Hacks, Attacks and Breaches: Dark Angels and Black Cats

The latest Hacks, Attacks and Breaches cybersecurity news update is here to give you what you need to stay informed, each week.

Read the top cybersecurity stories this week to keep up with hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store for 09/27/23 – 10/03/23 on #HacksAttacksBreaches:

• Ransomware leads to trouble for Johnson Controls and the U.S. Department of Homeland Security after “Dark Angels” request $51 million in ransom.
• 4,600 peoples’ national passports compromised from the WBSC.
• Ransomware takes down a German motel chain after stealing 6 TB of data.

If you missed last’s week’s news, read Hacks, Attacks and Breaches: Grounded.

Progressive Leasing

Exploit: Ransomware
Progressive Leasing: Product Leasing Company

Risk to Business: Severe

---

McLaren Health Care

Exploit: Ransomware
McLaren Health Care: Health System

Risk to Business: Severe

The ALPHV/BlackCat ransomware gang has added McLaren Health Care in Michigan to its list of victims on its dark web leak site. The group claims to have 6TB of data impacting 2.5 million patients. As part of this attack, McLaren was forced to shut down IT systems temporarily at 14 of its facilities. Hospitals in four states were forced to cancel appointments, divert ambulances and use paper records. The incident remains under investigation.  

How it Could Affect Your Customers’ Business: The healthcare sector has been a top target for cybercriminals conducting ransomware attacks.

---

Canadian Flair Airlines

Exploit: Misconfiguration
Canadian Flair Airlines: Airline

Risk to Business: Severe
Canadian Flair Airlines has suffered a data breach caused by misconfiguration. The company left credentials to sensitive databases and email addresses open for at least seven months on the flyflair.com website. The public .env files revealed the MySQL database credentials and location for the local database, the MySQL database credentials and location for the remote, internet-connected database, the SMTP configuration, including credentials and secret tokens and a Laravel App key. Other stolen data may include a database of customer records that includes a customer’s first and last name, email address, phone number, flight details (destinations, dates, flight numbers, etc.) and other personal information.  

How it Could Affect Your Customers’ Business: Employee mistakes are gateways for expensive disasters like a data breach or regulatory trouble.

---

Germany – Motel One

Exploit: Ransomware
Motel One: Motel Chain

Risk to Business: Severe
German motel chain Motel One had suffered a ransomware attack. The chain was added to the dark web leak site of ALPHV/BlackCat. The group claims to have stolen 24,449,137 files amounting to approximately 6 TB of data. The stolen data includes booking confirmations for the past three years as well as customer records including customers’ names, addresses, dates of reservation, payment methods and contact information.

How it Could Affect Your Customers’ Business: Ransomware risk has been steadily rising for businesses in every sector, and all companies should be working to mitigate it.

---

Ireland – Johnson Controls International

Exploit: Ransomware
Johnson Controls International: Security Equipment Company

Risk to Business: Severe
A newer ransomware group called Dark Angels is claiming responsibility for a ransomware attack that shut down some of Johnson Controls’ offices. Several subsidiaries of the company in Asia and other areas experienced IT outages as officials took systems offline in response to the attack. The gang has asked for $51 million in ransom. CNN reported that they obtained an internal memo from the U.S. Department of Homeland Security raising alarm about the incident and warning that the attack on Johnson Controls may have “compromised sensitive physical security information such as DHS floor plans.” The gang claims to have snatched 27 TB of data.

How it Could Affect Your Customers’ Business: Companies that contract for government agencies often have sensitive information that requires powerful protection.

---

Switzerland – European Telecommunications Standards Institute (ETSI)

Exploit: Hacking
European Telecommunications Standards Institute (ETSI): Regulator

Risk to Business: Moderate
The European Telecommunications Standards Institute (ETSI) announced last week that it had been the victim of a cyberattack that led to a data breach. ETSI said that bad actors stole a database identifying its users. The non-profit said that bad actors were able to take advantage of an unnamed exploit to grab the data. The company said that the problem has since been corrected. ETSI has more than 900 member organizations from over 60 countries.

How it Could Affect Your Customers’ Business: Companies need to be careful to watch out for vulnerabilities and exploits that bad actors could use to penetrate systems.

---

Switzerland – The World Baseball Softball Confederation (WBSC)

Exploit: Misconfiguration

The World Baseball Softball Confederation (WBSC): Sports Governing Body

Risk to Business: Severe
A misconfigured server is the culprit in a data breach at The World Baseball Softball Confederation (WBSC). On June 5th, security researchers discovered a misconfigured Amazon Web Services (AWS) bucket belonging to WBSC that contained nearly 48,000 files. Some of those files contained copies of 4,600 peoples’ national passports. The WBSC, headquartered in Switzerland, was established in 2013 and currently has 141 countries as members located in Asia, Africa, the Americas, Europe and Oceania.

How it Could Affect Your Customers’ Business: When employees are trained in proper security procedures they take security more seriously and avoid mistakes.