InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
AT&T
https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/Exploit: Hacking
AT&T: Communications Conglomerate
Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.
Customers Impacted: Unknown
How It Could Affect Your Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.
Indiana Department of Health
https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/
Exploit: MisconfigurationIndiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
How It Could Affect Your Business: Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
St. Joseph’s/Candler Health System
https://portswigger.net/daily-swig/us-healthcare-org-sends-data-breach-warning-to-1-4m-patients-following-ransomware-attackExploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
How It Could Affect Your Business: It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
Japan – Liquid
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
Japan – Tokio Marine Holdings
https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/
Exploit: RansomwareTokio Marine Holdings: Insurer
Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.
Customers Impacted: Unknown
How it Could Affect Your Business: Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms
Brazil – Lojas Renner
https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/Exploit: Ransomware
Lojas Renner: Fashion Retailer
Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Brazil – National Treasury (Tesouro Nacional Brasil)
https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/
Exploit: HackingNational Treasury (Tesouro Nacional Brasil): National Government Agency
Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.
How it Could Affect Your Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.
AT&T
https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/Exploit: Hacking
AT&T: Communications Conglomerate
Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.
Customers Impacted: Unknown
How It Could Affect Your Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.
Indiana Department of Health
https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/
Exploit: MisconfigurationIndiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
How It Could Affect Your Business: Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
St. Joseph’s/Candler Health System
https://portswigger.net/daily-swig/us-healthcare-org-sends-data-breach-warning-to-1-4m-patients-following-ransomware-attackExploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
How It Could Affect Your Business: It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
Japan – Liquid
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
Japan – Tokio Marine Holdings
https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/
Exploit: RansomwareTokio Marine Holdings: Insurer
Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.
Customers Impacted: Unknown
How it Could Affect Your Business: Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms
Brazil – Lojas Renner
https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/Exploit: Ransomware
Lojas Renner: Fashion Retailer
Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Brazil – National Treasury (Tesouro Nacional Brasil)
https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/
Exploit: HackingNational Treasury (Tesouro Nacional Brasil): National Government Agency
Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.
How it Could Affect Your Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.
Accenture
https://threatpost.com/accenture-lockbit-ransomware-attack/168594/
Exploit: RansomwareAccenture: Consulting Firm
Risk to Business: 1.437 = Extreme
The LockBit ransomware gang has hit consulting giant Accenture. In a post on its dark web announcement site, the gang is offering multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company. The LockBit ransomware gang reports theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. News outlets are reporting that the hack was the result of an insider job.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware hits against big service providers are attractive for cybercriminals because they often open up fresh avenues of attack, creating third-party risk.
Ford Motor Company
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
Ford Motor Company: Automobile Manufacturer
Risk to Business: 2.033 = Severe
A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.
Risk to Individual: 2.371 = Severe
The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history and other details.
How It Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
T- Mobile
https://gizmodo.com/hacker-claims-to-have-data-on-more-than-100-million-t-m-1847491056Exploit: Hacking
T-Mobile: Mobile Phone Company
Risk to Business: 1.673=Severe
Hackers are claiming that they’ve obtained data related to more than 100 million US T-Mobile customers in a post on a popular dark web forum. They’re selling access to part of the information for 6 Bitcoin which translates into roughly $277,000. T-Mobile has confirmed the incident after some back-and-forth.
Risk to Business: 1.737=Severe
The data purportedly stolen is records and information for consumers including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.
How It Could Affect Your Business: Cybercriminals love personal data, the number one type of data stolen in 2020. Protecting customer data is critical to maintaining good customer relationships.
Maine Department of Environmental Protection
Exploit: RansomwareMaine Department of Environmental Protection: State Government Agency
Risk to Business: 1.825 = Severe
Ransomware attacks endangered operations at two Maine wastewater treatment facilities this week. The attacks occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. Officials were quick to note that the attacks presented no threat to public health and safety, characterizing them as minor. Operations have been restored.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
France – Chanel
https://www.infosecurity-magazine.com/news/chanel-apologizes-for-data-breach/Exploit: Ransomware
Chanel: Fashion House
Risk to Business: 2.721 = Moderate
French luxury brand Chanel has issued an apology after personal data belonging to its customers was exposed in an incident that impacted customers in Korea. A database belonging to the famed perfume and fashion brand is believed to have been compromised by hackers in a cyberattack at an unnamed cloud-based data storage firm.
Risk to Business: 2.326 = Moderate
The stolen data includes birth dates, customer names, gender details, passwords, phone numbers and shopping or payment history. The incident is still under investigation and complete details have not been released.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Germany – Crytek Studios
https://www.bleepingcomputer.com/news/security/crytek-confirms-egregor-ransomware-attack-customer-data-theft/Exploit: Ransomware
Crytek Games: Game Studio
Risk to Business: 1.612 = Severe
German game developer Crytek has just disclosed that the Egregor ransomware gang breached its network in late 2020 obtaining client information, stealing proprietary data and encrypting systems. Files related to online FPS hit WarFace, development data on Crytek’s canceled Arena of Fate MOBA game, and documents with information on their network operations. The company downplayed the impact in a letter to potentially impacted individuals.
