InTegriLogic Blog
The Week in Breach News: 03/01/23 – 03/07/23
AT&T
Exploit: Supply Chain Attack
AT&T: Communications Conglomerate
Risk to Business: 1.802 = Severe
AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January 2023. The company did not name the vendor, and they were quick to reassure customers that financial data and Social Security numbers were not involved. Impacted customers have been informed that some or all of their Customer Proprietary Network Information (CPNI) has been exposed, including customer first names, wireless account numbers, wireless phone numbers and email addresses. The company said that a small percentage of customers also had additional data exposed including their rate plan name, past due amount, monthly payment amount, minutes used and various other monthly charges. AT&T said that the data was several years old but didn’t specify a time period.
How It Could Affect Your Business: Supply chain risk is spinning out of control for businesses, and IT professionals need to be ready to mitigate it fast.
DC Health Link
Exploit: Hacking
DC Health Link: Health Insurance Marketplace
Risk to Business: 1.702 = Severe
The U.S. Federal Bureau of Investigation (FBI) is investigating a cyberattack on DC Health Link that Left some information exposed for more than 56,000 people including members of Congress. The health insurance marketplace became aware it had been hacked last Wednesday. People whose information was leaked include small business owners, uninsured District residents and lawmakers, including members of Congress and their staff. The data stolen includes names, Social Security numbers, dates of birth, health plan information and other personal information, including home addresses, phone numbers, email addresses, ethnicity and citizenship status.
How It Could Affect Your Business: This kind of information security disaster will be a big, expensive and painful mess to clean up.
Cerebral
Exploit: Human Error
Cerebral: Telehealth Provider
Risk to Business: 1.267 = Extreme
Mental health platform Cerebral is informing 3.8 million customers that it has experienced a data breach. The company recently admitted that it had been using invisible pixel trackers from Google, Meta (Facebook), TikTok and other third parties on its online services since October 12, 2019. Those pixels had data logging features, resulting in the exposure of sensitive medical information of people who used the provider’s platform to third parties without the customer’s knowledge. Exposed patient information includes a client’s full name, phone number, email address, date of birth, IP address, client ID number, demographic information, self-assessment responses and associated health information, subscription plan type, appointment dates, treatment details, clinical data, and health insurance and pharmacy benefit information. Social Security numbers, credit card information, and bank account information have not been impacted.
How It Could Affect Your Business: This debacle is a disaster for Cerebral and will end up costing the company a fortune after regulators get finished with it.
Group 1001 Insurance
https://www.cybersecuritydive.com/news/insurance-holding-1001-restored-ransomware/644330/
Exploit: Ransomware
Group 1001: Financial Services Company
Risk to Business: 2.779 = Moderate
New York-based financial services and insurance holding company Group 1001 has announced that it was the victim of a ransomware attack that impacted some of its member companies. The February 9, 2023, attack snarled operations for several member companies, including Delaware Life Insurance, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity, Clear Spring Property and Casualty and Clear Spring Health. The company said that it did not pay a ransom but offered no specifics about the attacker, noting that they’ve brought in a third-party forensics team to investigate this incident along with the FBI. The Gainbridge subsidiary of Group 1001 was not affected. Operations have since been restored. People who were impacted are being informed by mail.
How It Could Affect Your Business: Ransomware attacks against financial industry targets like this have proliferated in the past three years.
Black & McDonald
https://therecord.media/canada-national-defence-black-mcdonald-ransomware
Exploit: Ransomware
Black & McDonald: Defense Contractor
Risk to Business: 1.783 = Severe
Engineering firm Black & McDonald, a major defense contractor for the Canadian military, has been struck by a ransomware attack. Black & McDonald is the parent company of Canadian Base Operators, a contractor for Defence Construction Canada, a contractor that provides facilities management and other military infrastructure across Canada. Canada’s Department of National Defence (DND) told reporters that it was informed of the incident on February 10, 2023. DND does not believe that any sensitive information or systems were compromised. The incident is under investigation, and no ransomware group had claimed responsibility as of press time.
How it Could Affect Your Business: Defense contractors and other military service providers are prime targets for ransomware thanks to the data they hold.
Spain – Hospital Clínic de Barcelona
Exploit: Ransomware
Hospital Clínic de Barcelona: Medical Center
Risk to Business: 1.709 = Severe
The RansomHouse ransomware operation has claimed responsibility for an attack on Hospital Clínic de Barcelona that caused a major disruption to the facility’s operations. All applications and communications remained down over the weekend as hospital staff were forced to resort to manual recordkeeping, slowing care and preventing doctors from accessing patients’ records. Radiology, endoscopic tests, radiological scans, dialysis, and outpatient pharmacy services will continue operating normally. Officials said that three associated medical centers, CAP Casanova, CAP Borrell and CAP Les Corts were also impacted. No information about a ransom demand was available at press time.
How it Could Affect Your Business: Ransomware is an especially nasty risk for medical centers that can’t afford downtime, making them a popular target.
Czech Republic – GSC Game World
https://www.pcgamer.com/stalker-2-developer-suffers-russia-linked-security-breach-we-have-been-enduring-constant-cyberattacks-for-more-than-a-year-now/
Exploit: Hacking
GSC Game World: Videogame Developer
Risk to Business: 2.701 = Moderate
Ukrainian game studio GSC Game World, which moved its headquarters to Prague in response to the Russian invasion of that country, announced on Twitter that it has been the victim of a successful cyberattack, the latest in a series of cyber incidents that has buffeted the game developer. According to GSC Game World, a Russian hacker group known as Vestnik TSS gained access to staff accounts and stole about 30 GB of unpublished content about the game. The group has made some unique demands, saying that they will leak 30 GB of content from the studio’s upcoming Stalker 2 game if they aren’t met by March 15. The hackers are demanding that the company apologize to players in Russia and Belarus, that the game have a Russian translation and that the game’s launch in the region is guaranteed. GSC Game World maintains that it has been the victim of a campaign of ongoing cyber harassment from pro-Russia hackers for months.
How it Could Affect Your Business: This incident is interesting because while it doesn’t meet the definition of nation-state cybercrime, it is an attack with political overtones
Taiwan – Acer
https://www.channelnews.com.au/acer-hit-with-cyberattack/
Exploit: Hacking
Acer: Computer Hardware Manufacturer
Risk to Business: 2.697 = Moderate
Technology giant Acer has confirmed that its servers were breached in a cyberattack in mid-February. However, the company says that no customer data was stolen or exposed in this incident. A hacker has advertised the data for sale on dark web marketplace BreachForums including 655 directories and 2,869 files. The threat actor claims to have snatched confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components and ROM files.
How it Could Affect Your Business: Data pertaining to operational technology (OT) is very valuable, and attacking manufacturers is an easy way for bad actors to get their hands on it.