Malware

United Nations Agency Probes Devastating Ransomware Attack & Data Heist

The United Nations International Maritime Organization (IMO) is investigating a ransomware attack claimed by the 8Base hacking group. The IMO has assured that sensitive information remains secure and its essential services are operating, while cybersecurity experts work to restore systems and prevent future incidents.

Published

4 weeks ago

April 19, 2024

zendzipr

United Nations Agency Probes Devastating Ransomware Attack & Data Heist 1

Imagine you’re part of an organization that works tirelessly to help eradicate poverty and fight inequality and exclusion in over 170 countries. You rely on donations from UN member states and private sector/multilateral organizations to keep your mission going. Now, imagine waking up one day to find out that your IT systems have been breached, and sensitive human resources data has been stolen. That’s what happened to the United Nations Development Programme (UNDP).

In late March, the UNDP discovered that their local IT infrastructure in UN City, Copenhagen, had been hacked. They shared that the attackers had managed to steal certain human resources and procurement information. They quickly took action to identify the source, contain the affected server, and determine the specifics of the exposed data and who was impacted.

Now, the UNDP is investigating the nature and scope of the incident and assessing the attack’s impact on individuals whose information was stolen. They are also working with those affected by the breach, helping them protect their personal information from misuse.

The 8Base Connection

While the UNDP hasn’t pointed fingers at a specific threat group yet, the 8Base ransomware gang added a new UNDP entry to its dark web data leak website on the same day the breach was discovered. The attackers claim that the documents they managed to exfiltrate during the breach contain large amounts of sensitive information. The files they temporarily leaked via a now-expired link allegedly include personal data, accounting data, certificates, employment contracts, confidentiality agreements, invoices, receipts, and more.

8Base, which emerged in March 2022, saw a spike in activity in June 2023 as they began attacking companies across a broader range of industries and switched to double extortion. They launched their data leak site in May 2023, claiming to be “honest and simple” pen testers targeting “companies that have neglected the privacy and importance of the data of their employees and customers.” To date, this ransomware group has listed over 350 victims on its site, announcing up to six victims at once on some days. 8Base uses a customized version of Phobos ransomware, a malware that first surfaced in 2019 and shares many code similarities with Dharma ransomware.

It is worth noting that this isn’t the first time a UN agency has been hit by a cyberattack. The United Nations Environmental Programme (UNEP) disclosed a data breach in January 2021 after over 100,000 employee records containing personally identifiable information (PII) were exposed online. UN networks in Geneva and Vienna were also breached in July 2019 via a Sharepoint vulnerability, exposing staff records, health insurance, and commercial contract data in what a UN official described as a “major meltdown.”

Don’t Let This Happen to You – Act Now!

If there’s one thing we can learn from incidents like the UNDP breach, it’s that no organization is immune to cyberattacks. The best way to protect your organization is to stay vigilant and proactively assess your cybersecurity measures. As your trusted IT Services partner, we’re here to help you stay ahead of potential threats, ensuring your data and systems remain secure.

Don’t wait until it’s too late. Contact us today to discuss your cybersecurity needs and let’s work together to keep your organization safe. And make sure to keep coming back to learn more about the latest cybersecurity news and trends.

Up Next

UnitedHealth Admits Paying Ransomware Gang to Prevent Massive Data Breach

Don't Miss

**Cybersecurity Takes Center Stage: Frontier Communications Falls Victim to a Cyberattack**

*Hey there, U.S. readers! I want to share a recent event with you that really highlights the importance of cybersecurity in our digital world. I promise to break it down in a way that’s easy to understand and engaging. Let’s dive in!*

**The Incident: Frontier Communications Hit by Cyberattack**

Picture this: it’s a seemingly normal day at Frontier Communications, one of our country’s leading telecommunications providers. Suddenly, their systems go haywire after being hit by a cyberattack. This is no Hollywood movie, folks – it’s a real-life scenario that occurred not too long ago.

The company was forced to shut down its systems after being targeted by malicious hackers. These cybercriminals managed to infiltrate the network and wreak havoc on Frontier’s operations, affecting thousands of customers.

**The Impact: Customers Left in the Dark**

Imagine being one of those customers who suddenly lost access to their phone, internet, or cable services. Talk about a nightmare! The effects of the cyberattack rippled far and wide, disrupting lives and businesses alike.

This incident is a stark reminder of just how vulnerable our digital infrastructure can be. As technology continues to evolve, so do the tactics employed by cybercriminals. It’s a never-ending battle that requires constant vigilance and adaptation.

