The Week in Breach: LOTS to unpack – CVS leaks ONE BILLION records, Microsoft hit again

Make sure to add us or contact us for the latest news



Cybercrime gang Nobelium, famous for previous attacks against SolarWinds and Microsoft, went back to take another strike at the software company using some unexpected tools. Microsoft said on Friday that an attacker, reported to be the Russia-aligned cybercrime group Nobelium, had slipped into its inner circle through a familiar path. The threat actors were then able to parlay the information from that success into gold, allowing them to launch hacking attempts against several Microsoft customers. On its blog, the company reported that Nobellium was using some techniques that aren’t typically on the top of the nation-state cybercriminal playbook – password spraying and brute-force attacks.

Microsoft detailed the attacks in a blog post on June 25, 2021. The tech giant reported that the nation-state threat actors targeted specific customers that Microsoft supplied with software. They delineated the victim pool for this round of nation-state threats as primarily IT companies (57%), followed by government entities (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services. The activity was largely focused on US interests, about 45%, followed by 10% in the UK and smaller numbers from Germany and Canada. In all, 36 countries were targeted and Microsoft has discovered three compromised entities that were their customers to date among the targets.

After inquiries from the press, Microsoft divulged that the Nobelium threat actors obtained entry into Microsoft’s systems through the computer of an infected customer service agent. Through that compromised computer, Nobelium was able to gain entry into important data about Microsoft customers including access to sensitive client data like billing information and the specific services that each customer was using. Other customer account data may also have been compromised. Microsoft sent out warnings to potentially impacted customers, warning them to be cautious about communications to their billing contacts that could be cybercrime-related. They also warned clients that they should consider changing the credentials, usernames and email addresses related to those accounts, as well as barring old usernames from logging in.

Everyone Faces the Same Hazards


That’s familiar-sounding advice. No matter how big or small a company is, the same little things can create big problems. Like compromised credentials. An estimated 60% of the information that was on the pre-pandemic dark web could be damaging to businesses and 22 billion new records were added in 2020. That stock of stolen credentials just received a big boost from what experts are calling the largest credential file to ever hit the dark web at once in the RockYou2021 password leak. This is one major reason why old usernames and passwords are bound to be problematic, and zombie accounts are a risk to every business. If companies aren’t using dark web monitoring, they may not know about the danger that they’re in from these ghosts of the past.

Another pitfall that businesses may not be considering is the danger that they face from the less glamorous types of cyberattacks like password spraying and brute-force attacks. While those threats aren’t likely to make headlines, they aren’t as uncommon a major factor in data breaches as they may think. In the 2021 Verizon Data Breach Investigations Report, researchers estimated that 60% of data breaches involve stolen or lost credentials and employ brute force attacks. Almost a quarter of breaches last year were done through credential stuffing- with 95% of them getting hit with between 637 and 3.3 billion credentials in order to force entry. Password-based attacks can be nearly eliminated through the addition of multifactor authentication to a company’s security toolbox – yet more than 50% of companies aren’t using it.

It pays to put strong protections in place immediately before an expensive cybercrime disaster comes knocking on your door like it did for 80% of other businesses in 2020 – especially one that can be easily prevented. Contact us today for a customized demo of our digital risk protection platform and the benefits that with IntegraMSP can provide.


Dark Web ID’s Top Threats This Week


 

CVS

https://www.zdnet.com/article/billions-of-records-belonging-to-cvs-health-exposed-online/#ftag=RSSbaffb68

Exploit: Third-Party Threat (Misconfiguration)

CVS: Drug Store Chain

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.416= Extreme

CVS is in hot water after researchers discovered a trove of over one billion records online that were connected to the US healthcare and pharmaceutical giant. The unsecured database was estimated to be 204GB in size. According to reports, the databases contained an astonishing assortment of sensitive data like event and configuration data, visitor IDs, session IDs, device access information and details on how the logging system operated from the backend. Search records exposed also included queries for medications, COVID-19 vaccines and a variety of CVS products, referencing both CVS Health and CVS.com.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Every company needs to make it a priority to be certain that their contractors and partners are handling and storing sensitive data correctly. Poor cyber hygiene at a service provider can become an expensive disaster fast.

IntegraMSP to the Rescue:  Third-party and supply chain risk growing exponentially. Learn strategies to fight back in our eBook Breaking Up with Third-Party and Supply Chain RiskDOWNLOAD IT>>

Cognyte

https://beta.darkreading.com/attacks-breaches/cyber-analytics-database-exposed-5-billion-records-online

Exploit: Unsecured Database

Cognyte: Data Analytics Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802= Severe

Data analytics company Cognyte warns folks about data exposure from third-party sources, and it had to send one out for itself this week. Researchers discovered an unsecured database operated by Cognyte that left some 5 billion records collected from a range of data incidents exposed online. The stored data is part of Cognyte’s cyber intelligence service, which is used to alert customers to third-party data exposures. The incident is under investigation.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Business: Proprietary like this is catnip for hackers. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.

