InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 01/26/22 – 02/01/22
Advocates
https://www.scmagazine.com/analysis/breach/68k-affected-by-data-theft-sophisticated-network-hack-of-nonprofit-advocatesExploit: Hacking
Advocates: Health & Social Services Non-Profit
Risk to Business: 1.727= Severe
Advocates announced that it had been the victim of a cyberattack. A hacker gained access to the organization’s network in mid-September 2021. The attacker gained access to data tied to 68,000 clients served by Advocates and likely copied the data. The Massachusetts-based non-profit provides a range of services for individuals with autism, brain injuries, mental health, addiction, and other health conditions. Advocates is cooperating with the ongoing FBI investigation.
Individual Risk: 1.603= Severe
Current and former clients of Advocates are at risk of having their data exposed in this incident. The stolen data included names, contacts, Social Security numbers, dates of birth, client identification numbers, health insurance information, diagnoses and treatments. All impacted individuals will receive free credit monitoring and identity theft protection services.
How It Could Affect Your Business: Companies that store large quantities of personal or medical information are prime targets for the bad guys.
Senate of Puerto Rico
https://abcnews.go.com/International/wireStory/official-puerto-ricos-senate-targeted-cyberattack-82495236Exploit: Hacking
Senate of Puerto Rico: State Legislative Body
Risk to Business: 2.223 =Severe
Puerto Rico’s Senate announced Wednesday that it was the target of a cyberattack that disabled its internet provider, phone system and official online page Senate President José Luis Dalmau said in a statement that there is no evidence that hackers were able to access sensitive information belonging to employees, contractors or consultants, although the incident is still under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: Cyberattacks o government agencies have been ramping up in recent months without the impetus of added tension in Eastern Europe.
Kings County Public Health Department
https://portswigger.net/daily-swig/california-public-office-admits-covid-19-healthcare-data-breachExploit: Misconfiguration
Kings County California Public Health Department: Local Government Agency
Risk to Business: 2.711= Moderate
Kings County, California announced that the security flaw in its public webserver made limited information on COVID-19 cases available on the internet. The misconfiguration has been chalked up to a negligent third-party contractor. Discovered in mid-November 2021, officials say that the flaw was in place starting on February 15, 2021, and was corrected on December 6, 2021.
Individual Risk: 2.701= Moderate
In a statement, the county said that names, dates of birth, addresses and COVID-related health information for county COVID-19 cases was among the data that was available to view. They’ve set up a dedicated call center to answer questions from the public.
How It Could Affect Your Business: Misconfiguration incidents due to employee or contractor negligence are just as expensive and damaging as cybercrime when regulators get finished with companies that have them.
Canada – Global Affairs Canada
https://www.bleepingcomputer.com/news/security/canadas-foreign-affairs-ministry-hacked-some-services-down/Exploit: Hacking
Global Affairs Canada: National Government Agency
Risk to Business: 1.719 = Severe
Global Affairs Canada (GAK) Canada’s foreign affairs ministry has announced that it was the victim of an unnamed cyberattack on January 19, 2022. The Treasury Board of Canada Secretariat (TBS), Shared Services Canada, and Communications Security Establishment confirmed the incident in a joint statement. GAC says that critical services remain accessible, but some online services are unavailable as the recovery efforts continue. No information has been released about the identity of the attackers or the specific attack type, a subject of interest at a time of heightened risk for nation-state cyber activity.
Customers Impacted: Unknown
How it Could Affect Your Business: Organizations should keep in mind the fact that the preferred weapon of nation-state cybercriminals is ransomware.
United Kingdom – Qubit Finance
https://therecord.media/qubit-finance-platform-hacked-for-80-million-worth-of-cryptocurrency/Exploit: Hacking
Qubit Finance: De Fi Platform
Risk to Business: 1.204= Extreme
A threat actor has stolen approximately $80 million from Qubit Finance after exploiting a flaw in the De Fi platform. Qubit said the attacker was able to steal 206,809 Binance coins (BNB) from its wallet on January 27, 2022. The hacker used a vulnerability in one of its Ethereum blockchain contracts to do the deed. The company has issued a public plea for the threat actor to return the stolen funds, asking them to get in contact with its team to “disclose the bug and receive a bounty reward”. This is sometimes used as a means of circumventing legal trouble for paying a ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: DeFi has been buried under an avalanche of cybercrime lately and there doesn’t appear to be an end in sight.
France – Ministry of Justice (Chancellerie)
https://www.securityweek.com/french-ministry-justice-targeted-ransomware-attackExploit: Ransomware
Ministry of Justice: National Government Agency
Risk to Business: 2.876 = Moderate
An outfit that identifies themselves as LockBit 2.0 posted a message on their dark web leak site claiming to have hit the French Ministry of Justice’s systems, making off with data. The hackers did not specify what data was stolen or how much, but they are threatening to expose it in early February if they’re not paid an unspecified ransom. The ministry’s press office has told reporters that it is aware of the claim and that an investigation has been launched.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals have been having a field day going after government agencies, a problem that is only growing worse.
Belarus – Belarusian Railways
https://therecord.media/cyber-partisans-hacktivists-claim-credit-for-cyberattack-on-belarusian-railways/Exploit: Hacking
Belarusian Railways: Rail Transportation Authority
Risk to Business: 1.806 = Severe
As tensions mount in Eastern Europe, the hacktivist group “ Cyber Partisans” announced on Twitter that they had disrupted networks and databases related to the national rail system in Belarus on January 31, 2022. The group demanded the release of political prisoners and a guarantee preventing the use of railway transportation infrastructure to support Russian troop movements. The railroad’s website appears to confirm that online resources and systems related to issuing electronic tickets are not operational. No further details of the incident were available at press time.
Customers Impacted:
How it Could Affect Your Business: International tensions are rising, creating more opportunities for activism and nation-state cybercrime.
South Africa – Curo Fund Services
Exploit: RansomwareCuro Fund Services: Financial Services
Risk to Business: 1.621 = Severe
Curo Fund Services, South Africa’s biggest provider of investment administration services, was the victim of a ransomware attack that left the company unable to access its systems for five days. The company assured clients that no money was at risk and their sensitive data was not in jeopardy. The attack prevented Curo’s clients from processing investment-related instructions or offering other services through the company’s platform. The incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: The financial sector has been a huge target for ransomware groups, from De Fi platforms to investment banking houses, and companies should be very cautious.
Singapore – Delta Electronics
https://thestack.technology/delta-electronics-ransomware-attack/?amp=1Exploit: Ransomware
Delta Electronics: Computer Hardware Manufacturing
Risk to Business: 1.771 = Severe
Delta Electronics has disclosed that it was the victim of a ransomware attack. The company, a supplier of power management products for Dell and HP, says that they are experiencing technical difficulties that have been limited to non-critical networks. Reports say that customer support and service sites for the US and EMEA clients were unavailable for about 10 days after the attack. An unnamed threat actor has claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: Epic supply chain problems have manufacturers under stress, and cybercriminals love to take advantage of a bad situation.
About the author
