Industry News: ESG5

The Target: Digital payments giant PayPal

The Take: Hackers had access to names, addresses, Social Security numbers, individual tax identification numbers and dates of birth.

The Vector: The threat actors behind the PayPal breach used a tactic called credential stuffing, where attackers use stolen username/password combinations from one data breach to attempt to log into other websites and services.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target: Otelier, previously known as MyDigitalOffice, is a cloud-based hotel management solution used by over 10,000 hotels worldwide to manage reservations, transactions, nightly reports, and invoicing.

The Take: The small samples seen by BleepingComputer include a broad range of data, including hotel guest reservations, transactions, employee emails, and other internal data. Some of the personal information exposed includes hotel guests' names, addresses, phone numbers, and email addresses.

The Vector: The threat actors behind the Otelier breach told BleepingComputer that they initially hacked the company's Atlassian server using an employee's login. These credentials were stolen through information-stealing malware, which has become the bane of corporate networks over the past few years.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: Japanese electronics manufacturer Casio.

The Take: For the nearly 6,500 employees impacted, basic information collected by human resources was accessed, including names, employee numbers, email addresses and departments. Some employees had other information like gender, date of birth and home address leaked while a small number of those affected had taxpayer ID numbers exposed.

The Vector: An investigation conducted by an outside cybersecurity firm sourced the ransomware attack back to phishing emails that allowed the hackers into Casio’s servers.

As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

The Target: PowerSchool is a cloud-based software solutions provider for K-12 schools and districts that supports over 60 million students and over 18,000 customers worldwide. The company offers a full range of services to help school districts operate, including platforms for enrollment, communication, attendance, staff management, learning systems, analytics, and finance.

The Take: PowerSchool has confirmed that the stolen data primarily contains contact details such as names and addresses. However, for some districts, it could also include Social Security numbers, personally identifiable information, medical information, and grades.

The Vector: After investigating the incident, it was determined that the threat actor gained access to the portal using compromised credentials and stole data using an "export data manager" customer support tool. Using this tool, the attacker exported the PowerSchool SIS 'Students' and 'Teachers' database tables to a CSV file, which was then stolen.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: SRP Federal Credit Union, one of the largest in South Carolina. SRP was founded in 1960 and said it has more than $1.6 billion in assets as of 2022.

The Take: The potentially exposed data included names, dates of birth, addresses, phone numbers, email addresses, government-issued IDs, social security numbers, transaction activity and photographs of users.

The Vector: After law enforcement was notified, an investigation was conducted and they realized that hackers accessed SRP Federal Credit Union systems “at times from September 5, 2024, and November 4, 2024, and potentially acquired certain files from our network during that time.”

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Byte Federal operates 1,356 Bitcoin ATMs in the US, accounting for 4.3% of all crypto ATMs in the country.

The Take: The potentially exposed data included names, dates of birth, addresses, phone numbers, email addresses, government-issued IDs, social security numbers, transaction activity and photographs of users.

The Vector: Byte Federal said it had discovered the attack on Nov. 18, more than 30 days after it occurred on Sept. 30, with a bad actor exploiting a vulnerability in software provided by a third party.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: BT Group is the United Kingdom's leading fixed and mobile telecom provider. It also provides managed telecommunications, security, and network and IT infrastructure services to customers in 180 countries.

The Take: This comes after the Black Basta ransomware gang claimed they breached the company's servers and allegedly stole 500GB of data, including financial and organizational data, "users data and personal docs," NDA documents, confidential information, and more.

The Vector: BT Group identified an attempt to compromise their BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated, BleepingComputer was told.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: Finastra provides software and services to roughly 8,000 financial institutions worldwide, including 45 of the top 50 banks. Based in London, the company has offices in 42 countries.

The Take: A threat actor using the moniker ‘abyss0’ announced on a dark web cybercrime forum that they were selling 400 gigabytes of data allegedly stolen in the attack and belonging to the fintech giant’s customers.

The Vector: The security incident occurred on November 7, 2024, when an attacker used compromised credentials to access one of Finastra's Secure File Transfer Platform (SFTP) systems.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Maxar Space Systems is a major player in the American aerospace industry, considered an expert in building communication and Earth observation satellites.

The Take: Maxar Space Systems says that the attacker likely has access to a system that contained the following employee information: name, home address, social security number, business contact information, gender, employment status, employee number, job title, hire/job termination start dates, supervisor, department.

The Vector: The information security team discovered that a hacker using a Hong Kong-based IP address targeted and accessed a Maxar system containing certain files with employee personal data.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Schneider Electric is a French multinational company that manufactures energy and automation products ranging from household electrical components found in big box stores to enterprise-level industrial control and building automation products.

The Take: The threat actors claim that the stolen data includes 75,000 unique email addresses and full names for Schneider Electric employees and customers.

The Vector: The threat actor said they breached Schneider Electric's Jira server using exposed credentials. Once they gained access, they claimed to use a MiniOrange REST API to scrape 400k rows of user data.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...