InTegriLogic Blog
The Week in Breach News: 11/30/22 – 12/06/22
LastPass
https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
Exploit: Hacking
LastPass: Software Company
Risk to Business: 1.106 = Extreme
LastPass has experienced a second data breach. The company disclosed in its blog that hackers used information obtained in the August 2022 LastPass breach to access customer information in third-party cloud storage shared with its corporate partner GoTo. LastPass specified that customers’ passwords it stores were unaffected and remain safely encrypted. It is unclear as whether or not clients of GoTo and LogMeIn were affected by this incident. All the brands involved said that the incident is under investigation and LastPass specified that it has engaged Mandiant as part of that effort. No specifics as to what information was exposed were available at press time.
How It Could Affect Your Business: Multiple breaches in one year can cause customers to lose faith in a company.
U.S. Immigration and Customs Enforcement (ICE)
https://www.businessinsider.com/more-than-6000-immigrants-affected-ice-data-leak-hours-2022-11
Exploit: Misconfiguration
U.S. Immigration and Customs Enforcement (ICE): Federal Government Agency
Risk to Business: 2.121 = Severe
Personal information about more than 6,000 potential immigrants applying for refuge from possible torture or political persecution in the U.S. was exposed by ICE in a misconfiguration error. The data breach was first discovered by immigrant advocacy group Human Rights First. After the group reported the problem to ICE the leak was quickly corrected, but not before information about people seeking refuge from countries around the world including China, Iran and Russia was left unprotected and available to anyone for more than five hours. The agency determined that the data had been exposed accidentally as part of a website update. Unfortunately, the availability of the information may have exposed threatened people to danger.
Individual Risk: 2.207 = Severe
In this incident, immigrants’ names, case status, detention locations, and other information was published on a page where ICE regularly publishes detention statistics.
How It Could Affect Your Business: This configuration error exposed very sensitive data and potentially put people at risk of harm.
Rackspace
Exploit: Ransomware
Rackspace: Cloud Solutions Provider
Risk to Business: 1.652 = Severe
A ransomware attack forced Virginia-based cloud solutions provider Rackspace was forced to shut down its Hosted Exchange servers on December 2. The company disclosed that Rackspace’s Hosted Exchange service began experiencing problems on December 2 and told customers that the shutdown was the result of a security incident on December 3 that was later identified as ransomware. The company told customers to shift to Microsoft 365 for email services and is offering them free access. Rackspace gave no estimated timeline for the restoration of its Exchange services but cautioned customers that the outage was expected to be extended. A company statement said that the attack was confined to its Hosted Exchange servers. The incident is under investigation but Rackspace said that it is too early to tell if any data was accessed by the threat actors.
How It Could Affect Your Business: IT service providers have been experiencing extraordinarily high levels of ransomware as bad actors perpetrate supply chain attacks.
Durham District School Board
Exploit: Hacking
Durham District School Board: Regional Education Authority
Risk to Business: 2.107 = Severe
A school system in the greater Toronto area has experienced a major technical outage after a hacking incident. Durham District School Board said that the incident disrupted online learning for students and left schools without access to phone or email services as well as emergency contact information. The district the board oversees is responsible for public education across 136 elementary and secondary schools in the eastern Toronto area serving an estimated 74,000 students with over 7,000 teaching and educational services staff.
How it Could Affect Your Business: School systems and universities have been high on cybercriminal hit lists because bad actors know they can’t afford downtime.
Colombia – Keralty
Exploit: Ransomware
Keralty: Healthcare Provider
Risk to Business: 1.882 = Severe
Multinational healthcare group Keralty has disclosed that it has experienced a ransomware attack that has impacted the company and its subsidiaries EPS Sanitas and Colsanitas. The attack has disrupted IT operations including the scheduling of medical appointments and its websites. Reports say that patients were left waiting in lines for more than 12 hours to obtain treatment. The RansomHouse ransomware group has claimed responsibility. The cybercrime group claims to have snatched data in the incident but that is unconfirmed.
How it Could Affect Your Business: Not only does a cyberattack disrupt the business of a healthcare provider, it also dangerously impacts patient care.
Belgium – Zwijndrecht Police Department
Exploit: Ransomware
Zwijndrecht Police Department: Law Enforcement Agency
Risk to Business: 1.604 = Severe
The Zwijndrecht Police Department in Belgium has confirmed that it has experienced a data breach after an attack by the Ragnar Locker ransomware group. In an interesting twist to this story, the group initially posted to its dark website that it had successfully attacked the municipality of Zwijndrecht, but it turned out that the attack has actually been perpetrated against the city’s police department. The stolen data is reported to include thousands of car number plates, fines, crime report files, personnel details and investigation reports. No specifics about any demanded ransom were available at press time.
How it Could Affect Your Business: Law enforcement organizations hold some especially sensitive data and need especially strong protection against a data breach.
Australia – AGL Energy
Exploit: Hacking
AGL Energy: Energy Company
Risk to Business: 1.717 = Severe
The latest company victimized in the recent rash of cyberattacks o Australian companies is AGL Energy, Australia’s largest electricity provider. The company reported detecting suspicious activity on its platform on December 1. AGL said in a statement that it believed the incident was the result of bad actors obtaining reused customer credentials that had been stolen in other incidents. The energy provider disclosed that an estimated 6,00 customer accounts may have been impacted in this incident. Impacted customers were informed by mail and that federal government and relevant cyber security bodies have been notified of the incident.
How it Could Affect Your Business: Making a continuity plan is a smart move that will help Guadeloupe get out from under this disaster quickly.
New Zealand – Accuro
https://www.insurancebusinessmag.com/nz/news/cyber/accuro-hit-by-cyberattack-429430.aspx
Exploit: Hacking
Accuro: Health Insurance Provider
Risk to Business: 2.801 = Severe
A cyberattack on New Zealand health insurer Accuro has compromised its access to several of its core systems. The not-for-profit insurer says it has not yet determined if customer data was stolen in the incident. Accuro pointed to a cyberattack on its unnamed IT services provider as the root cause of the trouble and said that systems may be down for a protracted period. The company has notified the relevant regulatory authorities, including the Office of the Privacy Commissioner and CERT NZ.
Risk to Business: 2.665 = Severe
The company has notified the relevant regulatory authorities, including the Office of the Privacy Commissioner and CERT NZ.
How it Could Affect Your Business: Companies in Australia and New Zealand have been experiencing a flood of cyberattacks recently.