Thursday, February 24, 2022

n a Nation-State Cyberattack Hit Your Business?

Can a Nation-State Cyberattack Hit Your Business?


Nation-state cybercrime isn’t just a problem for government agencies and the military anymore. Threat actors have been branching out to hit companies in industries that have never been in the crosshairs before in a variety of industries, serving notice that every business is at risk of trouble.  

An estimated 90% of nation-state cybercrime groups regularly attack organizations outside of the government or critical infrastructure sectors. Sometimes they’re looking for information or back doors into high-profile targets that those organizations might serve or do business with. Sometimes they just want to make money. But they’re always out to cause problems for businesses caught up in the tide. 

Nation-state threat actors use a common technique to hit their targets: phishing. Reducing your phishing risk is a great way to reduce your company’s risk from that source. That’s why it’s essential to your company’s success that you conduct regular phishing resistance training using a comprehensive solution like BullPhish ID. Arm your employees with knowledge to reduce the chance that they’ll be tricked by the bad guys.  


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Week in Breach - 02-16-202

OpenSea’s phishing flood just keeps getting worse, Britain’s NHS is ensnared in a new data exposure drama thanks to a supply chain snafu and Baltimore officials fall for a BEC trap plus how nation-state cybercrime is threatening your clients right now.  





Meyer Manufacturing Co. Ltd.

https://www.securityweek.com/cookware-distribution-giant-meyer-discloses-data-breach

Exploit: Ransomware

Meyer Manufacturing Co. Ltd.: Cookware Manufacturing & Distribution

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.177= Severe

Meyer Manufacturing Co. Ltd recently filed a data breach notification disclosing a ransomware attack that impacted employees of its distribution arm. Bleeping Computer reports that this attack is the work of the Conti ransomware group. In its disclosure, Meyer said the initial incident occurred in October 2021 but was not discovered until December 2021. The attack affected Meyer and its subsidiaries, including Hestan Commercial Corp., Hestan Smart Cooking, Hestan Vineyards and Blue Mountain Enterprises LLC.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919= Severe

Employee personal information was snatched in this incident including their first and last name, address, date of birth, gender, race or ethnicity, Social Security number, health insurance information, medical information, driver’s license, passport or government-issued identification number, and Permanent Resident Card and information regarding immigration status. 

Customers Impacted: Unknown

How It Could Affect Your Business: Data that can be used to falsify identities is a valuable commodity on the dark web and cybercriminals never stop looking for soft targets that enable them to steal it.



The City of Baltimore

https://www.infosecurity-magazine.com/news/baltimore-conned-out-of-375k/

Exploit: Business Email Compromise

The City of Baltimore: Municipality

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.251=Extreme

Buckle up because this is a saga. A report just released by the Office of the Inspector General (OIG) details a business email compromise disaster that ended up costing the city of Baltimore more than $375,000. In this incident, bad actors managed to change the bank details kept on file for a vendor who had an agreement with Baltimore’s Mayor’s Office of Children and Family Success (MOCFS). The cybercriminals contacted both MOCFS and Baltimore’s Bureau of Accounting and Payroll Services (BAPS) asking to have the vendor’s banking information updated to send payments to a different bank account at another financial institution. BAPS ultimately complied with the fraudster’s change request, then began sending electronic payments to the new address. You know how this one ends up. Ultimately, cybercriminals made off with $376,213.10. The vendor was not named, but the report noted that cybercriminals had gained access to the vendor’s email accounts through a phishing attack. 

Customers Impacted: Unknown

How It Could Affect Your Business Business email compromise is the most dangerous cybercrime according to FBI IC3, 64x worse than ransomware. This is why.



The Internet Society (ISOC)

https://thecyberwire.com/newsletters/privacy-briefing/4/33

Exploit: Misconfiguration

The Internet Society (ISOC): Non-Profit

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

Cybersecurity researchers recently announced the discovery of a trove of information belonging to ISOC in an unsecured Microsoft Azure blob. The blob was reported to contain contained millions of files with personal and login details belonging to ISOC members. ISOC has secured the blob but there’s no telling how long that data was exposed for or who may have seen it.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.282= Moderate

The member data exposed includes members’ full names, preferred language, the account ID, donation history, login credentials, social media tokens, email and street addresses, genders and similar personal information.

Customers Impacted: Unknown

How It Could Affect Your Business: Human error aka employee negligence is the biggest cause of a data breach because it’s what makes things like this happen.



