InTegriLogic Blog
The Week in Breach News: 09/13/23 – 09/19/23
This week: Caesars loses against ransomware, an unusual vector for a cyberattack at Airbus, and ransomware causes transportation trouble.
Caesars Entertainment
https://www.bleepingcomputer.com/news/security/caesars-entertainment-confirms-ransom-payment-customer-data-theft/
Exploit: Ransomware
Caesars Entertainment: Hotel & Casino Operator
Risk to Business: 1.676 = Severe
Casino titan Caesars Entertainment is the latest Las Vegas institution hit by a cyberattack, joining rival MGM Resorts International. One critical difference though: Caesar’s said that its gambling operations were not disrupted. The company told the federal Securities and Exchange Commission (SEC) that a data breach on September 7 may have exposed the driver’s license information and Social Security number of its loyalty rewards members. The company also pinned the problem on a social engineering attack on its outsourced IT support vendor. Reports vary on the name of the group responsible for the attack, but most agree that the attack was carried out by an affiliate of ALPHV/BlackCat, the same attacker that hit MGM last week. Caesars also reported that it paid the ransom. The attackers initially demanded $30 million but Caesars said it ultimately paid about half of that after negotiations. The incident remains under investigation.
How It Could Affect Your Business: Companies need to be prepared for a supply chain or third-party cyberattack or data breach.
ORBCOMM
https://www.bleepingcomputer.com/news/security/orbcomm-ransomware-attack-causes-trucking-fleet-management-outage/
Exploit: Ransomware
ORBCOMM: Trucking Software Solutions Provider
Risk to Business: 1.203 = Extreme
ORBCOMM, a major fleet management solutions provider to the trucking industry, has experienced a ransomware attack that created a service outage. The company said that since the September 6 ransomware attack, it has been unable to provide electronic services, including inventory management and Blue Tree ELD devices, used to ensure that truckers adhere to federal safety regulations about driving hours. Truckers were forced to switch to paper logs, which federal regulations only permit them to use for eight days per month. ORBCOMM said that they hope to restore services by September 29.
How It Could Affect Your Business: Companies like this that are linchpins in the supply chains of certain industries are the kind of targets that cybercriminals favor for ransomware attacks.
The International Joint Commission (IJC)
https://therecord.media/us-canada-water-commission-investigating-cyberattack
Exploit: Hacking
The International Joint Commission (IJC): Treaty Organization
Risk to Business: 2.873 = Moderate
The venerable International Joint Commission (IJC), a group established by the 1909 Boundary Waters Treaty to regulate projects that impact border waterways and water quality between the U.S. and Canada, has experienced a data breach. The NoEscape ransomware group claims to have stolen 80 GB of proprietary data from IJC including contracts, geological files and conflict of interest forms. IJC confirmed that it is investigating a data security incident but offered no details. NoEscape did not publicize a ransom demand.
How It Could Affect Your Business: Proprietary data can be just as valuable and sought-after as flashier types of data.
Canadian Nurses Association (CNA)
https://therecord.media/cna-confirms-data-incident
Exploit: Ransomware
Canadian Nurses Association (CNA): Professional Organization
Risk to Business: 2.710 = Moderate
The Canadian Nurses Association (CNA) has disclosed that it has experienced a data breach. CNA said that the incident occurred in April 2023. Two groups, Snatch and Nokoyawa, have claimed responsibility for the attack, but Snatch bolstered its claim by posting 37GB of stolen data to its dark web leak site last week. No specifics about the stolen data types were available at press time. The incident remains under investigation.
How It Could Affect Your Business: Professional organizations often hold a variety of data about their members, making them attractive ransomware targets.
United Kingdom – Greater Manchester Police (GMP)
https://www.theguardian.com/uk-news/2023/sep/14/greater-manchester-police-officers-data-hacked-in-cyber-attack
Exploit: Supply Chain Attack
Greater Manchester Police (GMP): Law Enforcement
Risk to Business: 1.673 = Severe
A ransomware attack on a third-party supplier to UK police forces has resulted in the exposure of personal data for officers in the Greater Manchester Police (GMP) force. The unnamed Manchester-area supplier is the same company responsible for the data breach a few weeks ago affecting London’s Metropolitan Police. As in that incident, details of serving officers’ warrant cards, which include names, ranks, photos and serial numbers, were obtained by bad actors. More than 12,500 Greater Manchester police (GMP) officers and staff could be impacted by this breach.
How it Could Affect Your Business: A successful cyberattack or data security incident impacting a government contractor can have major repercussions.
France – Airbus
https://therecord.media/airbus-data-leak-suppliers-breachedforums
Exploit: Hacking
Airbus: Aerospace Company
Risk to Business: 1.612 = Severe
Airbus is admitting that it has suffered a data breach after about 3200 of its suppliers appeared in a post on a dark web forum. Reports say that a threat actor using the moniker “USDoD” is behind the lea. The group’s post on BreachForums says that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee. The group claims to have snatched details on thousands of Airbus vendors, including names, addresses, phone numbers and emails. The group also claimed that it was able to carry out the attack because the victim “likely attempted to download a pirated version of the Microsoft .NET framework, as indicated in the malware path.”
How it Could Affect Your Business: Specialized information like this can help bad actors conduct more effective spear phishing and business email compromise operations.
Australia – BG Group
https://www.reuters.com/business/energy/shell-says-australian-unit-hit-by-moveit-data-breach-2023-09-14/
Exploit: Supply Chain Attack
BG Group: Fuel Supplier
Risk to Business: 1.802 = Severe
BG Group, a company owned by Shell, is the latest company to admit that it suffered a data breach thanks to the MOVE-it transfer protocol exploit. Shell said that the stolen employee data was very old, dating from 2013, but that the personal details could still put people at risk of phishing attacks. The company began informing affected staff members in early July. More than 600 businesses have been impacted by the MOVEit exploit.
How it Could Affect Your Business: Zero-day vulnerabilities are popping up with greater frequency than ever.
New Zealand – Auckland Transport (AT)
https://www.bleepingcomputer.com/news/security/auckland-transport-authority-hit-by-suspected-ransomware-attack/
Exploit: Ransomware
Auckland Transport (AT): Transportation Authority
Risk to Business: 1.882 = Severe
Auckland, New Zealand’s transportation authority has reported that some of its systems were taken offline following a ransomware attack. The government-owned regional transportation authority in the Auckland region is responsible for public transportation, roads and other infrastructure. AT said that it is experiencing issues with its integrated ticketing and fares system HOP, impacting the ways that customers can top up fare cards. AT has assured the public that they are rebuilding the damaged system as quickly as possible.
How it Could Affect Your Business: Cybercriminals don’t spare government agencies, no matter how small or local.