July 14, 2022

Monthly Breach Report: July 2022 Edition

PKWARE
Monthly Breach Report: July 2022 Edition

While both political instability and remote working behaviors play into the prevalence of cyberattacks, another factor behind why attacks such as ransomware continue year over year is the simple fact that they’ve been successful. Cyber criminals are constantly looking for ways to steal data that doesn’t belong to them. And organizations like these below are paying the price for not being prepared.

City of Portland Scammed for $1.4 Million

In May, officials for the City of Portland announced the discovery of a compromised email account that led to the loss of $1.4 million in municipal funds. The breach was discovered only after a second round of theft by the culprit. The first “fraudulent financial transaction” occurred in April, according to a report by Oregon Public Broadcasting.

The City of Portland initially announced it will not release further details while the case is being investigated, which is now in the hands of the U.S. Federal Bureau of Investigation (FBI), the U.S. Secret Service, and the Portland Police Bureau. Later reports stated that the money was stolen specifically from one municipal project, Starlight, an affordable housing development.
The Record reports that the details of the breach point to a Business Email Compromise (BEC) attack, an ever-increasing crime in which criminals send a company employee an email message that appears to make a legitimate business request.

Once a criminal infiltrates a company’s network, they will install malware that allows them to quietly siphon off money over time, wipe out accounts, or demand ransom.

Sources

ACY Securities Downplays Data Exposure from Misconfigured Database

Australian trading group ACY Securities was recently warned that 60GB of its customer data was exposed with no security authentication. The leak was discovered by well-known security researcher Anurag Sen of the SafetyDetectives security team. Sen told HackRead that the private information was left exposed by a misconfigured database and could easily be found through Shodan, a popular search engine that lets users search for various types of servers connected to the internet. The information included:

  • users’ full name
  • address
  • date of birth
  • gender
  • email
  • password
  • phone number
  • trading information

Sen attempted to notify the company several times of the exposed data and was dismayed when the company finally responded with a dismissal of the exposure:

They officially emailed me stating that ”Thank you for mentioning this, the below server is an insignificant one” – I am really not happy with the reply. They are considering personal details of registered users…insignificant.

The data contained logs from as far back as February 2020. Sen told HackRead that after a nonchalant response, the company did finally secure the database and the information was no longer public.

Security researchers often find and report these misconfigurations to the affected companies, but it is often difficult to find who to report the problem to. Most companies, says SecurityWeek, downplay the issue, stating that there is no indication it has been accessed by a bad actor. Security firm Comparitech warns that misconfigured databases offer up data that can be used in spearfishing and ransomware attacks and that more data is lost from unsecured databases than what is often reported or admitted.

Sources

Infamous Hacktivist Group “Anonymous” Strikes Again at Russia-Based Organization

The infamous hacktivist group “Anonymous” has once again targeted a Russia-based company for a much-publicized data dump. This time the victim is one of Russia’s top law firms, Rustam Kurmaev and Partners (RKP) Law. The group announced the hack via its Twitter account, @DepaixPorteur, in early June.

The leak includes data on RKP’s work with some of the world’s biggest players in real estate, construction, and commercial sectors. RKP’s client list, according to a Tweet by Anonymous, includes IKEA, Volkswagen Group Russia, Toyota Russia, Oilfield Service Company, Panasonic, ING Bank, Yamaha Motor, Caterpillar, and Citibank.

This breach is the latest in a string of attacks on Russia by Anonymous, which declared cyber war on Russia when the country invaded Ukraine in February. Since their declaration, the collective has hacked and leaked data from numerous Russian government agencies and state-run media outlets as well as any companies that continue to do business with Russia. .

Sources 

Website “BidenCash” Offers Stolen Credit Card Data for Free

A new website known as “BidenCash” (ostensibly named after US President Joe Biden) is now offering free stolen credit card information to the public. While many cybersecurity publications report that the information was initially available for $0.15 per transaction, the tech blog S2W reports that on June 15, the website’s operator began advertising the data as free to the public. S2W’s research has uncovered that the site’s developer has actively been promoting the free data on sites that specialize in stolen credit card information like Blackbones, Crdpro, and Club2CRD. As of April, a total of 7,948,828 bits of credit card carding information is freely available, including:

  • cardholder’s name
  • address
  • phone number
  • credit card number
  • CVV information
  • credit card expiration date

After checking all available information, S2W researchers noted that they found only 1,427 valid credit card numbers. Out of those, only four numbers included both CVV and expiration date information, and those cards were expired. The BidenCash creator promotes itself on underground and Tor networks and is gaining extensive notoriety within the cybercrime community for compiling stolen data on a “one-stop shopping” site.

Sources

City Contractor in Japan Learns Not to Drink and [Flash] Drive

Thanks to a long night of drinking, a private contractor working for the Japanese city of Amagasaki came close to exposing the personal data of 460,000 residents. Reports say that an employee of tech firm Bioprogy left work for a night of carousing while carrying a USB flash drive containing information related to a municipal pandemic relief program. The company reports the employee was instructed to wipe the drive and store it safely, but the employee claims he received no such instructions. Once Bioprogy reported the incident to city officials, they, in turn, reported the loss to the press, apologizing for breaking the public’s trust. The lost information included:

  • names
  • addresses
  • birthdays
  • tax data
  • bank account information

The city ensured residents that the data was password protected and encrypted. Bioprogy’s reported timeline indicates the inebriated man left a bar and was seen passed out on a public street at 3 a.m. He awoke the following morning, only to find his bag containing the USB drive had been stolen. Officials later reported the bag was found thanks to tracking the man’s cell phone (which was also in the bag) and there was no indication the encrypted data had been accessed. Bioprogy stated they will continue to monitor the dark web for any possible stolen information.

Sources

 

Cyber attackers don’t take a summer break, so neither should your data security. Find out how PKWARE can help find and secure your data to keep your organization out of the data breach headlines. Request your free demo now.

 

Share on social media
  • Data Breach Report: September 2024 Edition

    PKWARE October 9, 2024
  • Data Breach Report: August 2024 Edition

    PKWARE September 6, 2024
  • Where Are the Keys? Managing Encryption in the Cloud

    PKWARE August 7, 2024
  • Data Breach Report: July 2024 Edition

    PKWARE July 19, 2024
  • Data Breach Report: September 2024 Edition
    PKWARE October 9, 2024
  • Data Breach Report: August 2024 Edition
    PKWARE September 6, 2024
  • Where Are the Keys? Managing Encryption in the Cloud
    PKWARE August 7, 2024