Do any of these scenarios resemble your work environment?
Microsoft Exchange
On 3rd March 2021, cybercriminals exploited four vulnerabilities in the Microsoft Exchange Server email system. The attacker exploited the vulnerabilities in the email servers to get the accounts information of more than 30,000 organizations across the world. These organizations include local governments, small businesses, and officials accounts. After exploiting these vulnerabilities the attackers got remote access over the compromised systems, with the privileges of confidential data access. In few days, Microsoft released patches and security updates for these vulnerabilities (Carlson, 2021).
SITA
SITA is an IT company that provides support and services to airline companies throughout the world in case of any cyber-attack. This company became a victim of a cyberattack on 4th March 2021, in which attackers exposed the PII (Personally Identifiable Information) belonging to an undisclosed number of airline passengers. This sensitive information included the traveler’s name, their service card numbers, and the statuses about their services (Staff, 2021).
MultiCare
MultiCare is a non-profit healthcare organization that runs a healthcare system that experienced a ransomware attack on 9th March 2021 and exposed the personal information of over 200,000 patients as a result of a ransomware attack. The attackers were able to access personal information including names, insurance policy numbers, dates of birth, social security numbers, bank account details, and types of diseases. Multicare uses Woodcreek provider services as its medical practice management company. After paying the ransom money the breached data was retrieved (Lewis, 2021).
California State Controller’s Office (SCO)
A phishing attack was launched on 23rd March 2021 on California State Controller’s Office (SCO). An employee of the office lured by the attackers to click on a malicious link, logging into a cloned website and granted access to the email accounts. The attackers maintained their access over the system for 24 hours with privileges to view PII (Personally Identified Information) and sending phishing emails to the compromised SCO employees. A strange thing in this attack that attackers did not disclose the numbers of compromised employees and their personal information (Cobler, 2021).
Hobby Lobby
A data breach occurred on 23rd March 2021 containing records of more than 300,000 customers of arts and crafts chain store Hobby Lobby. A vulnerability of cloud-bucket misconfiguration was exploited to execute this data breach attack. The data disclosed in this attack include customers’ names, phone numbers, home, and email addresses, and payment card information. A source code of the company’s application was also leaked in this data breach (Seals, 2021).
Cancer Treatment Centers of America (CTCA)
On 26th March 2021, the medical information of more than 100,000 patients was leaked by the cybercriminals from Cancer Treatment Centers of America. After the attack, the organization alerted their patients that their email accounts containing medical information have been hacked by an unknown third party. These compromised emails contained patients’ names, medical record numbers, health insurance details, and medical information. Moreover, the account holder’s credentials were changed, and the previous email credentials are no longer available for use (Mitchell).
The personal data of above 533 million Facebook users from 106 countries have been disclosed on 3rd April 2021 by a low-level hacking group. A vulnerability was exploited while scraping the data that was patched in 2019. The data includes usernames, phone numbers, email addresses, full names, and biographical information. This disclosure has over 32 million records of the US and 11 million records of UK users. This leaked data could be valuable to attackers who can use this leaked information for impersonation and scam the victims to get login credentials (Holmes, 2021).
The cybercriminals released the profiles of more than 500 million LinkedIn users on the dark web. This data leakage was conducted on 6th April 2021. To prove the legitimacy of the information the attackers shared two million LinkedIn records with a total cost of $2. All the leaked data was imported into a database that includes names, LinkedIn IDs, associated email addresses, gender, phone numbers, connected social media profiles, professional CVs, and careers related information. Other threat actors are trying to get benefits from this data breach. A subset of this leaked data was put on sale by the attackers for $7000 worth of bitcoin (Team, 2021)..
ClubHouse
A database of over 1.3 million ClubHouse user’s records was leaked during scrapping on 10th April 2021. The leaked database includes usernames, photos, names, URLs, Twitter handlers, user’s follower lists, Instagram handlers, account creation details, and many more. The CEO of ClubHouse claimed in his tweet that their data was not breached. The data supposed to be leaked contains only public information from the ClubHouse application. He emphasized that the breached data doesn’t include any sensitive information like user’s credentials or email information. However, the leaked data still be used for phishing attacks on ClubHouse users or other social engineering techniques (Lyon, 2021).
ParkMobile
A vulnerability in third-party software caused data leakage of more than 21 million customers on 12 April 2021. This data belonged to ParkMobile which is a contactless parking payment application. The leaked data includes email addresses, phone numbers, license plate numbers, hashed passwords, and home addresses of the individuals who used this application. The company running this application immediately started to investigate the cause of this data breach. In an initial investigation, the investigating team found that the ParkMobile application did not store users’ passwords. However, the application stored the hash of the password by using the bcrypt algorithm. The database breached from this application contained these hash password and put up for sale.
