Tag Archives: supplychainrisk

Benefits of N-Tier Monitoring For Your Supply Chain

the benefits of n-tier monitoring for your supply chain findings.co

Hidden Opportunities in Supply Chain Management

Navigating the complexities of global supply chains requires more than just a surface-level understanding of your immediate suppliers. In this blog post, I’ll help you explore the concept of nth tier visibility, delving into the importance of looking beyond your direct suppliers to gain deeper insights into your extended supply network.

Defining Nth Tier Visibility

Nth tier visibility involves monitoring and understanding the activities of suppliers that operate beyond your immediate supply chain. This expanded perspective helps identify potential risks, streamline operations, enhance sustainability, and ensure comprehensive compliance.

The Critical Role of Nth Tier Visibility

Here’s why nth tier visibility is more than just a buzzword:

  • Proactive Risk Management: By tracking the activities of nth tier suppliers, businesses can preemptively address quality issues, ethical concerns, and regulatory non-compliance, thus safeguarding the integrity of the supply chain.

  • Enhanced Agility and Resilience: Comprehensive supply chain visibility allows businesses to swiftly adapt to disruptions such as natural disasters or market fluctuations, enabling informed decision-making and quick adjustments to alternative suppliers.

  • Promoting Sustainability and Ethics: With greater visibility, companies can monitor and enforce environmental and social standards among all suppliers, fostering responsible practices and driving positive change throughout the supply chain.

Steps to Improve Nth Tier Visibility

To enhance visibility across the supply chain, consider implementing these strategic approaches:

  • Thorough Supplier Onboarding: Begin with an in-depth evaluation of new suppliers, focusing on their transparency and supply chain management capabilities. Clearly communicate your visibility requirements to ensure alignment from the start.

  • Continuous Supplier Engagement: Maintain open communication with suppliers at all levels. Regularly exchange data, updates, and performance metrics to foster transparency and early detection of potential issues.

  • Advanced Technological Solutions: Utilize cutting-edge supply chain management software, Internet of Things (IoT) devices, and data analytics tools to collect and analyze real-time data. These technologies provide valuable insights into supplier performance and associated risks.

  • Regular Compliance Audits: Conduct periodic audits to verify supplier adherence to quality and sustainability standards. Consider partnering with third-party auditors for an unbiased assessment.

  • Encouraging Ongoing Improvement: Cultivate a culture of continuous improvement by encouraging knowledge sharing and collaborative problem-solving among suppliers. Highlighting success stories and learning from challenges can motivate suppliers to enhance their visibility efforts.

Broadening Horizons for a Resilient Supply Chain

Enhancing nth tier visibility is essential for building a robust and responsive supply chain. By adopting these best practices, businesses can uncover hidden opportunities, mitigate risks, and promote sustainability. In today’s interconnected world, a resilient supply chain is a strategic advantage, and comprehensive nth tier visibility is key to achieving it.

Remember, a well-informed supply chain is not only about managing known factors but also about discovering and shaping the unknown. Nth tier visibility opens the door to this broader perspective, empowering businesses to make better decisions and strengthen their supply networks.

February 2024 Data Breach Round Up

Supply chain security concept illustration

From Healthcare to Finance: The Shocking Cybersecurity Wake-Up Call of February 2024

Lately, it feels like we’ve been hit by a wave of cybersecurity incidents that have really shaken things up. It’s not just a bunch of breaches we’re talking about here; we’re seeing huge, flashing signs telling companies it’s high time to beef up their cybersecurity defenses and get smarter about how they handle incidents when they happen. In this blog, I’ll dive into the chaos of these cyber incidents, break down their effects, and tease out the valuable lessons they’re teaching us. So, come along for the ride and read up about the top breaches of February! 


  1. Change Healthcare


Change Healthcare, a subsidiary of UnitedHealth Group, experienced a cybersecurity incident on February 21, 2024, that has led to significant disruptions across the U.S. healthcare sector, affecting hospitals, pharmacies, and millions of patients. This breach, described by government and industry officials as one of the most severe attacks on the health-care system in U.S. history, has highlighted critical vulnerabilities within the U.S. healthcare infrastructure. Change Healthcare, crucial for processing 15 billion claims amounting to over $1.5 trillion annually, acts as an intermediary between healthcare providers and insurers. The attack has not only compromised patient data but has also strained the financial operations of healthcare organizations reliant on Change’s services for billing and reimbursement.


The ramifications of this incident are widespread, with some hospitals unable to discharge patients due to medication access issues and others facing severe financial strains. Senate Majority Leader Charles E. Schumer has called for expedited payments to affected healthcare providers to mitigate the financial impact. Despite efforts to manage the situation, including temporary assistance from Optum and manual claims processing, the industry faces “very, very imperfec t workarounds,” according to Molly Smith from the American Hospital Association. The attack underscores the urgent need for enhanced cybersecurity measures across the healthcare ecosystem to prevent future disruptions and safeguard patient information.


In a company update, they confirm that they are “experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat.”


  1. Unlocking the Impact: Fidelity’s Third-Party Vendor Vulnerability Exposed


On February 13, 2024, Fidelity Investments Life Insurance Company and Empire Fidelity Life Insurance Company discovered a cybersecurity incident involving their third-party vendor, Infosys McCamish Systems (IMS), which may have impacted the security of personal information belonging to approximately 28,268 people. IMS, responsible for administering certain life insurance policies for a limited number of customers, experienced a cybersecurity event when an unauthorized third party gained access to IMS systems between October 29, 2023, and November 2, 2023, potentially compromising data including names, Social Security Numbers, dates of birth, and bank account details used for premium payments. 


  1. Medical Management Resource Group: Eyes Wide Open

American Vision Partners, a company specializing in providing administrative support to ophthalmology practices, has recently addressed a significant cybersecurity breach affecting patient information. On February 15, 2024, the company sent out notification letters explaining that on November 14, 2023, the organization detected unauthorized access within its network infrastructure. Immediate action was taken to mitigate the breach by isolating the affected systems, initiating a thorough investigation with the help of leading cybersecurity experts, and notifying law enforcement authorities. Despite these efforts, it was confirmed by December 6, 2023, that the breach led to unauthorized access to personal data of patients linked to the practices serviced by American Vision Partners. The compromised data encompasses a range of sensitive information, including names, contact details, dates of birth, Social Security numbers, and specific medical and insurance details. 


It has also come to light that not only patients but also employees of the affected organization were victims of a data breach. The compromised information varies among individuals but could include a range of personal details such as names, contact information, dates of birth, Social Security numbers, driver’s license and passport details, and even bank account numbers. While not every piece of information was accessed for each individual, the breach’s potential impact is taken with utmost seriousness. In response, the organization is proactively offering identity protection and credit monitoring services to all impacted employees for two years at no charge, demonstrating a commitment to the security and welfare of its personnel. 


About 2,264,157 individuals were impacted by this incident. 


  1. Spark Driver: A Rough Road for Walmart’s Workforce

On February 23, 2024, Walmart Inc. notified employees about a recent security incident that has impacted Spark Driver™ accounts. This breach, discovered in late January, allowed unauthorized access to employees’ driver profiles, potentially compromising sensitive information, including Social Security Numbers, drivers licenses, dates of birth, names, and contact details. The breach provided the intruder with the ability to view details about earnings, tax information, driver verification documents, and background checks.


  1. LoanDepot: A Flood of Personal Data at Risk


LoanDepot issued a notice on February 23, 2024, regarding a data breach that potentially compromised sensitive personal information of almost 17 million people due to unauthorized access to its systems. This security incident was first identified on January 4, 2024, prompting immediate actions to contain and address the breach, including contacting law enforcement and initiating a thorough investigation with external cybersecurity experts. The breach, occurring between January 3 and January 5, 2024, may have exposed personal details such as names, addresses, email addresses, financial account numbers, Social Security numbers, phone numbers, and dates of birth.


In response to this incident, LoanDepot has taken significant measures to secure its systems and mitigate any potential impact on affected individuals. Although there is currently no evidence to suggest that the accessed information has been used maliciously, LoanDepot is offering 24 months of complimentary identity protection and credit monitoring services through Experian. This service is designed to assist in detecting and resolving identity theft and fraud. Affected individuals are encouraged to follow the provided instructions to enroll in these protection services to safeguard their personal information.


  1. UNITE HERE: A Union Under Siege


UNITE HERE, representing a substantial workforce across the U.S. and Canada, has formally reported a data breach to the Maine Attorney General on February 23, 2024, following the detection of unauthorized access to its IT network. The breach was discovered on October 20, 2023, when it was found that an unauthorized entity had gained access to their systems, impacting about 791,273 individuals. The potentially compromised information includes a wide array of personal data such as names, Social Security numbers, driver’s licenses, state ID numbers, alien registration numbers, tribal identification numbers, passport numbers, birth certificates, dates of birth, marriage licenses, signatures, financial account information, and medical data. 


Although there is no current evidence to suggest that this breach has led to identity theft or fraud, UNITE HERE is proactively informing affected individuals and has implemented several security measures. These measures include resetting system passwords, enhancing security protocols, and cooperating with law enforcement to prevent future incidents.


  1. Xerox Corporation: Copying Catastroph


On February 20, 2024, Xerox issued an alert regarding a security breach within its subsidiary, Xerox Business Services (XBS), emphasizing that safeguarding the data privacy and protection of its clients, partners, and employees remains a paramount concern. In early December 2023, an unauthorized entity managed to infiltrate a segment of the XBS network. Despite the swift detection and containment efforts by Xerox personnel, the investigation revealed that on December 10, 2023, the intruder succeeded in extracting a limited set of data from XBS’s systems.


The compromised information primarily includes names, contact details, and Social Security numbers of those affected. Xerox is actively conducting a comprehensive investigation into the breach and has already involved law enforcement agencies. Despite the ongoing legal probe, Xerox has chosen to promptly inform all impacted parties, underscoring its commitment to transparency and the importance of immediate action to address the security incident.


  1. PJ&A: Confidentiality on the Line


Perry Johnson & Associates, Inc. (PJ&A), a provider of medical transcription services for healthcare organizations including Concentra Health Services, Inc. (Concentra), has reported February 8th, a security incident affecting certain patient information. This incident, which did not affect Concentra’s systems directly, resulted from unauthorized access to PJ&A’s systems between March 27, 2023, and May 2, 2023. Notably, on April 7 and April 19, 2023, an unauthorized actor accessed a system containing Concentra patients’ information.


Upon detecting suspicious activity, PJ&A promptly initiated an investigation with cybersecurity experts to assess the incident’s scope and impact. The investigation identified that personal information, such as names and addresses, of almost 13 million Concentra patients was potentially compromised. Following the investigation, PJ&A informed Concentra, which then undertook efforts to verify affected patients and expedite notification.


To mitigate potential risks and support affected individuals, PJ&A is offering credit monitoring services through IDX for a specified period at no cost. Individuals are advised to remain vigilant by monitoring their account statements and credit reports for any suspicious activity and to consider enrolling in the provided credit monitoring service. Detailed instructions for enrollment and additional protective measures are included in PJ&A’s communication to the impacted parties.


  1. Verizon: An Inside Job


Verizon, one of the largest telecommunications service providers in the US has issued a notification concerning unauthorized access to certain personal information of its employees by one of its employees, in breach of company policies. This incident, identified around September 21, 2023, but addressed in February to the Maine Attorney General, involved unauthorized acquisition of a file containing employee data such as names, addresses, Social Security numbers or other national identifiers, gender, union affiliations, dates of birth, and compensation details. Currently, there is no indication that this information has been misused or disseminated outside of Verizon.


In response to this incident, Verizon undertook an immediate review to ascertain the nature of the compromised information and has taken steps to enhance its technical controls to prevent similar incidents in the future. The company has also informed relevant regulatory bodies about the breach.




From the major upset at Change Healthcare to the breach in Verizon’s backyard, it’s pretty obvious we’re standing at a major fork in the road. These incidents aren’t just cautionary tales; they’re wake-up calls, highlighting just how crafty and relentless cyber threats have become, and just how tough our defenses need to be.  Each month, we compile a summary of the most significant breaches from the preceding period. Be sure to explore our latest round-up! At Findings, we streamline the process of cybersecurity compliance assessments, ensuring your systems adhere to pertinent regulations while safeguarding your infrastructure.




Automate Your Cybersecurity Compliance Journey

* indicates required
Your work email please

Vendor Breach Reporting in the Modern Market

Vendor Breach Reporting guidelines findings 2024

We’ve hit a point in time where data breaches are becoming more common and the repercussions more severe. This highlights that the importance of effective vendor breach reporting cannot be overlooked. As companies are relying more and more on third-party vendors for a variety of services — from cloud storage solutions to customer relationship management systems, the potential for data breaches originating from these vendors escalates. This blog will explore the current landscape of vendor breach reporting, highlighting the challenges, best practices, and the evolving regulatory environment that shapes how businesses respond to and report breaches.

Understanding the Landscape

The modern market is interconnected, with businesses routinely sharing sensitive information with vendors. This symbiotic relationship, however, introduces vulnerabilities. A breach at a vendor can have cascading effects, compromising the data integrity of all connected businesses. The 2023 Verizon Data Breach Investigations Report underscores this point, noting an uptick in incidents originating from third-party vendors.

Challenges in Vendor Breach Reporting

One of the primary challenges in vendor breach reporting is the detection and attribution of breaches. Identifying that a breach has occurred, and tracing it back to a specific vendor, requires sophisticated monitoring tools and a high degree of coordination between parties. Moreover, the variability in reporting requirements across jurisdictions adds a layer of complexity, making compliance a moving target for global businesses.

Best Practices for Effective Reporting

To navigate these challenges, businesses must adopt a proactive and comprehensive approach to vendor management and breach reporting. Key strategies include:

  • Due Diligence: Before entering into agreements with vendors, assess their security policies and incident response capabilities. Regular audits can ensure ongoing compliance with agreed-upon standards.

  • Transparent Communication: Establish clear lines of communication for reporting potential security incidents. This includes setting up contractual obligations for vendors to notify you immediately in the event of a breach.

  • Incident Response Planning: Develop a coordinated incident response plan that includes vendors. This plan should outline steps for breach investigation, notification, and mitigation, ensuring a swift and unified response.

  • Regulatory Compliance: Stay informed about the evolving regulatory landscape. Many regulations have set stringent requirements for data breach notification, including specific timelines and conditions under which breaches must be reported. Failure to comply can result in significant fines, legal fees, and damage to a company’s reputation.

The Evolving Regulatory Environment

Governments around the world are tightening regulations around data protection and breach notification. The trend is towards more stringent reporting requirements, with an emphasis on consumer protection. For instance, amendments to the GDPR and CCPA are pushing for shorter notification windows and greater transparency in the event of a breach. More recently, in 2024, The Federal Communications Commission (FCC) has finalized new breach reporting rules that significantly tighten the requirements for telecommunications carriers in the US. Now, these carriers have only seven days to disclose data breaches. The rules have expanded the definition of breaches to include inadvertent access or disclosure of customer information, which now encompasses not only Customer Proprietary Network Information (CPNI) but also personally identifiable information (PII) such as names, government ID numbers, biometric data, and email addresses/passwords. This change aims to cover a broader range of data and ensure customers are notified of breaches unless the carrier determines no harm is reasonably likely to occur. The updated rules now require that, in addition to the FBI and U.S. Secret Service, the FCC must also be notified of breaches.

Lastly, The Federal Trade Commission (FTC) has introduced an amendment to its Safeguards Rule, imposing a 30-day deadline for non-banking financial organizations to report incidents involving 500 consumers or more. This amendment aims to bolster consumer data security by demanding comprehensive incident reports, driving stronger security practices in the financial sector.

Closing Thoughts:

In the modern market, effective vendor breach reporting is not just a regulatory requirement; it’s a critical component of a company’s overall cybersecurity strategy. By implementing best practices for vendor management and staying abreast of regulatory changes, businesses can better protect themselves and their customers from the fallout of data breaches. As the digital landscape continues to evolve, so too must the strategies for safeguarding against and responding to security incidents. The key to resilience in the face of these challenges lies in preparation, partnership, and proactive engagement with the issue of vendor breach reporting.

 

Findings Can Help

2024 Trends Unveiled: Cybersecurity as a Key Business Enabler

As 2024 unfolds, we are witnessing a revolutionary transformation in the cybersecurity landscape. No longer a mere aspect of IT, cybersecurity is now a pivotal driver in reshaping business operations on a global scale. This blog post delves into the forefront of cybersecurity, compliance, highlighting pivotal regulations such as the ASEAN Guidelines on Consumer Impact Assessment (CIA), CMMC, PCI DSS 4.0, DORA, and SEC incident disclosure regulations. These emerging trends are rapidly becoming the gold standard in global business cybersecurity practices.

