Ransomware is on a round-the-world tour this week, visiting major players like JVCKenwood, Marketron and Sandhills Global. Explore the factors that influence IT decision-making (and spending) plus get your copy of our must-have new eBook, Monsters of Cybersecurity!
What was that noise? Is it a ghost or one of the Monsters of Cybersecurity breaking in to steal your data? Learn how to ward off those foul fiends fast!
Sandhills Global
Exploit: Ransomware
Sandhills Global: IT & Digital Publishing
Risk to Business: 1.337 = Extreme
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.
Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: Unknown
Marketron
Exploit: Ransomware
Marketron: Marketing Services Company
Risk to Business: 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand. The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.
Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: 320,000
90% of IT pros have had clients hit with a ransomware attack in the last 12 months. Help your clients build stronger defenses with the insight in Ransomware Exposed! DOWNLOAD NOW>>
Portpass
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749
Exploit: Misconfiguration
Portpass: COVID-19 Vaccine Passport Platform
Risk to Business: 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.
Individual Risk: 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.
Customers Impacted: 650,000
United Kingdom – Giant Group
https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/
Exploit: Ransomware
Giant Group: Payroll Services Firm
Risk to Business: 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.
Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.
Customers Impacted: Unknown
France – TiteLive
Exploit: Ransomware
TiteLive: Bookstore Support Platform Provider
Risk to Business: 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.
Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.
Customers Impacted: Unknown
Israel – E.M.I.T Aviation Consulting
Exploit: Ransomware
E.M.I.T Aviation Consulting: Defense Aviation Consulting
Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.
Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.
Customers Impacted: Unknown
New Zealand – Aquila Technology
Exploit: Credential Compromise
Aquila Technology: Communications Equipment Retailer
Risk to Business: 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.
Individual Risk: 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.
Customers Impacted: Unknown
Japan – JVCKenwood
Exploit: Ransomware
JVCKenwood: Audio Equipment Manufacturer
Risk to Business: 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.
Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time, although the sample points to employee information exposure.
Customers Impacted: Unknown
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
No comments:
Post a Comment