shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Orrick, Herrington & Sutcliffe

      The Target: Orrick, Herrington & Sutcliffe, a popular San Francisco-based international law firm.

      The Take: The stolen data encompassed a vast array of information, including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license, and tax identification numbers.

      The Vector: The intrusion into Orrick’s network compromised a file share, revealing personal information and sensitive health data of victims.

      This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

      Read more...

      Know Your Breach: Americold

      The Target: Americold is the world’s largest publicly traded real estate investment trust focused on temperature-controlled warehouses. The company controls 250 warehouses across the world — most of which are used by food producers, distributors and retailers.

      The Take: Names, addresses, Social Security numbers, driver’s license/state ID numbers, passport numbers, financial account information, and employment-related health insurance and medical information were leaked

      The Vector: Americold confirmed that hackers had breached its systems on April 26 and accessed the information of current and former Americold employees as well as their dependents. While the company did not explicitly call it a ransomware attack, it said the cybersecurity incident “involved the deployment of malware on certain systems.”

      As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

      Read more...

      Know Your Breach: Toyota Financial Services

      The Target: Toyota Financial Services is the finance arm of the Toyota Motor Corporation. It is a subsidiary of Toyota and provides a range of financial services to Toyota customers and dealerships worldwide.

      The Take: Threat actors gained access to full names, residence addresses, contract information, lease-purchase details, and IBAN (International Bank Account Number).

      The Vector: Threat actors likely exploited the vulnerability Citrix Bleed to gain initial access to the company’s network.

      This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

      Read more...

      Know Your Breach: HTC Global Services

      The Target: HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries.

      The Take: The leaked data includes passports, contact lists, emails, and confidential documents allegedly stolen during the attack.

      The Vector: While little information about the attack on HTC is available, cybersecurity professional Kevin Beaumont believes the company was breached using the Citrix Bleed vulnerability. According to Beaumont, one of HTC's business units, CareTech, operated a vulnerable Citrix Netscaler device, which was exploited for initial access to the company's network.

      This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

      Read more...

      Know Your Breach: General Electric

      The Target: General Electric (GE) is an American multinational company with divisions in power, renewable energy, and aerospace industries.

      The Take: According to the threat actor, "data includes a lot of DARPA-related military information, files, SQL files, documents etc." As proof of the breach, the threat actor shared screenshots of what they claim is stolen GE data, including a database from GE Aviations that appears to contain information on military projects.

      The Vector: The data was exposed through a server that was misconfigured so that it was accessible online.

      This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

      Read more...

      Know Your Breach: AutoZone

      The Target: AutoZone is the leading retailer and distributor of automotive spare parts and accessories in the U.S., operating 7,140 shops in the country and also in Brazil, Mexico, and Puerto Rico.

      The Take: The data leaked by the cybercriminals is roughly 1.1GB in size, containing employee names, email addresses, parts supply details, tax information, payroll documents, Oracle database files, data about stores, production and sales information, and more. No customer data appears in the leaked files.

      The Vector: AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application. More specifically, on or about August 15, 2023, AutoZone determined that the exploitation of the vulnerability in the MOVEit application had resulted in the exfiltration of certain data.

      This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

      Read more...

      Know Your Breach: Ellington Management Group

      The Target: Investment management firm Ellington Management Group L.L.C.

      The Take: Ellington determined that the following general categories of information may have been involved in the incident but are not relevant to every individual impacted: name, date of birth, Social Security number, medical information, and driver’s license number. In only three instances, non-Ellington financial account information may have been impacted.

      The Vector: Ellington’s investigation determined that between July 18, 2023 and August 8, 2023, an unauthorized actor had access to a single Ellington email account for the demonstrated purpose of sending phishing emails. Ellington analyzed the email account and did not find any evidence of any data being downloaded, emails being forwarded, or the account being synced to other systems.

      As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

      Read more...

      Know Your Breach: Hilb Group

      The Target: Hilb Group, a business that handles property, casualty, and employee benefits insurance and advisory services at more than 130 locations across 22 US states.

      The Take: People's first and last names and sensitive financial data and credentials. Specifically, Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account).

      The Vector: Hilb says it discovered "suspicious activity" related to employee email accounts around January 10. After doing some digging, and bringing on a third-party incident response firm, the insurance brokerage determined someone broke into those inboxes between December 1, 2022 and January 12, 2023.

      This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

      Read more...

      Know Your Breach: CCleaner

      The Target: The popular optimization app CCleaner

      The Take: The hackers took names, contact information and information about the products that were purchased.

      The Vector: The hackers exploited a vulnerability in the widely used MOVEit file transfer tool, which is used by thousands of organizations, including CCleaner, to move large sets of sensitive data over the internet.

      This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

      Read more...

      Know Your Breach: Casio

      The Target: Japanese electronics manufacturer Casio.

      The Take: The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.

      The Vector: Casio detected the incident on Wednesday, October 11, 2023, following the failure of a ClassPad database within the company's development environment. Evidence suggests that the attacker accessed customers' personal information a day later, on October 12, 2023.

      This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates