Hacks, Attacks and Breaches: 9/16/2020 to 9/22/2020
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Artech Information Systems: Staffing Firm
Risk to Small Business: Artech Information Systems, one of the largest IT staffing companies in the US, just announced that they’d had a data breach exposing personal, financial, and health information of some of its clients. The company was informed by security researchers that the REvil gang advertised 337MB of stolen data in January, but Artech first sent out breach notifications at the beginning of September, despite completing its investigation at the end of June, leaving clients exposed to risk for 8 months.
How it Could Affect Your Business: Ransomware is a terrifying specter, but it can be ameliorated. What can’t is a failure to even tell your clients that they’re at risk for 8 months or more.
Exploit: Unauthorized Access (Credential Compromise)
Department of Veterans Affairs: Federal Agency
Risk to Small Business: The Department of Veterans Affairs (VA) informed affected users on Monday of a data breach that resulted in the exposure of 46,000 veterans’ personal information. The incident stemmed from unauthorized users accessing an application within the Financial Service Center (FSC) to steal payment away from community health care providers. In a statement, the VA said malicious actors used “social engineering techniques” and exploited “authentication protocols” to gain access to the system. Recent additional information that has come to light indicates that 17,000 community care providers may also have been affected.
How it Could Affect Your Business: Social engineering attacks, typically in the form of password theft or phishing, can devastate a business, especially if it results in the compromise of a privileged account.
Exploit: Credential Stuffing
Activision Blizzard: Video Game Developer
Risk to Small Business: Cybersecurity researchers have uncovered the files for more than 500,000 accounts for the company’s Call of Duty franchise with login data compromised. The eSports site Dexerto reported that a data breach occurred on September 20 and that the credentials to access these accounts have been leaked publicly. Activision Blizzard is denying the incident, but many gaming and cybersecurity news outlets have reported evidence of the incident, including directly affected user records
How it Could Affect Your Business: Failing to acknowledge a data breach that’s widely reported and confirmed is not the way to start repairing your company’s reputation or your clients’ trust after an incident.
Newhall School District: School System
Risk to Small Business: A cyberattack against the Newhall School District in Valencia, CA affected all distance learning across 10 schools, shutting down remote learning for 6,000 elementary school students. Newhall’s servers have been shut down and teachers are attempting to keep students learning while the incident is investigated and systems are restored with pencil and paper assignments.
How it Could Affect Your Business: Attacks on education have been skyrocketing, and failure to update security awareness and phishing resistance to keep up opens schools to this massive threat.