This week, we’ll explore: hacking at SITA with a wide ripple effect, nation-state actors sliding in through a Microsoft flaw and how the pandemic has changed phishing for the worse – plus we’ve got an amazing (and timely) eBook on Supply Chain & Third-Party Risk and a magical new infographic for you just in time for St. Patrick’s Day!
United States – CallX
https://www.infosecurity-magazine.com/news/telemarketing-biz-exposes-114000/
Exploit: Unsecured Server
CallX: Telemarketing Firm
Risk to Business: 1.727 = Severe
An unsecured AWS S3 bucket has been leaking information gathered by CallX, whose analytics services are utilized by a wide array of companies including LendingTree, Liberty Mutual Insurance and Vivint to improve their media buying and inbound marketing. Discovered by researchers, 114,000 files were left publicly accessibly in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.
Individual Risk: 1.447 = Extreme
Personally identifiable information (PII) contained in these files included full names, home addresses, phone numbers and call details. The leaked data can be used to launch spear phishing attacks and other fraud.
Customers Impacted: Unknown
How it Could Affect You: Information like this makes its way quickly to the bustling data markets and dumps on the dark web, seeding future trouble.
United States – Qualys
Exploit: Third-Party Breach (Ransomware)
Qualys: Cybersecurity & Cloud Development
Risk to Business: 1.412 = Extreme
Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. The Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm including purchase orders, invoices, tax documents and scan reports.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect You It’s especially damaging for a cybersecurity company to fall victim to something like ransomware. Unfortunately, this problem came through a third-party partner, but potential customers may see a cybersecurity firm that can’t protect itself.
United States – PrismHR
Exploit: Ransomware
PrismHR: Payroll Services
Risk to Business: 2.212 = Severe
A suspected ransomware attack has brought trouble to payroll giant Prism HR and its clients. PrismHR’s platform is experiencing a service outage as a result, which has led to smaller accountants, and their clients, to lose access to PrismHR’s customer portals.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect You: Ransomware can strike anytime, anywhere and companies of any size are vulnerable. Smart companies take proper precautions like increased security awareness training.
United States – Microsoft
https://www.nytimes.com/2021/03/06/technology/microsoft-hack-china.html
Exploit: Nation-State Hacking
Microsoft: Software Developer
Risk to Business: 1.227 = Extreme
Microsoft is reporting a that suspected Chinese nation-state actors have exploited a flaw in Exchange that has given them some access to data or email accounts. The company estimates that 30,000 or so customers were affected. This flaw impacts a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers were able to steal emails and install malware to continue surveillance of their targets. Patches are available and should be installed immediately.
Individual Impact: No sensitive personal or financial information was announced as part of this incident from Microsoft directly, but organizations around the world will be conducting assessments with potentially wide-ranging fallouts.
Customers Impacted: Unknown
How it Could Affect You: This is a tremendous problem for businesses of every size, and something that will be lingering for years for impacted organizations.
United Kingdom – Nova Education Trust
https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/
Exploit: Hacking
Nova Education Trust: School System
Risk to Business: 1.702 = Severe
15 schools in the United Kingdom have been unable to provide online learning due to a cyberattack. According to Nova Education Trust, a threat actor was able to access the trust’s central network infrastructure and while an investigation took place, all existing phone, email and website communication was stalled. The 15 schools impacted by the central cybersecurity incident were not able to provide typical remote learning and teachers have been unable to upload learning materials. Alternative access is being used to keep schools open.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect You: Hackers have been a continued source of trouble for educational institutions as the pandemic forced learning online. Threat actors have used this opportunity to attack a sector with traditionally weak security and profit handsomely.
The Netherlands – Ticketcounter
Exploit: Hacking
Ticketcounter: Ticketing Platform
Risk to Business: 1.603 = Severe
Ticketcounter, a platform that allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue, suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.
Individual Risk: 2.673 = Moderate
The data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords. People who use Ticketcounter should be aware of potential spear phishing attempts.
Customers Impacted: Unknown
How it Could Affect You: Unsecured servers are a rookie move. It pays to make sure that you’re following basic security procedures when storing or moving data.
France – European Banking Authority (EBA)
https://www.bbc.com/news/technology-56321567
Exploit: Third-Party Breach
European Banking Authority: Regulatory Agency
Risk to Business: 1.993 = Severe
The first dominos to fall in the massive Microsoft breach (see above) will be government entities in the US and Europe. Starting that trend, the European Banking Authority has announced that it’s been impacted. EBA officials say that personal data may have been accessed from its servers. The agency has taken its email system offline temporarily as part of its investigation and remediation process.
Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.
Customers Impacted: Unknown
How it Could Affect You: Third-party and supply chain risk is amping up for every business as an interconnected world creates new openings for danger
Switzerland – Adecco Group
https://cybernews.com/security/5-million-adecco-com-users-data-leaked/
Exploit: Unsecured Database
Adecco Group: Staffing Firm
Risk to Business: 1.913 = Severe
Security researchers visiting a hacking forum uncovered bad actors purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second-largest human resources and temp staffing provider in the world. About 5 million records were stolen from accounts in Peru, Brazil, Argentina, Colombia, Chile and Ecuador.
Individual Impact: No details about the type of information is available and an investigation is ongoing.
Customers Impacted: up to 5 million
How it Could Affect You: Make sure that you’re covering the easy baases by making sure that basic security protocols are being followed throughout your organization because embarrassing, damaging incidents like this can happen to you.
Switzerland РSITA Soci̩t̩ Internationale de T̩l̩communications A̩ronautiques (SITA)
https://heimdalsecurity.com/blog/outspread-sita-security-breach-exposes-more-airlines/
Exploit: Hacking
SITA: Aviation IT
Risk to Business: 1.116 = Extreme
Aviation IT giant SITA has announced that it has experienced a hacking-related security breach that impacts airlines in the Star Alliance and the One World alliance. Those airlines include Singapore Airlines, Air New Zealand, British Airways, American Airlines, Lufthansa, Malaysia Airlines, Finnair, Japan Airlines, United Airlines, SAS, Cathay Pacific, and South Korean airline Juju Air. Customers were unable to access many functions within carriers’ online platforms including frequent flyer and ticketing information.
Individual Impact: The investigation is ongoing, but there is an expectation that cybercriminals may have been able to access some basic PII through various airlines’ accounts. No real detail is available.
Customers Impacted: Over 2 million
How it Could Affect You: Third-party incidents are unfortunate. They’re also a reality of the modern business world. Taking precautions on your side of the relationship by adding security measures like multifactor authentication (MFA) to blunt the impact of relationship risk.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
No comments:
Post a Comment