InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
United Nations
https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/
Exploit: Credential CompromiseUnited Nations: Global Intergovernmental Organization
Risk to Business: 1.623 = Severe
Hackers have broken into the computer network of the United Nations and made off with data. The unidentified cybercriminals responsible for the hit appear to have gained access using employee login credentials stolen from a UN employee. Reports say that the bad actors logged into the employee’s Umoja account, the enterprise resource planning system implemented by the UN in 2015. This intrusion took place over an extended period of time. Investigators determined that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.
Customers Impacted: Unknown
How It Could Affect Your Business: This is a big target that regularly handles and sensitive data. The fact that it took several months to detect an intrusion is worrying.
Texas Right to Life
https://techcrunch.com/2021/09/07/texas-right-to-life-website-exposed-job-applicants-resumes/
Exploit: MisconfigurationDuPage Medical Group: Healthcare Practice
Risk to Business: 2.636 = Moderate
Anti-choice political action group Texas Right to Life is in hot water after it exposed the personal information of hundreds of job applicants on its website. Investigators have blamed a configuration error that allowed anyone to access all applicants’ resumes, which were stored in an unprotected directory. No additional information appears to have been exposed.
Individual Risk: 2.712 = Moderate
Job applicants had names, phone numbers, addresses and details of their employment history exposed, as the data included complete resumes for approximately 300 people..
How It Could Affect Your Business: Sloppy setups are responsible for too any data breaches. Establishing a strong cybersecurity culture combats this problem.
Dotty’s
https://portswigger.net/daily-swig/data-breach-at-us-restaurant-and-gambling-chain-dottys-may-have-leaked-sensitive-customer-informationExploit: Ransomware
Dotty’s: Fast Food Restaurant and Gambling Parlor Chain
Risk to Business: 1.673=Severe
Dotty’s, a fast food chain that offers gambling services across 175 locations, has experienced a cyberattack that severely impacted operations. The chain, owned and operated by Nevada Restaurant Services, announced that malware was discovered on some computer systems that allowed cybercriminals to access and copy customer data including some highly sensitive material.
Individual Risk: 1.673=Severe
The data snatched includes customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates. Impacted customers are being informed by mail.
How It Could Affect Your Business: Whe a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause.
United Kingdom – McDonald’s
https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/Exploit: Misconfiguration
McDonald’s: Fast Food Chain
Risk to Business: 1.917 = Severe
The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.
Customers Impacted: Unknown
How It Could Affect Your Business: Human error will always be the biggest enemy of cybersecurity. Ensure that mistakes like this don’t happen by making sure everone knows that they’re responsible for security and not just the IT team.
Israel – City4U
https://www.jpost.com/israel-news/hacker-claims-to-have-stolen-information-of-7-million-israelis-678905Exploit: Hacking
City4U: Municipal Services Platform
Risk to Business: 1.721 = Severe
Cybercriminals are claiming to have committed an audacious hack that scored them the personal information of around seven million Israelis, approximately 80% of Israel’s population, by hacking into City4U. The website is used by municipalities to allow residents to conduct business like paying utility bills, taxes and fines. The hackers made the claim through a telegram posting, providing samples of the stolen data as proof that included photos of identity cards and financial data.
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
https://www.connexionfrance.com/French-news/Personal-details-of-8-700-French-visa-applicants-exposed-by-hackersExploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Huge data hauls like this are goldmines for cybercriminals, who can make plenty of cash by selling 2020’s number one desirable resource on the dark web: personal data.
Singapore – MyRepublic
https://www.zdnet.com/article/myrepublic-customers-compromised-in-third-party-data-breach/Exploit: Third Party Breach
MyRepublic: Mobile Carrier
Risk to Business: 1.802 = Severe
Mobile Carrier MyRepublic has announced that 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The company disclosed that the incident was uncovered on August 29 and the relevant authorities had been informed of the breach, including industry regulator Infocomm Media Development Authority (IMDA) and the country’s Personal Data Protection Commission, which oversees Singapore’s Personal Data Protection Act (PDPA).
Individual Risk: 1.802 = Severe
Cybercriminals were able to access customer records containing PII like the identity verification documents that customers had provided for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.
How it Could Affect Your Business: Third party risk is escalating as business operations become less centralized and more businesses rely on specialty services providers for day-to-day chores.
South Africa – Department of Justice and Constitutional Development
Exploit: RansomwareDepartment of Justice and Constitutional Development: Government Agency
Risk to Business: 1.802 = Severe
A ransomware attack struck the Department of Justice and Constitutional Development of South Africa. According to a department statement, many departments have been impacted, including the issuing of letters of authority, bail services, departmental email and the departmental website. Some services are available through old-fashioned pen and paper and child support payments won’t be delayed. The department announced that its team is working to restore operations. The incident is under investigation, and no word was available at press time on who was responsible for the attack.
How it Could Affect Your Business: Ransomware doesn’t always go after data. Sometimes cybercriminals want to hold the whole business to ransom, impeding operations and notching up embarrassment.