 

CMMC: Evolving from Defense to a Universal Cybersecurity Benchmark

  • The Cybersecurity Maturity Model Certification (CMMC) is evolving from its U.S. defense sector roots to a worldwide cybersecurity standard. Now applicable across various industries, CMMC’s layered cybersecurity approach is garnering universal acceptance. Its comprehensive framework, focused on continuous improvement, is especially vital for entities managing sensitive or critical data, signifying a move towards standardized cybersecurity excellence.

PCI DSS 4.0: Revolutionizing Payment Security Standards

  • PCI DSS 4.0 is revolutionizing payment security standards globally in 2024. This updated version introduces an adaptive, risk-based approach, essential for any business involved in digital transactions. Its flexibility and focus on tailored security measures are vital for e-commerce, financial institutions, and others in the payment ecosystem, making PCI DSS 4.0 compliance synonymous with secure and trustworthy payment processing.

DORA: Spearheading Digital Resilience in the Financial Sector

  • The Digital Operational Resilience Act (DORA) is a groundbreaking EU regulation shaping the financial sector’s approach to digital risks in 2024. Its influence extends globally, affecting financial entities interacting with the EU market. DORA emphasizes operational resilience, highlighting the need for robust digital risk management in today’s interconnected digital finance landscape.

SEC Incident Disclosure: Championing Transparency in Corporate Cybersecurity

  • The SEC’s incident disclosure regulations are leading a worldwide movement towards transparency in corporate cybersecurity. These mandates, which require prompt and detailed disclosure of cybersecurity incidents, are becoming critical for publicly traded companies globally. This shift towards transparency and accountability in cybersecurity reflects an increasing demand from investors and consumers for trustworthiness and integrity in corporate practices.

ASEAN CIA: Redefining Cybersecurity with a Consumer-Centric Approach

  • The ASEAN Guidelines on Consumer Impact Assessment, originating from Southeast Asia, are now setting a global precedent. These guidelines shift the focus towards assessing cybersecurity’s impact on consumers, prioritizing their rights and data privacy. This consumer-centric approach, especially critical for businesses in or targeting the ASEAN market, is now a global best practice. It underscores the imperative of balancing robust security with consumer rights, a notion gaining traction across various industries.

Other Regulatory Developments Shaping the Cybersecurity Domain

Additional global regulations also predict significant cybersecurity trends:

  • GDPR: Continues to influence data privacy and protection globally, impacting businesses handling EU citizens’ data.

  • ISO/IEC 27001: Gaining traction as a comprehensive framework for managing information security, key for organizations striving for global best practices.

  • NIST Framework: Increasingly adopted worldwide, indicating a move towards unified approaches in cybersecurity risk management.

Cybersecurity Compliance: A Strategic Business Advantage

In 2024, adherence to these emerging cybersecurity regulations offers businesses a strategic advantage. It transcends legal compliance, fostering trust, enhancing brand reputation, and providing a competitive edge. The integration of AI in cybersecurity is another emerging practice, offering efficient and effective solutions for meeting these standards.

  • Increased Focus on Supply Chain Attacks: Modern supply chains are interconnected and complex, making them susceptible to cyberattacks. A breach in one part can have a cascading effect, impacting multiple businesses. This emphasizes the need for rigorous cybersecurity measures across the entire supply chain.

  • Collaborative Risk Management: The trend towards collaborative defense strategies is based on the principle that sharing threat intelligence and best practices can strengthen the security posture of all involved parties. By learning from each other’s experiences, industries can develop more effective defenses against common threats.

State-Sponsored Cyber Attacks: An Escalating Concern

  • Global Ramifications: State-sponsored cyberattacks are particularly concerning due to their scale and impact. These attacks target critical infrastructure, such as energy grids or financial systems, and can compromise national security. The global nature of these threats requires an international response and cooperation.

  • Advanced Countermeasures: To combat these sophisticated threats, organizations need to implement advanced threat detection systems that can identify and neutralize attacks quickly. A zero-trust security model, where trust is never assumed and verification is required from everyone, can be crucial in mitigating these risks. Continuous monitoring ensures that any suspicious activity is detected and addressed promptly.

AI in Cybersecurity: A Complex Role

  • Enhanced Detection and Response: AI can significantly improve threat detection by analyzing vast amounts of data to identify patterns that may indicate a cyberattack. However, this technology can also be used by attackers to create more sophisticated threats, such as deepfakes or AI-driven phishing attacks.

  • Proactive Mitigation Strategies: Organizations must not only invest in AI-based defense systems but also ensure that their workforce is trained to recognize and respond to AI-generated threats. This includes understanding the limitations of AI and being able to identify when a human response is required.

Ransomware Evolution: The Changing Landscape of Cyber Extortion

  • Sophisticated Tactics: Modern ransomware attacks are more than just data encryption; attackers are now threatening to leak sensitive data if the ransom isn’t paid, adding an extra layer of coercion. This dual-threat approach makes it even more challenging for victims to decide whether to pay the ransom or risk public exposure of their data.

  • Comprehensive Defense Strategies: To protect against these evolving ransomware threats, organizations must have robust backup systems that can restore data with minimal loss. Employee training is crucial to help staff recognize and avoid potential ransomware attacks. Additionally, a well-prepared incident response plan can ensure quick action to mitigate damage if an attack occurs.

The Metaverse and Cloud Security: New Frontiers, New Risks

  • Expanded Attack Vectors: As businesses venture into new digital domains like the metaverse and cloud platforms, they face new cybersecurity challenges. These platforms can provide attackers with novel ways to exploit security vulnerabilities.

  • Proactive Security Measures: Ensuring security in these new environments involves a comprehensive approach that includes strong encryption to protect data, robust identity management to verify users, and regular security audits to identify and address vulnerabilities.

The Human Element: Bolstering the Frontlines of Cyber Defense

  • Empowering Through Training and Awareness: Regular and comprehensive training programs are essential in equipping employees with the necessary skills to recognize and prevent security breaches. This training should cover the latest cybersecurity threats and best practices.

  • Cultivating a Security-First Mindset: Creating a culture of security within the organization is crucial. This involves fostering an environment where employees are aware of the importance of cybersecurity and are motivated to take proactive steps to protect the organization’s digital assets.

As 2024 progresses, it’s clear that these cybersecurity trends and regulations are not just shaping, but redefining business strategies. From the consumer-centric ASEAN CIA guidelines to CMMC’s comprehensive security model, and the transparency demanded by SEC disclosure regulations, these developments are crucial in enabling businesses to thrive in the digital era. By staying ahead of these trends, companies can harness cybersecurity not only as a compliance requirement but as a cornerstone for growth and success. Understanding evolving regulations, embracing innovative technologies, and reinforcing human-centric defenses remain key to ensuring business resilience and triumph in an increasingly digitized world.

August Data Breach And Security Round Up

august security breach round up

August may be known for summer vacations and relaxing by the beach, but in the world of hackers, it was a month of action-packed cyber escapades. As the digital realm grows, so does the audacity of those who breach the walls of data security. In this blog post, I will take you through the breaches that unfolded in the hot days of August. From electric cars to language learning apps, we’ve got it all covered. Let’s dive in.

Tesla:

Tesla recently reported a data breach affecting over 75,000 of its employees to insider misconduct, according to an official statement. The electric vehicle manufacturer, headed by Elon Musk, stated in a data breach report submitted to Maine’s Attorney General that a thorough investigation determined two former employees had disclosed personal information belonging to more than 75,000 individuals to a foreign media organization.

Tesla’s data privacy officer, Steven Elentukh, stated in the report that “the investigation uncovered that two former Tesla employees wrongfully obtained and shared this information, contravening Tesla’s IT security and data protection protocols by providing it to the media outlet.”

The sensitive data included personally identifiable details such as names, addresses, contact numbers, employment records, and Social Security numbers of 75,735 past and current Tesla employees. The report also revealed that the two ex-employees had transmitted this data to the German newspaper Handelsblatt, which assured Tesla it would refrain from publishing the information and adhere to legal restrictions concerning its use.

In May, Handelsblatt had previously reported a significant breach at Tesla, disclosing various internal documents, known as the “Tesla Files,” totaling 100 gigabytes of confidential information. These documents included employee personal data, customer banking information, proprietary production details, and customer grievances regarding Tesla’s Full Self-Driving (FSD) functionalities. Remarkably, the leak even contained Elon Musk’s Social Security number.

Tesla responded by initiating legal action against the individuals believed to be responsible for the data breach, leading to the confiscation of their electronic devices. Additionally, the company obtained court orders to prevent these former employees from further accessing, sharing, or using the data, with potential criminal consequences for violations.

