Friday, June 25, 2021

Supply chain risks

The spotlight is on supply chain risk and security blunders this week as we see the ripple effect of the Codecov and SITA supply-chain attacks continue, plus we’ll dive into the new Verizon Data Breach Investigation Report for 10 things you need to see and give you an introduction to our new Nano Sessions!




United States – Utility Trailer Manufacturing 

https://www.freightwaves.com/news/trailer-maker-utility-targeted-in-ransomware-attack

Exploit: Ransomware

Utility Trailer Manufacturing: Trailer Fabrication 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.655= Severe 

California-based Utility Trailer Manufacturing was hit by the Clop ransomware gang. As proof of the hit, the gang released 5 gigabytes of data to the dark web this week. The company has not been clear on the impact of the breach beyond saying that client data including payment records were not accessed and manufacturing remains normal.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.507= Severe 

While the company is staying mum about the content of the breach, researchers have determined that an extensive amount of sensitive personal data about employees, including payrolls and human resources information was included in the incident after finding it on the dark web. Past and present employees should be alert for identity theft and spear phishing attempts.

Customers Impacted: Unknown

How It Could Affect Your Business: A new ransomware attack is launched every 40 seconds, and every business is in the line of fire. Making sure that you have all the bases covered and taking smart precautions like increased security awareness training can help reduce risk.



United States – Alaska Department of Health and Social Services 

https://www.govinfosecurity.com/alaska-health-department-services-affected-by-malware-attack-a-16708

Exploit: Malware

Alaska Department of Health and Social Services: Regional Human Services Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.833= Severe 

The Alaska health department’s website was taken offline Monday evening and will be unavailable to the public for an indeterminate amount of time as IT teams work to investigate and recover from a malware attack. COVID-19 immunization and most data dashboards are maintained by an outside contractor and are still operational. The department’s main website, background check system, the state of Alaska’s vital records system, Alaska’s behavioral health and substance abuse management system and the state’s system for schools to report vaccine data to public health have all been impacted. 

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Malware that takes important systems offline can seriously impact an organization’s operations, costing a fortune in remediation, investigation and recovery. Government targets have been especially appealing to cybercriminals due to their notoriously weak security.



United States – Bergen Logistics  

https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/

Exploit: Unsecured Database

Bergen Logistics: Shipping & Fulfillment 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate 

Security researchers recently discovered an exposed database belonging to Bergen Logistics. The Elasticsearch server contains a trove of 467,979 login credentials and shipment records relevant to the company’s customers. Bergen Logistics handles import/export, picking and packing for clients in the fashion industry. the company also direct ships to customers of online marketplaces and e-commerce stores. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.772= Moderate 

The exposed data for customers includes names, addresses, order numbers and details, email and contact information and plaintext passwords to customer accounts. This data could be used for spear phishing attempts. 

Customers Impacted: Unknown

How it Could Affect Your Business There are enough ways to suffer a cybersecurity incident without causing them through negligence, even though employee error is still the number one cause of a data breach. Making sure to cover the bases with basics goes a long way toward improving security. 





United Kingdom – One Call 

https://www.doncasterfreepress.co.uk/news/one-call-cyber-attack-all-you-need-to-know-about-hackers-darkside-and-insurance-boss-john-radford-3244076

Exploit: Ransomware

One Call: Insurer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.606 = Severe 

Insurer OneCall admitted last week that a ransomware attack disrupted its core IT system and forced it to shut down its servers. The attack was perpetrated by the notorious DarkSide gang, which purportedly went dark after the Colonial Pipeline fiasco. the hackers are demanding a ransom of more than $20k. The company has released no clear information on what data was stolen or how long the investigation and recovery will take, although news outlets are reporting customer and financial data as potentially stolen by the gang. 

Individual Impact: No confirmation is available as to whether sensitive personal or financial information was compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially those in major gangs. Increased security awareness training is a must for every client because it makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.



United Kingdom – FastTrack Reflex Recruitment 

https://www.hackread.com/uk-recruitment-firm-exposed-applicants-data/

Exploit: Misconfiguration

FastTrack Reflex Recruitment: Staffing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.882 = Severe 

FastTrack Reflex Recruitment is the latest company to join the ranks of businesses that have had data leaks due to misconfigured AWS S3 buckets. The leaky bucket contained CVs for applicants and also included PII. Experts counted 21,000 client files (including duplicates), equating to 5GB of data,

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.780 = Severe 

In the bucket, applicant CVs were exposed including attached identity documents like passports, work permits, identity card numbers and similar documents. In many cases, names, addresses, social media profile URLs, contact information DOBs and photos were also exposed

Customers Impacted: 21K applicants

How it Could Affect Your Business: Simple failures in setup like this are a symptom of low standards and a sloppy cybersecurity culture. They’re also a quick way into disaster as this will not only cost money to fix, it will also incur penalties under GDPR and similar legislation.



