Tag Archive for: Impacts

Third-party ransomware attack impacts UK’s Greater Manchester Police


BleepingComputer reports that the UK’s Greater Manchester Police has been impacted by a data breach stemming from a ransomware attack against a service supplier, which also caters to other UK organizations.

Information compromised in the incident includes the personal information of some of the police department’s employees but financial data is unlikely to have been impacted, according to GMP Assistant Chief Constable Colin McFarlane.

“…[W]e have contacted the Information Commissioners Office and are doing everything we can to ensure employees are kept informed, their questions are answered, and they feel supported,” McFarlane added.

Such an intrusion follows third-party breaches affecting the UK’s Metropolitan Police and the Police Service of Northern Ireland during the past month.

Metropolitan Police had data from 47,000 police officers and staff, including names, ranks, and vetting levels, exposed after a cyberattack against ID card and access pass manufacturer Digital ID, while 10,000 police officers of PSNI also had their personally identifiable information stolen, some of which were already leaked online.

Source…

Impacts Continue to Grow Louder


Was that major cyber incident a ransomware attack, a data breach or both? How many records were impacted? Did personally identifiable information (PII) get compromised? How long were they down? Were backups usable? Did the business survive? When was the business able to fully restore their operations? What did the incident cost?

I often get asked these questions (and more), and the answers can take months or years to be released after an event. In some instances, the specific details remain hidden from public view — concealed inside the databases of cyber insurance companies or classified files guarded by three-letter government agencies.

And yet, as the cyber attack headlines just keep pouring in from universities, banks, governments, hospitals, public utilities and more, the rising impacts to society increase — even as many have become almost numb to the overall affect.


Here are just a few of the recent incident headlines I am talking about:

No doubt, this is just a very small sampling of the number of cyber attacks that hit the mainstream and technology media every week. Critics oftentimes argue, “Show me the data. What are the trends? Are things getting better or worse?”To which I generally reply, “It depends.” (I know. A good lawyer’s answer.)

Allow me to first provide you with a plethora of recent information, data and trend reports before providing my take on what’s going on right now regarding global cyber attacks. After each of these headlines, I offer a brief excerpt to help.

Security Week: Cybersecurity Companies Report Surge in Ransomware Attacks
“Ransomware attacks continue to be highly profitable for cyber-crime groups and the recent reports released by various cybersecurity firms show that they are increasing both in terms of volume and sophistication.”

The HIPAA Journal: IBM: Average Cost of a Healthcare Data Breach Increases to Almost $11 Million
“The 2023 IBM Security Cost of a Data Breach Report shows the average data breach cost has increased to $4.45 million ($165 per record), with data breaches in the United States being the costliest at an average of $9.48…

Source…

Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach


Apr 22, 2023Ravie LakshmananSupply Chain / Cyber Threat

Critical Infra Hacking

Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application.

The new findings, which come courtesy of Symantec’s Threat Hunter Team, confirm earlier suspicions that the X_TRADER application compromise affected more organizations than 3CX. The names of the organizations were not revealed.

Eric Chien, director of security response at Broadcom-owned Symantec, told The Hacker News in a statement that the attacks took place between September 2022 and November 2022.

“The impact from these infections is unknown at this time – more investigation is required and is on-going,” Chien said, adding it’s possible that there’s “likely more to this story and possibly even other packages that are trojanized.”

The development comes as Mandiant disclosed that the compromise of the 3CX desktop application software last month was facilitated by another software supply chain breach targeting X_TRADER in 2022, which an employee downloaded to their personal computer.

It’s currently unclear how UNC4736, a North Korean nexus actor, tampered with X_TRADER, a piece of trading software developed by a company named Trading Technologies. While the service was discontinued in April 2020, it was still available for download on the company’s website as recently as last year.

Mandiant’s investigation has revealed that the backdoor (dubbed VEILEDSIGNAL) injected into the corrupted X_TRADER app allowed the adversary to gain access to the employee’s computer and siphon their credentials, which were then used it to breach 3CX’s network, move laterally, and compromise the Windows and macOS build environments to insert malicious code.

The sprawling interlinked attack appears to have substantial overlap with previous North Korea-aligned groups and campaigns that have historically targeted cryptocurrency companies and conducted financially motivated attacks.

The Google Cloud subsidiary has assessed with “moderate confidence” that…

Source…

Ransomware Attack Impacts Health Services Organization in Pennsylvania


The incident may have compromised patient’s and employee’s Social Security numbers, driver’s license numbers, and financial information between August 21, 2021, and April 4, 2022.

On January 5, 2023, Maternal & Family Health Services (MFHS) — a private non-profit that serves women, children, and families of Northeastern Pennsylvania — announced the organization was a target of a ransomware attack that may have exposed sensitive data to an unauthorized individual.

In a statement, MFHS said they were made aware of the cybersecurity incident on April 4, 2022, and immediately called in third-party forensic teams to assist in securing the organization’s systems.

Results of an investigation revealed that hackers may have accessed the personal information of current and former employees, patients, and vendors between August 21, 2021, and April 4, 2022.

Sensitive data included, but may not be limited to, names, addresses, date of birth, driver’s license numbers, Social Security numbers, financial account/payment card information, usernames and passwords, health insurance information, and medical information.

However, MFHS reports no evidence that any compromised personal information was misused due to the attack.

The organization began sending letters on January 3, 2023 via U.S. mail to individuals who the data breach may have impacted — almost nine months after first becoming aware of the attack. The letter relayed information about the incident and steps individuals can take to protect their personal data.

These steps include monitoring personal accounts through credit reporting bureaus like Equifax, Experian, or TransUnion and placing fraud alerts on accounts if necessary. MFHS also recommends that individuals contact the Federal Trade Commission or their state Attorney General to learn more about protecting personal information, identity theft, or filing a complaint.

In addition, the non-profit created a phone hotline for people with questions concerning the ransomware attack. Call center agents are available at (833) 896-7339, Monday through Friday, from 9:00 am –9:00 pm Eastern Time.

In a news release, Maria Montoro Edwards, Ph.D., President & CEO of MFHS, said,…

Source…