This incident follows a previous report in April by Reuters, which revealed that Tesla employees had shared sensitive images recorded by customer vehicles, including invasive pictures and videos captured by car cameras, over the period from 2019 to 2022.

Duolingo:

In January 2023, a data breach of Duolingo resulted in the exposure of 2.6 million users’ data on a hacking forum. This has created an opportunity for malicious actors to execute targeted phishing campaigns using the compromised information. The dataset consists of public login and real names, along with confidential details, such as email addresses and internal data related to the Duolingo platform, which can be exploited in cyberattacks.

The data was acquired by exploiting a publicly available application programming interface (API), which had been openly shared since at least March 2023. Researchers had been posting on social media and public platforms about the ease of using this API, which ultimately led to the data breach. The API permits anyone to input a username and receive JSON output containing the user’s publicly accessible profile data. Importantly, it also facilitates the input of an email address into the API to confirm its association with a valid Duolingo account.

The presence of email addresses in the dataset raises significant concerns as it can be exploited in phishing campaigns, which can have detrimental effects on individuals and organizations. It is vital to note that while the inclusion of real names and login names is part of a user’s Duolingo profile, the presence of email addresses is not considered public information.

Companies often downplay the significance of scraped data, as much of it is already publicly accessible, even if its compilation is not straightforward. However, when public data is combined with private information, such as phone numbers and email addresses, it amplifies the risk associated with the exposed data and may potentially breach data protection regulations. Facebook encountered a significant breach in 2021 when an “Add Friend” API flaw was exploited to link phone numbers to Facebook accounts for 533 million users. Subsequently, the Irish Data Protection Commission (DPC) imposed a fine on Facebook for this mishandling of scraped data.

I will say, it is also pretty concerning that the API, which led to the Duolingo data breach, is still openly accessible on the internet, even after reports of its misuse were forwarded to Duolingo in January. This puts Duolingo users at risk and highlights the need for companies to take data protection seriously. While companies may downplay the significance of scraped data, the potential for harm is significant, and it is crucial to address these issues proactively to ensure that personal information remains secure.

Discord.io:

On August 14, 2023, an unofficial platform known for providing redirect and invitation links to Discord servers, Discord.io, suffered a significant data breach. The hacker “Akhirah” exposed the breach, which has compromised the personal information of more than 760,000 users.

The stolen data from the breach includes usernames, Discord IDs, email addresses, and passwords that have been salted and hashed. While the password encryption offers a degree of protection, the potential for decryption remains a looming threat, underscoring the immediate need for users to bolster their security. Discord.io urges users to change their passwords to mitigate the impact of the breach.

Discord.io has taken the unprecedented step of indefinitely suspending its operations in response to the breach. Visitors to the Discord.io website now encounter a message detailing the seriousness of the breach. The company is being transparent about the compromised data fields, aiming to provide affected users with clarity regarding the information exposed and what remains secure in the wake of this incident.

“We have canceled existing premium subscriptions, and we will be reaching out to affected users individually. As of now, we have not been contacted by those responsible for the breach, nor have we initiated contact with them. To our knowledge, the database has not been made public at this time.” – Discord.io

In an interview with the hacker Akhirah, he expressed a desire for Discord.io to eliminate malicious content from their platform and communicate with him to resolve these issues, without seeking retribution or a reward.

This data breach follows a similar trend in the cybersecurity landscape. Just recently, the LetMeSpy Android Spyware Service also announced its permanent shutdown following a successful breach by a hacker who gained access to user data.

SEIKO: 

SEIKO NPC Corporation, a long-established Japanese semiconductor manufacturer founded in 1975 with approximately 12,000 employees, has officially recognized the possibility of a data breach.

On August 10th, the company posted a data breach notification on its website. However, cybersecurity experts only recently became aware of the breach after the ransomware group BlackCat featured SEIKO on its data leak platform.

SEIKO did not provide specific details but referred to the cybersecurity incident as a “potential” data breach.

According to SEIKO, “On July 28th of this year, the company experienced a potential data breach. It appears that unauthorized individuals or parties gained access to at least one of our servers.”

ALPHV/BlackCat Ransomware, now taking credit for the breach, shared several files on their data leak platform as evidence. Among these files was what appeared to be a copy of Yoshikatsu Kawada’s passport, a director at SEIKO’s well-known Watch Corporation subsidiary.

After an external cybersecurity expert examined the incident, SEIKO determined that a breach occurred, and some of the company’s information may have been compromised.

“At present, we are in the process of confirming the precise nature of the information stored on the affected servers. Once our ongoing investigation yields more specific results, we will promptly provide an update,” the company stated. However, no further updates regarding the breach have been made available thus far.

About ALPHV/BlackCat Ransomware:

ALPHV/BlackCat ransomware first emerged in 2021. Similar to other entities in the cybercriminal realm, this group operates a ransomware-as-a-service (RaaS) enterprise, selling malware subscriptions to criminal actors. Notably, the gang employs the Rust programming language.

According to an analysis by Microsoft, threat actors associated with this ransomware were known to collaborate with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI has suggested that money launderers affiliated with the ALPHV/BlackCat cartel have ties to Darkside and Blackmatter ransomware cartels, indicating a well-established network of operatives within the RaaS sector.

Recently, ALPHV/BlackCat has been notably active among ransomware groups. According to cybersecurity analyst ANOZR WAY, the group was responsible for approximately 12% of all attacks in 2022.

This gang appears to have recently focused its efforts on professional service providers. In mid-May, it claimed responsibility for breaching Mazars Group, an international firm specializing in auditing, accounting, and consulting services.

Forever 21:

Clothing and accessories retailer, Forever 21, is in the process of sending data breach notifications to over half a million individuals whose personal information was exposed to unauthorized intruders. The company operates a global network of 540 outlets and has a workforce of approximately 43,000 employees.

A portion of the data breach notification, shared with the Office of the Maine Attorney General, reveals that the company detected a cyberattack on multiple systems on March 20. The investigation unveiled that hackers had sporadic access to Forever 21 systems between January and March of this year and utilized this access to pilfer data.

“The investigation determined that an unauthorized third party accessed specific Forever 21 systems at different intervals between January 5, 2023, and March 21, 2023,” states the notice. “Results from the investigation indicate that the unauthorized third party acquired specific files from certain Forever 21 systems during this timeframe” – Forever 21.

The data breach notice, dispatched on August 29 to 539,207 affected individuals, lists the following potentially exposed data types:

  • Full names

  • Social Security Numbers (SSN)

  • Dates of Birth

  • Bank Account Numbers

  • Forever 21 Health Plan information

BleepingComputer reached out to Forever 21 to ascertain if the security incident impacted both customers and employees. A spokesperson from the company issued the following statement: “The incident was limited to current and former Forever 21 employees and did NOT affect personal data pertaining to Forever 21 customers.”

In the notice, Forever 21 reports that they have taken steps to ensure that the hackers have deleted the stolen data, implying that the company may have engaged in communication with the attacker. Such actions often occur following ransomware attacks, where the victim negotiates with the hackers to reach a reasonable ransom. However, it is important to note that a ransomware attack on Forever 21 has not been confirmed.

In November 2017, Forever 21 informed its customers of another data breach affecting its payment system, resulting in the compromise of card data from transactions made between March and October 2017.

Italian Banks Temporarily Disabled by Distributed Denial of Service (DDoS) Attacks:

Several banks in Italy recently experienced temporary outages due to targeted Distributed Denial of Service (DDoS) attacks.

On August 1st, the Agenzia per la Cybersicurezza Nazionale (ACN) announced that it had identified cyberattacks against at least five banks in the country, resulting in a temporary disruption of their services.

The affected banks included BPER Banca (EMII.MI), Intesa Sanpaolo (ISP.MI), FinecoBank (FBK.MI), Popolare di Sondrio (BPSI.MI), and Monte dei Paschi di Siena (BMPS.MI).

According to the ACN, it “detected the resurgence of distributed denial of service (DDoS) attack campaigns carried out by pro-Russian… groups targeting national institutional entities.” The ACN attributed the attacks to the Russian hacking group known as “NoName.”

An employee from one of the affected banks informed Reuters that the bank’s website was taken offline due to a substantial surge in traffic. However, the bank’s mobile app continued to function normally during the attack, and the website was restored after a brief period.

The ACN stated that it provided assistance to all those affected by the DDoS attacks launched by NoName.

What Are DDoS Attacks?

