InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 01/19/22 – 01/25/22
RR Donnelly
https://www.bleepingcomputer.com/news/security/marketing-giant-rrd-confirms-data-theft-in-conti-ransomware-attack/Exploit: Ransomware
RR Donnelly: Marketing & Communications Firm
Risk to Business: 1.227= Severe
Major marketing company RR Donnelly has disclosed that they had data stolen in a December cyberattack attributed to ransomware. The Conti ransomware group is suspected to be to blame. In the attack on December 27, 2021, the company experienced a systems intrusion that led it to shut down its network to prevent the attack’s spread. That led to disruptions for customers, with some unable to receive printed documents required for vendor payments, disbursement checks and motor vehicle documentation. The Conti ransomware gang claimed responsibility on January 15 and began leaking 2.5GB of the stolen data that has since been removed.
Customers Impacted: Unknown
How It Could Affect Your Business: A recent rash of ransomware attacks against media and communications organizations should have everyone in that sector on notice.
Strategic Benefits Advisors, Inc
https://www.jdsupra.com/legalnews/data-breach-alert-strategic-benefits-8267696/
Exploit: HackingStrategic Benefits Advisors: Human Resources Consulting Firm
Risk to Business: 2.223 =Severe
In a recent legal filing, Strategic Benefits Advisors disclosed that an unauthorized third party had gained access to its data and may have removed several files containing consumer information. The Georgia-based company provides full-service employee benefits consulting for companies in many industries.
Individual Risk: 2.419=Severe
Strategic Benefits Advisors sent breach notification letters to more than 58,000 people to inform them of the exposure which the company says was limited to full names and Social Security numbers.
How It Could Affect Your Business: Hackers have been especially interested in breaching companies that maintain large stores of data for other companies lately.
City of Tenino, Washington
https://www.govtech.com/security/washington-city-loses-280-309-to-successful-phishing-scamExploit: Phishing/BEC
City of Tenino, Washington: Municipality
Risk to Business: 1.717= Severe
The City of Tenino, Washington is down $280,309 in public funds according to the Washington State Auditor’s Office after a city employee fell for a phishing message that launched a business email compromise scam. Reports say that former Clerk Treasurer John Millard fell victim to a phishing message and paid cybercriminals a boatload of money, some without city council approval. The official reportedly initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts. News outlets are also reporting that a warning was sent out to clerks about the phishing scam immediately but that didn’t stop this disaster from happening.
Customers Impacted: Unknown
How It Could Affect Your Business: BEC is the most expensive cybercrime according to the FBI, 64X more expensive than ransomware – and it usually starts with phishing.
Switzerland – The International Red Cross
https://www.npr.org/2022/01/20/1074405423/red-cross-cyberattackExploit: Third Party/Supply Chain
The International Red Cross: Humanitarian Aid Organization
Risk to Business: 1.719 = Severe
The International Committee of the Red Cross has revealed that hackers have stolen data from a Swiss contractor that stores it for them. The stolen data includes information about over 515,000 highly vulnerable people that it has served, recipients of aid and services from at least 60 affiliates of the organization worldwide. The Red Cross says it typically reunites 12 missing people with their families every day through that program. As a result of this cyberattack, The International Red Cross has been forced to temporarily halt a program that reunites families torn apart by violence, migration or other tragedies. A spokesperson for the ICRC told news outlets that there have been no demands from the hackers in exchange for stolen data and that they were working with specialized firms to recover.
Customers Impacted: Unknown
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
Italy – Montcler
https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/Exploit: Ransomware
Montcler: Luxury Fashion & Outerwear
Risk to Business: 1.727= Severe
Luxury retailer Montcler has disclosed that it suffered a data breach in December 2021 after data began appearing on a cybercriminal leak site. The company confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was stolen and subsequently leaked after they refused to pay the demanded $3 million ransom. The AlphaV (BlackCat) ransomware operation has claimed responsibility. The stolen data is said to include earning statements, spreadsheets with what appears to be customer information, invoices and other documents, but no specifics were provided.
Customers Impacted: Unknown
How it Could Affect Your Business: retailers have been steadily climbing the cybercriminal’s target hit list, especially luxury brands and specialty retailers.
New Zealand- Kings Plant Barn
https://www.nzherald.co.nz/business/kings-plant-barn-the-latest-retailer-hit-by-click-and-collect-data-breach/HJ45OFWAJ7NGGICU4THWBEZYOI/Exploit: Third Party/Supply Chain
Kings Plant Barn: Garden Retailer
Risk to Business: 1.677 = Severe
Kings Plant Barn is notifying customers that it has experienced a data breach after a data security incident at FlexBooker. The garden chain says that client names, email addresses and collection times were exposed but not passwords or other sensitive data. FlexBooker experienced an attack before the holidays that resulted in the theft of more than three million user records. The platform is used for scheduling and employee calendar management by small businesses like doctor’s offices, real estate companies, service sector businesses and similar companies.
Customers Impacted: Unknown
How it Could Affect Your Business: In an increasingly interconnected world, SMBs need to be prepared for the security risks that they may face from a service provider’s security incident.
Singapore – Crypto.com
https://www.vice.com/en/article/epxb8m/crypto-protocol-publicly-announces-flaw-users-relentlessly-owned-by-hackersExploit: Hacking
Crypto.com: Cryptocurrency Trading Platform
Risk to Business: 1.806 = Severe
Crypto.com, a platform that allows users to swap tokens between blockchains, publicly announced an incident in which a flaw in the platform’s security allowed cybercriminals to snatch an estimated $31 million in cryptocurrency. The company disclosed that 483 users were impacted by unauthorized cryptocurrency withdrawals on their accounts amounting to 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies. In response to this incident, the company is adjusting its protocols to include safeguards like requiring all customers to re-login and set up their 2FA token to ensure only authorized activity would occur and a new policy where the first withdrawal to a whitelisted address must wait 24 hours among other measures.
Customers Impacted: 483
How it Could Affect Your Business: The financial industry has been besieged by cybercriminals and nothing si taking more of a beating than cryptocurrency and DeFi.
Indonesia – Bank Indonesia
https://www.bleepingcomputer.com/news/security/indonesias-central-bank-confirms-ransomware-attack-conti-leaks-data/Exploit: Ransomware
Bank Indonesia: Financial Institution
Risk to Business: 2.721 = Moderate
Bank Indonesia (BI), the central bank of the Republic of Indonesia, confirmed that a ransomware attack hit its networks last month. In a statement, BI said that their operational activities were not disrupted. CNN reported that the hackers made off with non-critical data belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank’s network. Conti has claimed responsibility. It claims to have 13.88 GB worth of documents and leaked a sample of files allegedly stolen from Bank Indonesia’s network as proof.
Customers Impacted: Unknown
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
About the author
