InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 09/29/21 – 10/05/21
Sandhills Global
https://journalstar.com/news/local/ransomware-attack-affects-lincoln-based-sandhills-global-operations/article_aa844ea4-a3f1-5c63-8cae-c062e3283b8a.htmlExploit: Ransomware
Sandhills Global: IT & Digital Publishing
Risk to Business: 1.337 = Extreme
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and by scooping it up at service providers like publishing companies they can ensure that they profit even if no ransom is paid.
Marketron
https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/Exploit: Ransomware
Marketron: Marketing Services Company
Risk to Business: 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand. The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.
Customers Impacted: 320,000
How It Could Affect Your Business: Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.
Portpass
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749Exploit: Misconfiguration
Portpass: COVID-19 Vaccine Passport Platform
Risk to Business: 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.
Individual Risk: 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.
How It Could Affect Your Business: Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.
United Kingdom – Giant Group
https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/Exploit: Ransomware
Giant Group: Payroll Services Firm
Risk to Business: 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.
France – TiteLive
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/Exploit: Ransomware
TiteLive: Bookstore Support Platform Provider
Risk to Business: 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – E.M.I.T Aviation Consulting
Exploit: RansomwareE.M.I.T Aviation Consulting: Defense Aviation Consulting
Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.
New Zealand – Aquila Technology
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Credential Compromise
Aquila Technology: Communications Equipment Retailer
Risk to Business: 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.
Individual Risk: 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.
How it Could Affect Your Business: Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.
Japan – JVCKenwood
https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/Exploit: Ransomware
JVCKenwood: Audio Equipment Manufacturer
Risk to Business: 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.
Customers Impacted: Unknown
How it Could Affect Your Business: Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.
About the author