Ireland – Ardagh Group

https://portswigger.net/daily-swig/packaging-vendor-ardagh-admits-cyber-attack-disrupted-operations

Exploit: Ransomware

Ardagh Group: Packaging Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

Glass and metal packaging giant Ardagh Group was snarled in a suspected ransomware attack. The company said that metal and glass packaging facilities remained operational, but the attack has caused shipping delays and interruptions. Investigation and remediation are underway, and the company expects to have everything back online by the end of the month.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Make sure your clients are taking every possible precaution against ransomware because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.





New Zealand – Waikato District Health Board 

https://www.theregister.com/2021/05/19/new_zealand_hospitals_taken_down/

Exploit: Ransomware

Waikato District Health Board: Regional Healthcare Agency 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.115 = Extreme

Waikato District Health Board (DHB) had most of its IT services go offline Tuesday morning as the result of a suspect Conti ransomware attack, severely impacting services at six of its affiliate hospitals. Only email service has escaped the shutdown. With patient notes inaccessible, clinical services were disrupted and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only, using pencil and paper records. Service disruptions are expected to continue for several days. 

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Attacks on healthcare targets have been at the top of the cybercriminals playbook since the beginning of the global pandemic, and they represent a threat to public health, not to mention overstressing already burned-out hospital staffers. 





India – Air India

https://www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/

Exploit: Third Party Data Breach

 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.001 = Severe

Air India disclosed a data breach impacting 4.5 million of its customers following the hack of airline passenger service system provider SITA in February 2021. Dozens of airlines around the world had data exposed in that ransomware incident and the fallout is still shaking out. The airline confirmed that the breach involved personal data and credit card information registered between August 2011 and February 2021 by Air India or its subsidiaries. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.113 = Severe

The exposed data is reported to include passenger details like name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card numbers. 

Customers Impacted: Unknown

How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.



India – Domino’s Pizza India

https://ciso.economictimes.indiatimes.com/news/user-info-linked-to-18cr-dominos-orders-leaked/82899181

Exploit: Hacking

Domino’s Pizza India: Restaurant Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.774 = Severe

Customer and employee information has been exposed in a hacking incident at Domino’s Pizza India. Security researchers discovered 13TB of employee files and customer details exposed on the dark web. The data leak may be connected to another breach of the pizza chain earlier in April. Jubilant FoodWorks, operator of the chain, said that customers’ financial information remains safe. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.671 = Severe

It is unclear what if any payment data was snatched, but personal information for customers including order dates, addresses, names, order invoices and similar data is available. The hackers claim to also have employee data, but that is unconfirmed. 

Customers Impacted: 180 million

How it Could Affect Your Business: Personal data is the most desirable information for cybercriminals right now, and every company needs to take precautions to keep them out of databases. 



Japan – Mercari 

https://www.bleepingcomputer.com/news/security/e-commerce-giant-suffers-major-data-breach-in-codecov-incident/

Exploit: Supply Chain Data Breach

Mercari: E-commerce Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.922 = Severe

In another big supply chain hit this week, Japanese marketplace Mercari has been compromised as a result of the recent Codecov breach. earlier this year, code coverage tool Codecov disclosed that it had been a victim of a supply-chain attack that lasted for two months and allowed cybercriminals to meddle with its popular Bash Uploader, opening hundreds of companies up to risk. Mercari announced that tens of thousands of customer records, including financial information, were exposed to external actors due to the Codecov breach. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.942 = Severe

In the final tally, 17,085 records related to the transfer of sales proceeds to customer accounts were exposed including bank code, branch code, account number, account holder (kana) and transfer amount; 7,966 records on business partners of “Mercari” and “Merpay,” including names, date of birth, affiliation, e-mail address, and other data were exposed. 2,615 records on employees were also impacted including those working for a Mercari subsidiary. The data is comprised of names of some employees as of April 2021, company email address, employee ID, telephone number, date of birth and other PII plus details of past employees, some contractors and employees of external companies who interacted with Mercari. 