IntegraMSP to the Rescue: Are you ready for the next risk? Find useful data to inform security decisions including our predictions for the biggest risks of 2021 in The Global Year in Breach 2021READ IT NOW>>


Invenergy LLC

https://www.infosecurity-magazine.com/news/revil-claims-responsibility-for/

Exploit: Ransomware

Invenergy LLC: Energy Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.916 = Severe

REvil has claimed responsibility for a recent cyberattack on renewable energy company Invenergy. The gang claims to have compromised the company’s computer systems and exfiltrated four terabytes of data. Among the information allegedly taken by REvil are contracts and project data. In a bizarre twist, REvil also claims to have obtained “very personal and spicy” information regarding Invenergy’s chief executive officer, Michael Polsky.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware attacks against strategic targets are hot right now as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.

IntegraMSP to the Rescue:  NEW! Go behind the scenes of ransomware to see who gets attacked, who gets paid and what’s next on the hit list in Ransomware Exposed! DOWNLOAD NOW>>


Wegman’s

https://www.bleepingcomputer.com/news/security/us-supermarket-chain-wegmans-notifies-customers-of-data-breach/

Exploit: Third-Party Threat (Misconfiguration)

Wegman’s: Grocery Store Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227= Severe

East Coast gourmet grocer Wegmans issued a release announcing that a service provider had failed to correctly configure two of its databases, exposing a large quantity of customer data. According to Wegmans, the databases that the contractor maintained contained customer identity and shopping habit information as well as an assortment of client PII. The company says the issue is resolved.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

The release says that customer information exposed in the data breach included names, addresses, phone numbers, birth dates, Shoppers Club numbers, Wegmans.com account e-mail addresses and passwords. No Social Security, financial or medical information was stolen and only salted password hashes were stored in the databases maintained by the negligent contractor.

Customers Impacted: Unknown

How it Could Affect Your Business Clients expect a high level of information security from companies that they trust with their personal information and excuses about errors by contractors aren’t going to get businesses off the hook if there’s trouble.

IntegraMSP to the Rescue:  Make sure you’re protecting the access points to your clients’ assets with strong security, including strong passwords with our Build Better Passwords eBook. GET IT>>


Carnival Cruise Line

https://www.scmagazine.com/home/email-security/carnival-discloses-new-data-breach-on-email-accounts/

Exploit: Hacking

Carnival Cruise Lines: Cruise Ship Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.651= Severe

Perennially cybersecurity challenged cruise line Carnival issued a breach disclosure on Thursday confirming hackers attacked email accounts and gained access to data about its customers and employees. The company said that the data snatched was collected during the travel booking process, through the course of employment or from providing services to the company, including COVID or other safety testing.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802= Severe

The passenger data accessed included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like social security or national identification numbers. No clear information was provided about the employee information that was exposed.

Customers Impacted: Unknown

How it Could Affect Your Business This is the third major cybersecurity blunder for Carnival in just one year, and that is likely to create a great deal of mistrust with consumers just as the travel industry is getting back on it’s feet.

IntegraMSP to the Rescue: Building a strong security culture is vital to maintaining a high level of security. The Security Awareness Champion’s Guide shows you how to make good security choices and avoid trouble. GET IT>>

Mercedes Benz USA

https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/

Exploit: Third Party Risk

Mercedes Benz USA: Carmaker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.611= Severe

Mercedes-Benz USA has disclosed a data breach impacting some of its US customers. The data breach exposed PII of under 1,000 Mercedes-Benz customers and potential buyers. This breach was announced after a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.802= Severe

According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017. The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers and dates of birth.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: 1,000

How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.

IntegraMSP to the Rescue: Third-party and supply chain risk growing exponentially. Learn strategies to fight back in our eBook Breaking Up with Third-Party and Supply Chain RiskDOWNLOAD IT>>


Washington Suburban Sanitary Commission (WSSC)

https://baltimore.cbslocal.com/2021/06/27/wssc-water-investigating-ransomware-attack/

Exploit: Ransomware

Washington Suburban Sanitary Commission (WSSC): Utility

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.116 = Severe

Washington Suburban Sanitary Commission (WSSC) has disclosed a ransomware attack that impacted some of its systems. The utility noted that the incident impacted a portion of their network that operates non-essential business systems. The company has admitted that cybercriminals were able to gain access to internal files but no more information has been provided. The incident is still under investigation. WSSC is the utility that provides water and sewer services to the Washington, DC metropolitan area.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware attacks against strategic targets like utilities and infrastructure targets as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.

InegraMSP to the Rescue:  NEW! Go behind the scenes of ransomware to see who gets attacked, who gets paid and what’s next on the hit list in Ransomware Exposed! DOWNLOAD NOW>>


DreamHost

https://www.infosecurity-magazine.com/news/cloud-database-exposes-800m/

Exploit: Unsecured Database

DreamHost: WordPress Hosting Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.823=Severe

A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your  Business There’s no excuse for making basic security blunders, and clients may be less likely to want to work with those who do. A strong security culture prevents these blunders from happening.

IntegraMSP to the Rescue:  Building a strong security culture is vital to maintaining a high level of security. The Security Awareness Champion’s Guide shows you how to make good security choices and avoid trouble. GET IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.