Hacks, Attacks and Breaches: 4/14/2021 to 4/20/2021
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
United States – LogicGate
LogicGate: Software Company
Risk to Small Business: LogicGate notified customers that an unauthorized third party obtained credentials to its Amazon Web Services-hosted cloud storage servers storing customer backup files for its flagship platform Risk Cloud in 02/21. The risk and complaince specialty firm noted that only data uploaded on or prior to 02/23/21 would have been included in that backup file. The company said that an unauthorized third party was able to use filched credentials to decrypt files stored in AWS S3 buckets in the LogicGate Risk Cloud backup environment.
How it Could Affect Your Business: Hacking into databases is a profitable enterprise for cybercriminals. Ebsuring that you are using strong security for information storage is a modern essential.
United States – Codecov
Exploit: Third Party Data Breach
Codecov: Software and Cloud Developer
Risk to Small Business: Codecov is facing a mess after a threat actor managed to breach its platform and add a credentials harvester to one of its tools, Bash Uploader Codecov said the breach occurred “because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.” The attacker gained access to the Bash Uploader script sometime in 01/21 and made periodic changes to add malicious code that would intercept uploads and scan and collect any sensitive information like credentials, tokens, or keys. Unfortunately, the bad guys had 2.5 months to run wild – the breach was not discovered until 04/01. The damage isn’tlimited to only to clients who used the Bash Uploader script, either. Because the script is also embedded in other products, a large chunk of the company’s customers may be affected.
How it Could Affect Your Business: Not only did Codecov fall victim to a cyberattack that adulterated its product, but it also didn’t find out for 2.5 months. Not a good look.
Canada – The Regional Municipality of Durham
Exploit: Third-Party Breach (Ransomware)
The Regional Municipality of Durham: Regional Government Services Entity
Risk to Small Business: The Regional Municipality of Durham, which provides regional services to eight local municipalities north of Lake Ontario, announced in an email that it “recently became aware of a cybersecurity incident that occurred with a third-party software provider which impacted the region.” That incident was through data services provider Accellion, breached several weeks ago by the Clop ransomware gang in an incident that continues to ripple into other organizations. The content of the leaked data is unclear but appear to be administrative records.
How it Could Affect Your Business: This kind of data will be a windfall for the gang in today’s booming dark web data markets, but the Accellion breach will also continue to be a nightmare for impacted organizations.