Expeditors International

https://www.bleepingcomputer.com/news/security/expeditors-shuts-down-global-operations-after-likely-ransomware-attack/ 

Exploit: Ransomware

Expeditors International: Logistics & Freight Forwarding

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.364 = Extreme

Expeditors International was hit by a ransomware attack over the President’s Day holiday weekend that has resulted in the company being forced to shut down most of its operations worldwide. First announced by the company on Sunday night, Expeditors International warned that services and systems may be offline until they can restore them from backups. The incident could snarl supply chains globally. Expeditors International handles warehousing and distribution, transportation, customs and compliance at 350 locations worldwide.

Customers Impacted: Unknown

How it Could Affect Your Business Supply chain disruption has been the name of the game for cybercriminals and freight forwarders on land and on the sea have been constantly targetted lately



OpenSea

 https://www.cnbc.com/2022/02/20/nft-marketplace-opensea-is-investigating-a-phishing-hack.html

Exploit: Phishing

OpenSea: NFT Trading Marketplace

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.282=Extreme

Online NFT marketplace OpenSea has been embroiled in controversy after a cyberattack cost investors their NFT. There’s been a lot of back-and-forth on this one. A phishing attack perpetrated on the platform’s users is purportedly to blame for the incident that has so far left more than 30 of its users unable to access their NFTs, although some claims have been made on Twitter pointing to a flaw in the platform’s code. Reports say that the attacker has made somewhere between $1.7 – 2 million in Ethereum from selling some of the stolen NFTs. An estimated 254 tokens were stolen over three hours.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Business Phishing is a danger to any business in any industry, and it can do massive damage as well as cost a fortune.







United Kingdom – National Health Service (NHS)

https://www.dailymail.co.uk/news/article-10531637/Tens-thousands-NHS-patients-private-medical-information-leaked-shocking-data-breach.html 

Exploit: Third-Party Data Breach

National Health Service (NHS): National Healthcare Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.919 = Moderate

A shocking report from the Daily Mail details the exposure of all sorts of sensitive data for thousands of patients served by the NHS. The information was exposed by an NHS service provider, PSL Print Management. Reports say that the exposed confidential files include hospital appointment letters for women’s health emergencies, test results of cervical screening and letters to parents of children needing urgent surgery. The information dates back as far as 2015, a huge no-no under data protection rules. The incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Business Third-party risk is a problem that will only continue growing worse for organizations as they increasingly farm out work to smaller specialty service providers.

Switzerland РThe University of Neuch̢tel

https://www.swissinfo.ch/eng/university-of-neuch%C3%A2tel-hit-by-cyberattack/47360432

Exploit: Ransomware

The University of Neuchâtel: Institution of Higher Learning 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate

Swiss college The University of Neuchâtel is back online after a cyberattack that is likely ransomware knocked its systems out last week. The attack encrypted some systems making it impossible for students or employees to access materials and systems related to classwork. The university is unable to confirm if any data was stolen. Operations have since been restored.

Customers Impacted: Unknown

How it Could Affect Your Business Schools at every level have been battered by cybercrime since the start of the global pandemic. 




Japan – Mizuno

https://www.bleepingcomputer.com/news/security/sports-brand-mizuno-hit-with-ransomware-attack-delaying-orders/

Exploit: Ransomware

Mizuno: Sports Equipment and Sportswear Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe

Japanese brand Mizuno has experienced some business disruption after a ransomware attack on its US-based operations corporate network. The incident left the company facing phone outages and order delays as systems are restored. Customers have been left unable to place new orders or track orders in progress as well. No word on an expected timeline for restoration.  

No information about consumer/employee PII, PHI or financial data exposure was available at press time. 

Customers Impacted: Unknown

How it Could Affect Your Business Retailers have been experiencing a serious increase in ransomware attacks in the last 12 months.






1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

4 Common Myths Involving Data Security

4 Common Myths Involving Data Security

 

Keeping your data secure is always a full-time job for businesses. Staying proactive against data breaches is essential to IT security due to the wide range of cyber threats. Unfortunately, a few simple mistakes can lead to devastating losses and ruin the reputation of your company. Learning tips on how to protect your data is key to avoiding common errors that can result in severe consequences.

 

Here are the four most common myths involving data security. 

 

1) Meeting Industry Regulations is Enough

Staying in compliance with the different regulations in your industry is a necessity for data security. A lack of compliance can often lead to substantial fines. Unfortunately, many companies feel that meeting these standards is enough for cybersecurity. However, many of these guidelines only meet the bare minimum for IT security, as it's critical for your business to put in additional safeguards to limit the chance of a data breach. Continuing to look at ways to secure your data is necessary due to the ever-changing nature of cyber attacks.