**The Solution: A Proactive Approach to Cybersecurity**

Here’s the thing: cyberattacks can happen to anyone, anytime, anywhere. It’s a harsh reality of the digital age. But there’s good news! By taking a proactive approach to cybersecurity, we can stay one step ahead of the bad guys.

That means investing in state-of-the-art security measures, implementing robust policies, and educating employees on the best practices to keep digital assets safe. In other words, it’s all about being prepared for the inevitable.

**The Stats: Cybercrime on the Rise**

Still not convinced about the importance of cybersecurity? Let’s look at some numbers:

– Almost 50% of businesses in the U.S. experienced a cyberattack in 2020.
– The cost of cybercrime is expected to reach $6 trillion globally by the end of 2021.
– Ransomware attacks have increased by a staggering 350% since 2018.

These stats paint a clear picture: cybercrime is on the rise, and it’s not slowing down anytime soon. The question is, are you prepared to face this growing threat?

**The Call to Action: Stay Informed and Protected**

As your friendly, neighborhood AI cybersecurity expert, I encourage you to take this issue seriously. Don’t wait for a cyberattack to happen before you act. Be proactive, stay informed, and keep your digital assets protected.

Make sure you come back to learn more about the latest cybersecurity news, tips, and trends. Together, we can build a safer digital world for all.

So, what are you waiting for? Let’s tackle cybersecurity head-on and show those cybercriminals who’s boss!

Shocking Cyber Heist: Over 25,000 People’s Data Stolen in 2023 Breach

Hey there, I’m Peter Zendzian, and today I want to talk to you about a cybersecurity nightmare that happened in 2023. In this jaw-dropping cyber heist, data of over 25,000 people was stolen, putting their personal information at risk. This is a wake-up call for all of us, and in this article, I’ll break down the incident and share some tips on how to keep your data safe. So, buckle up, and let’s dive right in.

Unmasking the 2023 Breach

Imagine waking up one day to find out that your personal information, like your name, address, and even social security number, has been stolen. That’s exactly what happened to over 25,000 innocent people in the U.S. when cybercriminals breached a major company’s database. This breach exposed sensitive data, making these individuals vulnerable to identity theft, scams, and other cybercrimes.

But, how did this happen? The answer is simple: vulnerabilities in the company’s cybersecurity measures. Despite using firewalls and other security tools, the company still fell victim to cybercriminals, proving that no one is truly safe from cyber threats.

Alarming Cybersecurity Stats You Should Know

This breach is just the tip of the iceberg. Here are some shocking statistics that highlight the growing cyber threat:

There’s a cyberattack every 39 seconds on average, affecting one in three Americans each year.

95% of cybersecurity breaches are caused by human error.

Since COVID-19, the FBI has reported a 300% increase in reported cybercrimes.

By 2025, cybercrime damages are expected to cost the world $10.5 trillion annually.

These stats are a sobering reminder that cybersecurity is not something to take lightly. It’s time to act and protect ourselves and our data from cybercriminals.

How to Safeguard Your Data and Stay Cybersecure

Now that you know the risks, let’s discuss some simple yet effective steps to keep your data safe:

Use strong passwords: Create complex, unique passwords for each account and change them regularly.

Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring a second form of verification, like a fingerprint or a text message code, in addition to your password.

Install antivirus software: Keep your devices protected with trusted antivirus software that detects and removes malware.

Update software regularly: Outdated software often has security vulnerabilities, so always keep your software up to date.

Stay informed: Keep yourself updated on the latest cybersecurity threats and best practices through trusted sources.

By following these steps, you can reduce your chances of falling victim to cyberattacks.

It’s Time to Take Action

Remember, the best defense against cyber threats is knowledge and awareness. Don’t wait until it’s too late. Start implementing these cybersecurity measures today and protect your data from cybercriminals.

If you found this article helpful and want to learn more about cybersecurity, don’t hesitate to contact us. We’re here to help you stay informed and keep your data safe. So, keep coming back for more insights and advice on how to stay cybersecure.

**Title: A Comprehensive Breakdown: How a Stolen Citrix Account Led to the Change Healthcare Hack**

Hey there! I’m going to tell you a story that’s as chilling as it is eye-opening. It’s about a company called Change Healthcare, and how they fell victim to a cyberattack. Now, before you start thinking, “Oh, another hacking story, big deal,” let me assure you, this one’s different. It’s a tale of how a simple oversight in cybersecurity can lead to disastrous consequences. And it’s a cautionary tale that we all need to learn from. So, grab a cup of coffee, sit back, and let’s dive in.

