InTegriLogic Blog
The Week in Breach News: 02/01/23 – 02/07/23
Atlantic General Hospital
Exploit: Ransomware
Atlantic General Hospital: Healthcare Facility
Risk to Business: 1.630 = Severe
Atlantic General Hospital in Maryland suffered a network outage after a weekend ransomware attack. The hospital said that the outages have caused some patient treatment interruptions, with staff resorting to downtime procedures like manual record keeping. The hospital was quick to reassure the public that all of its services remain in operation, except for its pharmacy, outpatient services including imaging and laboratories and pulmonary function testing.
How It Could Affect Your Business: Hospitals and medical facilities have been popular targets for bad actors and need extra security.
PeopleConnect
Exploit: Hacking
PeopleConnect: Human Resources Firm
Risk to Business: 1.827 = Severe
PeopleConnect, the owner of background-checking services TruthFinder and Instant Checkmate, has announced that it has suffered a data breach as a result of hacking. On January 21, data from the company appeared in a dark web forum. The leaked data allegedly pertained to 20.22 million TruthFinder and Instant Checkmate customers who used the services between 2011 and 2019. Exposed data includes users email addresses, hashed passwords, first and last names and phone numbers.
How It Could Affect Your Business: Companies that store large quantities of valuable personal data are ripe targets for cybercriminals.
988 Lifeline
https://www.securityweek.com/feds-say-cyberattack-caused-suicide-helplines-outage/
Exploit: Supply Chain Attack
988 Lifeline: Mental Health Crisis Helpline
Risk to Business: 1.837 = Severe
A disruption in service at the U.S. 988 Lifeline was caused by a cyberattack. The December incident knocked out the critical service for an entire day. Investigators determined that the outage was caused by an unnamed cyberattack on Intrado, the company that provides telecommunications services for the helpline. The December 1, 2022, incident left callers to the helpline seeking emergency help with suicidal or depressive thoughts unable to connect with anyone to speak with by phone. Text and chat services, however, remained available. The Federal Communications Commission (FCC) is investigating the incident.
How It Could Affect Your Business: Supply chain attacks are a big and growing problem that every organization needs to consider and prepare for.
Ireland – ION Group
https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html
Exploit: Ransomware
ION Group: Software Company
Risk to Business: 1.309 = Extreme
A successful ransomware attack against ION Group has had a major impact on the trading of financial derivatives on international markets. LockBit has claimed responsibility for the attack. The company makes software used by financial institutions and brokerages. Instead of post-trade processes being completed automatically by ION Group’s software, they have to be completed manually, snarling traffic including extremely time-sensitive activities such as updating margin requirements for trades. The Futures Industry Association (FIA) is working with impacted firms to clean up the mess.
How It Could Affect Your Business: An incident like this could cost a company a fortune and not just in incident response – reputation damage is a consequence of a successful cyberattack.
United Kingdom – Planet Ice
Exploit: Hacking
Planet Ice: Ice Rink Chain
Risk to Business: 2.719 = Moderate
Planet Ice, the operator of 14 U.K. ice rinks, has disclosed that hackers have obtained access to the personal details of over 240,000 customers. The hack was first noticed by consumers due to a website outage before the company informed customers that their account data may have been stolen. Exposed data includes dates of birth names and genders of children having parties, email addresses, IP addresses, passwords, phone numbers, physical addresses and purchases. Payment card data wasn’t affected.
How it Could Affect Your Business: People are especially upset when data relating to children is stolen or exposed.
United Kingdom – JD Sports
Exploit: Hacking
JD Sports: Sports Apparel Retailer
Risk to Business: 1.802 = Severe
Hackers have stolen data pertaining to approximately 10 million customers of U.K. sporting apparel retailer JD Sports. The company disclosed in a filing that the stolen data related to online orders placed between November 2018 and October 2020 by customers of its brands including JD, Size?, Millets, Blacks, Scotts and MilletSport. Exposed data may include a customer’s name, billing address, delivery address, email address, phone number, order details and the last four digits of a customer’s payment card. The company says it does not store full payment card data.
How it Could Affect Your Business: Payment skimmers are a cybercriminal favorite, and they can be hard to spot before it’s too late.
India – Solar Industries India Limited
https://cyware.com/news/blackcat-ransomware-hits-defence-contractor-steals-weapons-data-87376d21/
Exploit: Phishing
Solar Industries India Limited: Defense Contractor
Risk to Business: 1.415 = Extreme
BlackCat/AlphV is claiming responsibility for a ransomware attack on defense manufacturer Solar Industries India Limited. The group added the company to its Tor leak site, saying that they snatched 2 TB of sensitive material including blueprints of weapons, details of warhead compositions and internal product testing notes about flaws and vulnerabilities in the company’s weapons. Solar Industries India Limited manufactures rockets, warheads and mines. In an interesting twist, the attackers managed to access all the production cameras and offices and posted screenshots from those cameras as proof.
How it Could Affect Your Business: A security breach at a defense contractor is a disaster that can have long and far-reaching consequences.
India – FR8
https://www.hackread.com/india-truck-brokerage-company-data-leak/
Exploit: Misconfiguration
FR8: Trucking Company
Risk to Business: 2.103 = Severe
One of India’s largest trucking companies is in hot water after a server misconfiguration left more than 140 gigabytes of data exposed. The leaked customer data includes customer records, bank payment details, invoices, truck records and payment details. Some personal information, such as names, addresses and contact numbers of both customers and employees was also exposed. The leak was discovered by researchers who have informed FR8, but it appears that the company has taken no action to fix the problem.
How it Could Affect Your Business: Infrastructure targets like freight moving companies are attractive to bad guys because of the time-sensitive nature of their business.