"Your Information Technology Leader"

Client Portal Payment Portal

Blog

InTegriLogic Blog

InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Week in Breach News: 06/14/23 – 06/20/23

Breach-2

This week: MOVEit exploit attacks snowball, snagging Shell as well as U.S. federal and state government agencies, and a malicious insider is suspected of facilitating a ransomware attack against the Chilean army. 

 

U.S. Department of Agriculture (USDA)

https://edition.cnn.com/2023/06/17/us/department-of-agriculture-possible-data-breach/index.html

Exploit: Ransomware

U.S. Department of Agriculture (USDA): Federal Government Agency

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.886 = Severe

The U.S. Department of Agriculture has been added to the growing list of victims of cyberattacks by the Cl0p ransomware group that are fueled by the MOVEit exploit. USDA has confirmed that it is investigating a data breach after one of its vendors fell victim to Cl0p. The agency says that a small amount of personal data about USDA employees may have been exposed in the incident. Other federal government agencies including The US Office of Personnel Management (OPM) and arms of The Department of Energy (DoE), Oak Ridge Associated Universities research center and its Waste Isolation Pilot Plant in New Mexico have also been identified as federal agency or agency adjoined victims. 

How It Could Affect Your Business: This exploit continues to snag organizations with Cl0P claiming to have hit hundreds of entities.


 

Onix Group

https://www.bankinfosecurity.com/real-estate-firm-hack-affects-319500-patients-employees-a-22306

Exploit: Ransomware

Onix Group: Real Estate Company

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.876 = Severe

Onix Group, a Pennsylvania-based real estate firm that also operates a chain of substance misuse treatment centers, has reported a data breach to the Department of Health and Human Services (HHS). The company said that a ransomware attack discovered on March 27 had corrupted some systems and resulted in data exfiltration. Onix’s investigation ultimately determined that an unauthorized actor had accessed Onix’s network between March 20 and March 27. The stolen files contained employee information including names, Social Security numbers, direct deposit information and health plan enrollment information. 

How It Could Affect Your Business A data breach that involves employee information can be just as costly as a data breach that exposes consumer information.


 

Louisiana Office of Motor Vehicles (OMV)

https://www.bleepingcomputer.com/news/security/millions-of-oregon-louisiana-state-ids-stolen-in-moveit-breach/

Exploit: Ransomware

Louisiana Office of Motor Vehicles (OMV): Regional Government Agency

cybersecurity news gauge indicating extreme risk

 

Risk to Business: 1.369 = Extreme

The Louisiana Office of Motor Vehicles has disclosed that it too has fallen victim to Cl0p and the MOVEit exploit. The agency said that it expects that every Louisianan with a state-issued driver’s license, ID, or car registration likely had their data exposed to the threat actors. The OMV says that those impacted likely had personal data exposed including their name, address, social security number, birth date, height, eye color, driver’s license number, vehicle registration information and handicap placard information. Many other U.S. federal, state and local agencies have also been swept up in the MOVEit breach. The Oregon Department of Motor Vehicles released a similar statement noting that 3,500,000 Oregonians with an ID or driver’s license had similar data exposed too.  

How It Could Affect Your Business: Many exploits can be avoided by regularly patching and updating software and systems.


 

Intellihartx

https://www.securityweek.com/intellihartx-informs-490k-patients-of-goanywhere-related-data-breach/

Exploit: Ransomware

Intellihartx: Debt Collector

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.149 = Severe

Intellihartx, a provider of patient balance resolution services to hospitals, is informing roughly 490,000 individuals that their personal information was compromised after the company discovered that it had become caught up in the GoAnywhere zero-day exploit flood that occurred earlier this year. Exposed data includes names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates and Social Security numbers of patients carrying medical debt. Cl0p has already made the stolen data available on its leak site

How It Could Affect Your Business: an exploit doesn’t have to be a zero-day anymore to still be problematic for businesses.


