InTegriLogic Blog
The Week in Breach News: 03/22/23 – 03/28/23
The City of Oak Ridge, Tennessee
https://www.scmagazine.com/brief/ransomware/ransomware-attack-disrupts-tennessee-city
Exploit: Ransomware
The City of Oak Ridge, Tennessee: Municipal Government
Risk to Business: 1.702 = Severe
Officials in the City of Oak Ridge, TN, have disclosed that the city has been hit by a ransomware attack that has caused a network disruption that has impacted city services. Officials were quick to reassure citizens that the Oak Ridge Police Department and the city’s fire department could still be contacted through 911 and weren’t affected. However, the city was left unable to process utility payments due to the malware attack, noting that disconnect orders and late fees will not be added during the outage. Officials say that they are working to restore services as quickly as possible.
How It Could Affect Your Business: Governments at every level continue to be popular targets for ransomware groups.
Puerto Rico Aqueduct and Sewer Authority (PRASA)
https://securityaffairs.com/144022/hacking/puerto-rico-aqueduct-and-sewer-authority-attack.html
Exploit: Ransomware
Puerto Rico Aqueduct and Sewer Authority (PRASA): Utility
Risk to Business: 2.711 = Moderate
The Vice Society ransomware group has claimed responsibility for a ransomware attack on the Puerto Rico Aqueduct and Sewer Authority (PRASA). Officials disclosed the attack on March 19, saying that threat actors had gained access to customer and employee information. People impacted are being informed by letter. Utility services were not affected.
How It Could Affect Your Business: 14 of 16 critical infrastructure sectors were hit by ransomware attacks last year.
Kroger Postal Prescription Services
https://www.jdsupra.com/legalnews/kroger-postal-prescription-services-4845634/
Exploit: Human Error
Kroger Postal Prescription Services: Pharmacy Delivery Service
Risk to Business: 1.706 = Severe
Kroger Postal Prescription Services (PPS) has filed a notice of a data breach. In a report to the Department of Health and Human Services, PPS noted that 82,466 Kroger customers who created online PPS accounts from July 2014 to Jan. 13, 2023, had their names and email addresses compromised due to an employee error. PPS said that on March 15, 2023, they sent out data breach letters to all individuals whose information was compromised.
How It Could Affect Your Business: Employee errors are a gateway to expensive, damaging data breaches and other cybersecurity problems, and training reduces them.
SundaySky Inc.
https://www.jdsupra.com/legalnews/sundaysky-inc-notifies-37-095-consumers-9885854/
Exploit: Hacking
SundaySky Inc.: Video Marketing Platform
Risk to Business: 1.623 = Severe
SundaySky Inc. is a video marketing software company based in New York, has admitted that it has suffered a data breach thanks to hackers breaking into a few of its servers. The company said that an unauthorized party had accessed its cloud-based U.S. servers and copied certain files between January 6 and January 8, 2023. SundaySky works with healthcare providers including health plans to create marketing videos. Consumer information was accessed in the incident including consumers’ first names, personal email addresses and information related to their Healthcare Savings Accounts. The company said that it is working with federal law enforcement to investigate the incident.
How It Could Affect Your Business: Companies that are adjacent to the healthcare industry need to maintain a strong security posture to avoid expensive disasters.
US Wellness
Exploit: Supply Chain Attack
US Wellness: Healthcare Provider
Risk to Business: 2.899 = Moderate
Blue Cross Blue Shield of Arizona (BCBSAZ) members are being informed that their personal data may have been compromised in a data breach involving a vendor of BCBSAZ, US Wellness. In turn, US Wellness points to one of its vendors as the source of the data breach. US Wellness says that it was informed on January 31, 2023, that an unnamed vendor had experienced a data breach. Ultimately, US Wellness was informed on February 9, 2023, that the vendor’s incident resulted in the exposure of personal data belonging to BCBSAZ members. Information impacted includes a member’s name, address, date of birth, member ID number, where a service originated and address of the service location.
