The target: Wolfe Eye Clinic, an operator of a network of eye clinics throughout Iowa.
The take: Personally identifiable and medical information of 500,000 current and past patients including names, addresses, birth dates, social security numbers, and, in some cases, medical and health information.
The attack vector: Wolfe reported that they had been victim of a ransomware attack in February of 2021. They elected not to pay the ransom at the time of the attack, but after a forensic investigation, it was confirmed that a substantial quantity of data was exfiltrated as a part of the attack.
While ransomware attacks have traditionally limited themselves to encrypting data in-place, allowing firms with robust backup regimens to recover, the vast majority of recent attacks have included an exfiltrated component, in an attempt to ensure that the victim will pay the ransom to prevent sensitive information from being leaked. Commensurate technical controls and a robust security awareness program to prevent employees from falling victims to social engineering scams are critical to preventing ransomware attacks from occurring in the first place.
BNN Bloomberg: A hacker group linked to the Russian state known as “Fancy Bear” conducted a cyber attack on critical German infrastructure and the country’s banking system in the past few days, Bild newspaper reported, citing unidentified Western intelligence sources.
Private Equity Wire: Crosspoint Capital Partners (Crosspoint), a private equity investment firm focused on cybersecurity, privacy, and infrastructure software markets, has appointed Samir Kapuria as Managing Director to help lead the company’s efforts to identify and grow world-class companies in the cybersecurity space.
Yahoo Finance: The UK and Singapore announced the launch of a new Financial Partnership at the sixth UK-Singapore Financial Dialogue that was held virtually today. The Dialogue was chaired by Director General (Financial Services) of HM Treasury (HMT), Ms Katharine Braddick, and Deputy Managing Director (Markets and Development) of the Monetary Authority of Singapore (MAS), Mr Leong Sing Chiong.
Hedge Week: Drawbridge, a provider of cybersecurity software and solutions to the alternative investment industry, has named Scott DePetris as President and Chief Operating Officer (COO) and appointed him to the Board of Directors.
Yahoo Finance: Cybersecurity firm SentinelOne Inc, backed by billionaire investor Daniel Loeb's hedge fund Third Point, has boosted the price range for its IPO and is now looking to raise about $1.02 billion, a regulatory filing showed.
The target: Amerigas, the U.S’s largest propane provider.
The take: Personally Identifiable Information of 123 employees which included: lab IDs, social security numbers, driver license numbers, and dates of birth.
The attack vector: The breach occurred when an employee of a third-party vendor, J.J Keller, fell for a phishing email and unknowingly gave away their login credentials to a threat actor. After this, the attacker logged in using the employee’s legitimate credentials and began accessing secure documents and information.
Phishing attacks against individual employees remain one of the greatest security threats to the entire organization. Regular social engineering and awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.
International Investment: The Financial Conduct Authority (FCA) has admitted that there were three cases of data breaches in 2020 in response to a Freedom of Information (FOI) request submitted by International Investment's sister title Professional Adviser.
O Canada: The European Commission proposed on Wednesday to pool resources and expertise from the EU’s 27 countries for a joint cyber unit to fight online criminals amid a spate of high profile hacks in Europe and worldwide.
Help Net Security: McAfee released a report examining cybercriminal activity related to malware and the evolution of cyber threats in the first quarter of 2021. The quarter saw cyber adversaries shift from low-return, mass-spread ransomware campaigns toward fewer, customized Ransomware-as-a-Service (RaaS) campaigns targeting larger, more lucrative organizations.
ZDNet: The federal opposition has introduced a Bill to Parliament that, if passed, would require organisations to inform the Australian Cyber Security Centre (ACSC) before a payment is made to a criminal organisation in response to a ransomware attack.
Financial Advisor: Cybersecurity is a top concern for advisory firms and businesses in general, which opens up investing opportunities in companies that are good at building defenses against hacker attacks, according to Pedro Palandrani, research analyst at Global X, a New York City-based financial services firm that specializes in ETFs.
Private Equity Wire: In addition to the investment funding, Integrity360 founder and CEO Eoin Goulding is partnering with Ian Brown, who joins the company as Executive Chairman, with Goulding taking on the new role of President. Brown, an established entrepreneur and industry veteran has been running technology businesses for over 25 years, including most recently SecureData, the leading UK cyber security services business acquired by Orange in 2019.
The target: CVS, a U.S-based retailer and pharmacy company.
The take: Exposure of an estimated one billion records of information including: event and configuration data, visitor IDs, session IDs, device access information, a schematic of the logging system used by the website, and queries for medications including COVID-19 vaccines.