Distributed Denial of Service (DDoS) attacks involve malicious actors attempting to disrupt a website by overwhelming its infrastructure with a significant volume of internet traffic. As DDoS attacks saturate a site’s bandwidth, users are unable to access it.

DDoS attacks can be motivated by various factors, but their primary objective is to cause disruption by temporarily taking websites offline. Due to their disruptive nature, DDoS attacks are employed by malicious entities as a means of directly targeting specific individuals or organizations.

Moving Forward:

Data breaches can have severe consequences for both companies and individuals, including financial loss, reputational damage, and identity theft. As the frequency and sophistication of cyberattacks continue to increase, it is crucial for companies to prioritize data protection and implement robust security measures. By staying vigilant and proactive in their approach to cybersecurity, organizations can minimize the risk of a data breach and protect their customers’ trust.


The Top 10 Things Every CISO Should Know

what every ciso should know about

What Every CISO Should Know in 2023 to Protect Their Business

 

In our rapidly evolving digital age, the role of a Chief Information Security Officer (CISO) has never been more crucial. As a CISO, your role stretches far beyond traditional IT security measures. You are the protector of your organization’s most valuable assets, from intellectual property to customer data. The following insights delve deeper into what every CISO should know in 2023 to ensure they’re at the forefront of safeguarding their business.

 

1. Grasping the Business

Understanding your business inside out is paramount. The best CISOs fully comprehend the company’s goals, mission, and operational mechanics. Why is this so vital? Because only with this understanding can you adequately prioritize and champion security initiatives. Furthermore, by aligning security measures with business goals, you ensure that security is not viewed as a roadblock but rather an enabler of growth and success.

 

2. Emphasizing Effective Risk Management

Risk management isn’t just a box to tick; it’s a continual process. This involves constant vigilance—identifying emerging threats, assessing their potential impact, and implementing controls to counteract them. Today’s cyber threats are dynamic, with cybercriminals using sophisticated techniques that change by the minute. Hence, regular risk assessments and updates are non-negotiable. But, just as crucial is the art of communication. The ability to articulate these risks, along with their potential implications to the board and executives, can make the difference between proactive action and reactive damage control.

 

3. Moving Beyond Compliance

While regulatory compliance is essential, in 2023, it’s merely a starting point. With the ever-evolving threat landscape, relying solely on regulations and standards can render a business vulnerable. It’s like only installing a front door lock while leaving all the windows open. Instead, a proactive approach, involving continuous assessment and adaptation of security measures to the unique needs and threats faced by your organization, is pivotal.

 

4. Championing Security Awareness

The human factor can often be the weakest link in any security chain. As such, empowering every single employee with the knowledge and tools to act as the first line of defense is vital. This means ongoing training, regular reminders, and cultivating a culture where security is everyone’s business. Remember, from the receptionist to the CEO, everyone can either be an asset or a vulnerability.

 

5. Harnessing the Power of Effective Communication

Clear, concise, and compelling communication can be one of the most potent tools in a CISO’s arsenal. It’s essential to translate the often complex world of security into language that everyone—from the tech newbie to the seasoned board member—can grasp. Regularly updating stakeholders about security postures, potential risks, and ongoing initiatives not only fosters trust but also reinforces the importance of collective vigilance.

 

Expanding the CISO’s Toolkit in 2023:

But let’s push the envelope further. In addition to the critical pointers above, CISOs in 2023 should be aware of:

 

6. Embracing the Cloud and Zero Trust: 

As businesses transition to cloud infrastructures, understanding cloud security best practices becomes paramount. Moreover, adopting a Zero Trust approach—where every access request is fully authenticated, authorized, and encrypted before granting access—ensures layered defense in a distributed work environment.

 

7. Machine Learning and AI:

Cybercriminals are leveraging AI; so should you. Incorporating machine learning can help in anomaly detection, identifying potential threats faster than any human could, and enhancing predictive analytics. Findings not only automates assessments and the auditing process for all of your company’s vendors, but we also offer real time updates on your risk posture powered by RiskRecon and Anomali.

 

8. Regular Penetration Testing:

Gone are the days when an annual penetration test sufficed. Regularly challenging your systems can expose vulnerabilities before cybercriminals exploit them.

 

9. Incident Response Preparedness:

It’s not about if, but when a breach might occur. Having a well-rehearsed incident response plan ensures rapid containment, minimizing potential damage.

 

10. Collaborative Security:

Partnering with other businesses, industry groups, and governmental bodies can provide invaluable intelligence and resources. Cybersecurity is a collective endeavor.

 

In conclusion, being a CISO in 2023 means juggling many balls—compliance, risk management, employee training, effective communication, technological advancements, and more. The threat landscape might be challenging, but with the right approach, tools, and mindset, CISOs can ensure their organizations are robustly defended and primed for growth.

 

 

July Data Breach Roundup

Findings.co July 2023 cybersecurity and data breaches roundup

As we navigate the relaxing summer season, it’s important to note that just because half the world is on pause, doesn’t mean hackers are too. While those who are relaxing and not paying much attention, these attackers are sweeping their ways into their supply chains and causing damage. Luckily, automation helps, and catching vulnerabilities in your supply chain with our Assessment and Audit AI features will help you stay on track. 

 

This month’s blog arrives hot on the heels of an important announcement from the SEC. They have mandated that public companies must now report data breaches within 4 days of discovery. This new regulation comes at a critical time as the MOVEIT vulnerability continues to wreak havoc, causing significant disruptions in recent months.

 

July proved to be a challenging period for cybersecurity, with major players like Deutsche Bank, Genworth Financial, and Maximus falling victim to the consequences of data breaches. While numerous breaches occurred throughout the month, I will focus on the most noteworthy ones to glean valuable insights and lessons from.

 

Continue reading to discover other prominent names  that experienced security breaches, along with crucial information you should be aware of. Stay informed and learn from these incidents to protect your own data and systems.

 

  1. HCA Healthcare Experiences Breach

 

HCA Healthcare, a prominent hospital and clinic operator, recently announced that it has experienced a significant cyberattack, compromising the data of over 11 million patients. This unfortunate breach has raised concerns about the security of sensitive patient information and highlights the urgent need for better data protection measures in the healthcare industry. Just last week, IBM’s Cost of a data breach report came out proving that costs are escalating in healthcare breaches. The average cost of a studied healthcare breach reached nearly $11 million in 2023, a 53% increase since 2020. Cybercriminals targeting healthcare organizations have made stolen data more accessible to downstream victims, making medical records a high-value leverage point.

 

What Happened?

 

HCA Healthcare discovered the breach on July 5,2023, when a sample of stolen data was posted online by the suspected hacker. The company believes that the attack targeted an external storage location primarily used for email message formatting. As an immediate containment measure, the company disabled user access to this location.

 

Who Was Affected? 

 

Patients from 20 states, including California, Florida, Georgia, and Texas, have been affected by the breach, which ranks among the largest healthcare data breaches in history. The compromised data includes patients’ names, partial addresses, contact information, and upcoming appointment dates. Additionally, information such as email addresses, telephone numbers, date of birth, and gender was accessed by the hackers.

 

With the scale of this data breach impacting millions of patients, HCA Healthcare faces a significant challenge in safeguarding sensitive information. As investigations continue, it serves as a reminder to healthcare organizations to strengthen their cybersecurity protocols to protect patients’ data and maintain their trust in an increasingly digital world.

 

  1. Rite Aid Data Breach Exposes Customer Information

 

Rite Aid, a popular pharmacy chain in America, recently announced a data breach that may have exposed personal information of its customers. The breach, caused by an unknown third party exploiting a software vulnerability, occurred on May 27. Although sensitive data like Social Security numbers and credit card numbers were not accessed, Rite Aid is taking proactive steps to address the situation and notify affected customers.

 

The Breach Incident:

 

On May 31, one of Rite Aid’s vendor partners informed the company about the data breach. In response, Rite Aid took swift action by updating its systems and the vendor’s software to prevent further exploitation of the vulnerability. During this process, the company discovered that specific files containing customer information had been accessed during the breach. The information accessed by the unknown party included the following:

 

  • Patient First and Last Name

  • Date of Birth

  • Address

  • Prescription Information

  • Limited Insurance Information

  • Cardholder ID

  • Plan Name



The Rite Aid data breach serves as a reminder that security assessments are essential for catching vulnerabilities, whether it be your direct company, or your vendors. While the company has taken swift action to address the situation, affected customers should remain vigilant and take appropriate measures to protect their personal information. 



  1. A New Malware is Making Headlines

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported the discovery of a new malware strain known as Submarine, which was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies’ networks. 

Barracuda provides services and products to over 200,000 organizations worldwide, including prominent entities like Samsung, Delta Airlines, Kraft Heinz, and Mitsubishi.

 

The attack was carried out by a suspected pro-China hacker group known as UNC4841 and involved exploiting a now-patched zero-day vulnerability.

 

In May, a series of data-theft attacks was detected on Barracuda ESG appliances, but it was later revealed that the attacks had been active since at least October 2022. The attackers utilized the CVE-2023-2868 remote command injection zero-day to drop previously unknown malware named Saltwater and SeaSpy, as well as a malicious tool called SeaSide. These were used to establish reverse shells for easy remote access.

 

Barracuda took an unconventional approach last month by offering replacement devices to all affected customers at no charge. The decision came after the company issued a warning that compromised ESG appliances needed immediate replacement, rather than just re-imaging them with new firmware, as they couldn’t guarantee complete malware removal.

 

Now, CISA has disclosed the existence of the Submarine malware, also known as DepthCharge by Mandiant, the incident response division of FireEye. Submarine is a multi-component backdoor residing in a Structured Query Language (SQL) database on the ESG appliance. It serves various purposes, such as detection evasion, persistence, and data harvesting.CISA’s malware analysis report stated, “SUBMARINE is a novel persistent backdoor that lives in a Structured Query Language (SQL) database on the ESG appliance. SUBMARINE comprises multiple artifacts that, in a multi-step process, enable execution with root privileges, persistence, command and control, and cleanup.” The report also mentioned that sensitive information was found in the compromised SQL database.

 

In response to Barracuda’s remediation actions, the threat actors employed the Submarine malware as an additional measure to maintain persistent access on customer ESG appliances. Barracuda maintains that the malware was present on a small number of already compromised ESG appliances. Barracuda’s recommendation to customers remains unchanged. Those with compromised ESG appliances should discontinue their use and contact Barracuda support to obtain a new ESG virtual or hardware appliance.

 

CISA has warned that the Submarine malware poses a significant threat for lateral movement within affected networks. 

 

  1. Estée Lauder Faces Data Breach and Ransomware Attack

 

Estée Lauder recently experienced a data breach and ransomware attack, but the company has been tight-lipped about the specifics of the incident. The beauty giant acted proactively by taking down some systems to prevent further expansion of the attack on their network. It appears that the CL0P ransomware gang gained unauthorized access to Estée Lauder by exploiting a vulnerability in the MOVEit Transfer platform used for secure file transfers. The threat actor took advantage of the vulnerability when it was still a zero-day in late May and claimed to have breached numerous companies for the purpose of data theft and extortion.

 

On their data leak site, the Clop ransomware gang publicly listed Estée Lauder as one of their victims. The gang criticized the company, accusing them of neglecting their customers’ security. They claimed to have over 131GB of Estée Lauder’s data in their possession. Another ransomware group, BlackCat, also added Estée Lauder to their list of victims. However, unlike Clop, BlackCat expressed dissatisfaction with the company’s silence in response to their extortion emails. BlackCat attempted to initiate negotiations with Estée Lauder by reaching out to their corporate and personal email addresses but received no response from the company.

 

Notably, BlackCat claimed that they did not encrypt any of Estée Lauder’s systems, but they threatened to reveal more details about the stolen data unless negotiations were initiated. The potential exposure of sensitive information could affect customers, company employees, and suppliers. The attack has caused significant disruption to parts of the company’s business operations, as stated in their SEC filing.



  1. Google Cloud Build Vulnerability Raises Supply Chain Attack Concerns

 

A vulnerability in Google Cloud Build, known as Bad.Build, has raised concerns about potential supply chain attacks for organizations using the Artifact Registry as their primary or secondary image repository. Security researchers from Orca Security and Rhino Security Lab independently reported the issue.

 

Orca Security researcher Roi Nisimi highlighted that the vulnerability allows attackers to escalate privileges by exploiting the cloudbuild.builds.create permission. This could enable attackers to tamper with Google Kubernetes Engine (GKE) docker images using artifactregistry permissions and run code inside the docker container with root privileges.

 

After the issue was reported, the Google Security Team implemented a partial fix by revoking the logging.privateLogEntries.list permission from the default Cloud Build Service Account. However, this measure didn’t directly address the underlying vulnerability in the Artifact Registry, leaving the privilege escalation vector and the supply chain risk still intact.

 

Google Cloud Build customers are advised to modify the default Cloud Build Service Account permissions to match their specific needs and remove entitlement credentials that go against the Principle of Least Privilege (PoLP) to mitigate the privilege escalation risks.

 

Supply chain attacks have had far-reaching consequences in recent cybersecurity incidents like the SolarWinds, 3CX, and MOVEit attacks. Therefore, organizations using Google Cloud Build need to be vigilant and implement cloud detection and response capabilities to identify anomalies and reduce the risk of potential supply chain attacks.

 

In response to the discovery, a Google spokesperson expressed appreciation for the researchers’ efforts and confirmed that a fix based on their report had been incorporated in a security bulletin issued in early June. Google also emphasized its commitment to identifying and addressing vulnerabilities through its Vulnerability Rewards Program.



As I wrap up this month’s breach blog, I must address IBM Security’s annual “Cost of a Data Breach Report.” The report reveals that the global average cost of a data breach has reached an all-time high of $4.45 million in 2023, marking a 15% increase over the past three years. Below I’ve outlined key findings. 

 

Key Highlights From the Report:

 

AI and Automation Accelerate Breach Identification and Containment: Organizations extensively employing AI and automation experienced a significantly shorter data breach lifecycle, reducing it by 108 days compared to organizations not leveraging these technologies (214 days vs. 322 days). This reduction resulted in nearly $1.8 million in lower data breach costs, making AI and automation the most impactful cost-saving measures identified in the report.

 

Silence is Costly in Ransomware Attacks:

 

Ransomware victims who involved law enforcement in their response saved an average of $470,000 in breach costs compared to those who chose not to involve law enforcement. Despite this potential benefit, 37% of the ransomware victims studied did not engage law enforcement during an attack, leading to longer breach lifecycles and increased costs.

 

Detection Gaps Persist:

Only one-third of the studied breaches were discovered by the organization’s own security team, while 27% were disclosed by the attacker, and 40% were disclosed by neutral third parties like law enforcement. Breaches identified by the organizations themselves incurred nearly $1 million less in breach costs compared to those disclosed by the attackers. This is where conducting regular assessments comes into play. The report emphasizes that early detection and rapid response are crucial in reducing the impact of a breach. Organizations are encouraged to invest in threat detection and response approaches, to bolster their cybersecurity defenses.



While this month’s update is on the longer side, I hope you’ve learned and realized just how important conducting regular security checks is for your business and entire supply chain. Findings automates assessment and audit processes, to help you stay compliant, while ensuring that your supply chain is secure. 

 

 

 

The Dark Side of Ransomware Attacks

The Dark Truth Behind Ransomware

 

Ransomware attacks have become an alarming threat in our increasingly digital world. As cybercriminals employ sophisticated techniques to exploit vulnerabilities, the consequences are felt by individuals, businesses, and even entire nations. In this blog post, we will delve into the dark side of today’s ransomware attacks, exploring the alarming trends and consequences that accompany these malicious acts.

 

The Rising Sophistication of Ransomware Attacks

 

Over time, ransomware attacks have evolved into more intricate and advanced operations. Cybercriminals now employ sophisticated tactics to maximize their impact. Spear-phishing, where attackers carefully craft personalized emails to trick victims into revealing sensitive information or downloading malware, has become a prevalent method. Additionally, zero-day exploits, which target software vulnerabilities unknown to the vendor, provide attackers with an advantage. Encryption algorithms used by ransomware have also become increasingly complex, making it extremely challenging for victims to recover their data without paying a hefty ransom. The complexity and ever-evolving nature of these attacks have made them a formidable menace.

 

Devastating Impact on Individuals and Businesses

 

The consequences of ransomware attacks are devastating for both individuals and businesses. Personal files, sensitive data, and intellectual property can be irreversibly encrypted or stolen, leading to significant financial losses and emotional distress for individuals. Businesses, on the other hand, face even more severe repercussions. Operational disruptions caused by ransomware attacks can halt critical processes, leading to significant financial losses. Moreover, the reputational damage resulting from an attack can have long-lasting effects, causing a loss of customer trust and potential bankruptcy.

 

Here are some notable examples of destructive ransomware strains witnessed in recent years:

 

CryptoLocker (2013): CryptoLocker emerged in September 2013 and caused widespread havoc until its neutralization in May 2014 by an international cybersecurity task force. Its propagation was facilitated through the extensive Gameover ZeuS botnet.



Petya (2016) & NotPetya (2017): The Petya ransomware family first emerged in 2016, but it was the devastating NotPetya strain that garnered widespread attention in 2017. NotPetya caused more than $10 billion in damages across Europe and the US.

 

WannaCry (2017): In May 2017, the WannaCry ransomware launched a highly impactful attack, infecting over 230,000 computers in 150 countries within a single day. The resulting damage and cleanup expenses were estimated to reach $4 billion.

 

DarkSide (2020): DarkSide gained notoriety in 2020 and 2021 for their RaaS model, which resulted in significant ransomware attacks and extortion demands. Although they claimed to avoid targeting government and healthcare entities, the group was responsible for the 2021 Colonial Pipeline attack, which disrupted fuel supplies across the US East Coast.

 

Nvidia (2022): In 2022, Nvidia, the semiconductor giant, was hit by a ransomware attack. Employee credentials and data were leaked online. The hacking group Lapsus$ claimed responsibility, demanding a $1 million ransom and a percentage of fees.

 

By highlighting these significant instances of ransomware, it becomes evident that this form of cyber threat has evolved over time, growing in complexity and impact.

 

Targeting Critical Infrastructure

 

The dark side of ransomware attacks extends beyond individual targets to critical infrastructure. In recent years, cybercriminals have shown an increased interest in targeting hospitals, energy grids, transportation systems, and government institutions. The motivation behind these attacks is not only to compromise sensitive data but also to put lives at risk and disrupt essential services. The consequences of successful attacks on critical infrastructure can be dire, underscoring the urgent need for robust cybersecurity measures to protect these vital systems.

 

Ransomware as a Service (RaaS)

 

The advent of ransomware-as-a-service has further exacerbated the threat landscape. Cybercriminals now offer ready-to-use ransomware kits to aspiring attackers, enabling them to execute sophisticated attacks without advanced technical skills. This commodification of ransomware has significantly contributed to its widespread proliferation and increased the number of potential attackers. The availability of RaaS lowers the entry barrier for cybercriminals and poses a challenge for law enforcement agencies and cybersecurity professionals.

 

Evolving Payment Methods and Cryptocurrencies

 

To facilitate ransom payments while maintaining anonymity, cybercriminals have turned to cryptocurrencies like Bitcoin. These decentralized digital currencies allow transactions to occur without being easily traceable. The use of cryptocurrencies complicates law enforcement efforts, as traditional financial institutions have limited visibility into these transactions. The relative anonymity offered by cryptocurrencies enables cybercriminals to operate with a reduced risk of detection and apprehension, adding to the challenges faced by authorities in combating ransomware attacks.

 

Collateral Damage and Hidden Costs

 

Beyond the immediate impact of ransomware attacks, there are hidden costs and collateral damage that organizations must face. The financial burden associated with incident response, recovery efforts, and potential legal actions can be significant. Furthermore, the loss of customer trust and diminished market reputation can have long-lasting effects on businesses, amplifying the damage caused by these attacks. Rebuilding trust and restoring operations after an attack can be a lengthy and costly process.

 

Urgent Need for Cybersecurity Collaboration and Proactive Measures

 

Today’s sophisticated ransomware attacks pose a severe and escalating threat to individuals, businesses, and critical infrastructure. The dark side of these attacks encompasses the rising sophistication of techniques, the devastating impact on victims, the targeting of critical infrastructure, the accessibility of ransomware-as-a-service, the use of cryptocurrencies, and the hidden costs incurred. To mitigate this menace, it is crucial to prioritize cybersecurity measures, stay informed about emerging threats, and foster collaborations to combat this growing cyber threat landscape. Proactive measures such as regular software updates, employee training on cybersecurity best practices, and robust incident response plans are essential for organizations to defend against these ever-evolving ransomware attacks. By working together, we can make significant strides in protecting ourselves and our digital assets from the dark side of ransomware attacks.

 

 

 

 

How Security Assessments Help Prevent Breaches

Findings.co explores how security assessments can help prevent data breaches

Data breaches can cause significant damage to a business, both in terms of financial losses and damage to reputation. In recent years, the number of data breaches reported has increased dramatically, with cybercriminals using increasingly sophisticated methods to gain access to sensitive data. One of the most effective ways to prevent data breaches is by conducting regular security assessments.

A security assessment is a comprehensive evaluation of an organization’s security posture. It involves reviewing all aspects of the organization’s security, including policies, procedures, infrastructure, and personnel. The goal of a security assessment is to identify vulnerabilities and weaknesses that could be exploited by an attacker. There are many types of security assessments, including vulnerability assessments, penetration testing, and risk assessments. Each of these assessments has its own unique methodology, but they all aim to achieve the same goal: to identify vulnerabilities and weaknesses in an organization’s security.

By conducting a security assessment, organizations can identify vulnerabilities before they are exploited by attackers. This allows the organization to take proactive steps to mitigate the risk of a data breach. For example, if a security assessment identifies that the organization’s password policies are weak, the organization can implement stronger policies to prevent unauthorized access.

Another benefit of conducting a security assessment is that it can help organizations comply with industry and regulatory requirements. Many industries have specific regulations that organizations must follow to protect sensitive data. By conducting a security assessment, organizations can ensure that they are meeting these requirements and avoid costly fines and legal action.

Additionally, conducting a security assessment can help organizations identify areas where they need to invest in additional security measures. For example, if a security assessment reveals that the organization’s network infrastructure is outdated, the organization can allocate resources to upgrade the infrastructure to better protect against attacks.

It’s important to note that conducting a security assessment is not a one-time event. Security threats and vulnerabilities are constantly evolving, and organizations must regularly review and update their security measures to stay ahead of attackers.

Why are Security Assessments Important?

Security assessments are essential for preventing data breaches because they help organizations identify vulnerabilities before they are exploited by attackers. By conducting a security assessment, organizations can take proactive steps to mitigate the risk of a data breach.

For example, a vulnerability assessment can identify vulnerabilities in an organization’s software or hardware systems. These vulnerabilities could be used by an attacker to gain unauthorized access to sensitive data. By identifying these vulnerabilities, organizations can take steps to patch or fix them before an attacker can exploit them.

Similarly, a penetration test can simulate an attack on an organization’s systems to identify weaknesses that could be exploited by an attacker. By conducting a penetration test, organizations can identify vulnerabilities and weaknesses in their systems and take steps to improve their security.

Security assessments are also important for helping organizations comply with industry and regulatory requirements. Many industries have specific regulations that organizations must follow to protect sensitive data. By conducting a security assessment, organizations can ensure that they are meeting these requirements and avoid costly fines and legal action.

Examples of Security Assessments in Action:

Now that we’ve explored why security assessments are important, let’s take a look at some examples of how they’ve helped organizations prevent data breaches.breaches.

 

Example 1: Target Data Breach

In 2013, retail giant Target suffered a massive data breach that compromised the personal and financial information of millions of customers. The breach was caused by a vulnerability in Target’s payment system that was exploited by attackers.

Following the breach, Target conducted a security assessment to identify the root cause of the attack and prevent future breaches. The assessment identified a number of vulnerabilities in Target’s systems, including weaknesses in the company’s password policies and network segmentation.

Based on the findings of the assessment, Target implemented a number of security measures, including two-factor authentication for remote access, improved password policies, and increased network segmentation. These measures helped to prevent future data breaches at Target.

Example 2: Equifax Data Breach

In 2017, credit reporting agency Equifax suffered a data breach that exposed the personal and financial information of over 140 million customers. The breach was caused by a vulnerability in Equifax’s web application software that was exploited by attackers.

Following the breach, Equifax conducted a security assessment to identify the root cause of the attack and prevent future breaches. The assessment identified a number of vulnerabilities in Equifax’s systems, including weaknesses in the company’s patch management processes and web application security.

Based on the findings of the assessment, Equifax implemented a number of security measures, including improved patch management processes, enhanced web application security, and increased employee training on cybersecurity best practices. These measures helped to prevent future data breaches at Equifax.

Example 3: University of Virginia Data Breach

In 2014, the University of Virginia suffered a data breach that exposed the personal and financial information of over 18,000 current and former employees. The breach was caused by a vulnerability in the university’s payroll system that was exploited by attackers.

