Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Dropbox
Exploit: Phishing
Dropbox: File Hosting Service
Risk to Small Business: Dropbox has revealed that they have experienced a data breach. The company noted unauthorized access to some of its repositories after a successful phishing attack. That attack resulted in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials. Microsoft’s GitHub detected suspicious behavior on Dropbox’s corporate account on October 13 and informed the company. Dropbox ultimately determined the cause was a phishing attack in which bad actors impersonated the code integration and delivery platform CircleCI. Reports point out that three weeks before the attack, GitHub warned of phishing campaigns that involved the impersonation of CircleCI. Dropbox also said the intruder’s access to the GitHub repo silo was revoked on October 14, and that all developer API credentials to which the intruder had access have been rotated.
How it Could Affect Your Business: Even the biggest, most tech-savvy companies can be taken down by phishing in a flash.
Kearney & Company
Exploit: Ransomware
Kearney & Company: Financial Services Firm
Risk to Small Business: The LockBit 3.0 ransomware group has added Kearney & Company, an accounting and financial services firm that does business with the U.S. government, to its published list of victims on November 05. That group is threatening to publish the firm’s stolen data by November 26, 2022, if the company doesn’t pay the $2 million demanded ransom. A sample of the stolen data including financial documents, contracts, audit reports and billing documents has been published on the group’s dark website.
How it Could Affect Your Business: Financial services was the most hard-hit sector in terms of ransomware in 2021 and this year isn’t looking much better.
Multi-Color Corporation (MCC)
Exploit: Ransomware
Multi-Color Corporation (MCC): Printer
Risk to Small Business: Label printing company Multi-Color Corporation (MCC) has disclosed that on September 29, 2022, it discovered unauthorized access to its network. An investigation revealed that sensitive HR data might have been compromised, including personnel files and information on employees’ enrollment in benefits programs. Both current and former MCC employees are impacted. Some reports are saying that this was a ransomware attack.
How it Could Affect Your Business: Ransomware operators have been focusing on key points in the manufacturing supply chain for maximum gain.
Somnia Inc.
Exploit: Hacking
Somnia Inc.: Medical Practice Management
Risk to Small Business: Somnia Inc, a physician-owned firm that manages anesthesiology practices, has experienced a data breach that may impact an estimated 20 practices serving about 430,000 people. A company spokesperson confirmed that the firm is the management services organization behind the recent breaches affecting many anesthesiology practices. Somnia declined to disclose how many clients and individuals in total were affected. The company said that their forensic investigation into a security incident found that some information stored on the management company’s systems may have been compromised.
How it Could Affect Your Business: This incident is still snowballing, but however it plays out this will cost Somnia a fortune in regulatory penalties on top of other damages.