In #HacksAttacksBreaches this week – MOVEit exploit attacks snowball, snagging Shell as well as U.S. federal and state government agencies, a malicious insider is suspected of facilitating a ransomware attack against the Chilean army and a new edition of Ransomware 101 is out now plus three fresh campaigns from Powered Services Pro. Here are the highlights:
- The U.S. Department of Agriculture and other federal agencies fall victim to cyberattacks, leading to data breaches and potential exposure of personal information.
- The Rhysida ransomware group targets the Chilean Army, leading to a data breach and the leak of approximately 360,000 documents.
- The Development Bank of Southern Africa suffers a ransomware attack by the Akira group, resulting in encryption of servers and theft of sensitive client information.
The latest Hacks, Attacks and Breaches cybersecurity news update is here to give you what you need to stay informed, each week.
Read the top cybersecurity stories this week to keep up with hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 06/14/23 – 06/20/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: Nation-State Attack.
U.S. Department of Agriculture (USDA)
Exploit: Ransomware
U.S. Department of Agriculture (USDA): Federal Government Agency
Risk to Business: Severe
The U.S. Department of Agriculture has been added to the growing list of victims of cyberattacks by the Cl0p ransomware group that are fueled by the MOVEit exploit. USDA has confirmed that it is investigating a data breach after one of its vendors fell victim to Cl0p. The agency says that a small amount of personal data about USDA employees may have been exposed in the incident. Other federal government agencies including The US Office of Personnel Management (OPM) and arms of The Department of Energy (DoE), Oak Ridge Associated Universities research center and its Waste Isolation Pilot Plant in New Mexico have also been identified as federal agency or agency adjoined victims.
How it Could Affect Your Customers’ Business: This exploit continues to snag organizations with Cl0P claiming to have hit hundreds of entities.
Onix Group
Exploit: Ransomware
Onix Group: Real Estate Company
Risk to Business: Severe
Onix Group, a Pennsylvania-based real estate firm that also operates a chain of substance misuse treatment centers, has reported a data breach to the Department of Health and Human Services (HHS). The company said that a ransomware attack discovered on March 27 had corrupted some systems and resulted in data exfiltration. Onix’s investigation ultimately determined that an unauthorized actor had accessed Onix’s network between March 20 and March 27. The stolen files contained employee information including names, Social Security numbers, direct deposit information and health plan enrollment information.
How it Could Affect Your Customers’ Business: A data breach that involves employee information can be just as costly as a data breach that exposes consumer information.
Intellihartx
Exploit: Ransomware
Intellihartx: Debt Collector
Risk to Business: Severe
Intellihartx, a provider of patient balance resolution services to hospitals, is informing roughly 490,000 individuals that their personal information was compromised after the company discovered that it had become caught up in the GoAnywhere zero-day exploit flood that occurred earlier this year. Exposed data includes names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates and Social Security numbers of patients carrying medical debt. Cl0p has already made the stolen data available on its leak site
How it Could Affect Your Customers’ Business: An exploit doesn’t have to be a zero-day anymore to still be problematic for businesses.
Zacks Investment Research
Exploit: Hacking
Zacks Investment Research: Data and Analysis Firm
Risk to Business: Moderate
Internet researchers at Have I Been PWNED announced that they’ve discovered that Zacks Investment Research (Zacks) has allegedly experienced a previously undisclosed data breach that impacts 8.8 million of its customers. The researchers said that a database of Zacks customers’ information was dumped on the dark web last week. The database contained clients’ email addresses, usernames, unsalted SHA256 passwords, addresses, phone numbers, first and last names and other data. Zacks had previously disclosed another data breach in January 2023.
How it Could Affect Your Customers’ Business: A second big breach of customer data in just six months may damage Zacks’ reputation and turn potential customers off.
Chile – Chilean Army
Exploit: Ransomware (Malicious Insider)
Chilean Army: Military
Risk to Business: Extreme
A newer ransomware group named Rhysida has leaked a trove of documents that they claim to have stolen from the network of the Chilean Army (Ejército de Chile). The Chilean Army did confirm on May 29 that its systems were impacted in a security incident detected over the weekend on May 27 and data was likely stole. Interestingly, in the days following the announcement of the hack, an Army corporal was arrested and charged for his involvement in the incident, suggesting that the ransomware was deployed by a malicious insider. Rhysida ransomware has since published around 360,000 Chilean Army documents on its dark web leak site and claimed that they comprise about 30% of the data that was stolen. The incident is under investigation by Chile’s Computer Security Incident Response Team (CSIRT) of the Joint Chiefs of Staff and the Ministry of National Defense.
How it Could Affect Your Customers’ Business: Every organization is susceptible to malicious insider threats no matter how loyal its employees seem to be.
UK – Shell
Exploit: Ransomware
Shell: Fuel Company
Risk to Business: Severe
Oil and gas behemoth Shell has announced that it too is a victim of Cl0p’s cybercrime spree using the MOVEit exploit. The company says that there was no damage to its internal systems but that a small amount of employee data was stolen. Shell is among the hundreds of companies that have been added to Cl0p’s dark web leak site. Those companies have been given a deadline of June 21 to pay a ransom or have their data exposed. However, Cl0p posted that Shell was refusing to negotiate on its site last Friday.
South Africa – Development Bank of South Africa (DBSA)
Exploit: Ransomware
Development Bank of Southern Africa (DBSA): State-Owned Bank
Risk to Business: Severe
The state-owned Development Bank of Southern Africa has disclosed that it was hit with a ransomware attack by the Akira group last month. The bank says that the attack occurred around May 21. In the incident servers, logfiles and documents were encrypted. DBSA says that sensitive information about its clients including business names, the names of directors and shareholders, addresses, identification documents and contact information like phone numbers and email addresses was stolen in the incident. Many of the documents purportedly also included details of commercial or employment relationships with DBSA and financial information of stakeholders. The attack is under investigation by South African law enforcement agencies and regulators as well as third-party forensic investigators.
How it Could Affect Your Customers’ Business: Banks and other financial institutions have been at the top of cybercriminal hit lists for the past few years.