Customers Impacted: Unknown

How it Could Affect Your Business: Third-party data breaches like this one are the future of business. Reliance on outsourced service providers gives cybercriminals an easy way to scoop up data or snatch access credentials for multiple targets in one fell swoop.





1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

One Little Email Carries Big Risks

One Little Email Carries Big Risks


The biggest danger to your company’s cybersecurity isn’t someone hacking into your systems. It’s one phishing email. Phishing is the primary delivery system for all of today’s nastiest cyberattacks, from ransomware to business email compromise, and every organization is at risk for falling victim to an attack. In a record-breaking year for cybercrime, phishing risk ballooned by more than 600% in Q2 2020 and stayed elevated for the rest of the year.

What facilitates more phishing? More email. As businesses went remote last year (and many remain hybrid this year) an enormous increase in email volume led the way for equally enormous increases in every type of phishing attack. Cybercriminals did not hesitate to capitalize on that opportunity. Industry reporting notes that business email compromise attacks were up by 14%, while cloud-based attacks shot up by more than 40%. Experts estimate that one out of every 99 messages a business receives contains a phishing attack. 

Reduce your company’s risk of phishing disaster through security awareness and phishing resistance training with BullPhish ID. Results come quickly. Companies \that run phishing simulators for the first time learn that 40% to 60% of their employees are likely to open malicious links or attachments. But after about 6 months of training, that percentage drops 20% to 25% and after 3 to 6 months more training, that number can drop to only 10% to 18%. 

An estimated  97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email. With phishing as the primary threat vector for most damaging cyberattacks, that’s bad new for businesses. Reduce your chance of getting caught by phishing by keeping your employees’ phishing resistance training up to date, because phishing attacks are definitely coming your way, with potentially devastating consequences.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Ransomware Breaches

In a Week in Breach first, it’s the All Ransomware Edition. Cybercrime gangs have been busy at Toshiba, Ireland’s health service, the US Veterans Administration and other organizations around the globe. Plus, we’ll explore the state of email security, the most likely delivery system for ransomware! 




United States – Three Affiliated Tribes

https://nativenewsonline.net/currents/three-affiliated-tribes-hit-by-ransomware-attack-holding-tribal-information-hostag

Exploit: Ransomware

 Three Affiliated Tribes: Tribal Government Organization 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.607= Severe 

The Three Affiliated Tribes (the Mandan, Hidatsa & Arikara Nations) announced to its staff and employees that its server was infected with ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information. Employees were also asked to refrain from using their work computers, Investigation and recovery is ongoing

Individual Impact: At this time, no sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Business: Protection from ransomware needs to be a top priority for every organization. These days a new attack is launched every 40 seconds putting every business in the line of fire.



United States – US Veterans Administration (VA) 

https://threatpost.com/veterans-medical-records-ransomware/166025/

Exploit: Ransomware

Veterans Administration: Federal Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612= Severe 

The VA has found itself in the cybersecurity hot seat again after a data breach at a records contractor exposed more than 200,000 records for veterans. The contractor, United Valor Solutions, appears to have been the victim of a ransomware attack. Researchers found a trove of their data online, including this sensitive VA data. The VA has announced that its Veterans Benefits Administration (VBA) Privacy Office is currently working with Medical Disability Examination Officer (MDEO) and contractors to further handle the incident, with the VA Data Breach Response Service investigating independently.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.722= Severe 

The exposed records contain included patient names, birth dates, medical information, contact information and even doctor information and appointment times, unencrypted passwords and billing details for veterans and their families, all of which could be used in socially engineered spear phishing or fraud scams.

Customers Impacted: 200,000

How it Could Affect Your Business Ransomware is the gift that keeps on giving for medical sector targets. Not only are those victims facing expensive investigation and recovery costs, but they can also expect a substantial HIPAA fine and possibly more regulatory scrutiny. 





Ireland – Health Service Executive (HSE)

https://www.bbc.com/news/world-europe-57134916

Exploit: Ransomware

Health Service Executive (HSE): National Healthcare Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.568 = Severe 

Ransomware rocked Ireland after the Conti gang perpetrated attacks on both the Department of Health and Ireland’s national healthcare provider Health Service Executive (HSE). HSE was forced to take action including shutting down the majority of its systems including all national and local systems involved in all core services and all major hospitals. The ransom demand is reported to be $20 million. The National Cyber Security Centre (NCSC) has said the HSE became aware of a significant ransomware attack on some of its systems in the early hours of Friday morning and the NCSC was informed of the issue and immediately activated its crisis response plan. On Monday, May 18, officials announced that diagnostic services were still impacted as well as other patient care necessities. Officials alos said that it may take the Irish health service weeks to repair systems and restore all services, at a price that will reach into the tens of millions of euros. 

