Hacks, Attacks and Breaches: 9/23/2020 to 9/29/2020
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Arbiter Sports: Sports Software and Services Provider
Risk to Small Business: Arbiter Sports, a software provider for many athletic associations including the NCAA (National Collegiate Athletic Association) experienced a ransomware attack that led to significant data loss. The shifting story ultimately crystallized into the company paying the ransom to have data freed from what it classifies as a backup server containing a database of more than 540,000 540,000 of its registered members — consisting of referees, league officials, and school representatives. The data was from several applications and records including ArbiterOne, ArbiterGame, and even ArbiterWorks.
How it Could Affect Your Business: Ransomware is every company’s worst nightmare. Even when a company pays the ransom, there’s no guarantee that the encrypted data wasn’t copied or resold before it was released by the cybercriminals.
IP Photonics: Laser Developer
Risk to Small Business: Defense contractor and laser developer IP Photonics was hit with a nasty ransomware attack using the RansomExx strain of ransomware, sometimes also dubbed Ransom X. IPG Photonics IT operations were affected worldwide, including internal IT, phones, manufacturing, parts, and shipping.
How it Could Affect Your Business: Manufacturers that get shut down from ransomware don’t just lose data – they also lose production time, fulfillment capability, access to maintenance or operations technology, and other business essentials that can be hard to quantify yet devastating.
Exploit: Unsecured Database
Microsoft: Technology Conglomerate
Risk to Small Business: In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.
How it Could Affect Your Business: Elementary security failures are embarrassing, and may lead your company’s customers to take their business elsewhere because if you’re forgetting the basics, how are you handling the more serious stuff?
Exploit: Unsecured Database
Town Sports International: Sports Club Operator
Risk to Small Business: Cybersecurity researchers discovered an unsecured database owned by Town Sports International that was unprotected for nearly one year, leaving room for unauthorized individuals to browse and steal customer information. The Amazon S3 bucket contained full names, addresses, contact information, credit card last 4 digits and expiry dates, billing histories, and other sensitive information for 60,000 members of health clubs along the East Coast, including clubs in Boston and New York. Employee records were also stored in this database, and their personal information was also likely exposed.
How it Could Affect Your Business: Minor security errors happen, but colossal blunders like this speak to a culture of sloppy security and lack of regard for data privacy across an organization.