Breach Trends and Insights – November 2020

november breach report 2020

This report summarises the top breaches between mid – October till 15th November 2020. The report will help you to keep track of the latest hacks and add insights to safeguard your organization by looking at the trends. 

Most common data breach identified – 

  1. Database Attacks
  2. Malware Attacks on Target Customers
  3. Ransomware Attacks
  4. Data Exfiltration

List of breaches :

Home Depot Confirms Data Breach in Order Confirmation SNAFU

A system error impacted a large number of Canadian customers. Customers received multiple emails for orders that they did not place. 

While Home Depot has claimed this to be a system error and not an external attack. However, 

Home Depot order confirmations sent in the past to Threatpost staff include full names and addresses, details and cost of the items ordered, phone numbers if provided for delivery purposes, and links to “check order status.” Clicking that link takes customers to an online portal to sign in, which could conceivably lead to the exposure of more information if cyber attackers were able to brute-force the credentials.

Impact: Exposed private order confirmations of hundreds of Canadian consumers PII

Source – threatpost.com

Massive Nitro data breach impacts Microsoft, Google, Apple, more

Nitro offers cloud services for customers to share documents with coworkers or across the organization. While Nitro claimed that they had a small security incident and nothing was impacted. Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software’s cloud service.

This data is now being sold in a private auction with the starting price set at $80,000.

Cyble states that the ‘user_credential’ database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.

Considering Nitro is used by companies where they can share rather exclusive documents like M&A reports etc. This could be a case of a really bad data breach in recent times. 

Impact: Incident database exposed is primarily used for service logging purposes related to Nitro’s popular free online document conversion services, which contains 17,137 documents from Amazon, 6,405 from Apple, 137,285 from Citi, 32,153 from Google, and 2,390 from Microsoft. 

Source – ET Ciso.com

Hacked hospital chain says all 250 US facilities affected

The hospital chain Universal Health Services were impacted by a malware attack that compromised all of their 250 facilities.

The chain has not commented on reports it was hit by ransomware, though its description of the attack in a statement Thursday was consistent with malware variety that encrypts data into gibberish that can only be restored with software keys after ransoms are paid.

Impact – The hospital chain was able to save the data breach and no customer has been affected. 

Source – ET Ciso.com

Personal data of 1.1 million RedMart user accounts stolen in Lazada breach and put up for sale

The personal information of 1.1 million RedMart user accounts was stolen from a customer database and put up for sale on an online forum.

Redmart confirmed the data breach and said that the personal information stolen included names, phone numbers, e-mail, mailing addresses, encrypted passwords, and partial credit card numbers.

However, they also claimed the breach was discovered because of their proactive monitoring of the systems. And they have asked the affected customers to log out of their accounts and create new passwords. Redmart will now make the customers frequently change passwords. 

The breach likely happened due to an unsecured database. 

Impact – 1.1 Million users got affected and their personal information (names, phone numbers, email, partial credit cards) was put up on the dark web. 

Source – straittimes.com

‘Resident Evil’ game maker Capcom confirms data breach after a ransomware attack

 

Capcom confirmed that  350,000 customers’ data may have been stolen, including names, addresses, phone numbers, and, in some cases, dates of birth. Capcom said the hackers also stole its own internal financial data and human resources files on current and former employees, which included names, addresses, dates of birth, and photos. The attackers also took “confidential corporate information,” the company said, including documents on business partners, sales, and development.

The video games maker was hit by the Ragnar Locker ransomware o, prompting the company to shut down its network. Ragnar Locker is data-stealing ransomware, which exfiltrates data from a victim before encrypting its network, and then threatens to publish the stolen files unless a ransom is paid. In doing so, ransomware groups can still demand a company pays the ransom even if the victim restores their files and systems from backups.

Ragnar Locker’s website now lists data allegedly stolen from Capcom, with a message implying that the company did not pay the ransom.

Impact – 350000 customers impacted. Personal data compromised. 

Source – techcrunch.com

Breach insights 

30% of breaches happen due to shadow IT or blind spots created in the Cloud, IoT, or APIs without the knowledge of the security team. Not having a real-time view of your dynamic attack surface leaves an organization in the dark and serves as low-hanging fruit for attackers to use this exposed information to fuel malicious attacks.

Organizations should be aware of their attack surface to reduce potential risks like – 

  • Rise in Shadow IT Assets
  • Exposed database servers & cloud buckets (due to misconfigurations etc.)
  • Lack of visibility on unknown & orphaned Apps, APIs…
  • Lack of visibility on entry points for a hacker

 

>>Reach out to us for a free analysis “Hackers View Of Your Attack Surface”