This Week in Breach News:
Acer gets hit for a massive ransom, Chinese hackers meddle in Western Australia’s Parliament, and school is out at two hacked colleges.
United States – Descartes Aljex Software
https://www.hackread.com/shipping-management-software-firm-data-online/
Exploit: Unsecured Database
Descartes Aljex Software: Shipping Software Developer
Risk to Business: 1.726 = Severe
An unsecured database is always trouble as Descartes Aljex Software discovered this week. 103 GB worth of data belonging to the New Jersey-based company was discovered by researchers after it was left exposed on a misconfigured AWS S3 Bucket. The exposed data contained corporate, client and employee information.
Risk to Business: 1.667 = Severe
An unsecured database is always trouble as Aljex clients’ account data that was exposed included full names, phone numbers, email addresses, Aljex usernames, and plaintext passwords. Carrier information, their full names and email addresses as well as their house addresses and phone numbers were compromised. Client shipment details, shipment information, recipient’s consignee name, shipment origin and destination, addresses, and phone numbers were included in the data that was exposed. Sales representative details were also exposed including full names, corporate emails, Aljex usernames, and sales representative IDs
Customers Impacted: 4,000
How it Could Affect Your Customers’ Business: Third-party and supply chain risk is growing more dangerous for businesses as the ripple effect of breaches like this fuels cybercrime. Take precautions now to avoid headaches later.
United States – Guns.com
https://www.hackread.com/hacker-dumps-guns-com-database-customers-admin-data/
Exploit: Hacking
Guns.com: Online Gun Marketplace
Risk to Business: 1.227 = Extreme
An enormous database from Guns.com made an appearance in a hacker forum this week and it’s a major trove of information. The abundant data contains both administrator and user information including user IDs, full names, an estimated 400,000 email addresses, password hashes, physical addresses, ZIPcodes, city, state, Magneto IDs, phone numbers, account creation date and other personal details. One of the folders in the leaked database includes customers’ bank account details including full name, bank name, account type and Dwolla IDs. To top it off, an Excel file in the database was exposed containing sensitive login details of Guns.com including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials, with all admin credentials including admin emails, passwords, login links, and server addresses in plain text format.
Individual Risk: 1.112 = Extreme
Users of Guns.com are significantly impacted, as extensive banking and personal information has been exposed. They should be wary of identity theft, spear phishing, and business email compromise/fraud risks as well as change any passwords shared with this account
Customers Impacted: 400,000
How it Could Affect Your Customers’ Business Sensitive Personally Identifiable Information (PII) requires strong protection, especially when financial information for clients is at stake.
United States – Maricopa Community College
Exploit: Ransomware
Maricopa Community College: Institution of Higher Learning
Risk to Business: 2.312 = Severe
Classes have been disrupted as a suspected ransomware attack has caused extensive IT outages at Maricopa Community College. Education tools including MyInfo, Canvas, RioLearn, Maricopa email, Maricopa Google Tools and the Student Information System/Student Center are unavailable. The 10 college system has extended the semester by at least a week and expects service to be restored this week.
Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: One small email handling mistake can have devastating consequences. Stop ransomware from clobbering your business by preventing employees from interacting with phishing emails.
United Kingdom – South and City College Birmingham
Exploit: Ransomware
South and City College Birmingham: Institution of Higher Learning
Risk to Business: 1.102 = Extreme
The eight sites of South and City College Birmingham closed down in-person learning again this week after a purported ransomware attack wreaked havoc. Students will be back to learning online until systems can be restored, which may take weeks. An investigation is underway.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: 13,000
How it Could Affect Your Customers’ Business: Even without data theft, ransomware can cause a massive disruption that cripples your business. Scenarios like this are also ripe for exploitation with double extortion ransomware.
United Kingdom – The Defence Academy of the United Kingdom
https://securityaffairs.co/wordpress/115870/hacking/ministry-of-defence-hacked.html
Exploit: Nation-State Hacking
The Defence Academy of the United Kingdom: Specialty Graduate School
Risk to Business: 2.775 = Moderate
A nation-state hacking incident took the website and IT system of the UK Ministry of Defence training school offline this week. Systems at the academy were extensively compromised and it will take time to completely restore the impacted computers and servers. Russian and Chinese state-sponsored hackers are suspected to be behind the offensive. IT at the school is run separately by a contractor and no systems at the Ministry of Defence were impacted.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.
Australia – The Parliament of Western Australia
https://www.abc.net.au/news/2021-03-17/wa-parliament-targeted-cyber-attack/13253926
Exploit: Nation-State Hacking
Parliament of Western Australia: Regional Legislative Body
Risk to Business: 1.603 = Severe
Western Australia’s parliamentary email network was infiltrated by suspected Chinese hackers in the fallout of the recent massive Microsoft Exchange incident. The intrusion was detected on 03/04 in the middle of the state election campaign and led to intervention from Australia’s cybersecurity watchdog. Email service was disrupted but an investigation by Western Australia’s Parliamentary Services Department concluded that no sensitive data was stolen in the attack.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Nation-state hacking is a menace that doesn’t show signs of slowing down. Couple that with a massive third party breach at a major technology vendor and danger escalates.
Taiwan – Acer
Exploit: Ransomware
Acer: Computer Manufacturer
Risk to Business: 2.020= Severe
Acer has the dubious honor of setting a new record this year. The REvil cybercrime gang has executed a massive ransomware attack and they’re demanding the largest known ransom to date, $50,000,000. The audacious threat actors offered a 20% discount if payment was made by this past Wednesday. Data to prove the hit including samples of leaked images are for documents that include financial spreadsheets, bank balances, and bank communications has been posted as proof to hacker forums. The incident is ongoing.
Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.