 

Zacks Investment Research

https://www.bleepingcomputer.com/news/security/have-i-been-pwned-warns-of-new-zacks-data-breach-impacting-8-million/

Exploit: Hacking

Zacks Investment Research: Data and Analysis Firm

cybersecurity news represented by a gauge indicating moderate risk

 

Risk to Business: 2.737 = Moderate

Internet researchers at Have I Been PWNED announced that they’ve discovered that Zacks Investment Research (Zacks) has allegedly experienced a previously undisclosed data breach that impacts 8.8 million of its customers. The researchers said that a database of Zacks customers’ information was dumped on the dark web last week. The database contained clients’ email addresses, usernames, unsalted SHA256 passwords, addresses, phone numbers, first and last names and other data. Zacks had previously disclosed another data breach in January 2023.

How it Could Affect Your Business: A second big breach of customer data in just six months may damage Zacks’ reputation and turn potential customers off.


 

Chile – Chilean Army

https://www.bleepingcomputer.com/news/security/rhysida-ransomware-leaks-documents-stolen-from-chilean-army/

Exploit: Ransomware (Malicious Insider)

Chilean Army: Military

cybersecurity news gauge indicating extreme risk

 

Risk to Business: 1.126 = Extreme

A newer ransomware group named Rhysida has leaked a trove of documents that they claim to have stolen from the network of the Chilean Army (Ejército de Chile). The Chilean Army did confirm on May 29 that its systems were impacted in a security incident detected over the weekend on May 27 and data was likely stole. Interestingly, in the days following the announcement of the hack, an Army corporal was arrested and charged for his involvement in the incident, suggesting that the ransomware was deployed by a malicious insider. Rhysida ransomware has since published around 360,000 Chilean Army documents on its dark web leak site and claimed that they comprise about 30% of the data that was stolen. The incident is under investigation by Chile’s Computer Security Incident Response Team (CSIRT) of the Joint Chiefs of Staff and the Ministry of National Defense. 

How it Could Affect Your Business: Every organization is susceptible to malicious insider threats no matter how loyal its employees seem to be.


 

UK – Shell

https://therecord.media/shell-impacted-in-clop-ransomware-attack

Exploit: Ransomware

Shell: Fuel Company

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.607 = Severe

Oil and gas behemoth Shell has announced that it too is a victim of Cl0p’s cybercrime spree using the MOVEit exploit. The company says that there was no damage to its internal systems but that a small amount of employee data was stolen. Shell is among the hundreds of companies that have been added to Cl0p’s dark web leak site. Those companies have been given a deadline of June 21 to pay a ransom or have their data exposed. However, Cl0p posted that Shell was refusing to negotiate on its site last Friday.


 

South Africa – Development Bank of Southern Africa (DBSA)

https://therecord.media/development-bank-of-southern-africa-akira-ransomware-attack

Exploit: Ransomware

Development Bank of Southern Africa (DBSA): State-Owned Bank

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.783 = Severe

 The state-owned Development Bank of Southern Africa has disclosed that it was hit with a ransomware attack by the Akira group last month. The bank says that the attack occurred around May 21. In the incident servers, logfiles and documents were encrypted. DBSA says that sensitive information about its clients including business names, the names of directors and shareholders, addresses, identification documents and contact information like phone numbers and email addresses was stolen in the incident. Many of the documents purportedly also included details of commercial or employment relationships with DBSA and financial information of stakeholders. The attack is under investigation by South African law enforcement agencies and regulators as well as third-party forensic investigators.

How it Could Affect Your Business: Banks and other financial institutions have been at the top of cybercriminal hit lists for the past few years.


 

 

 

The Week in Breach News: 06/21/23 – 06/27/23
The Week in Breach News: 06/07/23 – 06/13/23

Customer Login

News & Updates

InTegriLogic is proud to announce the launch of our new website at www.integrilogic.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Contact us

Learn more about what InTegriLogic can do for your business.

InTegriLogic
1931 W Grant Road suite 310
Tucson, Arizona 85745

Copyright InTegriLogic. All Rights Reserved.