The Week in Breach News: 10/26/22 – 11/01/22

Bed, Bath and Beyond

https://www.reuters.com/business/retail-consumer/bed-bath-beyond-reviewing-possible-data-breach-2022-10-28/?utm_campaign=fullarticle&utm_medium=referral&utm_source=inshorts

Exploit: Phishing
Bed, Bath and Beyond: Home Goods Retailer

Risk to Business: 1.863 = Severe
Big-box retailer Bed, Bath and Beyond has experienced a data breach. The company disclosed that a third party had improperly accessed its data through a phishing scam. Bad actors gained access to the hard drive and certain shared drives of one of its employees earlier this month. The retailer was quick to reassure consumers that it does not believe that any sensitive or personally identifiable information was accessed.

How It Could Affect Your Business: Phishing takes down businesses of every size and every industry, bringing sticky problems in its wake.
 

See Tickets US

https://www.bleepingcomputer.com/news/security/see-tickets-discloses-25-years-long-credit-card-theft-breach/

Exploit: Hacking

See Tickets US: Event Ticketing Platform

Risk to Business: 1.423 = Extreme
The U.S. division of UK company See Tickets has revealed that its platform has been hosting a credit card skimmer for an estimated two and a half years. In a data breach notification shared with the Montana Attorney General’s office, See Tickets disclosed that it discovered the breach in April 2021 and ultimately determined that the skimmer was activated on June 25, 2019. However, it wasn’t until January 8, 2022, that the malicious code was fully removed from its site. The company says that it worked with forensic experts and Visa, MasterCard, American Express and Discover in the investigation.

Individual Risk: 1.307 = Extreme
The customer information that the hackers might have stolen includes a client’s full name, physical address, ZIP code, payment card number, card expiration date and CVV number. No number of clients affected was specified.

How It Could Affect Your Business: This is going to be an expensive, damaging nightmare thanks to it going on for so long, putting the company’s security commitment in question.

Kenosha Unified School District

https://www.scmagazine.com/brief/ransomware/wisconsin-school-district-attacked-by-snatch-ransomware-group

Exploit: Ransomware

Kenosha Unified School District: Local Education Authority

Risk to Business: 2.687 = Moderate
Kenosha Unified School District in Wisconsin has been the victim of a successful ransomware attack by the Snatch ransomware group. The gang added the district to its dark web leak site last week.  Kenosha Unified School District officials admitted that the district was forced to take systems offline to deal with the attack but they’ve since been restored.  No ransom amount has been reported, nor did the district elaborate on what data had been stolen. The district serves an estimated 20,000 students.

How It Could Affect Your Business: Schools at every level and education authorities have been getting pounded by ransomware groups and need to improve their defenses.

United Kingdom – Pendragon Group

https://www.bleepingcomputer.com/news/security/pendragon-car-dealer-refuses-60-million-lockbit-ransomware-demand/

Exploit: Ransomware

Pendragon Group: Automotive Dealerships

Risk to Business: 2.624 = Severe
The Pendragon Group, the operator of more than 200 car dealerships in the UK, has been the victim of a ransomware attack by LockBit 2.0. Pendragon owns CarStore, Evans Halshaw and Stratstone luxury car dealerships. The auto dealer says that the gang has demanded $60 million to decrypt files and not leak them, but they have no intention of paying the extortionists. The company disclosed that the attack took place about a month ago and says that only about 5% of its data was stolen. No specifics were available about the nature of that data at press time.

How it Could Affect Your Business: Getting hit by ransomware is awful, but refusing to pay the extortionists is always the right thing to do.

Germany – Auraubis

https://www.itnews.com.au/news/german-copper-smelter-aurubis-in-cyber-attack-587159

Exploit: Hacking

Auraubis: Copper Smelter

Risk to Business: 1.619 = Severe
Europe’s top copper smelter Aurarubis announced that it had been the victim of a cyberattack that caused the company to shut down its IT systems. The company said that production was not disrupted badly, and environmental controls were not impacted. Aurarubis also said that incoming and outgoing shipments are being handled manually. There was no timeline provided for when the company expected to have all of its systems back online. The company pointed to this attack as part of a larger pattern of cyberattacks in the metals and mining industry.

How it Could Affect Your Business: Infrastructure has been under fire from ransomware gangs, with 14 of 16 critical infrastructure sectors in the U.S. hit by ransomware in 2021

Japan – Asahi Group Holdings, Ltd.

https://securityaffairs.co/wordpress/137803/cyber-crime/blackbyte-ransomware-asahi.html

Exploit: Ransomware

Asahi Group Holdings, Ltd.: Beverage Company

Risk to Business: 1.684 = Severe
BlackByte ransomware is behind an attack on Asahi Group Holdings, Ltd. The group claims to have snatched gigabytes of documents from the beverage company, including financial and sales reports. The gang is reportedly demanding $500K to buy the stolen data back or $600K to delete the stolen data. There was no word at press time if the beverage company intended to pay. Asahi is the largest beer brewer in Japan and also distributes imported beer and soft drinks.

How it Could Affect Your Business: Ransomware groups love hitting businesses that are time sensitive in order to raise the chance that they’ll get paid fast.

Australia – ForceNet

https://www.gizmodo.com.au/2022/10/australian-defence-ransomware/

Exploit: Ransomware

ForceNet: Communications Platform

Risk to Business: 2.783 = Extreme
A ransomware attack has struck a communications platform used by military personnel and public servants from The Australian Department of Defence. The platform, ForceNet is run by a subcontractor. Initial reports stated that no data was stolen or at risk, but that was later updated with the news that data related to private communications between current and former Australian Defence Force members may have been compromised, with as many as 40,000 records at risk in a likely breached dataset from 2008. However, authorities are confident no personal data has been accessed. No further information about the exact nature of the exposed data or any ransom demand was available at press time.

How it Could Affect Your Business: There could be some sensitive communications involved here, illustrating the danger of cybersecurity problems at a third-party service provider.

Australia – Medlab Pathology

https://finance.yahoo.com/news/1-australian-clinical-labs-says-220121433.html

Exploit: Hacking

Medlab Pathology: Healthcare Provider

Risk to Business: 1.771 = Severe
The latest victim in Australia’s recent surge of cyberattacks is Medilab Pathology. The company disclosed that an unauthorized party has gained access to a huge store of data including more than 17,500 individual medical and health records, more than 28,000 credit card numbers and individuals’ names and more than 128,600 Medicare numbers. Medilab investigated a data breach in February 2022 but found that no data was taken. That changed after the Australian Cyber Security Centre (ACSC) contacted Medilabs’ parent company Australian Clinical Labs in June 2022 and informed the company that Medlab information had been posted on the dark web. No additional details about the stolen data were available at press time.

How it Could Affect Your Business: Medical laboratories often hold sensitive health data that cybercriminals want, making them prime targets for hackers