Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
United States – ST Engineering
Exploit: Ransomware
ST Engineering: Aeronautics contractor
Risk to Small Business: The San Antonio, Texas branch of defense, aeronautics, and space contracting conglomerate ST Engineering was hit with a MAZE ransomware attack disrupting operations and putting data at risk for a second time. This division of the international flight equipment services giant was also hit with a MAZE ransomware attack in May 2020 to the same effect. In an industry that expects top-notch security standards to be maintained by any company that wants to be a player, this is problematic and dangerous.
How it Could Affect Your Business: Ransomware like MAZE is commonly delivered to vulnerable businesses through phishing attacks, including the use of fake websites and dodgy attachments to infect systems. Phishing has grown exponentially in 2020, and COVID-19 related attacks are on track to be the biggest phishing scam driver in history.
United States – Kentucky Employee Health Plan
Exploit: Unauthorized database access
Kentucky Employee Health Plan: Health insurance provider
Risk to Small Business: Two data breaches compromised plan members’ personal data and enabled bad actors to steal more than $100,000 in gift cards. Hackers used valid login information to access the system in the first breach and were able to compound the damage of that breach in a second breach. The second breach accessed member programs to redeem reward points for gift cards. The two breaches created scrutiny and drew calls for further investigation as to whether the “bad actors” were from outside the office or if insider threats were the root cause.
How it Could Affect Your Business: Whatever the results of this investigation show, it raises the question of insider threats. Whether staffers are accidentally or deliberately giving information and passwords to bad actors, insider threats have to be a top concern for every business.
Canada – Chartered Professional Accountants of Canada
Exploit: Phishing
Chartered Professional Accountants of Canada: Professional membership organization
Risk to Small Business: The organization recently disclosed that personal information for its members had been compromised following a successful phishing attack in April. CPA Canada announced the results of its completed investigation, determining that the compromised information primarily affected subscribers of its CPA Canada magazine and an indeterminate number of website users. Impacted members were sent a phishing email asking them to change their user information on the organization’s online platform.
How it Could Affect Your Business: A data breach caused by a human error like phishing is a sign to an organization’s membership that it doesn’t take those members’ information security seriously, making it harder to retain members and sell professional resources.