shutterstock_490960141-1

Industry News: ESG5

    Know Your Breach: Intellihartx

    The Target: Intellihartx, a company providing patient balance resolution services to hospitals.

    The Take: Personal information of roughly 490,000 individuals, including names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates, and Social Security numbers.

    The Vector: The cyberattack exploited a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer software. Tracked as CVE-2023-0669 and leading to remote code execution, the flaw had been exploited starting January 28.

    This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

    Read more...

    Know Your Breach: Scranton Cardiology

    The Target: Scranton Cardiology

    The Take: Exposure of Personally Identifiable Information including: full names, physical addresses, dates of birth, social security numbers, driver’s license, passport numbers, credit card and bank number details, and some medical information.

    The Vector: The breach occurred through a “brute-force” attack where the threat actor uses a program to sequentially try every combination to a password protected system.

    This breach is a critical reminder of standards and processes around password hygiene. Length and complexity for passwords, no matter where in a firm’s system they are set, is crucial for a robust overall cyber-security posture. When attackers gain access to legitimate employee credentials, they can act with all the permissions and privileges belong to the user.  

    Read more...

    Know Your Breach: Neho

    The Target: Neho, a Swiss-based online real estate agency.

    The Take: Exposure of sensitive login credentials to Neho’s systems, potentially allowing attackers full access to databases, source-code, configuration profiles and more.

    The Vector: A misconfiguration on Neho’s website exposed login credentials to their systems to the public, allowing anyone with internet access who obtained these credentials to login as an authenticated Neho user.

    This breach is a critical reminder of how important access control is for overall cybersecurity. If an attacker obtains access to vetted credentials, they can pivot their movements into possibly every system belonging to the firm, making the attack an order of magnitude more deadly. Safe and secure storage of login credentials is essential to protecting a firm and their customers.

    Read more...

    Know Your Breach: Toyota

    The Target: Toyota, a Japanese car manufacturer

    The Take: Two cloud databases exposed Personally Identifiable Information including: physical address, name, phone number, email address, customer ID, vehicle registration number, and vehicle identification numbers.

    The Vector: Several misconfigured cloud databases were left open and unsecured with no password, meaning anyone with an internet connection could have downloaded the data.

    Securing access to databases through rigorous password hygiene is an essential component of security, and cloud databases are no exception. Furthermore, the data stolen in this attack can be used for crafting highly effective automotive-based phishing attacks. Regular security compliance reviews can help prevent these breaches.

    Read more...

    Know Your Breach: NextGen Healthcare

    The Target: NextGen Healthcare, a U.S based maker of electronic records software and management services.

    The Take: Exposure of 1 Million records of Personally Identifiable Information including: names, addresses, dates of birth, and social security numbers.

    The Vector: An employee’s credentials were compromised through a credential stuffing attack. These breaches rely on employees reusing passwords between platforms, which allowed the attackers to login to NextGen systems.

    This breach is a stark reminder of how important authentication controls and password hygiene are in an overall robust cybersecurity posture. Regular social engineering, phishing awareness training, and in this case, tightly enforced password and identity management, are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

    Read more...

    Know Your Breach: Brightline

    The Target: Brightline, a pediatric mental and behavioural health provider.

    The Take: Exposure of Personally Identifiable Information including: full names, physical addresses, dates of birth, member identification numbers, date of health plan coverage and employer names.

    The Vector: A zero-day exploit was used to breach a third-party vendor, Fortra, of Brightline’s, targeting their file transfer software which let the attackers gain access to sets of files throughout the third-party vendor’s systems.

    This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

    Read more...

    Know Your Breach: Peugeot

    The Target: Peugeot, a France based automobile manufacturer.

    The Take: Exposure of company sensitive data including: credentials to a MYSQL database, secure web tokens along with their passphrases and locations of keys, a link to the git repository for the website, and source code.

    The Vector: Peugeot’s website based in Peru was hosting an unsecured environment file (.env), which contains credentials for other services used by the program, or website in this case, that the developers are working on. The logins stored here exposed credentials to a third-party software Peugeot used named Symphony, which could let attackers download session IDs and impersonate users.

    This breach is a critical reminder to monitor, flag, and properly secure all publicly accessible files on a website, and to furthermore ensure these files are protected by passwords adhering to robust cybersecurity standards of complexity and length. This attack also shows how one exposure of a system can lead to a pivot into other systems. It’s essential to secure all public-facing websites.

    Read more...

    Know Your Breach: Samsung

    The Target: Samsung, a South Korea based technology company.

    The Take: Exposure of internal company documents including: meeting notes and sensitive source code.

    The Vector: Samsung employees uploaded sensitive information to ChatGPT, an A.I chat service. ChatGPT takes information provided by users to better answer further questions in the future, and as such, the data uploaded will be provided to third-parties at any time without any controls or user authorization.  

    This breach is a unique insight into how rapidly the A.I development is proceeding. It is critical that employees be aware of what such services are, and the risks involved. External services like ChatGPT takes information inputted with absolutely no accountability or oversight. Any data sent in this way can be considered open to the public.

    Read more...

    Know Your Breach: SafeMoon

    The Target: SafeMoon, a DeFi platform for cryptocurrency trading.

    The Take: Theft of $8.9 million USD. 

    The Vector: A software feature intended for internal use only was set to public, allowing attackers to exploit and artificially inflate the price of the SafeMoon token and then sell them for large amounts of cash.

    This breach is critical reminder that new software features must be thoroughly tested before deployment. In addition, ensuring proper access settings around this kind of software is paramount for an overall robust cybersecurity posture.

    Read more...

    Know Your Breach: Toyota

    The Target: Toyota Italy, one of the world’s largest vehicle manufacturers.

    The Take: Exposure of Personally Identifiable Information belonging to Toyota’s clients including: phone numbers and email addresses.

    The Vector: Unsecured and exposed marketing tools, namely APIs for Salesforce and Mapbox, were able to be accessed publicly on Toyota Italy’s website. This allowed attackers to access employee credentials to the third-party platforms and exfiltrate client data.

    This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. Access monitoring and testing for every public-facing webpage is a key strategy to mitigate these kinds of breaches to protect a firm’s customer base.

    Read more...

    About Castle Hall Diligence

    Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

    Subscribe to Cyber Updates