 

2) Cybercriminals Only Attack Large Businesses

One of the biggest myths about data security is that cybercriminals only focus on large corporations. However, a small to mid-size business is often more likely to be a target due to a lack of robust IT security measures compared to large companies. Investing in cybersecurity protection is a necessity in keeping your information safe. Working with managed IT services is especially beneficial for small businesses that don't have the budget to operate an in-house IT department.

 

3) IT Department is Solely Responsible for Security

Another common myth involving data security is that it's the sole responsibility of your IT team. While IT workers play a vital role in data security, they can't always protect your business against cybersecurity incidents. Educating and training your in-house employees on how to avoid making common data security mistakes is essential. An IT service provider can offer frequent training sessions for your employees to help them stay up to date on the latest cybersecurity tips.

 

4) Cybersecurity Only Involves External Threats

Sometimes a data breach can happen due to an insider threat. A disgruntled employee may leak confidential data to a competitor or even sell this data on the dark web. One way to limit the chance of this happening is to use a monitoring system to identify any suspicious actions. A managed service provider can use these tools to monitor your data around the clock to help prevent any potential issues before they result in a much bigger incident.

 

Closing Thoughts

Data security will remain a top concern in the workplace. Cybercriminals are always developing innovative ways to target confidential information, as partnering with an IT service provider is a great investment for small businesses. Educating your team about the dangers of data breaches is also a key aspect to staying proactive against these dangers. IT security measures will only continue to evolve, as learning how to avoid these common data security myths is essential for companies of any size.

 

By Robert Blake – Bit by Bit Computer Consulting

817.505.1257

721 N Fielder Road #B

Arlington TX 76012

 

www.Bitxbit.com


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Wednesday, February 2, 2022

Stealing Straight from the Source: Electronic Arts (EA)


Original Story Published: https://www.idagent.com/blog/the-week-in-breach-news-07-28-21-08-03-21/

Exploit: Ransomware

Electronic Arts (EA): Video Game Maker

Hackers leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum. Initially, they released a cache of 1.3GB of FIFA source code on July 14 as part of a demand for payment to stop them from releasing the rest, but after EA refused to play ball, the rest was added. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network, ultimately allowing them to download more than 780GB of source code from the company’s internal code repositories. 

On June 10, the hackers posted a thread on an underground hacking forum claiming to be in possession of EA data, which they were willing to sell for $28 million. When they failed to find a buyer, they attempted to extort EA, and that effort was also unsuccessful. EA did not pay the extortionists, who then dumped the data on the dark web. The source code of the FIFA 21 soccer game, including tools to support the company’s server-side services, reportedly hit dark web forums shortly thereafter. 

Key Takeaway: Cybercriminals are hungry for data and that includes proprietary data about projects and products. This trend also tracks with medical research and pharmaceutical data.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Theft from the Rich and The Poor: Robinhood


Original Story Published: https://www.idagent.com/blog/the-week-in-breach-news-11-10-21-11-16-21/

Exploit: Hacking  

Robinhood: Financial Services Platform

Financial services platform Robinhood made the news after disclosing a data breach on November 3. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. 

Bleeping Computer reported that two days after Robinhood disclosed the attack, a threat actor named ‘pompompurin’ announced that they were selling the stolen information on of 7 million Robinhood customers’ for at least five figures, which is $10,000 or higher.on a hacking forum

Key Takeaway: Stock trading became trendy with meme stocks gaining traction on social media as new investors entered the market quickly and easily through apps like Robinhood. But FinTech and similar sectors also caught the eye of cybercriminals who stepped up their hacking efforts looking for quick scores of cryptocurrency and financial data.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Invasion of the Data Snatchers: Accenture


Original Story Published: https://www.idagent.com/blog/the-week-in-breach-news-08-11-21-08-17-21/

Exploit: Ransomware

Accenture: Consulting Firm

The LockBit ransomware gang hit consulting giant Accenture in mid-August. In a post on its dark web announcement site, the gang offered multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site showed a folder named W1 purportedly containing contains a collection of PDF documents stolen from the company. The LockBit ransomware gang reported the theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. 

Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company’s systems in August 2021 in its fourth quarter and full fiscal year financial reporting. After the incident, the ransomware group reportedly told BleepingComputer that it had leveraged stolen Accenture data to hit several other businesses, potentially including attacks on Bangkok Airways and Ethiopian Airlines.