**The Scene of the Cybercrime**

Change Healthcare is a major player in the healthcare industry, with a presence in all 50 states and serving around 14,000 hospitals, clinics, and other healthcare organizations. That’s a lot of responsibility, right? So when news broke in March 2021 that they had been hacked, it sent shockwaves throughout the industry.

The hackers gained access to Change Healthcare’s systems through a stolen Citrix account. Now, you might be wondering, “What’s Citrix, and what does it have to do with the hack?” Allow me to explain.

**Citrix: A Key to the Kingdom**

Citrix is a popular software company that offers remote access solutions, among other things. Think of it like a magical key that lets you work on your office computer from home, or anywhere else for that matter. In this case, the hackers got their hands on one such magical key, which happened to belong to a Change Healthcare employee.

Here’s where things get interesting: This particular Citrix account didn’t have multi-factor authentication (MFA) enabled. MFA is like a second layer of security, where you need to verify your identity using something other than your password. For example, a unique code sent to your phone. It’s like having a deadbolt on your door, in addition to the regular lock.

**The Dominoes Begin to Fall**

Once the hackers had control of the Citrix account, they were able to gain access to other parts of Change Healthcare’s systems. It’s like a domino effect, where one compromised account leads to another, and another, and so on. The result? A major healthcare company, with millions of patients’ data at risk, had been hacked.

**The Aftermath: Lessons Learned**

So, what can we learn from this story? First and foremost, the importance of multi-factor authentication cannot be overstated. According to Microsoft, MFA can block 99.9% of account hacks. That’s a staggering statistic, and it’s a clear indication that MFA is not just a luxury; it’s a necessity.

Second, it’s crucial to educate employees about the risks of cyberattacks and the importance of strong cybersecurity practices. Change Healthcare’s hack is a prime example of how a single point of failure can lead to disastrous consequences.

Finally, it’s essential to invest in comprehensive cybersecurity solutions. The healthcare industry is a prime target for cybercriminals, with 39% of all data breaches in 2020 occurring in this sector. A strong cybersecurity strategy is not optional; it’s a must-have.

**Take Action Today: Don’t Become the Next Change Healthcare**

Now that you’ve heard this cautionary tale, it’s time to take action. Whether you’re in the healthcare industry or any other sector, don’t let yourself become the next Change Healthcare. Enable multi-factor authentication, educate your employees, and invest in the right cybersecurity solutions.

And remember, we’re here to help you make sense of it all. So feel free to reach out and contact us anytime. Together, we can work towards a safer, more secure digital world. Keep coming back to learn more, and let’s stay ahead of the hackers!

Click to comment

Malware

How to Minimize the Devastating Effects of Third-Party Cybersecurity Breaches

Learn how to minimize the impact of third-party breaches on your organization with these best practices. Protect your sensitive data from cyber threats by establishing strong vendor risk management and implementing key security measures. Stay ahead of potential vulnerabilities and safeguard your critical assets.

Published

8 hours ago

May 14, 2024

zendzipr

How to Minimize the Devastating Effects of Third-Party Cybersecurity Breaches 14

Imagine the world as a giant web, with each organization connected to one another through the flow of data. This flow is essential as it drives decision-making, collaboration, customer engagement, and operations optimization. In fact, by 2024, it’s estimated that the global volume of data created, consumed, and stored will reach 147 zettabytes – a number that’s almost too large to comprehend.

But there’s a catch: the more connected we are, the more connected we are in terms of risk. A data breach in one part of the network can have ripple effects throughout the entire system. So, even if your organization has top-notch cybersecurity, a breach elsewhere could still impact your data’s security, privacy, and integrity.

Feeling a bit helpless? Don’t worry – there are practical ways to reduce your risk from third-party breaches. Let’s dive in!

How a third-party breach can affect you

In a third-party breach scenario, the initial breach happens within the network or system of a third-party entity that your organization has a business relationship with. Hackers then use this breach as a springboard to gain unauthorized access to sensitive data or systems of other organizations in the supply chain.

Take this example: a financial institution partners with a software provider to manage customer data. If the software provider’s network is compromised by hackers, the customer data of the financial institution could be exposed too.

Third-party breaches can lead to:

Exposure of sensitive data, such as customer information, intellectual property, financial records, or trade secrets.

Financial losses from investigating and remediating the breach, notifying affected parties, fines by regulatory authorities, and potential legal settlements.

Operational disruptions, resulting in downtime, loss of productivity, and the need for additional resources to address the breach and restore systems.

Reputational damage, leading to a loss of customer confidence and potential business opportunities.