United Nations
https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/
Exploit: Credential CompromiseUnited Nations: Global Intergovernmental Organization
Risk to Business: 1.623 = Severe
Hackers have broken into the computer network of the United Nations and made off with data. The unidentified cybercriminals responsible for the hit appear to have gained access using employee login credentials stolen from a UN employee. Reports say that the bad actors logged into the employee’s Umoja account, the enterprise resource planning system implemented by the UN in 2015. This intrusion took place over an extended period of time. Investigators determined that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.
Customers Impacted: Unknown
How It Could Affect Your Business: This is a big target that regularly handles and sensitive data. The fact that it took several months to detect an intrusion is worrying.
Texas Right to Life
https://techcrunch.com/2021/09/07/texas-right-to-life-website-exposed-job-applicants-resumes/
Exploit: MisconfigurationDuPage Medical Group: Healthcare Practice
Risk to Business: 2.636 = Moderate
Anti-choice political action group Texas Right to Life is in hot water after it exposed the personal information of hundreds of job applicants on its website. Investigators have blamed a configuration error that allowed anyone to access all applicants’ resumes, which were stored in an unprotected directory. No additional information appears to have been exposed.
Individual Risk: 2.712 = Moderate
Job applicants had names, phone numbers, addresses and details of their employment history exposed, as the data included complete resumes for approximately 300 people..
How It Could Affect Your Business: Sloppy setups are responsible for too any data breaches. Establishing a strong cybersecurity culture combats this problem.
Dotty’s
https://portswigger.net/daily-swig/data-breach-at-us-restaurant-and-gambling-chain-dottys-may-have-leaked-sensitive-customer-informationExploit: Ransomware
Dotty’s: Fast Food Restaurant and Gambling Parlor Chain
Risk to Business: 1.673=Severe
Dotty’s, a fast food chain that offers gambling services across 175 locations, has experienced a cyberattack that severely impacted operations. The chain, owned and operated by Nevada Restaurant Services, announced that malware was discovered on some computer systems that allowed cybercriminals to access and copy customer data including some highly sensitive material.
Individual Risk: 1.673=Severe
The data snatched includes customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates. Impacted customers are being informed by mail.
How It Could Affect Your Business: Whe a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause.
United Kingdom – McDonald’s
https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/Exploit: Misconfiguration
McDonald’s: Fast Food Chain
Risk to Business: 1.917 = Severe
The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.
Customers Impacted: Unknown
How It Could Affect Your Business: Human error will always be the biggest enemy of cybersecurity. Ensure that mistakes like this don’t happen by making sure everone knows that they’re responsible for security and not just the IT team.
Israel – City4U
https://www.jpost.com/israel-news/hacker-claims-to-have-stolen-information-of-7-million-israelis-678905Exploit: Hacking
City4U: Municipal Services Platform
Risk to Business: 1.721 = Severe
Cybercriminals are claiming to have committed an audacious hack that scored them the personal information of around seven million Israelis, approximately 80% of Israel’s population, by hacking into City4U. The website is used by municipalities to allow residents to conduct business like paying utility bills, taxes and fines. The hackers made the claim through a telegram posting, providing samples of the stolen data as proof that included photos of identity cards and financial data.
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
https://www.connexionfrance.com/French-news/Personal-details-of-8-700-French-visa-applicants-exposed-by-hackersExploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Huge data hauls like this are goldmines for cybercriminals, who can make plenty of cash by selling 2020’s number one desirable resource on the dark web: personal data.
Singapore – MyRepublic
https://www.zdnet.com/article/myrepublic-customers-compromised-in-third-party-data-breach/Exploit: Third Party Breach
MyRepublic: Mobile Carrier
Risk to Business: 1.802 = Severe
Mobile Carrier MyRepublic has announced that 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The company disclosed that the incident was uncovered on August 29 and the relevant authorities had been informed of the breach, including industry regulator Infocomm Media Development Authority (IMDA) and the country’s Personal Data Protection Commission, which oversees Singapore’s Personal Data Protection Act (PDPA).
Individual Risk: 1.802 = Severe
Cybercriminals were able to access customer records containing PII like the identity verification documents that customers had provided for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.
How it Could Affect Your Business: Third party risk is escalating as business operations become less centralized and more businesses rely on specialty services providers for day-to-day chores.
South Africa – Department of Justice and Constitutional Development
Exploit: RansomwareDepartment of Justice and Constitutional Development: Government Agency
Risk to Business: 1.802 = Severe
A ransomware attack struck the Department of Justice and Constitutional Development of South Africa. According to a department statement, many departments have been impacted, including the issuing of letters of authority, bail services, departmental email and the departmental website. Some services are available through old-fashioned pen and paper and child support payments won’t be delayed. The department announced that its team is working to restore operations. The incident is under investigation, and no word was available at press time on who was responsible for the attack.
How it Could Affect Your Business: Ransomware doesn’t always go after data. Sometimes cybercriminals want to hold the whole business to ransom, impeding operations and notching up embarrassment.
