Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
NJVC
Exploit: Ransomware
NJVC: Defense Contractor
Risk to Small Business: The BlackCat ransomware group has claimed responsibility for an attack on IT services provider NJVC. The company primarily serves the U.S. defense and intelligence community. The group has threatened to begin leaking NJVCs data in stages. However, it’s had difficulty following through on that threat – BackCat’s dark web leak site experienced technical difficulties shortly after the threat was made, and by September 30 they had removed NJVC from their hit list. No word on what if any ransom was paid or what data may have been compromised.
How it Could Affect Your Business: Attacks like this against defense contractors are very dangerous and could impact national security.
Fast Company
Exploit: Hacking
Fast Company: News Publication
Risk to Small Business: Apple News was forced to disable business news publication Fast Company after hackers compromised the business magazines’ content management system and used it to send racist and inappropriately sexual push notifications to Apple News users. Other news outlets that carried Fast Company’s content like INC. Magazine shut down their websites briefly to prevent suffering the same fate. Reports say that Fast Company’s website was defaced with foul language last Sunday after a hacker going by the nickname “postpixel”, claimed they were able to crack the default password used across multiple accounts, including that of an administrator. The hacker also claims to have had access to other content delivery streams and internal systems. Customer records were not impacted. The publication’s site remains down as the incident is handled.
How it Could Affect Your Business: This publication is tied to the websites of other publications creating a cascade of danger for everyone involved
Physician’s Business Office
Exploit: Hacking
Physician’s Business Office: Medical Practice Management
Risk to Small Business: West Virginia-based healthcare business services provider Physician’s Business Office has notified 196,573 patients that their personal data and protected health information was likely stolen during a hack of its network in April 2022. Although HIPAA provisions call for affected patients to be informed within 60 days of the incident, the company didn’t meet that deadline, saying that it was working “to collect current mailing addresses for all potentially impacted individuals.” Providers were informed in late July 2022.
How it Could Affect Your Business: An incident like this is going to cost a fortune to fix and incur a boatload of noncompliance fines.
Reiter Affiliated Companies
Exploit: Hacking
Reiter Affiliated Companies: Berry Producer
Risk to Small Business: Reiter Affiliated Companies, the world’s largest fresh multi-berry producer, has disclosed the theft of personal and health information of 93,000 people. The data appears to be tied to the health and welfare plans of Reiter Affiliated Health and Southern Pacific Farming. The attack appears to have occurred in late June but was not discovered until early July. The company sent data breach notifications to the parties involved in early September 2022.
How it Could Affect Your Business: This type of data will be very profitable for the bad guys who are always on the hunt for more.
Boulder County, CO
Exploit: Business Email Compromise
Boulder County, CO: Regional Government
Risk to Small Business: Officials in Boulder County, Colorado have disclosed that the county was recently the victim of a successful business email compromise attack. Hackers obtained access to one of its vendors through a cyberattack and used the company to send spear-phishing emails to country employees. Ultimately, the county ended up sending $238,000 to the bad actors. The county is working with federal law enforcement in the ongoing incident investigation.
How it Could Affect Your Business: Governments are common targets for BEC schemes and government agencies must be alert for schemes like this one.