The attack vector: Misconfigured cloud service database, controlled by a third-party vendor, with no password protection or credential management, letting anyone with an internet connection download and access the data.
This breach highlights the risk of working with third-party vendors and the importance of regular auditing to ensure they are following best practice when handling data. The storage of sensitive information should follow industry standard practices be managed with proper credential deployment and security, no matter if a firm’s data is on their own servers or in the hands of another party.
The Hill: A bipartisan group of senators on Thursday unveiled legislation intended to crack down on cyber criminals, who have increasingly posed a threat to critical U.S. organizations.
IT Pro: The company published the figure in a report that surveyed cyber security professionals worldwide, with 24% of them based in the US. It found that 46% of the companies targeted a second time were attacked by the same criminals that infected them the first time.
US News: Legal and professional services group Gateley reported a cyber security breach from a known external source on Wednesday, adding it was confident that the incident was limited to a small portion of its data.
Security Week: An investigation revealed that the database stored information that had been compromised in data breaches suffered by various companies over the past years. The database has been used by security analytics firm Cognyte to alert customers when their information is exposed as a result of a data breach suffered by a third party.
SEC: The Securities and Exchange Commission today announced settled charges against real estate settlement services company First American Financial Corporation for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.
The target: Carter’s, a U.S based retailer of baby clothing and apparel.
The take: An estimated 410,000 records of personally identifiable information including: full names, physical addresses, email addresses, phone numbers, shipping tracking ID’s, and purchases and transaction details.
The attack vector: The breach occurred because of the failure to implement authentication controls for the URL shortener used on the site. When a customer made a purchase online, they were redirected to the shortened purchase cart page URL which had no credential management. Furthermore, the links were not set to expire, letting anyone with the URL access the sensitive information at any time for any length of time.
Any page where customer data is stored should follow industry standard practices be managed with proper credential deployment and security. The exposure of detailed personal information makes a firm’s users extremely vulnerable to phishing attacks and fraud.
O Canada: U.S. Senate Majority Leader Chuck Schumer said he is initiating a review of recent high-profile cyber attacks on governments and businesses to find out whether a legislative response is needed.
CNN Business: Significant cyberattacks against critical targets in Europe have doubled in the past year, according to new EU figures obtained by CNN, as the pandemic pushed lives indoors and online.
Private Equity Wire: The new module gives PE funds a single view to monitor the complete cyber risk profiles of their portfolio companies in real-time. The first offering of its kind in the industry, the module was developed in partnership with Drawbridge clients who have been confronted with a dramatic rise in cyber-attacks on their portfolio companies in terms of both size and frequency.
Businesswire: ExtraHop, the leader in cloud-native network detection and response, today announced that it has entered into a definitive agreement to be acquired by Bain Capital Private Equity (“Bain Capital”) and Crosspoint Capital Partners (“Crosspoint Capital”) in a strategic transaction valued at $900 million.
Morning Star: Covid-19 vaccines have transformed the global economy. The companies that produce them, meanwhile, already a big target for hackers, have to be more on their toes than ever.
Global Data: Venture capital (VC) funding and mergers and acquisitions (M&A) activity in the cybersecurity space fluctuated during 2016-2020, according to GlobalData, a leading and data analytics company.
The target: 20/20 Hearing Care Network, a vision and hearing benefits administrator.
The take: 3.3 million records of Personally Identifiable Information including: names, addresses, member numbers, date of birth, and health insurance information.
The attack vector: An unsecured Amazon Web Services cloud storage database server was left online with no password protection. This meant anyone with an internet connection was able to connect and download the data. In addition, after the data was removed by the attackers, it was then deleted.
This breach highlights the critical importance of firm’s data backups, and if there should be an incident where information is deleted, it’s essential to be able to restore data to fully ascertain the scope of the breach. Proper credential management to ensure accounts and permissions are appropriately deployed and used, is an integral part of maintaining a robust cybersecurity posture.
Computing: Ransomware gangs should be tracked and disrupted using the same strategies deployed against terrorist groups, US Department of Justice officials have suggested.
CNBC: The Biden administration is urging corporate executives and business leaders to take immediate steps to prepare for ransomware attacks, warning in a new memo that cybercriminals are shifting from stealing data to disrupting core operations.
CNBC: The U.S. cybersecurity firm said the sale will split Mandiant Solutions, its cyber forensics unit, from its cloud security, network and email products.
ZDNet: Cybersecurity works best when people know that their corporate information security team will be sympathetic to mistakes. That's because, if someone suspects they may have clicked a phishing link or fallen victim to a cyberattack, they're much more likely to be open about it – and that helps the whole organisation stay secure against malicious hackers.