Categories
The Week in Breach

The Week in Breach News: 01/06/22 – 07/06/22


Ransomware hits Foxconn and more cyberattack trouble for governments around the world.



City of Portland, OR

Exploit: Business Email Compromise 

City of Portland, OR: Municipal Government 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.726 = Severe

Bad actors struck the city of Portland, Oregon in an audacious business email compromise attack that resulted in a $1.4 million fraudulent transaction with city funds in April. City officials say that cybercriminals obtained the money after gaining access to a city email account illegally. The compromise was detected in May when the same account attempted another transfer of funds. The incident is under investigation by the FBI, U.S. Secret Service and the Portland Police Bureau.

How It Could Affect Your Business: From municipalities to major national agencies, government targets have been a favourite of cybercriminals in the last few years.


City of Alexandria, LA

Exploit: Ransomware

City of Alexandria, LA – Municipal Government

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.733 = Moderate

The AlphV ransomware gang has added the city of Alexandria, Louisiana to its list of victims. Officials confirmed that the city of 50,000 had fallen victim to a ransomware attack. They don’t believe that any sensitive data was stolen, and city operations will proceed as normal. This is the 22nd reported incident affecting a local government in the U.S. this year. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Governments have been high on the cybercriminal’s shopping list since they tend to have big data stores.


amy

Mexico – Foxconn

Exploit: Ransomware

Foxconn: Electronics Manufacturing

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.349 = Extreme

A major factory for Foxconn located in Tiajuana, Mexico near the California border was hit by a ransomware attack in late May that resulted in a shutdown. The plant specializes in the production of medical devices, consumer electronics and industrial operations. The operators of LockBit have claimed responsibility for the attack.  

How It Could Affect Your Business: Manufacturers have been popular targets for cybercriminals, ranking number one for ransomware attacks in 2021.


Costa Rica – Costa Rican Social Security Fund (CCSS)

Exploit: Ransomware

Costa Rican Social Security Fund (CCSS): Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

The Costa Rican Social Security Fund (CCSS)was forced to shut down its digital record-keeping system last week due to a ransomware attack, affecting some 1,200 hospitals and clinics. Officials say that 30 of 1500 of its servers were impacted and they saw no evidence that a critical database or system was compromised. For weeks, Costa Rica has been under siege by ransomware, with a parade of government agencies taking big hits.  

How it Could Affect Your Business: Costa Rica has been continually having problems with cyberattacks to the point that it is having an effect on the government’s stability.


Switzerland – Novartis

Exploit: Ransomware

Novartis: Pharmaceutical Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.717 = Moderate

Novartis has been the victim of an attack by the Industrial Spy data-extortion gang. Last week, the group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins. The threat actors claim that the data that they have for sale is related to RNA and DNA-based drug technology and tests from Novartis. The drug company says that no sensitive information was taken. Bleeping Computer reports that the data being sold consists of 7.7 MB of PDF files, which all have a timestamp of 2/25/2022 04:26, likely when the data was stolen. 

How it Could Affect Your Business Cybercriminals aren’t just hunting for PII, they’re also in the market for proprietary data, formulas, research and information about operational technology



Russia – Rustam Kurmaev and Partners

Exploit: Hacking

Rustam Kurmaev and Partners: Law Firm 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.733-Moderate

The Anonymous hacktivists collective claims to have struck another Russian organization. The group leaked approximately 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law). The firm works with major banking, media, oil, and industrial firms and state interests. This incident follows on the heels of another incident two days before in which the collective snatched hundreds of gigabytes of data from the servers of Russia’s largest media holding with over 100 regional radio stations, Vyberi Radio.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Anonymous and its’ associates have been continually hammering at Russian targets in opposition to the Russian invasion of Ukraine.



Australia – iCare 

Exploit: Insider Risk (Employee Error)

iCare: Insurer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.780 = Severe

State insurer iCare is in the hot seat after an employee mistakenly shared the details of almost 200,000 injured workers with 587 employers and insurance brokers after sending the incorrect cost of claims analysis reports to the wrong recipients. The employee information was contained in spreadsheets that were mistakenly sent as attachments to the wrong employers. The company sent impacted workers an apology for the incident in May 2022.  

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.263 = Severe

The missent cost of claims reports included a summary of workers’ claims history, their name, date of birth and injury category, workers’ policy number, a breakdown of weekly payments, claim costs and gross amounts paid, but no banking or contact details. 

How it Could Affect Your Business Employee mistakes can be just as dangerous, damaging and expensive as many cyberattacks.


Australia – ACY Securities

Exploit: Misconfiguration

ACY Securities: Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.871 = Severe

A misconfigured database owned by ACY Securities is to blame for the exposure of personal and financial data of users and businesses. An estimated 60GB worth of data was left exposed and accessible on the web without any security authentication. The data has since been secured.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.643 = Severe

Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details. 

How it Could Affect Your Business This will be a very expensive employee mistake that could have far-reaching effects and regulatory complications.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Leave a Reply