Ransomware sprouts up at a major U.S. agricultural company, insider risk strikes home at IKEA and more trouble for government agencies.
AGCO
Exploit: Ransomware
AGCO: Agricultural Machinery Manufacturer
Risk to Business: 1.471 = Extreme
Major U.S. agricultural machinery manufacturer AGCO announced that they have suffered a ransomware attack that is impacting some of the company’s production facilities. A statement from the company provided few details but specified that its operations including production “Will likely be adversely affected for several days and potentially longer.” No group has claimed responsibility or publicized a ransom demand.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
EXTRA: The FBI recently released an alert about elevated ransomware risk in the Food & Agriculture sector.
How It Could Affect Your Business: Ransomware gangs love to pounce on industries at critical times. This is a massive problem at the height of spring planting season in the US.
The State Bar of Georgia
Exploit: Hacking
State Bar of Georgia: Professional Organization
Risk to Business: 2.804 = Moderate
The State Bar of Georgia has experienced a cyberattack that crippled the organization’s network, website and email system. Officials say that the attack began last Monday when an unauthorized user was discovered and that the organization’s IT team swung into action quickly to secure the network from further trouble. There was a continued impact on the Bar’s website throughout the week. The incident is under investigation.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business Professional organizations have been on cybercriminal hit lists thanks to the abundant personal and sometimes financial data they tend to hold.
IKEA
Exploit: Insider Threat
IKEA: Home Goods Retailer
Risk to Business: 2.711 = Moderate
Furniture and home goods giant IKEA announced that it had experienced a data breach in its Canadian operations that impacted an estimated 95,000 customers. The company said that sensitive customer information was mistakenly provided to an employee in an internal search between March 1 and March 3, 2022. No specifics about the compromise data were offered beyond confirmation that no financial or banking information was accessed. IKEA says that it has notified any customers that were impacted by the breach and the Office of the Privacy Commissioner of Canada.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Internal information security foul-ups by employees like this are embarrassing and potentially expensive mistakes that no company wants to handle.
Peru – Dirección General de Inteligencia (DIGIMIN)
Exploit: Ransomware
Dirección General de Inteligencia (DIGIMIN): National Government Agency
Risk to Business: 1.316 = Extreme
Conti ransomware is to blame for continued trouble in Costa Rica’s public sector. After crippling several federal departments last week, the group has not snarled operations at Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), electricity manager for the city of Cartago, population 160,000. Officials said that the attack has encrypted the servers used to manage the organization’s website, e-mail, administrative collection systems and more, rendering customers unable to pay for electricity and internet bills.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business An attack of this nature is a major national security threat to Peru with the potential to expose a great deal of sensitive foreign and domestic intelligence data.
Bulgaria – The Bulgarian State Agency for Refugees Under the Council of Ministers
Exploit: Ransomware (Nation-State)
The Bulgarian State Agency for Refugees Under the Council of Ministers: National Government Agency
Risk to Business: 1.811 = Severe
LockBit 2.0, a cybercrime gang known to have strong ties to Russia, announced that it intends to publish data it claims to have stolen in an attack on The Bulgarian State Agency for Refugees Under the Council of Ministers. That agency is experiencing extra stress right now as it oversees the flow of Ukrainian refugees in Bulgaria. The agency’s website is up but warns that some email addresses may not be working. An estimated 230,000 refugees have fled to Bulgaria in the wake of Russia’s invasion of Ukraine.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Although this is not confirmed as a nation-state incident, both “official” and nation-state adjacent threat actors on both sides of this conflict have been active in a flood of invasion-related cyberattacks.
Germany – Sixt
Exploit: Hacking
Sixt: Car Rental Company
Risk to Business: 1.909-Severe
Major car rental company Sixt has suffered IT disruptions at some locations in the wake of a cyberattack. The company says that the attack on April 29 forced them to restrict access to all their internal IT systems, snarling operations for clients and agents. The nature of the attack was not disclosed, and the incident remains under investigation. Sixt rents out cars from over two thousand locations in more than 100 countries.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Incidents like this can spawn customer headaches that do damage to a company’s reputation.
Russia – Qiwi
Exploit: Nation-State (Hacktivism)
Qiwi: Payment Processor
Risk to Business: 2.096 = Severe
Anonymous and its associates continue a cyberattack offensive against Russian businesses and agencies in the wake of Russia’s invasion of Ukraine. This time, Anonymous affiliate Network Battalion (NB65) group claims that it has hacked and deployed ransomware against the Russian payment processing platform Qiwi. NB65 says that it managed to extract 10.5TB of data from Qiwi, including 30 million payment records and the data from 12.5 million credit cards of Qiwi customers. The group has posted a host of examples of the stolen data as proof of the hack, threatening to release 1 million cards worth of data daily. Qiwi denies the event.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business This is the latest in a long string of strikes by Anonymous against Russian and Russia-aligned businesses that shows no signs of stopping.
Australia – Naru Police Force
Exploit: Hacking
Naru Police Force: Law Enforcement Agency
Risk to Business: 2.776 = Moderate
The Anonymous collective released 82GB worth of emails apparently belonging to the Nauru Police Force on May 2 as a protest against the alleged ill-treatment of asylum seekers and refugees carried out by the Naru Police Force on behalf of the Australian government. The total number of leaked emails is reported to be 285,635 and the data is available for direct and torrent download. Anonymous claims that the stolen emails contain details of a cover-up of abuses against prisoners in refugee camps on the island by the Nauru Police Force and the Australian government.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Hacktivisim isn’t only a factor in nation-state cybercrime and could impact all kinds of businesses and institutions.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident