.
Customers Impacted: Unknown
How it Could Affect Your Business: Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms
Brazil – Lojas Renner
https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/Exploit: Ransomware
Lojas Renner: Fashion Retailer
Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Brazil – National Treasury (Tesouro Nacional Brasil)
https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/
Exploit: HackingNational Treasury (Tesouro Nacional Brasil): National Government Agency
Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.
How it Could Affect Your Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.
AT&T
https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/Exploit: Hacking
AT&T: Communications Conglomerate
Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.
Customers Impacted: Unknown
How It Could Affect Your Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.
Indiana Department of Health
https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/
Exploit: MisconfigurationIndiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
How It Could Affect Your Business: Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
St. Joseph’s/Candler Health System
https://portswigger.net/daily-swig/us-healthcare-org-sends-data-breach-warning-to-1-4m-patients-following-ransomware-attackExploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
How It Could Affect Your Business: It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
Japan – Liquid
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
Japan – Tokio Marine Holdings
https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/
Exploit: RansomwareTokio Marine Holdings: Insurer
Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.
Customers Impacted: Unknown
How it Could Affect Your Business: Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms
Brazil – Lojas Renner
https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/Exploit: Ransomware
Lojas Renner: Fashion Retailer
Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Brazil – National Treasury (Tesouro Nacional Brasil)
https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/
Exploit: HackingNational Treasury (Tesouro Nacional Brasil): National Government Agency
Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.
How it Could Affect Your Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.