Following the breach, the university conducted a security assessment to identify the root cause of the attack and prevent future breaches. The assessment identified a number of vulnerabilities in the university’s systems, including weaknesses in the company’s patch management processes, access controls, and network security.

Based on the findings of the assessment, the university implemented a number of security measures, including improved patch management processes, enhanced access controls, and increased network security. The university also provided additional cybersecurity training to its employees to help prevent future data breaches.

As we’ve seen in these examples, security assessments can be a powerful tool for preventing data breaches. By identifying vulnerabilities and weaknesses in an organization’s security posture, organizations can take proactive steps to mitigate the risk of a data breach. This can include implementing security measures such as two-factor authentication, improved password policies, enhanced patch management processes, and increased employee training on cybersecurity best practices.

In addition to preventing data breaches, security assessments can also help organizations comply with industry and regulatory requirements. By conducting a security assessment, organizations can ensure that they are meeting these requirements and avoid costly fines and legal action.

Ultimately, conducting regular security assessments is essential for any organization that wants to protect its sensitive data from cybercriminals. By taking proactive steps to identify and address vulnerabilities, organizations can help prevent data breaches and protect the privacy and security of their customers and employees.

 

 

 

March Data Breach Round-Up

findings shares the top breaches that happened in March 2023

As we move forward, it’s becoming increasingly clear that even large corporations aren’t safe from cyber attacks. From Chick-fil-A and Dole Food Company to Acer and Procter & Gamble, the number of companies that have suffered data breaches continues to grow. Today, I’ll delve into some of the latest confirmed data breaches from March, and examine what they could mean for both these businesses and their customers. With personal data security on the line, it’s time to brace yourself for a rollercoaster ride into the realm of cybercrime!

 

  1. Attention all Chick-fil-A lovers! Unfortunately, Chick-fil-A has sent a notice to customers about a data security incident that may have involved their personal information. The company has taken measures to prevent unauthorized activity and engaged a national forensics firm to investigate the issue. Based on their investigation, it was discovered that unauthorized parties launched an automated attack against Chick-fil-A’s website and mobile application between December 18, 2022, and February 12, 2023, using account credentials obtained from a third-party source. The information that may have been involved includes name, email address, Chick-fil-A One membership number, mobile pay number, QR code, masked credit/debit card number, and the amount of Chick-fil-A credit on the account, as well as the month and day of the birthday, phone number, and address if saved to the account. Unauthorized parties were only able to view the last four digits of the payment card number. Chick-fil-A recommends affected customers change their password immediately and choose a strong, unique password. 

 

  1. While we all love fresh produce, it’s important to remember that cybersecurity is vital to ensuring that we can continue to enjoy our favorite fruits and veggies. Fresh produce provider, Dole Food Company, has confirmed that employee information was accessed by threat actors during a February ransomware attack. The number of employees affected was not disclosed, but Dole employs approximately 38,000 people worldwide. The company said the attack was sophisticated, but limited in impact on operations. However, Dole was forced to shut down production plants across North America and was unable to fulfill orders for a week, leading to complaints from customers. In response to the attack, Dole engaged cybersecurity experts and notified law enforcement. The incident has been disclosed in an annual report filed with the US Securities and Exchange Commission. The company very nicely explained the damage that a cyber attack can cause a company. In the report they write, “our information technology networks and systems, some of which rely on third-party service providers, may be vulnerable to service disruptions or system failures due to causes including intentional hacking, security breaches, intrusions, malware, denial of service attacks, phishing, or other cybersecurity attacks, as well as natural disasters, catastrophic events, power outages, or human error or malfeasance. If we are unable to prevent or adequately respond to and resolve these disruptions or failures, our operations may be impacted and any unauthorized access to, or acquisition of, customer, employee, or other confidential information could result in adverse consequences such as reputational damage, premature termination or reduction of existing contracts, reduction of operating revenue, remediation costs, ransomware payments, litigation, and/or penalties under various laws and regulations. Our customers could also refuse to continue to do business with us and prematurely terminate or reduce existing contracts, resulting in a significant reduction of our operating revenue.” This further shows that everyone in the supply chain is ultimately affected by cyber attacks. 

 

  1. The FBI just put the cuffs on the supposed mastermind behind a notorious cybercriminal hub that boasted stolen data from Congress members and countless other individuals. The founder of the BreachForums website, Conor Brian Fitzpatrick, has been arrested and charged with operating a hacking forum and marketplace for cybercriminals. Fitzpatrick, 20, allegedly created BreachForums in March 2022 to buy, sell and trade hacked or stolen data and other contraband, including personally identifying information, bank account details, and social security numbers. According to reports, Fitzpatrick is believed to have played a role as a mediator or intermediary for unlawful deals and personally offered access to legitimate breached databases using a credit-based system run by the online platform. The site’s various sections included “Cracking,” “Leaks,” and “Tutorials.” The FBI and the Department of Health and Human Services Office of Inspector General have conducted a disruption operation that caused BreachForums to go offline. Fitzpatrick’s alleged victims included millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies. Deputy Attorney General Lisa O. Monaco has announced another successful crackdown on the cybercrime underworld, stating that the BreachForums platform – much like its predecessor RaidForums – facilitated the trade of stolen data between hackers and willing buyers. She warns all those involved in shady dealings on the dark web that they should take note: Law enforcement agencies are determined to dismantle these illicit forums and prosecute their administrators in U.S. courts. So if you’re operating in the shadows, you better watch out!

 

  1. On March 20th, Ferrari confirmed that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details. Twitter user Troy Hunt shared the breach letter sent to customers. Ferrari writes, “we regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment.” While the company explains that no no payment information or details of Ferrari cars owned or ordered had been stolen, hackers still accessed customers’ names, addresses, email addresses and telephone numbers. Let’s keep on dreaming about our favorite Italian sports cars and hope that Ferrari’s cybersecurity measures are strengthened to prevent any future incidents.

 

  1. After suffering at least two other hacking incidents in 2021, Acer, a Taiwanese electronics and computer manufacturer, has allegedly fallen victim to a ransomware attack, and the ransomware group, REvil, is claiming responsibility. The cybercriminals are demanding a staggering $50 million, the highest ransom on record to date. Acer is well-known for its laptops, desktops, and monitors, and employs around 7,000 people worldwide. The investigation is still ongoing, however Acer did confirm it suffered a breach. “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” the company told PCMag in a statement. In another statement made to BleepingComputer, the company explained, “Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries. We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity.” It’s extremely important that companies continue to stay up to date with cybersecurity regulations and best practices.  

 

  1. Oh boy, it seems like GoAnywhere just can’t catch a break! This supposedly secure web file transfer solution has been at the center of a string of breaches, and the hits just keep on coming. Let’s take a closer look, shall we?

 

In early February, Fortra – a company that offers GoAnywhere as a secure managed file transfer (MFT) product – announced that it had identified a zero-day vulnerability in the system. This vulnerability could allow attackers to remotely execute code on vulnerable systems, and it was actively being exploited. The news was first reported by journalist Brian Krebs, and it set off a chain reaction of breaches affecting multiple companies.

 

One of the latest victims to come forward is Procter & Gamble, a consumer goods company that confirmed it was impacted by the GoAnywhere incident. The company’s GoAnywhere MFT platform was compromised, and an unauthorized third party was able to obtain some information about P&G employees. Fortunately, financial and social security information was not accessed, but some data was stolen. It’s believed that the Clop ransomware gang may be behind the attack, as they previously claimed to have stolen files from over 130 organizations.

 

And now, Crown Resorts – Australia’s largest gambling and entertainment company – has also fallen victim to the GoAnywhere breaches. Their secure file-sharing server was breached using a zero-day vulnerability, and a ransomware group has claimed to have illegally obtained a limited number of Crown files. Crown Resorts is just the latest in a long list of victims, including CHS, Hatch Bank, Rubrik, the City of Toronto, Hitachi Energy and Saks Fifth Avenue.

 

It’s safe to say that the GoAnywhere breaches have had a huge impact on multiple industries, and it’s important for companies to take extra precautions when it comes to data security. Stay vigilant, folks!



In recent years, cybercrime has affected not only small businesses but also large corporations. This blog post examined several data breaches that occurred in March 2023, including those affecting Chick-fil-A, Dole Food Company, Ferrari, and Acer. These breaches have impacted the personal information of customers and employees, leading to potential risks such as identity theft and fraud. With these incidents in mind, it is crucial for individuals and companies to prioritize cybersecurity measures and remain vigilant against cyber threats. 

 

 

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Chat

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!