How it Could Affect Your Business: Supply chain risk, especially from service providers, is a top concern for businesses as it continues to grow.
https://www.theverge.com/2023/3/27/23657928/twitter-source-code-leak-github
Exploit: Malicious Insider
Twitter: Social Media Platform
Risk to Business: 1.709 = Severe
Troubled social media giant Twitter has disclosed that some proprietary source code for Twitter’s platform and internal tools was exposed via GitHub. Twitter recently made a court filing in California to force GitHub to turn over data that could help the platform find the person responsible for the leak and give them information about any other GitHub users who may have downloaded the data. Twitter has also asked GitHub to take down the code. The New York Times reports that Twitter sources tell them that the company suspects that an employee who left the company last year may be responsible for the leak. GitHub has not commented on whether or not it would comply with Twitter’s request, but the information has apparently been available for several months. Twitter no longer has a press office to respond to inquiries, a casualty of the Elon Musk takeover.
How it Could Affect Your Business: Disgruntled employees are a huge security risk, and many take proprietary data with them when they leave a company.
The City of Toronto
https://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/
Exploit: Supply Chain Attack
The City of Toronto: Municipal Government
Risk to Business: 1.836 = Severe
The Cl0p ransomware group has been on a cyberattack spree after turning its sights to exploiting a remote code execution flaw in Fortra’s GoAnywhere secure file transfer tool. The latest victim added to the list is the City of Toronto, Canada. The city confirmed on March 23, 2023, that it has experienced a data breach through an attack on a third-party vendor, resulting in the exposure of unspecified city data. The city says that it is in the early stages of its investigation, and it has not yet uncovered evidence that consumer data was impacted. Over 100 organizations have been hit by Cl0p in this crime wave including two others recently added to the gang’s dark web leak site, Virgin Red and the UK’s Pension Protection Fund (PPF).
How it Could Affect Your Business: Once a bad actor finds a juicy exploit, they’ll hammer at it until it stops working. Patching and regular maintenance can help reduce risk.
UK -Walsall Healthcare NHS Trust
https://www.birminghammail.co.uk/black-country/walsall-healthcare-nhs-trust-dealing-26542780
Exploit: Hacking
The Walsall Healthcare NHS Trust: Healthcare Provider
Risk to Business: 2.733 = Moderate
The Walsall Healthcare NHS Trust, the operator of Walsall Manor Hospital, said that it has been hit by a cyberattack. The incident began two weeks ago on March 10, although it was only made public last Thursday, and it has since been contained. Hospital operations did not appear to be impacted. Signs point to a data breach, but exactly what data has been stolen was not specified. Hospital officials said that they are working with the U.K.’s National Cyber Security Centre and the Information Commissioner’s Office (ICO) to investigate the incident.
How it Could Affect Your Business: This hospital got lucky, bad actors have been pounding hospitals with ransomware.
Alliance Healthcare
Exploit: Ransomware
Alliance Healthcare: Pharmaceutical Company
Risk to Business: 1.733 = Severe
Spain’s leading pharmaceutical company, Alliance Healthcare, has experienced a likely ransomware attack. The company said that the attack began on March 17 and led to a complete shutdown of the company’s website, billing systems and ordering processes. The incident has led to drug supply shortages due to the snarled ordering and shipping systems as pharmacies scramble to resupply from other drug companies. Those delays and outages may linger. The incident remains under investigation.
How it Could Affect Your Business: Pharmaceutical companies have two major cyberattack risk factors: they’re suppliers and in the hard-hit healthcare sector.
Guam – Docomo Pacific
https://www.telecomlead.com/telecom-services/docomo-pacific-says-cyber-attack-impacted-systems-109533
Exploit: Hacking
Docomo Pacific: Telecommunications Provider
Risk to Business: 1.733 = Severe
Docomo Pacific, a major provider of mobile, television, internet and telephone services in Guam and the Northern Mariana Islands, has experienced a cyberattack that has negatively impacted its systems. The company disclosed that the March 18, 2023 attack led to customers throughout the region losing some of their services. The company stressed that customer data, mobile network services and fiber services remain unaffected. Some services were restored over the weekend, but the company has not offered a timeline for other services being restored after a Facebook post with a service restoration update was inundated with comments from angry customers.
How it Could Affect Your Business: Communications companies are infrastructure targets too, an attractive proposition for bad actors because of the time-sensitive nature of their business.