InTegriLogic Blog
The Week in Breach News: 11/23/22 – 11/29/22
DraftKings
https://www.infosecurity-magazine.com/news/credential-stuffers-300k/
Exploit: Credential Stuffing
DraftKings: Sports Betting Platform
Risk to Business: 1.106 = Extreme
Users of sports book platform DraftKings took a heavy hit last week with an estimated $300k lost to a credential stuffing attack. A company official confirmed the attack in a statement, saying that they believe that the incident stemmed from customers reusing login credentials that had already been compromised elsewhere. Bad actors gained access to several user accounts that they immediately took over, changing the passwords and enabling 2FA for a phone number they controlled. DraftKings has said that customers who lost money will be made whole but did not offer specifics.
How It Could Affect Your Business: This is not a good look during a busy time f year for sports betting with the World Cup ongoing and the U.S. football playoffs ahead.
Cincinnati State Technical and Community College
Exploit: Ransomware
Cincinnati State Technical and Community College: Institution of Higher Learning
Risk to Business: 2.843 = Moderate
The Vice Society ransomware group has added Cincinnati State Technical and Community College to its dark web leak site, releasing a trove of purportedly stolen documents ranging across the past two years. The school confirmed that it had experienced a cybersecurity incident that is still under investigation in early November. While class schedules were not impacted, the school is still working to restore functionality in some of its communications systems. Financial aid services, network printing, VPN tools, department share drives, admission application platforms, transcript exchanges, grading tools and more were all still down as of last Friday. The release of the documents may indicate that the school did not pay the ransom that Vice Society demanded.
How It Could Affect Your Business: Educational institutions at every level have been hit hard by bad actors, and they’re favored targets for Vice Society.
The City of Westmount
https://www.itworldcanada.com/article/montreal-area-city-hit-by-ransomware-report/514484
Exploit: Ransomware
The City of Westmount: Municipality
Risk to Business: 1.652 = Severe
Ransomware has struck the city government of Westmount in Montreal. The Lockbit ransomware gang has claimed responsibility, claiming it snatched 14 TB of data from the city. Westmount’s website is unaffected, but many city departments are hampered by a lack of access to email and communications systems. The attack was reportedly spotted by a city employee on Sunday morning, The city says that its Information Technology Department is working with a leading external cybersecurity firm and the appropriate national agencies to determine the extent of the attack and remediate damage, but no timeline was provided.
How It Could Affect Your Business: Municipal governments have been a major target for ransomware gangs looking to score a quick ransom payment.
Sonder
https://www.infosecurity-magazine.com/news/sonder-confirms-data-breach/
Exploit: Hacking
Sonder: Hospitality Company
Risk to Business: 2.633 = Moderate
Sonder, a Montreal company that specializes in short-term rentals, has experienced a data breach that has exposed data for some of its clients. In a statement, Sonder disclosed that it had discovered that there had been unauthorized access to one of its systems that included certain guest records in early November. Specifically, guest records created prior to October 1, 2021, were involved in this incident. The company said that it is working with appropriate authorities as well as leading security and forensic specialists to get to the bottom of the incident.
Individual Risk: 2.722 = Moderate
Guest data exposed in this incident may include passport or other ID data, Sonder.com username and encrypted password, personal data including full name, phone number, date of birth, address, email address, financial data including guest transaction receipts and the last 4 digits of credit card numbers and transaction amounts, plus dates booked for stays at a Sonder property.
How it Could Affect Your Business: Ths kind of business is ripe for the picking by bad actors because it holds a wide variety of saleable data
Coinsquare
https://bitcoinist.com/coinsquare-suffers-data-breach-heres-what-happened/
Exploit: Hacking
Coinsquare: Cryptocurrency Exchange
Risk to Business: 1.482 = Severe
Crypto platform Coinsquare had to temporarily shut down operations in response to a hacking incident that caused a data breach on its platform. Coinsquare admitted that its customer database with personal information was accessed by a third party in the November 19 incident. The company was quick to note that although user PII and come account information were likely exposed to bad actors, no passwords were compromised and users’ assets remained safe. Just one month ago, Coinsquare became the first Canadian crypto trading platform to get registered by the Investment Industry Regulatory Organization of Canada (IIROC).
How it Could Affect Your Business: The embattled cryptocurrency industry can’t afford high-profile losses right now, especially from reputable platforms.
Harry Rosen
https://www.itworldcanada.com/article/canadian-menswear-chain-harry-rosen-confirms-cyber-attack/515325
Exploit: Ransomware
Harry Rosen: Menswear Retailer
Risk to Business: 1.812 = Severe
Harry Rosen is the latest retail company to be hit by a cyberattack. The menswear retailer was hit by a suspected ransomware attack in mid-October. The BianLian ransomware group has claimed responsibility, listing the company as a victim on its leak site. According to the gang they have obtained more than 1TB of data including data on Gold club members, sales records, file server data and data they’ve labeled Projects, Marketing, HR and Public Relations. The data has begun to be released, suggesting that Harry Rosen did not pay the unspecified ransom demanded. The company said that it is working with federal privacy regulators and the privacy regulators in Alberta and Quebec to resolve the incident.
How it Could Affect Your Business: Tis the season for a non-stop barrage of cyberattacks against brick-and-mortar and eCommerce retailers.
France – The Government of Guadeloupe
https://therecord.media/guadeloupe-kickstarts-continuity-plan-after-wide-ranging-cyberattack/
Exploit: Ransomware
The Government of Guadeloupe: Regional Government
Risk to Business: 1.733 = Severe
The French Caribbean island region Guadeloupe has been struck by a ransomware attack that has crippled its government. What has been described as a “far-reaching” cyberattack culminated in a temporary shutdown of the government’s online functions and communications systems. Officials said that a continuity plan in place ensured that essential functions like schools and public services would continue to function normally. No timeline was provided for all services to be restored and no ransom demand was made public. The government announced that it is working with France’s data protection authority Commission nationale de l’informatique et des libertés )CNIL) as well as France’s National Information Systems Security Agency (ANSSI), the National Police and the Gendarmerie to resolve the incident.
How it Could Affect Your Business: Making a continuity plan is a smart move that will help Guadeloupe get out from under this disaster quickly.
Australia – The Smith Family
Exploit: Credential Compromise
The Smith Family: Youth Non-Profit
Risk to Business: 2.237 = Severe
Children’s charity The Smith family has become the latest victim in a string of cyberattacks that have pummeled Australia in recent months. The organization said that an unauthorized party was able to gain access to an employee’s email account in October, resulting in the exposure of donor information. At the same time, the bad actor also attempted to siphon off funds, but that attempt was thwarted. The charity said it is working with the Australian government’s Cyber Security Centre and the Office of the Australian Information Commissioner to investigate the incident. The perpetrator was not able to access any data about the children the charity helps, and programs will continue to run as normal.
Risk to Business: 2.165 = Severe
Data exposed in this incident includes. donor names, addresses, other contact information and partial credit card data.
How it Could Affect Your Business: Cyber risk is especially elevated for charities throughout the holiday season as donations rise.
About the author