Pacific City Bank
Exploit: Ransomware
Pacific City Bank: Financial Institution
Risk to Business: 1.623 = Severe
Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Practice
Risk to Business: 1.636 = Severe
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.
Individual Risk: 1.866 = Severe
The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.
Customers Impacted: 600,000 patients
How It Could Affect Your Business: Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.
Career Group, Inc.
https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers
Exploit: Ransomware
Career Group, Inc.: Staffing Company
Risk to Business: 1.673=Severe
California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.
Individual Risk: 1.673=Severe
The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.
Customers Impacted: 49,476
How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.
Howard University
https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack
Exploit: Ransomware
Howard University: Institution of Higher Learning
Risk to Business: 1.917 = Severe
Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.
Individual Impact: No information was available at press time about the types of data that was stolen if any.
Customers Impacted: Unknown
How It Could Affect Your Business: Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.
France – Francetest
Exploit: Misconfiguration
Francetest: COVID-19 Test & Trace Platform
Risk to Business: 1.721 = Severe
A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.
Individual Risk: 1.761 = Severe
Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.
Customers Impacted: 700,000
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
Exploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.
Japan – Fujitsu
https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/
Exploit: Hacking
Fujitsu: Information Technology
Risk to Business: 1.802 = Severe
Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Indonesia – electronic Health Alert Card
Exploit: Misconfiguration
electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform
Risk to Business: 1.802 = Severe
A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.
Individual Risk: 1.5882 = Severe
The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.
How it Could Affect Your Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.
Pacific City Bank
Exploit: Ransomware
Pacific City Bank: Financial Institution
Risk to Business: 1.623 = Severe
Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Practice
Risk to Business: 1.636 = Severe
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.
Individual Risk: 1.866 = Severe
The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.
Customers Impacted: 600,000 patients
How It Could Affect Your Business: Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.
Career Group, Inc.
https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers
Exploit: Ransomware
Career Group, Inc.: Staffing Company
Risk to Business: 1.673=Severe
California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.
Individual Risk: 1.673=Severe
The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.
Customers Impacted: 49,476
How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.
Howard University
https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack
Exploit: Ransomware
Howard University: Institution of Higher Learning
Risk to Business: 1.917 = Severe
Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.
Individual Impact: No information was available at press time about the types of data that was stolen if any.
Customers Impacted: Unknown
How It Could Affect Your Business: Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.
France – Francetest
Exploit: Misconfiguration
Francetest: COVID-19 Test & Trace Platform
Risk to Business: 1.721 = Severe
A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.
Individual Risk: 1.761 = Severe
Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.
Customers Impacted: 700,000
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
Exploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.
Japan – Fujitsu
https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/
Exploit: Hacking
Fujitsu: Information Technology
Risk to Business: 1.802 = Severe
Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Indonesia – electronic Health Alert Card
Exploit: Misconfiguration
electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform
Risk to Business: 1.802 = Severe
A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.
Individual Risk: 1.5882 = Severe
The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.
How it Could Affect Your Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.
Let Dark Web Facts (Not Hype) Inform Your Security Decisions
Dark web threats are growing increasingly more dangerous as a booming dark web economy drives cybercrime to new heights, setting records for phishing, hacking and (of course) ransomware. This cybercrime wave is creating additional pressure on already overstressed cybersecurity teams. But there’s a lot of hype out there about the dark web that’s designed to scare instead of inform. Let’s cut through the noise with some real dark web facts.Don’t make decisions about your organization’s security posture until you see these essential 2021 Dark Web facts.
- Dark Web activity has increased by 300% in the last 3 years.
- Over 30% of North Americans access the dark web regularly.
- In 2020, credentials for about 133,927 C-level Fortune 1000 executives were available on the dark web
- More than 22 billion new records were added to the dark web in 2020
- Satellite affiliates of cybercrime gangs pay the boss gang 10 – 20% of the take on each successful job
- An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps.
- About 65% of active criminal gangs rely on spear phishing powered by dark web data to launch attacks.
- The largest credential file to ever hit the dark web at once is the RockYou2021 password leak.
- Hackers attack every 39 seconds, on average 2,244 times a day.
- 60% of the information available on the Dark Web could potentially harm enterprises.
What’s For Sale on the Dark Web?
In addition to information, Dark Web markets also deal in other nefarious things like criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, cybercrime software, cracked credentials and other illicit items. Cybercriminals also enjoy gambling and all sorts of strange things are in the pot at dark web online poker games.In a recent breakdown of activity in popular dark web forums, researchers noted:
- An estimated 90% of posts on dark web forums are from buyers looking to contract someone for cybercrime.
- Almost 70% of dark web forum hiring posts were looking for cybercriminals to do some website hacking.
- Over 20% were looking for bad actors who could obtain specifically targeted user or client databases.
- About 7% of forum posts were ads for hackers looking for work.
- 2% of forum posts were made by cybercriminal developers who were selling the tools