The Week in Breach: 06/02/21-06/08/21

 
 

This week we’re exploring why Cox TV & radio stations went dark because of cybercrime, how third-party danger ensnared New South Wales Health, and what happened when nation-state cybercriminals visited New York.


United States iConstituent

https://www.nbcnews.com/politics/congress/house-communications-vendor-compromised-ransomware-attack-n1269934

Exploit: Ransomware

IConstituent: Communications Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.655= Severe

A major service provider to members of the US House of Representatives is recovering from a ransomware incident that has left Members scrambling. iConstituent provides constituent communications services for House offices including facilitating Member emails and newsletters. The House Chief Administrative Officer (CAO) is coordinating a response with iConstituent, and the CAO has announced that no other House data or systems have been compromised.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware against service providers has been a hot profit center for cybercriminals and they’re not letting up on potentially vulnerable targets.


United States – Cox Media Group

https://therecord.media/live-streams-go-down-across-cox-radio-tv-stations-in-apparent-ransomware-attack/

Exploit: Ransomware

Cox Media Group: TV & Radio Station Operator 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227= Extreme

A number of TV and radio stations around the US went dark briefly after a suspected ransomware attack on parent company Cox Media Group. Stations impacted included News9, WSOC, WSB, WPXI, KOKI, and almost all Cox radio stations. The Cox Media Group owns 57 radio and TV stations across 20 US markets. Internal networks and live streaming capabilities for other Cox media properties, such as web streams and mobile apps, were also impacted in the June 35r event. Service was quickly restored and the event is under investigation.

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware attacks against strategic targets like this are becoming all too common as ransomware gangs seek to cause maximum buzz for maximum profit.


United States – Navistar International Corporation

https://www.reuters.com/technology/us-truck-maker-navistar-says-aware-it-breach-2021-06-07/

Exploit: Ransomware


Navistar International Corporation: Specialty Vehicle Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate

Truck manufacturer Navistar International has notified the Securities and Exchange Commission (SEC) that they’ve fallen prey to a ransomware attack. Navistar makes trucks, buses and diesel engines, while its Navistar Defense subsidiary produces several US military vehicles. The company confirmed that there was data exfiltration in the suspected ransomware attack, but no details have been made available regarding the nature of that data.

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.


United States – New York Metropolitan Transit Authority (M.T.A.)

https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html

Exploit: Nation-State hacking

New York Metropolitan Transit Authority (M.T.A.): Regional Transport Operator 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate

Officials at NY M.T.A released information that their system had been the target of a cyberattack by a hacking group believed to have links to the Chinese government. According to the report, nation-state actors penetrated the Metropolitan Transportation Authority’s computer systems in April. The investigation has concluded and NY M.T.A. was able to confirm that no sensitive data or rider data was impacted.

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.


United States – LineStar Integrity Services

https://www.wired.com/story/linestar-pipeline-ransomware-leak/

Exploit: Ransomware

LineStar Integrity Services: Pipeline Technology Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.522= Severe

Cybersecurity researchers discovered that pipeline technology provider LineStar Integrity was hit in a ransomware incident at approximately the same time as Colonial Pipeline resulting in 70+GB of company data finding a new home on the dark web. LineStar Integrity Services sells auditing, compliance, maintenance, and technology services to pipeline customers and is based in Houston, TX.

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident although some sources are reporting that human resources data is in the mix.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Increasing frequency off cyberattacks on service providers show that cybercriminals are taking every chance to strike against linchpins of business services.


United Kingdom – Furniture Village 

https://www.theregister.com/2021/06/04/furniture_village_confirms_cyberattack/

Exploit: Hacking

Furniture Village: Home Goods Retailer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.115 = Extreme

UK home goods giant Furniture Village has confirmed that it has been suffering the impact of an unnamed cyberattack. For the past week, the company’s internal systems, as well as some customer-facing systems, have been experiencing outages. The company stated that no data appears to have been stolen. Impacted systems include included delivery systems, phone systems, and payment mechanisms.

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.


Australia – New South Wales Health (NSW Health) 

https://www.zdnet.com/article/nsw-health-confirms-data-breached-due-to-accellion-vulnerability/

Exploit: Third-Party Data Breach 

New South Wales Health (NSW Health): Regional Healthcare Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616 = Severe

New South Wales Health has confirmed that it is the latest organization impacted by the major cyberattack on the file transfer system owned by medical data services provider Accellion last month. The state entity said that no medical records maintained in public hospitals were affected. The agency has begun notifying people whose data may have been accessed. NSW Health has upgraded its technology to avoid future problems.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.616 = Severe

New South Wales Health disclosed that identity information and health-related personal information were exposed for some patients. The agency is in the process of contacting people who have been impacted.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks on major data processors like this puts many businesses at risk. Cybercriminals are hungry for saleable information and these places are treasure troves.


Japan – Fulifilm

https://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/

Exploit: Ransomware

 Fujifilm: Film & Photo Technology Developer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.922 = Severe

Legendary Japanese film technology company Fujifilm announced that it has been the victim of a ransomware attack that has impacted its operations. The purported ransomware attack led to a network outage that impacted access to email for employees, billings system and a problem reporting system. Experts believe that this attack was carried out with REvil technology. Investigation and recovery have begun and many systems have been fully restored.

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Business disruptions from ransomware attacks can be costly even if no business or customer data is stolen, and extra costs for recovery can add up.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Industry & Regional Dangers Can Complicate Your Security


While you’re considering your security needs, are you also considering your unique threats by industry or region? Cybersecurity isn’t a one-size-fits-all proposition in any business. you may face a higher incidence of certain threats depending on your region, as some cybercrime types are more prevalent by locale. In North America, Asia and Australia, social engineering through things like phishing reign as the leading regional cause of danger, but for European firms that factor changes to web application attacks, with social engineering in third place.

The reasons why companies are attacked change by region as well. Malicious insiders and cybercriminals have different motivations for undertaking cyberattacks in different parts of the world, and that can add variables that change your risk calculation. In North America and the Asia Pacific region including Australia, over 96% of the bad actors involved in data breach incidents are in it for the dough. While that is still the largest motivator for bad actors in Europe, that figure drops to 89%.

Considering regional and industry risks is also important when you’re forming relationships with new vendors to determine what level of risk they may be bringing to the table. Unaddressed vulnerabilities in a supplier or service provider’s cybersecurity can have a negative impact n your business too. One great way to mitigate that risk is to add multifactor authentication (MFA) to your credentials to provide extra protection against intrusion with a stolen or compromised credential. 

To make sure that you’re protecting your organization correctly and completely, schedule a cybersecurity tuneup at least once per year. By going over your resources and determining where you may have unexpected vulnerabilities because if regional variances, you’ll increase your company’s cyber resilience making it more able to withstand a dangerous cybersecurity landscape.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 844.200.0549 today for your no-cost, no-obligation consultation.