Categories
The Week in Breach

The Week in Breach News: 29/09/21 – 05/10/21

Ransomware is on a round-the-world tour this week, visiting major players like JVCKenwood, Marketron and Sandhills Global.



Sandhills Global

Exploit: Ransomware

Sandhills Global: IT & Digital Publishing

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.337 = Extreme

Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


Marketron 

Exploit: Ransomware

Marketron: Marketing Services Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.606=Severe

Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand.  The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 320,000

How It Could Affect Your Customers’ Business Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.



Portpass

Exploit: Misconfiguration

Portpass: COVID-19 Vaccine Passport Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.636 = Severe

Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.636 = Severe

A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports. 

Customers Impacted: 650,000

How It Could Affect Your Customers’ Business Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.



United Kingdom – Giant Group

Exploit: Ransomware

Giant Group: Payroll Services Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.713 = Severe

Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.


France – TiteLive

Exploit: Ransomware

TiteLive: Bookstore Support Platform Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661=Severe

Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.


Israel – E.M.I.T Aviation Consulting

Exploit: Ransomware

E.M.I.T Aviation Consulting: Defense Aviation Consulting 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.



New Zealand – Aquila Technology 

Exploit: Credential Compromise

Aquila Technology: Communications Equipment Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.699 = Severe

The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.



Japan – JVCKenwood 

Exploit: Ransomware

JVCKenwood: Audio Equipment Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time, although the sample points to employee information exposure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Leave a Reply