Risk to Business: 1.669 = Severe
The customer information exposed included players’ first and last name, job title, company name, email, business address, phone number and country. Impacted players have been sent a notification by mail.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Israel – Bar Ilan University
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Nation-State Hacking
Bar Ilan University: Institution of Higher Learning
Risk to Business: 1.111 = Severe
A cyberattack that targeted Israel’s Bar Ilan University over the weekend was likely launched by Chinese threat actors as part of a massive attack against Israeli targets in varied sectors. In a report released by FireEye, the incident is categorized as part of a large-scale Chinese attack on Israel, in itself part of a broader campaign that targeted Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use ransomware to strike at their targets because it is cheap and effective.
Accenture
https://threatpost.com/accenture-lockbit-ransomware-attack/168594/
Exploit: RansomwareAccenture: Consulting Firm
Risk to Business: 1.437 = Extreme
The LockBit ransomware gang has hit consulting giant Accenture. In a post on its dark web announcement site, the gang is offering multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company. The LockBit ransomware gang reports theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. News outlets are reporting that the hack was the result of an insider job.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware hits against big service providers are attractive for cybercriminals because they often open up fresh avenues of attack, creating third-party risk.
Ford Motor Company
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
Ford Motor Company: Automobile Manufacturer
Risk to Business: 2.033 = Severe
A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.
Risk to Individual: 2.371 = Severe
The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history and other details.
How It Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
T- Mobile
https://gizmodo.com/hacker-claims-to-have-data-on-more-than-100-million-t-m-1847491056Exploit: Hacking
T-Mobile: Mobile Phone Company
Risk to Business: 1.673=Severe
Hackers are claiming that they’ve obtained data related to more than 100 million US T-Mobile customers in a post on a popular dark web forum. They’re selling access to part of the information for 6 Bitcoin which translates into roughly $277,000. T-Mobile has confirmed the incident after some back-and-forth.
Risk to Business: 1.737=Severe
The data purportedly stolen is records and information for consumers including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.
How It Could Affect Your Business: Cybercriminals love personal data, the number one type of data stolen in 2020. Protecting customer data is critical to maintaining good customer relationships.
Maine Department of Environmental Protection
Exploit: RansomwareMaine Department of Environmental Protection: State Government Agency
Risk to Business: 1.825 = Severe
Ransomware attacks endangered operations at two Maine wastewater treatment facilities this week. The attacks occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. Officials were quick to note that the attacks presented no threat to public health and safety, characterizing them as minor. Operations have been restored.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
France – Chanel
https://www.infosecurity-magazine.com/news/chanel-apologizes-for-data-breach/Exploit: Ransomware
Chanel: Fashion House
Risk to Business: 2.721 = Moderate
French luxury brand Chanel has issued an apology after personal data belonging to its customers was exposed in an incident that impacted customers in Korea. A database belonging to the famed perfume and fashion brand is believed to have been compromised by hackers in a cyberattack at an unnamed cloud-based data storage firm.
Risk to Business: 2.326 = Moderate
The stolen data includes birth dates, customer names, gender details, passwords, phone numbers and shopping or payment history. The incident is still under investigation and complete details have not been released.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Germany – Crytek Studios
https://www.bleepingcomputer.com/news/security/crytek-confirms-egregor-ransomware-attack-customer-data-theft/Exploit: Ransomware
Crytek Games: Game Studio
Risk to Business: 1.612 = Severe
German game developer Crytek has just disclosed that the Egregor ransomware gang breached its network in late 2020 obtaining client information, stealing proprietary data and encrypting systems. Files related to online FPS hit WarFace, development data on Crytek’s canceled Arena of Fate MOBA game, and documents with information on their network operations. The company downplayed the impact in a letter to potentially impacted individuals.
Risk to Business: 1.669 = Severe
The customer information exposed included players’ first and last name, job title, company name, email, business address, phone number and country. Impacted players have been sent a notification by mail.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Israel – Bar Ilan University
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Nation-State Hacking
Bar Ilan University: Institution of Higher Learning
Risk to Business: 1.111 = Severe
A cyberattack that targeted Israel’s Bar Ilan University over the weekend was likely launched by Chinese threat actors as part of a massive attack against Israeli targets in varied sectors. In a report released by FireEye, the incident is categorized as part of a large-scale Chinese attack on Israel, in itself part of a broader campaign that targeted Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use ransomware to strike at their targets because it is cheap and effective.