Key Takeaway: Companies that store large amounts of data like financial records or PII were high on cybercriminal hit lists in 2021 because that data was an especially valuable commodity in the booming dark web data markets. 



Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Food for Thought: New Cooperative & Crystal Valley Cooperative

 

Original Story Published: https://www.idagent.com/blog/the-week-in-breach-news-09-22-21-09-28-21/

Exploit: Ransomware

New Cooperative & Crystal Valley Cooperative: Agricultural Services

Twin breaches in agriculture had the potential to cause significant disruptions in the US food supply chain. Iowa-based farm service provider New Cooperative was the first ag company hit with a ransomware attack in late October, causing the company to shut down its IT systems. As part of its announcement, the company stated that there would be “public disruption” to the grain, pork and chicken supply chain if its operations are not restored quickly. Following the incident, New Cooperative officials said that 40% of the nation’s grain production runs through its software.

New ransomware group BlackMatter claimed responsibility, releasing proof on their dark web leak site, saying that they have 1,000GB of data. BlackMatter demanded a $5.9 million ransom from New Cooperative, which the organization refused to pay. Minnesota-based farm supply and grain marketing cooperative Crystal Valley was the next hit by a ransomware attack a few days later. The company announced that all of its corporate IT systems were shut down and they were unable to process credit card payments. It also noted that this is a very bad time for cyberattacks in the industry as it is harvest season.

Key Takeaway: Ransomware attacks against industries that are both under pressure and in essential economic positions became a regular occurrence during 2020 and that trend is continuing.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

An International Incident: Microsoft


Original Story Published: https://www.idagent.com/blog/the-week-in-breach-data-breach-news-03-03-21-03-09-21/

Exploit: Product Vulnerability (Nation-State Hacking)

Microsoft: Software Developer 

Microsoft reported that suspected Chinese nation-state actors that it identified as Hafnium exploited a flaw in Exchange that gave them access to an unspecified amount of data or email accounts. In its blog, Microsoft stated that Hafnium had engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. The company detailed the exact method that was used as a three-step process. First, Hafnium would gain access to a victim’s Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create a web shell to control the compromised server remotely. Third, it would use that remote access (run from US-based private servers) to steal data from the victim organization’s network. 

Microsoft estimated that 30,000 or so customers were affected. This flaw impacted a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers were able to steal emails and install malware to continue surveillance of their targets. Patches were quickly made available, but the damage had been done.

Key Takeaways: This incident had an impact that is still being measured. Companies that quickly patched the flaw fared better than companies that didn’t. This incident is a reminder that risk can come from unexpected directions at any time.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

The Hack Heard Round the World: Colonial Pipeline


Original Story Published: https://www.idagent.com/blog/the-week-in-breach-data-breach-news-05-05-21-05-11-21/

Exploit: Ransomware

Colonial Pipeline: Fuel Pipeline Operator

On May 6, 2021, A major Russian hacking gang has successfully mounted a ransomware attack on major US fuel transporter Colonial Pipeline. The company is the operator of the largest fuel pipeline in the US, moving fuel into states on the Eastern seaboard, transporting more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor. Founded in 1962 and headquartered in Alpharetta, Georgia, privately-held Colonial Pipeline provides roughly 45% of the East Coast’s fuel, including gasoline, diesel, home heating oil, jet fuel and military supplies.

The point of entry for the gang was reportedly a single compromised employee password. Using that stolen password, the DarkSide affiliate slipped inside Colonial Pipeline’s admittedly lax digital security and delivered their cargo, DarkSide’s proprietary ransomware, to encrypt Colonial Pipeline’s systems and data. A little more than one week after the initial intrusion, an employee starting their day’s work in the Colonial Pipeline central control room saw a ransom note demanding cryptocurrency pop up on their computer and called in their supervisor. Then the race began for Colonial Pipeline as they tried to outpace the infection to preserve their systems and data. After shutting down the pipeline to try to mitigate the damage and prevent the hackers from further penetration, Colonial had to scramble to bring in experts to help. The company purportedly paid a ransom of 75 bitcoin or $4.4 million. In addition, the gang stole an estimated 100 gigabytes of data that had the potential to be highly sensitive. Shortly after this attack, DarkSide went dark for good. 

Read a complete breakdown of the attack timeline with more details: https://www.graphus.ai/blog/diary-of-a-ransomware-attack-inside-the-colonial-pipeline-incident/

Key Takeaway: Cyberattacks against infrastructure targets have become a hot topic, and companies that own and operate them should be cognizant of their elevated risk.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831