InTegriLogic Blog
The Week in Breach News: 11/01/23 – 11/07/23
his week: Bad actors fly in to snatch data from Boeing, over 1 million Cook County Health patients have data exposed and an attack on Südwestfalen IT paralyzes 70 German municipalities.
Ace Hardware
https://www.securityweek.com/cyberattack-disrupts-ace-hardwares-operations/
Exploit: Hacking
Ace Hardware: Retailer
Risk to Business: 1.627 = Extreme
Ace Hardware is experiencing continued operational disruptions after a cyberattack crippled most of its IT systems. The October 29 incident knocked out key IT systems including UK/EU ACENET, the company’s warehouse management systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, invoicing and Ace Rewards as well as the company’s customer care center phones. Shipments to customers have also been interrupted. A company statement said that 1,202 devices including 196 servers were impacted by the attack.
How It Could Affect Your Business: Today’s retailers are more reliant on technology than ever before and need to prioritize cybersecurity to avoid costly downtime.
Henry Schein
https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-breach-of-healthcare-giant-henry-schein/
Exploit: Ransomware
Henry Schein: Healthcare Solutions Provider
Risk to Business: 1.741 = Severe
Fortune 500 healthcare solutions company Henry Schein has disclosed that it has been hit by a ransomware attack that knocked out some of its systems. The company said that the October 15 attack forced it to take some systems offline including its manufacturing and distribution businesses, but its Henry Schein One practice management software has not been impacted. The ALPHV/BlackCat ransomware group has claimed responsibility for the attack, boasting that it snatched 35 TB of data.
How It Could Affect Your Business: Cybercriminals know that they can make money fast by knocking out linchpins in an industry’s supply chain
Mr. Cooper
https://nationalmortgageprofessional.com/news/mr-cooper-locked-down-cyber-attack
Exploit: Ransomware
Mr. Cooper: Mortgage Lender
Risk to Business: 1.603 = Severe
Texas-based mortgage company Mr. Cooper (previously Nationstar Mortgage LLC) has fallen victim to a cyberattack that is snarling its operations. The October 31 attack knocked out the company’s online payment system, but the company has reassured customers that they will not incur fees or any negative impacts from the outage. Mr. Cooper said that it is working to resolve the situation as quickly as possible.
How It Could Affect Your Business: A hit on a mortgage company can be a goldmine for bad actors because of the wide variety of data lenders hold.
Boeing
https://www.bleepingcomputer.com/news/security/boeing-confirms-cyberattack-amid-lockbit-ransomware-claims/
Exploit: Ransomware
Boeing: Aerospace Company
Risk to Business: 2.740 = Moderate
The LockBit ransomware group has claimed that it has successfully landed a hit on Boeing. The aerospace giant confirmed that its parts and distribution arm did fall victim to a ransomware attack. Boeing was quick to say that the attack would not impact flight safety. The company said that it is investigating the incident and has hired a third-party security firm to help, along with seeking help from law enforcement.
How It Could Affect Your Business: Cybercriminals are going after infrastructure targets relentlessly, and the elevated threat level calls for elevated security.
Allied Pilots Association (APA)
https://therecord.media/american-airlines-pilot-union-cyberattack
Exploit: Ransomware
Allied Pilots Association (APA): Trade Union
Risk to Business: 2.673 = Moderate
The union that represents an estimated 15,000 American Airlines pilots, the Allied Pilots Association, has suffered a ransomware attack. The group said in a statement that the attack occurred on October 30. The union assured members that their team is working “nonstop” to restore its systems. The restoration efforts, APA said that their restoration efforts would prioritize pilot-facing systems and tools, with full operations expected to be restored later over time.
How it Could Affect Your Business: Members may lose confidence in an association that experiences a successful cyberattack.
Cook County Health
https://www.cbsnews.com/chicago/news/cook-county-health-warns-of-data-breach-for-1-2-million-patients-at-medical-transportation-firm/
Exploit: Supply Chain Attack
Cook County Health: Health System
Risk to Business: 1.612 = Severe
One of the largest healthcare systems in the U.S., Cook County Health in Illinois, is informing patients that their data may have been exposed in a data breach at one of their former service providers. The service provider, Perry Johnson & Associates (PJ&A), was a former medical transportation services provider for the system’s hospitals and clinics. PJ&A informed the county of the data breach in July 2023, saying that an unauthorized individual accessed systems where patient data was stored in April 2023. The records for 1.2 million patients including names, dates of birth, addresses, medical record numbers, encounter numbers, medical information and dates and times of service were potentially exposed.
How it Could Affect Your Business: Every relationship that a business has with a service provider or supplier can be a vector for a cyberattack.
Mexico – Querétaro Intercontinental Airport
https://therecord.media/queretaro-international-airport-mexico-cyberattack
Exploit: Human Error
Querétaro Intercontinental Airport: Airport
Risk to Business: 2.002 = Severe
Querétaro Intercontinental Airport, a major transportation hub that served more than 1.1 million travelers in 2022, has fallen victim to a cyberattack. Officials said that some of the airport’s systems were damaged after an employee downloaded a file containing malware. Traveler safety was not impacted. The LockBit ransomware group has claimed responsibility for the attack. The group has threatened to release the data it claims to have stolen if the unnamed ransom isn’t paid by November 28.
How it Could Affect Your Business: One careless employee can make a mistake that causes a huge cybersecurity problem for their employer.
Germany – Südwestfalen IT
https://therecord.media/massive-cyberattack-hinders-services-in-germany
Exploit: Ransomware
Südwestfalen IT: IT Service Provider
Risk to Business: 1.316 = Extreme
An estimated 70 German municipalities have been paralyzed by a ransomware attack on IT service provider Südwestfalen IT. The company said that to prevent the spread of ransomware it had been forced to take many systems offline. That move limited or blocked access to digital infrastructure for 70 municipal governments, mostly in the western German state of North Rhine-Westphalia. The attack left municipal governments reeling during a busy end-of-the-month period with outages all over the region. The incident is under investigation.
How it Could Affect Your Business: Service providers are prime targets for cyberattacks, and their risk is only rising as the world becomes more interconnected.
About the author