If the breached third-party vendor is a critical part of the organization’s supply chain, other businesses’ ability to deliver products or services to customers could be impacted.

Exposure of vulnerabilities in other organizations’ own systems and infrastructure, as hackers may use the compromised third-party as a stepping stone to gain access to further targets.

An infamous example: The SolarWinds hack

SolarWinds, a software company providing IT management and monitoring solutions, experienced a notorious third-party breach. Hackers gained unauthorized access to SolarWinds’ systems and inserted malicious code into their software updates, which were then distributed to customers, including numerous government agencies and organizations worldwide.

Consequently, the hackers infiltrated the networks of many of these customers, compromising their systems and gaining access to sensitive data. The SolarWinds hack demonstrated the risks associated with third-party vendors and the potential for supply chain attacks, where attackers target a trusted vendor to gain access to multiple organizations across its global supply chain.

Passwords: The key to third-party breaches

Passwords play a significant role in third-party breaches. One major issue is password reuse. Many people reuse passwords across multiple accounts, including personal and professional ones. When a third-party vendor experiences a data breach and user credentials (including passwords) are compromised, hackers can use those credentials to gain unauthorized access to other accounts where the same password is used.

Hackers often use automated tools to test compromised credentials from one breach against multiple online services, a technique known as credential stuffing. This relies on the fact that many people reuse passwords across different accounts.

If a user’s credentials from a breached third-party vendor are successfully used to gain access to other accounts, it can lead to unauthorized access, data theft, and potential financial loss.

To help combat this issue, consider using a tool like Specops Password Policy, which continuously monitors your Active Directory for passwords that have been compromised elsewhere.

Manage your attack surface and protect your organization

External Attack Surface Management (EASM) can help your organization prevent and mitigate the impact of third-party breaches. EASM solutions can scan and identify all internet-facing assets connected to your organization, including those associated with third-party vendors.

Having this visibility allows organizations to understand the true extent of their attack surface and identify potential vulnerabilities or weak points introduced by third-party vendors. Some benefits of using EASM include:

Risk assessment: EASM platforms can assess the cybersecurity posture of your organization’s attack surface, including third-party assets. By evaluating factors such as misconfigurations, vulnerabilities, exposed databases, and weak encryption, EASM helps identify potential risks before they’re exploited by attackers.

Continuous monitoring: Real-time monitoring of your organization’s attack surface, including third-party assets, allows IT teams to detect changes or new vulnerabilities introduced by third-party vendors. By quickly identifying and addressing these risks, organizations can prevent or minimize the impact of third-party breaches.

Vendor risk management: EASM platforms can integrate with vendor risk management programs, allowing organizations to assess and monitor the cybersecurity posture of third-party vendors. This enables organizations to make informed decisions about which vendors to onboard and implement appropriate security controls.

Incident response: In the event of a third-party breach, EASM solutions can provide valuable insights and data to support incident response efforts, minimizing damage and reducing the time to remediation.

Ready to better understand your own attack surface, including third-party risks? Request a free attack surface analysis from Outpost24 – we’ll map your current situation and help you stay ahead of potential breaches.

Sponsored and written by Outpost24.

Malware

Dropbox Reveals Hackers Seized Customer Data and Confidential Secrets from eSignature Service

Hackers have stolen Dropbox customer data and authentication secrets from HelloSign, a popular eSignature service. Dropbox has since issued a warning, urging users to change their passwords and enable two-factor authentication to protect their accounts.

Published

4 days ago

May 10, 2024

zendzipr

Dropbox Reveals Hackers Seized Customer Data and Confidential Secrets from eSignature Service 15

Dropbox Sign eSignature Platform Breached: What You Need to Know

Cloud storage giant Dropbox recently revealed that hackers managed to breach its Dropbox Sign eSignature platform, getting their hands on authentication tokens, multi-factor authentication (MFA) keys, hashed passwords, and customer information. If you’re not familiar with Dropbox Sign (previously known as HelloSign), it’s a service that enables customers to send documents online for legally binding signatures.

When and How Did the Breach Occur?

We discovered unauthorized access to Dropbox Sign’s production systems on April 24, prompting us to launch an investigation. Our findings showed that the threat actors gained access to a Dropbox Sign automated system configuration tool, which is part of the platform’s backend services. This configuration tool allowed the attacker to execute applications and automated services with elevated privileges, ultimately enabling them to access the customer database.

What Data Was Compromised?

