May 10, 2022

Monthly Breach Report: May 2022 Edition

PKWARE
Monthly Breach Report: May 2022 Edition

Data compromises continue to rise in 2022 after hitting an all-time high in 2021. While data breaches increased, the good news is that the number of victims is actually decreasing. Still, the vast increase in breach events points to an increasing need to practice good cyber-hygiene. These organizations unfortunately missed the mark . . . and could end up paying the price.

Customers of German Mega-Mattress Company Can’t Get a Good Night’s Sleep

Germany-based mattress giant, Emma – The Sleep Company, recently reported Magecart hackers stole online customers’ credit and debit card data. Magecart, a group of cyber criminals, uses online skimming techniques to nab data from customers entering credit or debit card information on ecommerce websites. JavaScript skimmers are injected on checkout pages so that data can be stolen whether or not the customer completes the online transaction.

The cybercriminals have also been known to breach a site through its supply chain, third parties that are supplying code to the website. When Magecart infiltrates a site vendor, any ecommerce site that uses that vendor is also compromised; hackers can infiltrate thousands of sites with a single vendor infiltration.

An Emma spokesperson publicly confirmed that the attack affected customers in 12 countries and used copy-cat URLs that mimicked the company’s order check out page. The hackers’ criminal activity went unnoticed by Emma for over two months between January and March of 2022.

Magecart preys on the vulnerabilities inherent to websites utilizing code created by as many as 50 different companies. The “skimmers”  operate in a well-established and simple pattern, according to report by TechRepublic. To protect from Magecart attacks, the report advises companies’ IT teams:

  • Take “a zero-trust approach with JavaScript on their sites, starting with a policy to block access by default to any sensitive information entered in web forms and stored cookies.”
  • Only allow “a select set of vetted scripts (usually only your own) to access sensitive data.”

Security experts estimate as many as 2 million global websites to date have suffered Magecart attacks.

Sources

Industrial Giant Parker Hannafin Files Leaked by Ransomware Gang Conti

The notorious ransomware gang, Conti, recently took credit for a cyberattack on the US-based industrial components giant Parker Hannifin. The crime, committed in March, included the theft of more than 5 GB of archive files, including employees’ personal information. While Parker Hannafin has not disclosed details of the crime, Conti confirmed it was the culprit on its own website. Conti claims it has leaked only 3 percent of the stolen data. The Conti hackers typically inform victims they must pay millions of dollars to recover encrypted files and prevent stolen data from being released. Parker Hannafin, however, reported to the US Securities and Exchange Commission that the breach had no “material impact on its business, operations or financial results” and that “business systems are fully operational.”

In February, the ransomware gang became a victim of the same crime they are infamous for – stealing and leaking information. After Conti posted an online expression of support for Russia’s invasion of Ukraine, a Ukrainian researcher hacked into Conti’s network and leaked more than 60,000 chat messages, source code, and internal documents, according to a report by the magazine Wired. After reviewing the leaked information, one Wired reporter marveled at “the group’s sophisticated businesslike hierarchy,” which is like structured like a large corporation. The leak revealed Conti has 62 main team members and dozens of “freelancers” who join and leave regularly.

Sources

Newly Formed Black Basta Ransomware Group Leaks American Dental Association Data

In April, the American Dental Association (ADA) suffered a ransomware attack by a newly formed ransomware group, Black Basta. Although the ADA would only initially confirm that its website was experiencing “technical difficulties,” its email warning letter to members confirmed a cyberattack. The message stated the hack included its Aptify and ADA email services along with telephone and web chats. The attack knocked out online services, including the ADA’s online store, meeting and registration, membership, and credentialing pages.

The nascent Black Basta ransomware group claimed responsibility for the attack on its website. The attackers leaked 2.8 GB of data, which they state is only 30 percent of the data stolen in the attack, according to BleepingComputer. Although the ADA claims no sensitive information was compromised, Black Basta’s leak included W2 forms, non-disclosure agreements, accounting spreadsheets, and information on ADA members.

The MalwareHunterTeam, a group that researches ransomware operations, noticed the first Black Basta ransomware leaks in February 2022. The researchers noted that Black Basta infiltrates systems and then encrypts files with malware. On its website, Black Basta has posted the names of 12 companies they have victimized but that refuse to pay any ransom for stolen information. As of press time, a banner on the ADA’s homepage informs visitors that the organization is still experiencing cybersecurity issues.

Sources

Coca-Cola Investigates Whether a Network Breach is Ransomware or a Swindle

Beverage giant Coca-Cola is investigating claims by the Stormous ransomware group that it has stolen 161 GB of data. The hacker group proclaimed the hack on its Telegram channel and is offering the stolen data on the dark web for 1.6 bitcoin, the equivalent of $64,000. Stormous’ attack and ransomware demands came one week after the group posted an online poll asking followers to choose one of five major corporations the group should breach for its next ransomware heist. Coca-Cola, according to a Twitter post by Stormous, won the poll. As of press time, several security groups tweeted that Stormous has already posted a new poll to determine its next victim.

The group’s claim that it has the data may be bogus, according to security experts who report that Stormous has repeatedly taken credit for crimes it did not actually commit. The group operates like scammers rather than a ransomware gang. Such criminal enterprises are known as “scavenger operations.” For example, in March, Stormous claimed to have hacked the video game company Epic Games. The group warned it would leak the data on the company’s 33 million users. No leaks materialized, however, and cyber experts remain skeptical of Stormous’ claim to have breached Coca-Cola. Most of the data the group has leaked online has primarily been information already available on the dark web, according to a report by the Wall Street Journal. Instead of actually hacking networks, the group seems to instead exploit the fear of being hacked.

Sources

Customers Sue Big Mortgage Servicer for Data Breach

Florida-based Lakeview Loan Servicing, one of the United States’ largest mortgage servicers, recently reported a breach affecting 2.5 million borrowers. The breach, reported in March, occurred months prior in December. The culprit hacked into the firm’s network, stealing customer information including: names, addresses, loan information, including loan application numbers, and Social Security numbers.

The Miami Herald reports that loan application numbers are often used to commit mortgage fraud. The company sent out emails notifying their customer base of the breach, but did not indicate how many were affected. Lakeview’s website states that it services over 1.4 million customers. Customers in Florida and South Carolina have filed federal class action lawsuits, accusing the company of breaching its fiduciary duty and failing to protect their personal information, according to National Mortgage News. One plaintiff stated that Lakeview “dodged responsibility” by not disclosing the breach sooner. Details on the hacker or hackers who committed the crime have not been disclosed.

Sources

Keep your business and your data out of the headlines with help from PKWARE’s encompassing data discovery and protection solution suite, PK Protect. Find out how by requesting your free demo now.

 

Share on social media
  • The Evolution from PKZIP and SecureZIP to PK Protect

    PKWARE December 12, 2024
  • Data Breach Report: November 2024 Edition

    PKWARE December 9, 2024
  • Harvest Now Decrypt Later Cybersecurity Attack

    PKWARE December 3, 2024
  • Top Cybersecurity Predictions for 2025

    Jason Dobbs November 18, 2024
  • The Evolution from PKZIP and SecureZIP to PK Protect
    PKWARE December 12, 2024
  • Data Breach Report: November 2024 Edition
    PKWARE December 9, 2024
  • Harvest Now Decrypt Later Cybersecurity Attack
    PKWARE December 3, 2024