Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 04/12/23 – 04/18/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: The Importance of Endpoint Detection.
TL;D
Topping #HacksAttacks&Breaches this week, BlackCat hits NCR, over one million bank customers have data exposed in a fintech blunder. Here are the headlines:
- BlackCat Ransomware Group attacked a point of sale tech giant and apparently everything is fine…
- NorthOne Bank was a juicy target for cybercriminals due to its non-password protected database. Yikes!
- An IT services company servicing more than 140 charities as hit by ransomware, exposing sensitive data.
NCR Corporation
Exploit: Ransomware
NCR: Retail Technology Company
Risk to Business: Point-of-Sale (PoS) technology giant NCR, formerly known as National Cash Register, has announced that it was the victim of a ransomware attack by the notorious Black Cat/AlphV ransomware group. The attack caused an outage on the company’s Aloha PoS platform, a technology widely used by bars and restaurants. The outage began on April 13. In its statement, NCR downplayed the incident saying that the problem was the result of a single data center outage impacting a limited number of ancillary Aloha applications for a subset of their hospitality customers. The company carefully pointed out that restaurants impacted are still able to serve their customers. The incident is under investigation by law enforcement.
How it Could Affect Your Customers’ Business: One cyberattack can impact many businesses and supply chain risk is growing every day.
NorthOne Bank
Exploit: Misconfiguration
NorthOne Bank: FinTech Company
Risk to Small Business: Internet researchers have uncovered a non-password-protected database belonging to NorthOne Bank that has exposed sensitive personal and financial data for more than one million customers. The trove of documents was mainly composed of PDFs of invoices from both individuals and businesses who used an app to pay for products and services. The invoices contained names, email addresses and physical addresses, phone numbers, notes about what the payment was for, the total amount and the due date. Some tax ID numbers were also included from business transactions. The discovery happened in January, and NorthOne Bank said that it has since secured the database.
How it Could Affect Your Customers’ Business: Companies that hold valuable information like financial data by way of invoices are juicy targets for cybercriminals looking for a quick score.
Kodi
Exploit: Credential Compromise
Kodi: Media App Developer
Risk to Small Business: Kodi, an open-source media app, announced last week that they’d experienced a breach in their user forums leading to the exposure of hundreds of thousands of posts and private messages from their MyBB user forum. The breach came to light after hackers offered records for an estimated 400,000 users in a cybercrime forum. Kodi said that the attackers compromised the account of an inactive administrator and accessed the MyBB admin console on February 16 and 21, 2023. The bad actors then created database backups and downloaded existing nightly full backups. The company is redeploying its user forums after hardening.
How it Could Affect Your Customers’ Business: One compromised credential can lead to a world of hurt, even if the person whose credentials are compromised doesn’t work there anymore.
Brazil – Dimas Volvo
Exploit: Misconfiguration
Dimas Volvo: Car Retailer
Risk to Small Business: Brazil’s Volvo dealer Dimas Volvo is in hot water after internet researchers discovered an unsecured database belonging to the company. The problem was discovered on February 17, 2023, after researchers discovered that the retailer had accidentally exposed its database’s authentication information, including MySQL and Redis database hosts, open ports and credentials that could be used to access the contents of the databases. The website’s Laravel application key and a .DS_Store file that held metadata from the developer’s computer were also exposed, revealing the file and folder names in the directory where the website’s project files were stored. A Git code repository was also attached.
How it Could Affect Your Customers’ Business: All data needs to be protected because proprietary data like metadata and code is just as useful to the bad guys as other types of information.
Northern Ireland – Evide
Exploit: Ransomware
Evide: IT Management Company
Risk to Small Business: Evide, a Derry-based IT services company that services more than 140 charities, has fallen victim to a ransomware attack that may have led to the exposure of sensitive data for thousands of vulnerable people in Ireland and the UK. The incident was reported to law enforcement on March 30, 2023. Evide handles data for organizations that serve rape victims, battered women, abused children and other vulnerable populations. Specifics on exactly what data was stolen or any ransom demand were not available at press time. Specialist cybercrime officers from the Police Service of Northern Ireland (PSNI) are investigating.
How it Could Affect Your Customers’ Business: The extremely sensitive data that agencies like this hold is very valuable on the dark web.
Germany – Lürssen
Exploit: Ransomware
Lürssen: Yacht Builder
Risk to Small Business: Luxury superyacht builder Lürssen has disclosed that it was hit by a ransomware attack over the Easter holiday weekend. Reports say that the German shipbuilder has experienced some operational challenges since the attack. Only its Lürssen-Kröger shipyard in Schleswig-Holstein appeared to have escaped unscathed. The company has built many of the world’s largest superyachts. It also produces some vessels for the German navy. No word on what data was stolen or any ransom demand was available at press time.
How it Could Affect Your Customers’ Business: Holiday weekends are prime times for cyberattacks with especially high ransomware risk.
Germany – Rheinmetall
Exploit: Human Error
Rheinmetall: Industrial Manufacturing
Risk to Small Business: German auto and arms manufacturer Rheinmetall has been the victim of a cyberattack that has impacted the company’s operations. The attack appears to be contained to systems within its automotive division. However, Rheinmetall also handles some arms production for the German military and also holds contracts to produce armaments including tanks for the Ukrainian military. The company said that it is investigating the extent of the damage. It is unclear if this attack is related to a DDos attack last month spearheaded by the Russian hacktivist group Killnet.
How it Could Affect Your Customers’ Business: Companies that produce military supplies are highly vulnerable to attack by both regular and nation-state cybercrime groups.
Australia – Coles
Exploit: Supply Chain Cyberattack
Coles: Supermarket Chain
Risk to Small Business: Major Australian grocery chain Coles has announced that customers with Coles credit cards may have had sensitive data exposed in the recent Latitude Financial data breach. Coles has used Latitude Financial as a service provider for its store credit cards until 2018. Coles has not been specific about how many customers may be affected or what data is exposed, but it would be from accounts opened prior to 2018.
How it Could Affect Your Customers’ Business: One supply chain cyberattack can be a headache for both a business and its customers.