GEICO
A Government Employees Insurance Company is known as GEICO, an auto insurance company that filed a data breach on 19 April 2021. The information gathered from different sources was used to obtain unauthorized access to the online system. This system stores and manage profiles of the company’s customers includes driver license details and other confidential information. GEICO said that they had secured the data breach immediately and fully aware of all the risks associated with such data breaches. They have implemented additional security controls to avoid such a misadventure in the future.
Experian
An insecure API (Application Programming Interface) was discovered by a group of researchers on 26 April 2021. This insecure API was causing data leakage in the Experian application that is used for lending sites, giving access to the private information of more than 10 million citizens of America with their names, mailing address, and date of birth (Beker, 2021).
Summary of latest data breaches
| Victim | Type of Attack | Date | Data Leaked | Mitigation |
|---|---|---|---|---|
| Microsoft Exchange Servcer | Vulnerable Email Server | Mar 3, 2021 | Email information, user credentials | Updates and patches, Email security |
| SITA | Vulnerable Database | Mar 4, 2021 | PII, Personal information | Encryption of data |
| MultiCare | Ransomware | Mar 9, 2021 | Healthcare information | Encryption of data |
| SCO | Data Scraping | Mar 23, 2021 | Email account information | Email security, credential security |
| Hobby Lobby | Cloud Bucket Misconfiguration | Mar 23, 2021 | Employee personal information | Cloud-based security |
| CTCA | Disclosure of healthcare information | Mar 26, 2021 | PII, healthcare information | Standardization with healthcare laws |
| Vulnerability exploited during scraping | April 3, 2021 | Scraped data, Facebook profile information | Managing social media credentials | |
| Data disclosure | April 6, 2021 | LinkedIn profile information | Data backups and encryption | |
| ClubHouse | Data Scraping | April 10, 2021 | Personal information, Twitter and Instagram | PII security, implementing data analytics security |
| ParkMobile | Vulnerable Mobile Application | April 12, 2021 | Email addresses, hashed passwords, License plate information | Email security, hashing, and encryption |
| GEICO | Unauthorized Remote Access | April 19, 2021 | Company employee profiles | Implementing security standards and policies in company |
| Experian | Vulnerable API | April 26, 2021 | Personal information | Security update and patches |
Strengthen your overall security strategy with these best practices:
- Review your risk posture to prepare for any threats and attacks. Implement a risk management program.
- Test your security controls.
- Ensure your team is response-ready.
- Update your data inventory.
- Make sure you are current in all relevant compliance requirements.
If you have been breached, review your security safeguards to check for ‘reasonableness’ and how to enhance your strategy while reinforcing your controls. Our comprehensive Risk Management Program can help you continually manage your risk to be “reasonable”, prioritize your IT investment and resources, and provide you with ready executive reporting to justify your budgets.
Schedule a call to see how we can help support you.
HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.
References
Beker, E. (2021, 4 27). 2021 Data Breaches. Retrieved from IdentityForce: https://www.identityforce.com/blog/2021-data-breaches
Carlson, B. (2021, 5 6). The Microsoft Exchange Server hack: A timeline. Retrieved from CSO: https://www.csoonline.com/article/3616699/the-microsoft-exchange-server-hack-a-timeline.html
Cobler, S. (2021, 3 24). Breach at California State Controller’s Office. Retrieved from infosecurity group: https://www.infosecurity-magazine.com/news/breach-at-california-state/
Holmes, A. (2021, 4 3). 533 million Facebook users’ phone numbers and personal data have been leaked online. Retrieved from insider: https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
Lewis, O. (2021, 3 9). Cyberattack impacts 200,000 people connected to MultiCare Health Systems. Retrieved from q13fox: https://www.q13fox.com/news/cyberattack-impacts-200000-people-connected-to-multicare-health-systems
Lyon, K. (2021, 4 11). Clubhouse CEO says user data was not leaked, contrary to reports. Retrieved from The Verge: https://www.theverge.com/2021/4/11/22378302/personal-information-1-million-clubhouse-users-leaked-privacy-security
Mitchell, H. (n.d.). 105,000 patients affected in Cancer Treatment Centers employee email hack. Retrieved from Becker.
Seals, T. (2021, 3 23). Hobby Lobby Exposes Customer Data in Cloud Misconfiguration. Retrieved from Threat Post: https://threatpost.com/hobby-lobby-customer-data-cloud-misconfiguration/164980/
Staff, A. A. (2021, 5 20). SITA falls victim to cyber-attack. Retrieved from Asian Aviation: https://asianaviation.com/sita-falls-victim-to-cyber-attack/
Team, C. (2021, 4 6). Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof. Retrieved from cybernews: https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/