Advanced Technology Ventures
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Exploit: RansomwareElectronic Arts (EA): Video Game Maker
Risk to Business: 1.207 = Extreme
Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, has disclosed that it was hit by a ransomware attack. The cybercriminals were able to steal personal information about the company’s private investors. ATV said it became aware of the attack on July 9 after its servers storing financial information were encrypted by ransomware. By July 26, the company learned that its investor data had been stolen from the servers before the files were encrypted, a hallmark of the “double extortion” tactic used by ransomware groups.
Individual Risk: 1.326 = Extreme
Investor data was accessed by cybercriminals. ATV believes the names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack. Some 300 individuals were affected by the incident
How It Could Affect Your Business: Ransomware tactics like double and triple extortion allow cybercriminals to score even bigger paydays, making them very popular techniques.
SeniorAdvisor
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
SeniorAdvisor: Senior Care Review Site
Risk to Business: 1.663 = Severe
Researchers have discovered a misconfigured Amazon S3 bucket owned by SeniorAdvisor, a site that provides ratings and information for senior care facilities. The bucket in question contained the personal data of more than three million people categorized as “leads”. The team found around 2000 “scrubbed” reviews in the misconfigured bucket, in which the user’s sensitive information was wiped or redacted. In total, it contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.
Risk to Individual: 1.271 = Severe
This exposed bucket was full of data including names, emails, phone numbers and dates contacted for every person designated as a lead, comprising an estimated 3 million consumers.
How it Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
University of Kentucky
https://therecord.media/university-of-kentucky-discovers-data-breach-during-scheduled-pen-test/Exploit: Hacking
University of Kentucky: Institution of Higher Learning
Risk to Business: 2.223=Severe
In a head-shaking turn of irony, officials at the University of Kentucky discovered that they’d already been breached while conducting a penetration test. The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed as a component of its Open-Source Tools for Instructional Support (OTIS) framework. That program provides free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. University officials said that their investigation discovered that an unknown threat actor accessed the system between January 8, 2021, and February 6, 2021, to gain access to the DDL platform and acquire a copy of its internal database.
Risk to Business: 2.223=Severe
The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals. The university was careful to note that the stolen information included only emails and passwords and no SSNs or financial details were included.
How it Could Affect Your Business: Cybercriminals have been increasingly setting their sights on education targets since the onset of the global pandemic, and that trend is not stopping in 2021.
Reindeer
https://www.enterprisesecuritytech.com/post/defunct-marketing-company-leaked-the-sensitive-data-of-over-300-000-peopleExploit: Misconfiguration
Reindeer: Digital Marketing Firm
Risk to Business: 1.705 = Severe
New York-based digital media advertising and marketing company Reindeer left an unpleasant surprise behind when it closed its doors: an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files for a total of 32 GB of exposed data. The information exposed included about 1,400 profile photos and the details of approximately 306,000 customers in total. Users in 35 countries were represented with the US, Canada, and Great Britain accounting for almost 280,000 of those users. Nothing can be done to secure this data now.
Individual Risk: 1.622 = Severe
PII exposed includes customer names, surnames, email addresses, dates of birth, physical addresses, hashed passwords, and Facebook IDs for an estimated 306,000 customers.
How it Could Affect Your Business: Unexpected risks from sources like zombie accounts are around every corner, so taking that possibility seriously and mitigating risk from nasty surprises is critical.
School District No. 73 (SD73, Kamloops-Thompson)
Exploit: Nation-State HackingSchool District No. 73 (SD73, Kamloops-Thompson): Education Provider
Risk to Business: 2.911 = Moderate
School District No. 73 (SD73, Kamloops-Thompson) said it was notified that third-party service provider that it uses for travel and medical insurance provider for its international student program, guard.me, experienced a data breach that potentially exposed student information. Guard.me released a statement about the data security incident that spawned this data exposure, noting that the incident occurred during June 2021.
Risk to Business: 2.936 = Moderate
Student personal information that may be impacted by this incident includes identity information, contact information and other information provided to support submitted claims. impacted individuals are encouraged to visit the Canadian Anti-Fraud Centre for further information about how to protect themselves.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Italy – ERG
https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Italian energy company ERG reported minimal impact on infrastructure or consumer-facing services following a LockBit 2.0 ransomware incident. ERG is the leading Italian wind power operator and among the top ten onshore operators on the European market, with a growing presence in France, Germany, Poland, Romania, Bulgaria, and the United Kingdom. ERG was purchased by European power giant Enel earlier this week.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Taiwan – Gigabyte
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Misconfiguration
Gigabyte: Motherboard Manufacturer
Risk to Business: 1.602 = Severe
Motherboard manufacturer Gigabyte has been hit by the RansomEXX ransomware gang. The Taiwanese company was forced to shut down systems in Taiwan as well as multiple customer and consumer-facing websites of the company, including its support site and portions of the Taiwanese website. RansomEXX threat actors claimed to have stolen 112GB of data during the attack in an announcement on their leak site.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware operators are savvy to taking advantage of industries that are under stress as has been frequently exemplified in the last year.