Hacks, Attacks and Breaches: 8/19/2020 to 8/25/2020
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Cooke County, TX: Municipal Government
Risk to Small Business: Attackers claimed to have used REvil ransomware on July 4 in a ransomware attack on the Cooke County Sheriff’s Office (CCSO). In the resulting in a data breach, cybercriminals snatching personal identification information from an internal database. The compromised data came from either CCSO reports or cases going back several years. The gang posted their typical announcement about the hack showing data folders with filenames that appeared to reflect archived case files as well as current cases, including a threat that the files would be uploaded in seven days.
How it Could Affect Your Business: Ransomware is most commonly delivered via a phishing email, although cybercriminals are expanding their use of phishing through messaging and SMS text.
University of Utah: Institution of Higher Learning
Risk to Small Business: Netwalker ransomware appears to be the culprit in a data breach at the University of Utah. The school reportedly paid a ransomware gang $457,059 in order to avoid having student information released online. The hack occurred on July 19, and the cybercriminals gained access to the network of the university’s College of Social and Behavioral Science [CSBS].
How it Could Affect Your Business: Ransomware is a persistent and pernicious threat to any business. Paying the criminals doesn’t guarantee the safety of stolen data – but blocking the initial attack does.
Exploit: Unauthorized Access to Data
Instacart: Grocery Shopping and Delivery Service
Risk to Small Business: In a statement posted to its website, Instacart has announced that it has suffered another data breach, less than a month after a breach that was widely reported in the media containing user account data. This time, two employees at a third-party service provider accessed accounts that they shouldn’t have, exposing customer information again.
How it Could Affect Your Business: Although the pandemic will continue to drive their business as people who are unable to shop in person flock to the service, in other circumstances this would assuredly cause customer dissatisfaction, especially after the information for 278,531 Instacart accounts turned up in a Dark Web marketplace after the first one.
Exploit: Unauthorized Database Access (Hacking)
Freepik: Photo and Graphic Library
Risk to Small Business: Photo and graphics giant Freepik the security breach occurred after hackers were able to exploit an SQL vulnerability to gain access to one of its databases storing user data. The unidentified cybercriminals gained access to usernames and passwords for the oldest accounts registered on the Freepik and Flaticon websites, impacting millions of users.
How it Could Affect Your Business: It pays to guard old data too by updating storage security and access security. Many of the oldest databases and accounts involved in this incident had never had their security updated and it had long since become obsolete, making it easier for hackers to break in and steal.