Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Dish Network
Exploit: Ransomware
Dish Network: Television Service
Risk to Business: Major U.S. satellite television provider Dish Network has been knocked off the air by a suspected ransomware attack. Customers first noticed the service outage last Thursday and the problem persisted through the weekend. The outage appears to affect most parts of the company, including online bill payment services, customer service and Boost Mobile, the prepaid wireless carrier acquired by Dish in 2020. Dish has not made a formal statement about the incident and no ransomware group has claimed responsibility
How it Could Affect Your Customers’ Business: This kind of ongoing service interruption is a nightmare and will certainly push customers to switch to another service.
U.S. Department of Defense
Exploit: Misconfiguration
U.S. Department of Defense: Federal Government Agency
Risk to Small Business: The U.S. Department of Defense (DoD) is facing a storm of trouble after a wealth of sensitive information was accidentally left unprotected by a password or security measures on a misconfigured server. The exposed server was hosted on Microsoft’s Azure government cloud. The server in question functioned as part of an internal mail system. It held an estimated three terabytes of internal military emails including messages related to U.S. Special Operations Command, or USSOCOM, the U.S. military unit tasked with conducting special military operations. Personnel files with records of clearance investigations may have been exposed in this incident. The data remained unprotected for at least two weeks until the blunder was reported to DoD by an outside researcher.
How it Could Affect Your Customers’ Business: Even the strictest and most secure environments can experience trouble thanks to human error.
The City of Hilliard, Ohio
Exploit: Business Email Compromise
The City of Hilliard, Ohio: Municipal Government
Risk to Small Business: A business email compromise attack that netted cybercriminals more than $200k against the city of Hilliard, Ohio has resulted in the city’s finance director being fired. The trouble started on December 8, 2022, when an accounting assistant in the city’s finance department fell for phishing messages from an unnamed bad actor pretending to be an existing city vendor, Strawser Paving Company. The cybercriminals corresponded with the employee about payment due for services supposedly rendered. The cybercriminals struck again with the next phase of the scam on December 19, 2022, this time convincing the same employee to change the bank account routing information the city had for the company. On December 20, 2022, the city employee then paid the company’s fraudulent bill for $218,992.06. The finance employee involved in this affair and the city’s finance director were placed on paid administrative leave on February 6, 2023. Ultimately, the finance director was fired for failing to report the event to other officials in a timely manner, and the employee resigned. The city is working to get its money back and has filed an insurance claim.
How it Could Affect Your Customers’ Business: Municipal governments have been prime targets for the bad guys because often lax security means there is easy money to be made.
Stanford University
Exploit: Hacking
Stanford University: Institution of Higher Learning
Risk to Small Business: California’s Stanford University has reported a data breach that impacted 897 candidates in its Ph.D. program. Bad actors gained access to files containing sensitive admission information for the Economics Ph.D. program from the university’s website. The incident occurred between December 2022 and January 2023, and the university says that two unauthorized downloads of the data were made during that period. applicants’ applications as well as the materials that accompanied them. Applicants may have had personal information exposed including their first and last name, date of birth, home address, mailing address, phone number, mail address, race, ethnicity, citizenship, gender, transcripts, personal statements, resume and letters of recommendation. No financial data was involved in this incident.
How it Could Affect Your Customers’ Business: In states with especially stringent data privacy laws, incidents like this can be punishingly expensive.
Reventics
Exploit: Hacking
Reventics: Buniess Services Provider
Risk to Small Business: Medical revenue management company Reventics suffered a data breach that has affected several major U.S. Healthcare providers. The company filed a data breach notice on February 10, 2023, detailing the incident to regulators in Montana. Reventics says that a hacker accessed the company’s network in December 2022 and stole confidential consumer information from the company’s computer network. Information exposed in the incident included consumers’ names, Social Security numbers, dates of birth, financial information, and protected health information. More than 200k people have been impacted in this incident.
How it Could Affect Your Customers’ Business: Security problems at service providers quickly end up becoming security problems for their clients.