Categories
The Week in Breach

The Week in Breach News: 24/08/22 – 30/08/22


 It’s all ransomware all the time this week with a spate of damaging attacks in the U.S., U.K. and South America.



Accelya

Exploit: Ransomware

Accelya: Airline Technology Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.706 = Severe

The AlphV/Black Cat ransomware group has claimed responsibility for an attack on airline technology firm Accelya. The group claimed to have stolen emails, worker contracts and other business information. Accelya provides passenger, cargo, and industry analytics platforms for airline retailing to Delta, British Airways, JetBlue, United, Virgin Atlantic, American Airlines and other airlines. The company confirmed the incident after investigators discovered that the company’s data was posted on a ransomware leak site.   

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: This company faced double jeopardy with both an increase in supply chain and transportation industry attacks.


DoorDash

Exploit: Supply Chain Attack

DoorDash: Food Delivery Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.907 = Severe

DoorDash has confirmed a data breach that has exposed customer information. Employees of the vendor had credentials that were stolen as part of a recent incident at software company Twilio that were then used to access DoorDash’s internal tools. The company said it cut off the third-party vendor’s access to its systems after discovering suspicious activity. DoorDash did not name the third-party vendor but did confirm the attack and that it was related to the Twilio hack.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.975 = Severe

An undisclosed number of customers had their names, email addresses, delivery addresses, phone numbers and partial payment card numbers stolen. For drivers with the company, hackers were able to access names, phone numbers and email address information.

How It Could Affect Your Business: Unfortunately, this kind of exposure is becoming all too common as bad actors strike strategically against service providers.


LastPass

Exploit: Ransomware

LastPass: Software Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.836 = Severe

Authentication software firm LastPass said on Thursday that someone broke into one of its developer’s accounts and used that to gain access to proprietary data including source code. The company said in a statement that the incident had been contained and that they see no further evidence of unauthorized activity. LastPass says there is no evidence that customer data or encrypted password vaults were compromised. This breach may be related to the recent Twilio hack which impacted many companies.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: The Information Technology sector was one of the 14 critical infrastructure sectors most victimized by ransomware last year.


Chester Upland School District

Exploit: Business Email Compromise

Chester Upland School District: Regional Education Authority

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.337 = Severe

A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million. Authorities say hackers used a stolen district employee email account to snatch the money by sending official-looking messages from that account and then diverting payments to themselves. After diverting the payments, the cybercriminals then used a romance scam conducted through the dating site eHarmony to entice a Florida woman to launder the money unwittingly. The scheme came to light after the Pennsylvania Department of the Treasury flagged a large transfer, unraveling the whole mess. $10 million of the money has since been recovered.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Business email compromise is hard to detect but causes the most financial damage. This school district got lucky recovering money.


New Hampshire Lottery

Exploit: Hacking

New Hampshire Lottery: Gambling Program

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.809 = Moderate

New Hampshire Lottery officials warned of a cyberattack on its website, cautioning players that people visiting the site should not click on any pop-up message. The site began to experience trouble early Friday morning, typically a busy day for lottery sales with the Mega Millions drawing taking place late Friday night. Officials said the site has been taken down as the matter is investigated and the trouble dealt with. They do not believe any personal data of players was stolen.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Cybercriminals love to exploit government-run websites to spread malware or for other nefarious purposes.


amy

The Dominican Republic – Instituto Agrario Dominicano

Exploit: Ransomware

The Instituto Agrario Dominicano (IAD): Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.223 = Severe

The Instituto Agrario Dominicano (IAD), an arm of the Dominican Republic’s Ministry of Agriculture, has been hit by the Quantum ransomware group. The attack took down four physical and eight virtual servers as well as compromising all of IAD’s data. Officials say that the agency had only basic security in place and no dedicated security workers. The group is demanding an estimated $600k in ransom, but The Dominican Republic is an economically challenged country, making it unlikely that they’ll pay the extortionists.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Governments have been popular targets for cybercriminals even when they’re not nation-state aligned.



Greece – DESFA

Exploit: Ransomware

DESFA: National Natural Gas Provider 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.871 = Moderate

Greece’s national natural gas operator DESFA has been hit by a ransomware attack by the Ragnar Locker ransomware organization. The group added DESFA to its dark web leak site on Friday, noting that it had not received a response to its ransom demand at that time. DESFA said that it will not negotiate with cybercriminals. The company also said that the incident had a “confirmed impact on the availability of some systems and possible leakage of a number of directories and files.” DESFA also said that Greek law enforcement agencies as well as the Ministry of Digital Governance and Hellenic Data Protection Authority have been notified of the attack. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Cybercriminals love to go after utilities because of the high chance they’ll get paid to avoid service disruptions, although these bad actors won’t.



India – Akasa Air

Exploit: Misconfiguration

Akasa Air: Airline

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.790 = Severe

 Akasa Air disclosed that it has suffered a data breach resulting in unauthorized individuals gaining access to user information. The breach was caused by a configuration error that left vulnerabilities in the airline’s login and sign-up service. Akasa Air said that no travel-related information, travel records or payment information was compromised in the incident. The company claims to have fixed the problem and reopened all services.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.662 = Severe

 Exposed registered user information includes registrant names, genders, email addresses and phone numbers.  

How it Could Affect Your Business: Employee mistakes like this one can be just as costly and problematic as a cyberattack.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Leave a Reply