Hacks, Attacks and Breaches: 9/2/2020 to 9/8/2020
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Exploit: Unsecured Database
Telmate: Correctional Facility Communications
Risk to Small Business: An a misconfigured Amazon S3 Bucket is to blame for a nasty data breach involving Telnet, makers of the Getting Out app used for inmate communications. The app, (which charges an exorbitant fee of up to $0.50 per minute for families to communicate with their incarcerated loved ones), is commonly monitored by prison officials, but the data that has been leaked is the kind of highly sensitive personal information like whether an inmate identifies as transgender, their relationship status, prescription medication they take, and their religion. The company, part of the Global Tel Link family, blames a third party vendor for the incident. Experts say that 11,210,948 inmate records and 227,770,157 messages were exposed.
How it Could Affect Your Business: Failing to secure simple data storage tools like this is indicative of a lax attitude toward security throughout a company and can turn off customers and potential partners. This is Telnet’s second security incident this year.
Cygilant: Information Security Firm
Risk to Small Business: Cybersecurity startup Cygilant finds itself in hot water after falling victim to a ranasomware attack. Cygilant is believed to be the latest victim of NetWalker ransomware. A site on the Dark Web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant. It is unknown if they paid the ransom, but the Dark Web listing has disappeared.
How it Could Affect Your Business: Ransomware is most commonly delivered through a phishing email, today’s most common vector for cyberattacks. Preventing phishing email from landing in employee inboxes is a strong defense against ransomware.
Exploit: Unauthorized Database Access (Phishing)
Roper St. Francis Hospital: Medical Center
Risk to Small Business: A newly announced security breach occurred at Roper St. Francis Hospital between June 13 and June 17. An attacker was able to gain access to a treasure trove of healthcare data by compromising an employee’s email in a suspected phishing incident at the Charleston, SC hospital. The patient information that was compromised contained names, birth dates, detailed medical records, insurance information, and Social Security numbers.
How it Could Affect Your Business: Health care information is at a premium right now because it is a hot seller on the Dark Web – and with an exponential increase in phishing, every healthcare sector organization is high on the hit list for bad actors.
Exploit: Hacking Instrusion
The Jewish Federation of Greater Washington: Non-Profit
Risk to Small Business: A cyberattack at The Jewish Federation of Greater Washington gave cybercriminals a solid payday. Bad actors were able to hack in through an employee’s home WiFi to a privileged user account and snatch an estimated $7.5 million. The hack was discovered on August 4 by a security contractor who noticed unusual activity in an employee’s email account. That assessment indicates that the hacker had access to the system long before stealing the money, as early as the first months of summer. The organization has 52 employees.
How it Could Affect Your Business: This is an enormous blow to any business, but especially a non-profit that needs funding to continue doing good work in hard times. Notoriously unsafe home WiFi and device or network sharing between parents and children creates opportunities for hackers to slip through.