Blog

Monthly Breach Report: June 2022 Edition

According to the 2022 Verizon Data Breach Investigations Report, ransomware-related breaches increased by 13 percent in 2021—a greater increase than the past five years combined. That rise continues into 2022, as many breach stories continue to show. Check out some of the biggest breaches companies experienced in the past month.

Ransomware Gang Threatens Sovereignty of Costa Rica

Last month, Costa Rica reported yet another hit to its government systems, this time on its public health service, the Costa Rican Social Security Fund (CCSS). Costa Rica announced the most recent cybercrime on its Twitter feed on May 31, stating that all of CCSS’ systems were down. CCSS employees first noticed a problem when printers mysteriously began “spitting out unintelligible documents,” according to TechCrunch. Government officials stated none of the health system’s payroll, tax collection, or pension databases were affected.

The nation’s newly elected President Rodrigo Chaves has publicly blamed the continued cyberattacks on the Russia-linked Conti gang using Hive ransomware. He reports at least 28 institutions have been hit, taking several databases and portals offline. Several health clinics in rural areas have been forced to close due to loss of communication with central communication hubs.

During the first round of cyberattacks, a Conti member posted a message on its dark web blog that Costa Rican citizens should encourage their government to heed the ransom demands, which increased from an initial demand of $10 – $20 million. The group posted at least 600GB of government data online as part of its ransom threat. The group also threatened to overthrow the entire government through continued cyberattacks, leading Chaves to declare a state of emergency, typically reserved for natural disasters. The attacks have also severely affected the country’s foreign trade activities.

“No longer are ransomware actors threatening victims purely for financial gain, they’re now threatening the sovereignty of governments and overruling the free will of that government’s citizenry,” says Matt Gyorgy, CTO of Redacted, a tech start-up.

Sources

 

Cyber Researchers Stumble on PII of 30 Million MGM Resort Customers

Unidentified hackers have posted the PII of 30 million customers of the mega hotel and casino chain MGM Resorts. The records were originally stolen in 2020 and sold on a dark web marketplace for $3,000 USD. The cyber security group vpnMentor reported that their researchers stumbled on the old data for “free”  on May 22, 2022. The data includes:

  • names
  • postal addresses
  • email addresses
  • phone numbers
  • birth dates

Guest records include those of co-founder and former CEO of Twitter, Jack Dorsey, and pop star Justin Bieber. As of press time, there has been no explanation as to why the original hackers have now made the stolen information free to the public.

The easy-to-find public posting of stolen information is yet another example of cybercriminals using Telegram, a free encrypted-messaging app that has been emerging as an alternative to the dark web, reports The Financial Times. The popular app is notorious as a treasure trove for cybercriminals to buy, sell, and share ill-gotten data. Telegram users can hide their phone numbers and quickly set up channels and chats, providing a simpler, less scrutinized way to operate than using the dark web.

Sources

 

Cybercriminals Use Credential Stuffing to Steal General Motors’ Customer Info and Redeem Rewards Points

US automobile manufacturing giant General Motors (GM) recently reported a breach that occurred in April. The breach allowed hackers to redeem customers’ points for gift cards from its reward program. The data was obtained through credential stuffing, where criminals use stolen login credentials from one account to steal data from another. Because many people use the same login information across accounts, the stolen credentials can often be used to log into many of the user’s other accounts.

Although GM’s breach notification letter to customers stated that “limited” PII was stolen, the list of compromised information included a substantial amount of data:

  • first and last name
  • personal email address
  • personal address
  • username and phone number for registered family members tied to the account
  • last known and saved favorite location information, any currently subscribed OnStar package (if applicable)
  • family members’ avatars and photos (if uploaded)
  • profile pictures
  • search and destination information
  • car mileage history service history
  • emergency contacts
  • Wi-Fi hotspot settings (including passwords).

GM assured customers that no Social Security numbers, credit card, or bank account information was compromised.

Sources

 

Hacker Uses Social Engineering to Steal Employee Information from Hundreds of Verizon Employees

In late May, hackers stole the employee information of hundreds of Verizon employees. Online magazine Vice warns that the stolen data may “be used in social engineering and SIM swapping attacks.” After the attack, the cybercriminals contacted Vice’s tech reporting division, Motherboard, and boasted they used social engineering—“convincing a Verizon employee to give them remote access to their corporate computer.” The hacker stated in an online chat: “These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support.”

The hacker has threatened to release all of the employee information if Verizon does not pay $250,000. Verizon has acknowledged both the breach and the threat, but asserts that no sensitive data was compromised. The company stated it will not pay the ransom.

Sources

 

Keep your company out of the data breach headlines with help from PKWARE. Our purpose-built data discovery and remediation suite, PK Protect, can find and protect data no matter where it lives and moves. Request a demo to see it in action today!