November has turned cold in much of the Northern Hemisphere, and there was plenty of cold comfort to go around in the world of cybersecurity.
Our latest round-up looks at a massive company that can’t stop getting breached, another one scrambling to correct an unforced error, a worst-case scenario for the blending of church and state, and a depressing report on just how much money ransomware gangs are pulling in. Let’s get ready for a dip into the chilly waters of cybercrime.
November’s Biggest Cyber Attacks
The Cybercrime Hits Keep On Coming for Vodafone
A UK-based telecommunications giant added to its reputation for attracting high-profile data breaches with November’s acknowledgment that an attack on a third-party vendor had compromised a large volume of personal information from Vodafone Italy subscribers.
The attack may have been mounted by the KelvinSecurity hacker collective, which claimed to be selling Italian Vodafone data on a cybercrime forum. Stolen information includes both Vodafone account data and personally identifiable information, although the company did not incur any network disruptions.
This is the latest in a long string of cybersecurity incidents at Vodafone branches around the world, including:
- A reported data leak in India this August
- A network shutdown in Portugal this February
- Multiple other breaches and security lapses over the past decade.
After being fined heavily by the European Union for repeated violations of the EU’s General Data Privacy Regulation (GDPR), Vodafone has plenty of reputational damage to repair on the privacy and security front.
Records Exposed: Account data and personally identifiable information
Type of Attack: Third-party data breach
Date of Attack: September 2022
Location: U.K., Italy
Key takeaway: It’s a bit of cliché to say that no one genuinely likes their phone company, but there’s basic dislike and then there’s a profound lack of trust.
Vodafone’s pattern of being unable or unwilling to safeguard its subscribers’ personal data puts the company at risk of severe reputational damage that will eventually drive users to seek alternatives.
By putting data security at the forefront of your business plan, your organization can go a long way toward avoiding the label of being overly lax with your customers’ personal data.
State-Sponsored Hackers Come After the Mormon Church
To the layperson, the Church of Jesus Christ of Latter-day Saints might not look like the most obvious target for cybercrime. For criminals, though, the troves of data stored in the network of any sizable religious organization make for a tempting target.
That proved to be the case in a March hack of the Mormon church that yielded personal data of an unknown number of church members and employees.
While a church spokesperson denied that any financial or donation-related data was impacted, the thieves accessed a good amount of personally identifiable information, including names, addresses, and email addresses.
The most interesting and concerning element of this breach is reportedly also why it was kept quiet even from impacted members for nine months. The church was apparently working with federal law enforcement agencies who believe this breach was the work of a state-sponsored cybercrime organization.
At the time of this writing, it isn’t known what foreign powers might be under suspicion. It’s also unconfirmed whether the LDS was targeted specifically or simply fell victim to a broad-ranging attack. Either way, “state-sponsored” is seldom an adjective any organization likes to see attached to its data breach.
Records Exposed: Personally identifiable information
Type of Attack: Unconfirmed
Industry: Religious organization
Date of Attack: March 2022
Location: Salt Lake City, Utah
Key takeaway: Organizations with a large roster of members or employees make for a tempting target, and churches and religious groups square into that category. The suspicion of a state-sponsored attack adds an interesting wrinkle to the LDS breach, but at the heart of the matter, this is yet another attack on a seemingly unlikely target that in fact fits the profile of a data trove to a tee.
Server Error Exposes 3TB of Thomson Reuters Data
The international media, tax, and legal giant Thomson Reuters pointed to a misconfiguration of one of its own servers as the source of a sizable data leak in late October.
A cybersecurity research team identified around 3TB of user data stored in three exposed servers that could be readily accessed by bad actors. The leaked material seems to be connected to ElasticSearch, a third-party tool employed by Thomson Reuters to collect and manage data generated by user-client interactions.
The value of the exposed data, which was stored in a plaintext format, lies mostly in its potential for allowing access to other systems. The data included credentials that could allow access to third-party servers, raising concerns about future attacks on Thomson Reuters vendors and partners.
Also exposed were SQL logs that revealed potentially exploitable information about searches and online activity of Thomson Reuters visitors. The company addressed the misconfigured server quickly and contacted potentially impacted parties.
In the meantime, there is no real way of knowing who, if anyone, laid eyes on the exposed data or what they might intend to do with it.
Records Exposed: 3TB of server data
Type of Attack: None confirmed
Industry: Media, legal, financial
Date of Attack: October 2022
Location: Eagan, Minnesota
Key takeaway: Unforced errors are always the most frustrating ones. Thomson Reuters is fortunate that this leak was detected so quickly, but it is hard to know whether or not any data was purloined in the time that the server was exposed. It is crucial for businesses to remember that no matter how many legitimate external threats they may face, there is no excuse for letting internal security lapses do the thieves’ work for them.
FBI Report Shows Cybercrime Does Pay
If you’ve ever wondered just how much criminals can benefit from disrupting businesses, organizations, and municipalities with ransomware, the FBI has some answers for you. Spoiler alert: it’s a lot!
A pair of studies conducted by the FBI and Cybersecurity and Infrastructure Security Agency (CISA) shed some light on just how lucrative the ever-growing field of ransomware truly is.
The first report, also conducted in collaboration with the Department of Health and Human Services, details the money taken in by the Hive ransomware-as-a-service gang since June of 2021. The Hive should be a familiar name to anyone with an eye on the cybersecurity world, having had a hand in roughly 1,300 ransomware attacks over the past 17 months.
The FBI report estimates that the group has taken in around $100 million in ransom payments in that time. The Hive is also known to saddle victims who don’t pay up with additional ransomware that reinfects their systems.
The second FBI report is perhaps even more unsettling, as it demonstrates that even lower-profile ransomware groups can do extensive damage. The Cuba ransomware gang hasn’t captured nearly as many headlines or victims as the Hive has, but they have still managed to infect more than 100 victims around the world while pulling in upwards of $60 million since August 2021.
With a pointed focus on U.S. infrastructure organizations, including financial, medical, information technology, manufacturing, and governmental facilities, the Cuba gang has gotten rich while doing considerable damage to vital functions. Both of these reports stand as an unmistakable reminder that cybercrime really does pay, and pays well.
Records Exposed: You name it, it’s been exposed
Type of Attack: Ransomware
Industry: You name it, it’s been ransomed
Date of Attack: 2021-2022
Key takeaway: If you’ve been wondering whether the ransomware epidemic will be slowing down any time soon, we have some bad news for you. The fact is that this particular strain of cybercrime remains incredibly effective and lucrative for its perpetrators, and far too many organizations remain underprepared to blunt its impact. Organizations cannot take too many precautions when it comes to steeling themselves against ransomware attacks.
From media giants to telecom conglomerates to churches, November shows that no one is immune to a criminal industry that has racked up hundreds of millions of ill-earned profits in the past year. Investing in security operations and systems that can stop attacks before they begin is the surest way to keep your business protected.
- Top Cyber Attacks of October 2022
- Find guidance and actionable strategy for establishing your security awareness program