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the preferred weapon of cybercriminals at every activity level. Increased security awareness training makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.



Germany – Brenntag 

https://www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/

Exploit: Ransomware

Brenntag: Chemical Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe 

Brenntag suffered a ransomware attack that targeted their North America division. As part of this attack, the DarkSide ransomware gang encrypted devices on the network and stole unencrypted files. This is the same gang that starred in last week’s Colonial Pipeline incident. On their leak site, DarkSide claimed to have stolen 150GB of data during their attack. Reports say that Brenntag paid the threat actors more than $5 million for the decryption key. 

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing. 

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the weapon of choice for top cybercrime gangs because they know that they’ll find a few companies who are more than willing to pony up cash rather than undertake an expensive recovery or risk having proprietary data exposed.



Norway – Volue 

https://www.smh.com.au/national/nsw/police-investigate-cyber-attack-on-nsw-labor-party-20210505-p57p4y.html

Exploit: Ransomware

Volue: Green Energy Solutions Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.1579 = Severe

Norwegian green energy solutions provider Volue has been the victim of a ransomware attack, using Ryuk ransomware. Volue offers industrial IoT, data and market analysis, power trading, construction software, optimization and trading software, water infrastructure documentation and management, and transition and distribution software solutions to more than 2,200 customers across 44 countries. Volue’s investigation is ongoing, but so far it has found no evidence of data exfiltration, either personal or “energy-sensitive data.” Operations are expected to be restored quickly 

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the modern cybercriminal’s weapon of choice. Make sure your clients are taking every possible precaution because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.



France – Acer Finance 

https://securityaffairs.co/wordpress/117991/cyber-crime/avaddon-ransomware-acer-finance-axa.html

Exploit: Ransomware

Acer Finance: Financial Advisors 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.677 = Severe

Avaddon ransomware came calling at Acer Finance. The Company offers risk management, mutual funds, analysis, financial planning, and advisory services. Acer Finance serves individuals, entrepreneurs, and institutional investors in France. The ransomware gang claims to have stolen confidential company information about clients and employees, and they’re giving Acer Finance 240 hours to communicate and cooperate with them before start leaking the stolen valuable company documents. As proof of the hack, the group published several ID cards, personal documents, contracts, and a screenshot of the folders containing stolen data.

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Customers’ Business: No organization is safe from phishing. Every company should make stepping up phishing resistance training a priority to reduce the chance of falling prey to an attack. 





Hong Kong – AXA 

https://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/

Exploit: Ransomware

AXA: Insurance Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

The Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from insurance giant AXA’s Asian operations including the company’s offices in Thailand, Malaysia, Hong Kong and the Philippines. The gang claims that the stolen data includes includes sensitive customer and busienss data. The attack may be connected to AXA’s announcement that they would be dropping reimbursement for ransomware extortion payments when underwriting cyberinsurance policies in France.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.713 = Severe

The group claims to have obtained 3 TB of data belonging to AXA including, customer medical reports (including those containing sexual health diagnosis), customer claims, payments to customers, customers’ bank account scanned documents, material restricted to hospitals and doctors (private fraud investigations, agreements, denied reimbursements, contracts), identification documents such as National ID cards, passports and other sensitive data.  

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware attacks as a punishment for company actions is uncommon but not surprising. Ransomware gangs like Abaddon can quickly slip under the adar to do damage at the companies that they choose to target with a simple phsihing email that packs deadly consequences. 



Japan – Toshiba 

https://www.cyberscoop.com/darkside-ransomware-toshiba-hack/

Exploit: Ransomware

Toshiba: Electronics Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.814 = Severe

European units of Japanese tech giant Toshiba are investigating a security incident in which scammers may have used a similar hacking tool to the malware used against IT systems at Colonial Pipeline. The company announced that it had been forced to disconnect network connections between Japan and Europe to stop the spread of ransomware. The attack is believed to have been perpetrated by the DarkSide ransomware gang. Toshiba Tec Group, a unit of the multinational conglomerate which makes printers and other technologies, said the firm had not yet confirmed that customer related information was leaked externally. The incident is under investigation and the company says that it has not paid any ransom. 

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

How it Could Affect Your Business: By disruptiong internal operations, ransomware can cause tremendous problems for multinational companies even if no data is stolen or systems encrypted.





1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.





Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Supply chain risks