Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Exploit: Credential Stuffing
DraftKings: Sports Betting Platform
Risk to Small Business: Users of sports book platform DraftKings took a heavy hit last week with an estimated $300k lost to a credential stuffing attack. A company official confirmed the attack in a statement, saying that they believe that the incident stemmed from customers reusing login credentials that had already been compromised elsewhere. Bad actors gained access to several user accounts that they immediately took over, changing the passwords and enabling 2FA for a phone number they controlled. DraftKings has said that customers who lost money will be made whole but did not offer specifics.
How it Could Affect Your Business: This is not a good look during a busy time f year for sports betting with the World Cup ongoing and the U.S. football playoffs ahead.
Cincinnati State Technical and Community College
Cincinnati State Technical and Community College: Institution of Higher Learning
Risk to Small Business: The Vice Society ransomware group has added Cincinnati State Technical and Community College to its dark web leak site, releasing a trove of purportedly stolen documents ranging across the past two years. The school confirmed that it had experienced a cybersecurity incident that is still under investigation in early November. While class schedules were not impacted, the school is still working to restore functionality in some of its communications systems. Financial aid services, network printing, VPN tools, department share drives, admission application platforms, transcript exchanges, grading tools and more were all still down as of last Friday. The release of the documents may indicate that the school did not pay the ransom that Vice Society demanded.
it Could Affect Your Business: Educational institutions at every level have been hit hard by bad actors, and they’re favored targets for Vice Society.
The City of Westmount
The City of Westmount: Municipality
Risk to Small Business: Ransomware has struck the city government of Westmount in Montreal. The Lockbit ransomware gang has claimed responsibility, claiming it snatched 14 TB of data from the city. Westmount’s website is unaffected, but many city departments are hampered by a lack of access to email and communications systems. The attack was reportedly spotted by a city employee on Sunday morning, The city says that its Information Technology Department is working with a leading external cybersecurity firm and the appropriate national agencies to determine the extent of the attack and remediate damage, but no timeline was provided.
How it Could Affect Your Business: Municipal governments have been a major target for ransomware gangs looking to score a quick ransom payment.