The Week in Breach: 04/14/21-04/20/21 | CloudSmart IT

The Week in Breach: 04/14/21-04/20/21

 
 

This week Codecov discloses a doozy of a breach and ransomware wins at casinos in Tazmania.


United States – LogicGate

https://techcrunch.com/2021/04/13/logicgate-risk-cloud-data-breach/ 

Exploit: Hacking

LogicGate: Software Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.631= Severe

LogicGate notified customers that an unauthorized third party obtained credentials to its Amazon Web Services-hosted cloud storage servers storing customer backup files for its flagship platform Risk Cloud in 02/21. The risk and complaince specialty firm noted that only data uploaded on or prior to 02/23/21 would have been included in that backup file. The company said that an unauthorized third party was able to use filched credentials to decrypt files stored in AWS S3 buckets in the LogicGate Risk Cloud backup environment.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Hacking into databases is a profitable enterprise for cybercriminals. Ebsuring that you’re using strong security for information storage is a modern essential.


United States – Codecov

https://therecord.media/codecov-discloses-2-5-month-long-supply-chain-attack/

Exploit: Third Party Data Breach

Codecov: Software and Cloud Developer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.337 = Extreme

Codecov is facing a mess after a threat actor managed to breach its platform and add a credentials harvester to one of its tools, Bash Uploader  Codecov said the breach occurred “because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.” The attacker gained access to the Bash Uploader script sometime in 01/21 and made periodic changes to add malicious code that would intercept uploads and scan and collect any sensitive information like credentials, tokens, or keys. Unfortunately, the bad guys had 2.5 months to run wild – the breach wasn’t discovered until 04/01. The damage isn’tlimited to only to clients who used the Bash Uploader script, either. Because the script is also embedded in other products, a large chunk of the company’s customers may be affected. 

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Not only did Codecov fall victim to a cyberattack that adulterated its product, it didn’t find out for 2.5 months. Not a good look.


Canada – The Regional Municipality of Durham 

https://www.itworldcanada.com/article/ontario-regional-government-victim-of-third-party-cyber-attack/445791 

Exploit: Third-Party Breach (Ransomware)

The Regional Municipality of Durham: Regional Government Services Entity 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.741 = Severe

The Regional Municipality of Durham, which provides regional services to eight local municipalities north of Lake Ontario, announced in an email that it “recently became aware of a cybersecurity incident that occurred with a third-party software provider which impacted the region.” That incident was through data services provider Accellion, breached several weeks ago by the Clop ransomware gang in an incident that continues to ripple into other organizations. The content of the leaked data is unclear but appear to be administrative records.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This kind of data will be a windfall for the gang in today’s booming dark web data markets, but the Accellion breach will also continue to be a nightmare for impacted organizations.


 

United Kingdom – Castle School Education Trust

https://www.bristolpost.co.uk/news/bristol-news/latest-ransomware-attack-24-schools-530891

Exploit: Ransomware

Castle School Education Trust: School System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.463 = Severe

A massive ransomware incident has snarled the start of the new term for 24 schools near Bristol. Laptops, whiteboards and more than 1,000 devices have been disabled, impacting educators and students in 7 schools run by the Castle School Trust and the 17 others maintained by the local authority who relied on the academy group’s IT infrastructure.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware has been an increasingly popular tool for cybercriminals to use against targets in the education sector. Preventing it from hitting systems is just as important as protecting data.



Ireland – Matthew Clark Bibendum (MCB) 

https://portswigger.net/daily-swig/drinks-giant-c-amp-c-group-subsidiary-shuts-down-it-systems-following-security-incident

Exploit: Ransomware

 Matthew Clark Bibendum (MCB): Beverage Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.672 = Severe

Matthew Clark Bibendum (MCB) said they were “temporarily supporting customers and suppliers manually” after experiencing a cyberattack on 04/16. The probable ransomware attack has severely interrupted operations throughout Ireland and the UK. MCB is owned by C&C Group, which manufactures and distributes two of its most well-known brands, Irish cider Bulmers and Scottish beer Tennent’s, to more than 40 countries.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen.

Australia – Federal Group

https://www.infosecurity-magazine.com/news/cyberattack-shutters-half/

Exploit: Ransomware

Federal Group: Casino Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612 = Severe

Threat actors struck casinos on the Australian island of Tasmania. Sole casino operator Federal Group was targeted in a ransomware attack that impacted both gambling and hospitality operations. The attack affected hotel booking systems in the company’s Wrest Point and Country Club venues. It also knocked out operations at the perennially-popular slot machine floors. The company is working on fully restoring services and investigating the incident. Federal Group’s other 2 casinos in Tasmania were not affected.  

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen.


Australia – Spotless

https://www.stuff.co.nz/business/124859495/major-data-breach-at-cleaning-and-catering-company-spotless 

Exploit: Ransomware

Spotless: Hospitality Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.112 = Severe

Hackers may have obtained past and present staff members’ passport and IRD numbers in a growing data breach at banquet and cleaning company Spotless. Impacted workers were informed by email last week. The company expects that a large amount of HR information may have been stolen by the cybercriminals in a suspected ransomware incident that is still under investigation.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.206 = Severe

Current and former staff members may be at risk for identity theft and spear phishing. Fraud attempts have already begun to come to light.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen.


India – Bizongo

https://www.hackread.com/india-bizongo-supply-chain-exposed-data/

Exploit: Ransomware

Bizongo: Packaging Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.755 = Severe

Packaging powerhouse Bizongo is in the hot seat after a data breach caused by a leaking AW3 bucket. researchers noted that approximately 2,532,610 files were exposed, equating to 643GB of data. The exposed data includes an assortment of operations info including business files and client records

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybercrime is around every corner. It’s no longer acceptable to just survive a cyberattack – businesses have to be prepared to endure challenges and still keep going.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Small Changes Now Pay Big Dividends Later


A down economy is forcing many companies to make spending cuts. But when you’re going through your budget looking at things that you can pare down or put off, don’t add cybersecurity to that list. Instead, look at the ways that your security solutions can be maximized to ensure that you’re getting the real value out of them that you’re already paying for – you’re almost certainly going to find a few unexpected features.

Password protection isn’t really protection anymore. That’s why multifactor authentication (MFA) is a modern essential that authorities like Microsoft recommend to stop 99% of password-based cybercrime. But experts also recommend single sign-on, and secure password vaults. 

While it may be tempting to slash your security budget and put off making security adjustments, it’s a dangerous proposition. Overall cybercrime increased approximately 85% in 2020 and things aren’t slowing down. Make the smart decision to play the long game and still profit in the short term by making careful investments in cybersecurity upgrades – and avoid having your business get knocked for a loop in the wake of today’s cyber crimewave.


Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.