Hacks, Attacks and Breaches: 2/10/2021 to 2/16/2021
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Exploit: Unauthorized Access to Email
Syracuse University: Institution of Higher Learning
Risk to Small Business: An unknown party gained unauthorized access to an employee’s email account at Syracuse University. The university launched an investigation with a third-party firm that determined in early January that emails and attachments in the account that had been improperly accessed did contain names and Social Security numbers of students, and those affected who have been informed by letter.
How it Could Affect Your Business: Data like this is a currency on the Dark Web, and it can hang around for years acting as fuel for future cybercrime like phishing.
Exploit: Security Vulnerability
Chess.com: Gaming and Resource Site
Risk to Small Business: Security researchers found a critical bunch of vulnerabilities in chess.com’s API. The flaws could have been exploited to access any account on the site. They could also be used to gain full access to the site through its administrator panel. The website quickly fixed the problem after they were informed. There is no current evidence that it was accessed by bad actors before it was patched.
How it Could Affect Your Business: Security vulnerabilities can lead companies down dangerous paths and expose them to unexpected risks. Building a strong security culture helps make sure everyone is on the same page when it comes to data protection.
Nebraska Medicine: Health System
Risk to Small Business: Nebraska Medicine and the University of Nebraska Medical Center have begun notifying patients and employees whose personal information may have been compromised in a breach in late 2020. Bad actors gained access to Nebraska Medicine and UNMC’s shared network using unnamed malware. The breach led to the interruption of some services including the postponement of patient appointments and required staff in the system’s hospitals and clinics to chart by hand.
How it Could Affect Your Business: Ransomware isn't the only kid on the block when it comes to causing a data breach - many types of malware are available for bad actors to use, and they can do devastating damage without the ransom.
Exploit: Credential Compromise
Oldsmar Water Treatment: Municipal Water System Plant
Risk to Small Business: In an attack that made national headlines, bad actors are suspected of using stolen credentials to access operational systems at a Florida wastewater treatment plant. The attackers likely used remote access software to enter the operations system with the intent of changing the level of sodium hydroxide, more commonly known as lye, in the water from 100 parts per million to 11,100 parts per million. Other systems detected the chemical change and stopped it before anyone was hurt. Officials suspect that the compromised credentials may have been part of a huge 2017 data dump.
How it Could Affect Your Business: Recycled, reused, and weak passwords can cause trouble for years, and that is especially dangerous when they give access to critical infrastructure like this.