marie.cronin@cloudsmartit.com

The Week in Breach News: 05/04/22 – 05/10/22

Ransomware sprouts up at a major U.S. agricultural company, insider risk strikes home at IKEA, and more trouble for government agencies.


AGCO 

https://www.bleepingcomputer.com/news/security/us-agricultural-machinery-maker-agco-hit-by-ransomware-attack/ 

Exploit: Ransomware

AGCO: Agricultural Machinery Manufacturer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.471 = Extreme

Major U.S. agricultural machinery manufacturer AGCO announced that they have suffered a ransomware attack that is impacting some of the company’s production facilities. A statement from the company provided few details but specified that its operations including production “Will likely be adversely affected for several days and potentially longer.” No group has claimed responsibility or publicized a ransom demand. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

EXTRA: The FBI recently released an alert about elevated ransomware risk in the Food & Agriculture sector.  

How It Could Affect Your Customers’ Business: Ransomware gangs love to pounce on industries at critical times. This is a massive problem at the height of spring planting season in the US.

 


The State Bar of Georgia 

https://therecord.media/state-bar-of-georgia-cyberattack/ 

Exploit: Hacking

State Bar of Georgia: Professional Organization 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.804 = Moderate

The State Bar of Georgia has experienced a cyberattack that crippled the organization’s network, website and email system. Officials say that the attack began last Monday when an unauthorized user was discovered and that the organization’s IT team swung into action quickly to secure the network from further trouble. There was a continued impact on the Bar’s website throughout the week. The incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business Professional organizations have been on cybercriminal hit lists thanks to the abundant personal and sometimes financial data they tend to hold.

 


IKEA

https://dailyhive.com/vancouver/ikea-data-breach

Exploit: Insider Threat

IKEA: Home Goods Retailer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.711 = Moderate

 Furniture and home goods giant IKEA announced that it had experienced a data breach in its Canadian operations that impacted an estimated 95,000 customers. The company said that sensitive customer information was mistakenly provided to an employee in an internal search between March 1 and March 3, 2022. No specifics about the compromise data were offered beyond confirmation that no financial or banking information was accessed. IKEA says that it has notified any customers that were impacted by the breach and the Office of the Privacy Commissioner of Canada.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Internal information security foul-ups by employees like this are embarrassing and potentially expensive mistakes that no company wants to handle.

 



Peru – Dirección General de Inteligencia (DIGIMIN)

https://securityaffairs.co/wordpress/131093/cyber-crime/conti-ransomware-peru-direccion-general-de-inteligencia.html 

Exploit: Ransomware

Dirección General de Inteligencia (DIGIMIN): National Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.316 = Extreme

Conti ransomware is to blame for continued trouble in Costa Rica’s public sector. After crippling several federal departments last week, the group has not snarled operations at Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), electricity manager for the city of Cartago, population 160,000. Officials said that the attack has encrypted the servers used to manage the organization’s website, e-mail, administrative collection systems and more, rendering customers unable to pay for electricity and internet bills.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business An attack of this nature is a major national security threat to Peru with the potential to expose a great deal of sensitive foreign and domestic intelligence data.

 



Bulgaria – The Bulgarian State Agency for Refugees Under the Council of Ministers 

https://www.itsecuritynews.info/russian-group-attack-on-bulgarian-refugee-agency/ 

Exploit: Ransomware (Nation-State)

The Bulgarian State Agency for Refugees Under the Council of Ministers: National Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.811 = Severe

LockBit 2.0, a cybercrime gang known to have strong ties to Russia, announced that it intends to publish data it claims to have stolen in an attack on The Bulgarian State Agency for Refugees Under the Council of Ministers. That agency is experiencing extra stress right now as it oversees the flow of Ukrainian refugees in Bulgaria. The agency’s website is up but warns that some email addresses may not be working. An estimated 230,000 refugees have fled to Bulgaria in the wake of Russia’s invasion of Ukraine.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Although this is not confirmed as a nation-state incident, both “official” and nation-state adjacent threat actors on both sides of this conflict have been active in a flood of invasion-related cyberattacks.  


Germany – Sixt

https://www.digit.fyi/sixt-cyber-attack-what-you-need-to-know/ 

Exploit: Hacking

Sixt: Car Rental Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909-Severe

Major car rental company Sixt has suffered IT disruptions at some locations in the wake of a cyberattack. The company says that the attack on April 29 forced them to restrict access to all their internal IT systems, snarling operations for clients and agents. The nature of the attack was not disclosed, and the incident remains under investigation. Sixt rents out cars from over two thousand locations in more than 100 countries. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Incidents like this can spawn customer headaches that do damage to a company’s reputation.

 


Russia – Qiwi

https://www.hackread.com/anonymous-nb65-hacki-russia-payment-processor-qiwi/ 

Exploit: Nation-State (Hacktivism)

Qiwi: Payment Processor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.096 = Severe

Anonymous and its associates continue a cyberattack offensive against Russian businesses and agencies in the wake of Russia’s invasion of Ukraine. This time, Anonymous affiliate Network Battalion (NB65) group claims that it has hacked and deployed ransomware against the Russian payment processing platform Qiwi. NB65 says that it managed to extract 10.5TB of data from Qiwi, including 30 million payment records and the data from 12.5 million credit cards of Qiwi customers. The group has posted a host of examples of the stolen data as proof of the hack, threatening to release 1 million cards worth of data daily. Qiwi denies the event.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business This is the latest in a long string of strikes by Anonymous against Russian and Russia-aligned businesses that shows no signs of stopping.

 



Australia – Naru Police Force

https://www.hackread.com/anonymous-leak-police-emails-australia-offshore-detention/

Exploit: Hacking

Naru Police Force: Law Enforcement Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

The Anonymous collective released 82GB worth of emails apparently belonging to the Nauru Police Force on May 2 as a protest against the alleged ill-treatment of asylum seekers and refugees carried out by the Naru Police Force on behalf of the Australian government. The total number of leaked emails is reported to be 285,635 and the data is available for direct and torrent download. Anonymous claims that the stolen emails contain details of a cover-up of abuses against prisoners in refugee camps on the island by the Nauru Police Force and the Australian government.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Hacktivisim isn’t only a factor in nation-state cybercrime and could impact all kinds of businesses and institutions.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.