InTegriLogic Blog
The Week in Breach News: 01/18/23 – 01/24/23
Riot Games
Exploit: Social Engineering
Riot Games: Video Game Company
Risk to Business: 1.776 = Moderate
Riot Games has experienced a data breach that has impacted its release schedule for game patches. Riot is the video game developer and publisher behind the popular games League of Legends and Valorant. A company spokesperson said that systems in their development environment had been compromised as the result of a social engineering attack. The company said that there’s no indication that player data or personal information was obtained. However, the incident has impacted its ability to deliver game content and may delay future game updates. The incident is under investigation.
How It Could Affect Your Business: Intellectual property and proprietary data are also attractive targets for cybercriminals.
NextGen Healthcare
https://therecord.media/electronic-health-record-giant-nextgen-dealing-with-cyberattack/
Exploit: Ransomware
NextGen Healthcare: Medical Records Software Company
Risk to Business: 2.021 = Severe
NextGen Healthcare is the latest company to fall victim to a AlphV/BlackCat ransomware attack. The company, a major provider of electronic health record (EHR) software and practice management systems, was added to the AlphV/BlackCat group’s dark web leak site last week. NextGen serves hundreds of the biggest hospitals and clinics in the U.S., U.K., India and Canada. The company said that the incident is under investigation. No information was available about any ransom demands at press time.
How It Could Affect Your Business: The penalties that healthcare business services companies face for a data breach are just as steep as for a healthcare provider.
Yum! Brands
Exploit: Ransomware
Yum! Brands: Fast Food Corporation
Risk to Business: 1.837 = Severe
Fast food giant Yum! Brands fell victim to a ransomware attack that caused the temporary closure of 300 locations in the United Kingdom. Yum! Brands oversees the KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains. The company did not name the gang involved or offer details about any ransom demands. Yum! Brands said that upon discovery of the problem, it initiated an incident response that involved closing Uk stores briefly, but that the impacted UK stores have reopened. Yum! Brands disclosed that data was stolen in the attack but said that the company does not see evidence that customer information has been exposed.
How It Could Affect Your Business: Ransomware can lead to severe business impacts like closures and loss of business that cause major revenue damage.
PayPal
Exploit: Credential Stuffing
PayPal: Electronic Payments Processor
Risk to Business: 1.981 = Extreme
PayPal is notifying thousands of users that their accounts may have been accessed through a credential stuffing attack. The company said that this attack occurred between December 6 and December 8, 2022. By December 20, 2022, PayPal’s investigation uncovered that unauthorized third parties logged into the accounts with valid credentials. The company maintains that this intrusion was not due to a breach on its systems and says that it has no evidence that the user credentials were obtained directly from Paypal. The company has notified 34,942 users that their accounts may have been impacted by the incident. Hackers may have had access to account holders’ full names, dates of birth, postal addresses, social security numbers and individual tax identification numbers. Transaction histories as well as connected credit or debit card details and PayPal invoicing data are also accessible on PayPal accounts and may have been exposed.
How It Could Affect Your Business: Even big companies can get into hot water over stolen or recycled credentials
Nissan North America
Exploit: Supply Chain Attack
Nissan North America: Carmaker
Risk to Business: 1.973 = Severe
Nissan North America has begun informing an estimated 17,998 customers that it has experienced a data breach as a result of a security incident at an unnamed third-party service provider. Nissan said that it had provided the third party real customer data from Nissan to use in developing and testing software solutions for the automaker, but that data was exposed due to a poorly configured database. The exposed data includes full names, dates of birth, and NMAC account numbers but not credit card details or Social Security numbers.
How it Could Affect Your Business: Cybersecurity flubs by service providers can cause a cascade of supply chain problems that impact other businesses too.
T-Mobile
https://techcrunch.com/2023/01/19/t-mobile-data-breach/
Exploit: Hacking
T-Mobile: Telecommunications Company
Risk to Business: 2.223 = Extreme
Major wireless communications provider T-Mobile disclosed last week that a hacker had accessed a trove of personal data for 37 million of the company’s customers. A bad actor apparently had access to T-Mobile’s customer data from November 25, 2022, until the company discovered the intrusion on January 5, 2023. T-Mobile says that the hacker obtained access through an API. The stolen data includes a customer’s name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features.
How it Could Affect Your Business: Cybercriminals are always on the hunt for fresh stores of valuable personal information like the data stolen from T-Mobile.
Qulliq Energy Corporation (QEC)
https://therecord.media/cyberattack-on-nunavut-energy-supplier-limits-company-operations/
Exploit: Hacking
Qulliq Energy Corporation (QEC): Energy Compan
Risk to Business: 1.702 = Severe
A cyberattack on the Qulliq Energy Corporation (QEC), an energy provider in Canada’s Nunavut territory, has had a major impact on the company’s administrative offices. The attack started on January 15 and took down computer systems at the corporation’s customer care and administrative offices. QEC was quick to assure customers that power plants are still operating normally. The company has cautioned consumers that it currently cannot accept bill payments through credit cards, but customers can pay using cash or through bank transfers. QEC is still trying to determine what information may have been stolen or accessed during the attack while cautioning customers that they should monitor accounts for suspicious activity and change their QEC account password.
How it Could Affect Your Business: Infrastructure like utilities have been increasingly endangered by cybercriminals, especially ransomware gangs.
Costa Rica – Ministry of Public Works and Transport (MOPT)
https://therecord.media/costa-ricas-ministry-of-public-works-and-transport-crippled-by-ransomware-attack/
Exploit: Ransomware
Ministry of Public Works and Transport (MOPT): Government Agency
Risk to Business: 1.831 = Extreme
Costa Rica’s Ministry of Public Works and Transport (MOPT) said in a statement that 12 of its servers were encrypted last Tuesday as the result of a successful ransomware attack by an unnamed group. All of MOPT’s computer systems were knocked offline. MOPT reassured citizens that driving tests are still being conducted in person, although license issuance services were briefly disrupted. Costa Rica’s agency responsible for road safety, The Road Safety Council was quick to inform the public that its computer infrastructure is separate from MOPT, and it was not affected by the ransomware attack. No ransomware group has claimed responsibility and no information about any ransom demand was available at press time. The Costa Rican government dealt with a widespread and crippling ransomware attack by the Conti group in mid-2022 that ultimately resulted in the country’s refusal to pay the $10 million ransom.
How it Could Affect Your Business: Although this attack did not have an impact on public safety, it could have created a very dangerous circumstance.
Norway – DNV
https://www.bankinfosecurity.com/ransomware-attack-affects-1000-vessels-worldwide-a-20939
Exploit: Ransomware
DNV: Ship Software Provider
Risk to Business: 2.103 = Severe
Norwegian maritime classification company DNV was hit by a successful ransomware attack that impacted about 1,000 vessels around the world. The company is the maker of the ShipManager software platform that is used to manage crewing and maintenance schedules. The problem emerged on January 7, 2022, forcing DNV to take its servers offline. DNV said that the company’s other functions, including setting standards for the construction and operation of ships, are unaffected. An estimated 7,000 vessels owned by 300 customers use ShipManager. The name of the ransomware group responsible and any ransom demand was unavailable at press time.
How it Could Affect Your Business: Ships and ports have been high on cybercriminal hit lists, creating ripples of danger that can impact businesses worldwide.