Hacks, Attacks and Breaches: 10/7/2020 to 10/13/2020
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Exploit: Skimming (MageCart)
Boom! Mobile: Telecom
Risk to Small Business: Credit card skimming software has landed at Boom! Mobile, courtesy of the cybercriminal skimmers at Fullz House. The card skimmer code settled in, collecting payment card information from input fields every time it detects any changes and immediately exfiltrating the harvested data for a week. The company’s mobile payment system is still undergoing repairs.
How it Could Affect Your Business: Malware like this runs on a script that has been grafted into the payment system, meaning cybercriminals have access to the nuts and bolts of that business.
Exploit: Unsecured Database
Friendemic: Marketing Firm
Risk to Small Business: Digital marketing firm Friendemic committed a classic blunder that led to a nasty data breach. An unsecured Amazon S3 bucket resulted in the exposure of 2.7 million records including full names, phone numbers, and email addresses, alongside 16 OAuth tokens stored in plaintext. The company noted that the information was not current customer data, and the OAuth tokens were not currently in use.
How it Could Affect Your Business: Failing to secure a database, even an old one, shows a basic lack of attention to cybersecurity best practices, and that doesn’t build customer confidence.
AAA Ambulance Service, Inc.: Ambulance Service
Risk to Small Business: Hattiesburg, Mississippi based AAA Ambulance Service, Inc. is just one of several medical sector targets impacted by ransomware this week. A ransomware attack was repelled by the company’s security in July, but it was recently discovered that some client data was obtained around August 2020.
How it Could Affect Your Business: Serious personal information deserves serious security – and even a seemingly unsuccessful cyberattack can still result in data loss. Not only will healthcare sector companies have to pay recovery costs, but they will also be on the hook for regulatory penalties.
Exploit: Accidental Insider Threat
Chowbus: Asian Food Delivery Service
Risk to Small Business: A Chowbus staffer committed a blunder this week, resulting in a massive cybersecurity disaster. An email address registered with the company sent a link to files containing details of about 4,300 restaurants as well as information for 400,000 customers. So far, the incident appears to be a simple human error.
How it Could Affect Your Business: The number one cause of a data breach never really changes – human error is typically at fault, whether it is giving up a phished password or making an email forwarding mistake.
Daniel B. Hastings: Freight Forwarder
Risk to Small Business: In the latest incident in a spate of recent trucking and freight transport industry cyberattacks, Laredo, Texas-based Daniel B. Hastings was hit with a ransomware attack. the Conti ransomware group posted a selection of the company’s files on Saturday, and sources say that they appear authentic. They include completed U.S. Customs and Border Protection documents for shipments involving multiple countries, companies, and modes of transport.
How it Could Affect Your Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services and attacks in the transportation and freight sectors have been increasing, with recent incidents involving several trucking and shipping companies.