What happened this week? Two ransomware attacks with disputed provenance and three major medical data breaches. Here are the #HacksAttacksBreaches highlights:
- Ransomware groups Snatch and Nokoyawa claimed responsibility for the May 2023 cyberattack on Tampa General Hospital, and added TGH to their dark web leak site. 1.2 Million people were compromised.
-
FBI and Mississippi agencies investigated George County’s recent ransomware attack that started with a phishing message.
- MOVEit exploit exposed approximately 450,000 records in 1st Source Corporation. Affected individuals were offered identity monitoring services… a small band-aid for a big issue.
The latest Hacks, Attacks and Breaches cybersecurity news update is here to give you what you need to stay informed, each week.
Read the top cybersecurity stories this week to keep up with hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 07/19/23 – 07/25/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: Time to MOVEit
Estée Lauder)
Exploit: Ransomware
Estée Lauder: Beauty Company
Risk to Business: Severe
Legendary beauty brand Estée Lauder has disclosed that it has been the victim of a cyberattack that has resulted in data loss after an unauthorized third party gained access to some of its systems. The company warns that this incident will have an impact on its consumer-facing operations as well as its business operations. In an interesting twist, two different cybercrime gangs are claiming to have conducted successful attacks on Estée Lauder at virtually the same time. Cl0p claims to have hit the company as part of its MOVEit exploit spree. BlackCat/Alphv claimed that they’d attacked separately, saying on July 18 that they still had access to the company’s systems. Estée Lauder is working with Microsoft and Mandiant to investigate and remediate the incident.
How it Could Affect Your Customers’ Business: Zero-day exploits are cybercriminal gold mines, but there are measures that can be taken to reduce risk.
Tampa General Hospital (TGH)
Exploit: Ransomware
Tampa General Hospital (TGH): Medical Center
Risk to Business: Severe
TGH reports that information of up to 1.2 million people may have been compromised in a cyberattack on the hospital that went on for over a week. Hospital officials confirmed that an unauthorized party accessed TGH’s network and stole data from its systems between May 12th and May 30th, 2023. The Snatch ransomware group is claiming to have 4T of compromised patient data. However, another up-and-coming ransomware group, Nokoyawa, has also added TGH to their dark web leak site. Stolen patient information may have included patients’ names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record and patient account numbers, dates of service and treatment information.
How it Could Affect Your Customers’ Business: Up-and-coming ransomware groups will try to pull off large or high-profile attacks to gain notoriety.
George County, Mississippi
Exploit: Ransomware
George County, Mississippi: Regional Government
Risk to Business: Extreme
George County, MS is undertaking recovery efforts after a ransomware attack over the weekend. County officials said the trouble began when a county employee received a phishing message that they needed to download an update but actually downloaded ransomware. The trouble began last Saturday night and continued into Sunday. The county admits that its three servers are encrypted. In an interview, an official said that a ransom note had been left behind by the attackers but did not name the gang or share the amount of the ransom demand. The U.S. Federal Bureau of Investigation and agencies from the State of Mississippi are assisting in the investigation.
How it Could Affect Your Customers’ Business: Governments and government agencies have been prime targets for ransomware attacks and need to take precautions to reduce risk.
1st Source Corporation
Exploit: Hacking
1st Source Corporation: Financial Services
Risk to Business: Severe
1st Source Corp has fallen victim to the MOVEit exploit. The lender said on Monday that about 450,000 records had been exposed in the incident. The bank told the Maine Attorney General’s Office that attackers may have accessed individuals’ names, dates of birth, SSNs, driver’s license or state identification card numbers, and other government identification numbers. Affected individuals are being offered identity monitoring services.
How it Could Affect Your Customers’ Business: Obtaining names and social security numbers enables bad actors to facilitate identity theft.
Imagine360
Exploit: Ransomware
Imagine360: Health Plan Solutions Company
Risk to Business: Severe
Imagine360 has also fallen victim to CL0p’s MOVEit hacking campaign. The company admitted that it experienced a data breach first noticed in its Citrix that tracked back to MOVEit. In the January incident, sensitive files were copied by bad actors. Compromised information about policyholders includes names, medical information, health insurance information, and Social Security numbers. According to a data breach notification filed with Maine’s Attorney General’s Office, the incident has affected over 130,000 customers.
How it Could Affect Your Customers’ Business: Healthcare data can contain several data types, making it especially attractive to bad actors.
PokerStars
Exploit: Hacking
PokerStars: Gaming Platform
Risk to Business: Severe
TSG Interactive US Services Limited, the U.S. -registered company behind popular gambling platform PokerStars in the U.S. has begun notifying users of a data breach caused by the MOVEit file transfer exploit. The company said that the data was snatched between May 30 and May 31, 2023. Personal user details, including names, addresses and Social Security numbers belonging to an estimated 110,291 people were exposed.
How it Could Affect Your Customers’ Business: Companies need to take smart precautions now to minimize their risk of trouble from zero-day exploits.
Charter Oak Federal Credit Union
Exploit: Hacking
Charter Oak Federal Credit Union: Financial Institution
Risk to Business: Severe
Connecticut-based Charter Oak Federal Credit Union was forced to shut down operations on a busy Friday after being hit by a cyberattack. Credit union officials said that the credit union was forced to shut down its IT systems, access to the website and its online banking portal on Friday because of the attack. The credit union’s 80,000 members can only bank in person or by phone. The U.S. Federal Bureau of Investigation and the National Credit Union Administration are involved in the investigation.
How it Could Affect Your Customers’ Business: The financial services and banking sector has been pummeled by cybercriminals for the last few years.
Norway – TOMRA
Exploit: Ransomware
TOMRA: Mining & Recycling
Risk to Business: Severe
Norwegian mining and recycling giant TOMRA says it has shut down and isolated some systems after a cyberattack. The attack began on July 16, impacting internal IT services and some back-office applications, and potentially causing supply chain management problems. TOMRA’s office locations are offline with staff working remotely. The company’s reverse vending machines and non-mining divisions like Recycling and Food are also experiencing intermittent difficulties, but the bulk of the damage appears to be in the company’s mining operations. TOMRA said it is working with external specialists to resolve the situation.
How it Could Affect Your Customers’ Business: Industrials have been facing an increased risk for cybersecurity trouble and increased threats to operational technology (OT).