Upon further investigation, we found that the threat actor accessed data such as Dropbox Sign customer information, including emails, usernames, phone numbers, and hashed passwords. Additionally, they got their hands on general account settings and certain authentication information, such as API keys, OAuth tokens, and multi-factor authentication. Unfortunately, even users who used the eSignature platform without registering an account had their email addresses and names exposed.

Was Any Other Data or Services Affected?

While this breach is undoubtedly concerning, the silver lining is that we found no evidence that the threat actors gained access to customers’ documents or agreements. Furthermore, they did not access the platforms of other Dropbox services.

What Measures Have Been Taken to Address This Issue?

In response to the breach, we’ve reset all users’ passwords, logged out all sessions to Dropbox Sign, and restricted how API keys can be used until they are rotated by the customer. We’ve also provided additional information in our security advisory on how to rotate API keys to regain full privileges.

What Should Dropbox Sign Customers Do Now?

If you utilize MFA with Dropbox Sign, you should delete the configuration from your authenticator apps and reconfigure it with a new MFA key retrieved from the website. We’re currently emailing all customers impacted by the incident.

Moreover, be on the lookout for potential phishing campaigns using this data to collect sensitive information, such as plaintext passwords. If you receive an email from Dropbox Sign asking you to reset your password, don’t follow any links in the email. Instead, visit Dropbox Sign directly and reset your password from the site.

Stay Alert and Informed

As cyber threats continue to evolve and become more sophisticated, it’s essential to stay informed and proactive in protecting your data. Remember that in 2022, Dropbox disclosed a security breach after threat actors stole 130 code repositories by breaching the company’s GitHub accounts using stolen employee credentials.

Keep Coming Back to Learn More

With cybersecurity being a top priority for individuals and businesses alike, we encourage you to stay up-to-date on the latest threats and best practices for keeping your data secure. Keep coming back to IT Services to learn more and stay informed about the ever-changing landscape of cybersecurity.

Malware

Panda Restaurants Reveals Alarming Data Breach Following Intense Corporate Systems Hack

Panda Express suffered a data breach affecting employees’ personal data after hackers targeted its corporate systems. The breach was discovered in January 2021, and the company is now offering identity theft protection to affected employees. Learn more about the Panda Express data breach and how to protect your personal information.

Published

6 days ago

May 8, 2024

zendzipr

Panda Restaurants Reveals Alarming Data Breach Following Intense Corporate Systems Hack 16

Image: Coolcaesar (CC BY-SA 4.0)

Imagine this: you’re enjoying a delicious meal at your favorite Panda Express restaurant, blissfully unaware that a data breach just occurred within the parent company, Panda Restaurant Group. This breach affected not only Panda Express, but also Panda Inn, and Hibachi-San, compromising their corporate systems in March and stealing the personal information of an unknown number of associates.

As the largest Chinese fast food chain in the United States, with over $3 billion in sales and 47,000 associates working in 2,300 branches, Panda Express is a household name. So when they discovered a data security breach on March 10, 2024, which only impacted their corporate systems and left in-store systems, operations, and guest experience unaffected, they took immediate action.

Thankfully, the incident only impacted current and former associate data, leaving guest data untouched. As soon as the breach was detected, Panda Restaurant Group secured its environment, activated remediation and recovery efforts, and initiated a thorough investigation with the help of third-party cybersecurity experts and law enforcement agencies to establish the nature and extent of the breach.

After a thorough investigation, it was determined that certain information maintained on their corporate systems was accessed by unauthorized actors between March 7-11, 2024. With the support of third-party experts, Panda Restaurant Group then began a thorough review of the affected data to identify the specific information and individuals impacted.

Unknown number of affected people

While the exact number of individuals affected by the breach has yet to be disclosed, information filed with the Office of the Maine Attorney General reveals that the exposed data includes affected peoples’ names or other personal identifiers, as well as their driver’s license numbers or non-driver identification card numbers.

Panda Restaurant Group continues to work with law enforcement, who are conducting an active investigation into the unauthorized actors responsible for this incident. In response to the breach, Panda has implemented additional technical safeguards to further enhance the security of information in their possession and to help prevent similar events from happening in the future.

As of now, a Panda Restaurant Group spokesperson has yet to reply to requests for additional details regarding the incident, including the total number of affected people and if the attackers have made any ransom demands.

So, what does this all mean for you? It’s a stark reminder that cybersecurity is an ever-present concern in today’s digital world. Every organization, no matter how big or small, must take the necessary steps to protect their data and the personal information of their employees and customers.

Let this be a wake-up call: don’t wait until it’s too late to take action. Contact us today to learn more about how you can safeguard your organization from cyber threats and keep coming back for more valuable insights and advice.