InTegriLogic Blog
The Week in Breach News: 04/24/24 – 04/30/24
This week: Nation-state threat actors hit water infrastructure in Texas, human error causes a storm for the U.S. Coast Guard and happy hour is over in Sweden as a cyberattack impacts liquor distribution.
Tipton Wastewater Treatment Plant
https://therecord.media/russia-hackers-cyberattack-tipton-indiana
Exploit: Hacking (Nation-State)
Tipton Wastewater Treatment Plant: Utility
Risk to Business: 1.741 = Extreme
A Russia-linked threat actor has claimed it’s behind a cyberattack on an Indiana wastewater treatment plant. The Cyber Army of Russia posted video on its Telegram channel supporting their claim. Officials at the plant confirmed the attack, saying that although the hackers were successful, the plant’s IT infrastructure took minimal damage in the incident. The group is suspected of being behind other water and wastewater facilities including a recent hack in Texas in January.
How It Could Affect Your Business: Concern has been ratcheting up about nation-state great actors attacking infrastructure targets.
District of Columbia Department of Insurance, Securities and Banking (DISB)
https://www.securityweek.com/ransomware-gang-leaks-data-allegedly-stolen-from-government-contractor
Exploit: Hacking (Supply Chain)
District of Columbia Department of Insurance, Securities and Banking (DISB): Government Agency
Risk to Business: 1.856 = Extreme
The LockBit cybercrime group says that it gained access to the network of the District of Columbia Department of Insurance, Securities and Banking (DISB) and snatched sensitive data. The gang claims to have stolen 800 GB of sensitive financial data including files pertaining to the U.S. Securities and Exchange Commission (SEC), Delaware banking institutions and other financial entities as well as DISB operations. The data was likely obtained from DISB’s STAR system client in late March 2024 which was maintained by Tyler Technologies. The incident is under investigation.
How It Could Affect Your Business: As business cybersecurity tightens, cybercriminals are increasingly targeting service providers on the hunt for backdoors into the companies they serve.
The Coast Guard Reserve
https://www.c4isrnet.com/news/your-military/2024/04/24/coast-guard-reserve-deals-with-data-breach-amid-cybersecurity-push
Exploit: Human Error
The Coast Guard Reserve: Military
Risk to Business: 1.721 = Severe
The Coast Guard Reserve has alerted thousands of personnel that their personal data may have been exposed in a cyberattack. Officials said that on January 24, 2024, a person sent a tranche of Coast Guard members’ personal data to people who were not authorized to view it. 10,700 Coast Guard Reserve members were impacted. 7,554 individuals had their home addresses exposed. The names and employee identification numbers of another 3,146 personnel were also included.
How It Could Affect Your Business: Even the best-laid security plans can be ruined by untrained or careless employees making mistakes.
Coffee County, Georgia
https://www.walb.com/2024/04/27/coffee-county-hit-by-potential-ransomware-attack-officials-say
Exploit: Ransomware
Coffee County, Georgia: Regional Government
Risk to Business: 1.803 = Severe
A ransomware attack has resulted in the government of Coffee County, Georgia, temporarily severing its connection to the state’s voter registration system. This is a particularly concerning development as the U.S. presidential election grows closer. The early April attack left some county workers using cellular networks for internet access. County officials said they saw no evidence of exfiltration of data/files. The incident is still under investigation.
How It Could Affect Your Business: Government agencies and departments at every level have been prime targets for bad actors in the last 12 months.
London Drugs
https://www.cbc.ca/news/canada/british-columbia/london-drugs-closure-western-canada-1.7187615
Exploit: Ransomware
London Drugs: Drugstore Chain
Risk to Business: 1.712 = Severe
British Columbia-based London Drugs disclosed that it has experienced a cybersecurity incident that resulted in the temporary closure of all 79 of its retail stores across Canada. The company has not released a timeline for the reopening of those stores. London Drugs was quick to assure customers that at this time does not believe any consumer or employee data was stolen. The incident remains under investigation.
How it Could Affect Your Business: This type of closure is an existential threat to any retail chain, especially as it drags on, costing more money and angering more customers.
United Kingdom – Carpetright
https://www.techmarketview.com/ukhotviews/archive/2024/04/22/carpetright-hq-hit-by-cyber-attack
Exploit: Malware
Carpetright: Retailer
Risk to Business: 2.376 = Severe
UK carpet retailer Carpetright fell victim to a cyberattack last week that disrupted operations including customer order processing. Carpetright said that its network was taken offline fast to ensure that the malware was isolated before the bad actors were able to access or steal any data. Employees were left unable to access their payroll information, customer service phone lines were knocked out and customers experienced order fulfillment delays.
How it Could Affect Your Business: Every second counts in a cyberattack, so finding ways to speed up incident response is critical.
UK – City of Leicester (England)
https://www.darkreading.com/cyberattacks-data-breaches/lights-on-in-leicester-city-streetlights-in-disarray-after-cyberattack
Exploit: Hacking
City of Leicester (England): Municipal Government
Risk to Business: 1.866 = Moderate
A March 7, 2024, cyberattack on the city of Leicester has left the city’s streetlights on 24/7. In the wake of the attack, many city offices were left without phone and computer systems. Those systems have since been restored, but the issue of the perpetually on streetlights has not yet been solved. City officials said that the problem was caused by the shutdown of IT systems in the wake of the cyberattack. That shutdown left city workers unable to access the inner workings of the city’s lighting system, which is set to keep the lights on all the time in default mode. Bad actors were also able to snatch an indeterminate amount of data. The INC ransomware group has claimed responsibility for the attack.
How it Could Affect Your Business: A cyberattack can cause a city to lose access to portions of its critical infrastructure and that is a danger to the public.
Sweden – Skanlog
https://therecord.media/sweden-ransomware-liquor-shortage-skanlog-systembolaget
Exploit: Ransomware
Skanlog: Logistics Company
Risk to Business: 2.602 = Moderate
Happy Hour is over in Sweden as liquor store shelves empty in the wake of a cyberattack that crippled logistics company Skanlog. The company is a key distributor for Systembolaget, Sweden’s government-owned chain of retail shops for beverages stronger than 3.5% alcohol by volume. A Skanlog executive said that North Korean hackers are behind the attack. Officials warned that certain beers, wines and spirits could be sold out within a few days with no clear timeline for when the supply will begin flowing again.
How it Could Affect Your Business: The pace of supply chain attacks is continuing to increase as technology makes businesses become constantly more interconnected.
About the author
