InTegriLogic Blog
The Week in Breach News: 04/12/23 – 04/18/23
NCR Corporation
https://securityaffairs.com/144866/cyber-crime/ncr-blackcat-alphv-ransomware.html
Exploit: Ransomware
NCR: Retail Technology Company
Risk to Business: 1.873 = Severe
Point-of-Sale (PoS) technology giant NCR, formerly known as National Cash Register, has announced that it was the victim of a ransomware attack by the notorious Black Cat/AlphV ransomware group. The attack caused an outage on the company’s Aloha PoS platform, a technology widely used by bars and restaurants. The outage began on April 13. In its statement, NCR downplayed the incident saying that the problem was the result of a single data center outage impacting a limited number of ancillary Aloha applications for a subset of their hospitality customers. The company carefully pointed out that restaurants impacted are still able to serve their customers. The incident is under investigation by law enforcement.
How It Could Affect Your Business: One cyberattack can impact many businesses and supply chain risk is growing every day.
NorthOne Bank
https://www.websiteplanet.com/news/northone-leak-report/
Exploit: Misconfiguration
NorthOne Bank: FinTech Company
Risk to Business: 1.203 = Extreme
Internet researchers have uncovered a non-password-protected database belonging to NorthOne Bank that has exposed sensitive personal and financial data for more than one million customers. The trove of documents was mainly composed of PDFs of invoices from both individuals and businesses who used an app to pay for products and services. The invoices contained names, email addresses and physical addresses, phone numbers, notes about what the payment was for, the total amount and the due date. Some tax ID numbers were also included from business transactions. The discovery happened in January, and NorthOne Bank said that it has since secured the database.
How It Could Affect Your Business: Companies that hold valuable information like financial data by way of invoices are juicy targets for cybercriminals looking for a quick score.
Kodi
https://www.bleepingcomputer.com/news/security/kodi-discloses-data-breach-after-forum-database-for-sale-online/
Exploit: Credential Compromise
Kodi: Media App Developer
Risk to Business: 1.672 = Severe
Kodi, an open-source media app, announced last week that they’d experienced a breach in their user forums leading to the exposure of hundreds of thousands of posts and private messages from their MyBB user forum. The breach came to light after hackers offered records for an estimated 400,000 users in a cybercrime forum. Kodi said that the attackers compromised the account of an inactive administrator and accessed the MyBB admin console on February 16 and 21, 2023. The bad actors then created database backups and downloaded existing nightly full backups. The company is redeploying its user forums after hardening.
How It Could Affect Your Business: One compromised credential can lead to a world of hurt, even if the person whose credentials are compromised doesn’t work there anymore.
Brazil – Dimas Volvo
https://securityaffairs.com/144816/breaking-news/volvo-retailer-data-leak.html
Exploit: Misconfiguration
Dimas Volvo: Car Retailer
Risk to Business: 2.819 = Moderate
Brazil’s Volvo dealer Dimas Volvo is in hot water after internet researchers discovered an unsecured database belonging to the company. The problem was discovered on February 17, 2023, after researchers discovered that the retailer had accidentally exposed its database’s authentication information, including MySQL and Redis database hosts, open ports and credentials that could be used to access the contents of the databases. The website’s Laravel application key and a .DS_Store file that held metadata from the developer’s computer were also exposed, revealing the file and folder names in the directory where the website’s project files were stored. A Git code repository was also attached.
How It Could Affect Your Business: All data needs to be protected because proprietary data like metadata and code is just as useful to the bad guys as other types of information.
Northern Ireland – Evide
https://www.bbc.com/news/uk-northern-ireland-65297324
Exploit: Ransomware
Evide: IT Management Company
Risk to Business: 1.663 = Severe
Evide, a Derry-based IT services company that services more than 140 charities, has fallen victim to a ransomware attack that may have led to the exposure of sensitive data for thousands of vulnerable people in Ireland and the UK. The incident was reported to law enforcement on March 30, 2023. Evide handles data for organizations that serve rape victims, battered women, abused children and other vulnerable populations. Specifics on exactly what data was stolen or any ransom demand were not available at press time. Specialist cybercrime officers from the Police Service of Northern Ireland (PSNI) are investigating.
How it Could Affect Your Business: The extremely sensitive data that agencies like this hold is very valuable on the dark web.
Germany – Lürssen
https://www.infosecurity-magazine.com/news/superyachtmaker-easter-ransomware/
Exploit: Ransomware
Lürssen: Yacht Builder
Risk to Business: 2.836 = Moderate
Luxury superyacht builder Lürssen has disclosed that it was hit by a ransomware attack over the Easter holiday weekend. Reports say that the German shipbuilder has experienced some operational challenges since the attack. Only its Lürssen-Kröger shipyard in Schleswig-Holstein appeared to have escaped unscathed. The company has built many of the world’s largest superyachts. It also produces some vessels for the German navy. No word on what data was stolen or any ransom demand was available at press time.
How it Could Affect Your Business: Holiday weekends are prime times for cyberattacks with especially high ransomware risk.
Germany – Rheinmetall
https://www.businessinsurance.com/article/20230414/NEWS06/912356809/German-manufacturer-Rheinmetall-hit-with-cyberattack
Exploit: Human Error
Rheinmetall: Industrial Manufacturing
Risk to Business: 1.902 = Severe
German auto and arms manufacturer Rhinemetall has been the victim of a cyberattack that has impacted the company’s operations. The attack appears to be contained to systems within its automotive division. However, Rhinemetall also handles some arms production for the German military and also holds contracts to produce armaments including tanks for the Ukranian military. The company said that it is investigating the extent of the damage. It is unclear if this attack is related to a DDos attack last month spearheaded by the Russian hacktivist group Killnet.
How it Could Affect Your Business: Companies that produce military supplies are highly vulnerable to attack by both regular and nation-state cybercrime groups.
Australia – Coles
https://www.cybersecurityconnect.com.au/commercial/8928-coles-reveals-its-customer-data-was-affected-by-latitude-financial-breach
Exploit: Supply Chain Cyberattack
Coles: Supermarket Chain
Risk to Business: 1.786 = Severe
Major Australian grocery chain Coles has announced that customers with Coles credit cards may have had sensitive data exposed in the recent Latitude Financial data breach. Coles has used Latitude Financial as a service provider for its store credit cards until 2018. Coles has not been specific about how many customers may be affected or what data is exposed, but it would be from accounts opened prior to 2018.
How it Could Affect Your Business: One supply chain cyberattack can be a headache for both a business and its customers.
About the author
