Kaseya Ransomware Attack: What We Know

An international ransomware attack that started with Florida-based IT firm Kaseya will not fetch the entire $70 million that its Russia-linked hackers are demanding, Huntress CEO Kyle Hanslovan told CNBC on Tuesday.

“It wouldn’t surprise me if someone was to pay the ransom for it to be closer to the $40 [million] to $50 million ballpark,” said Hanslovan, whose cybersecurity company has been helping Kaseya with its incident response and disaster recovery since Friday’s breach.

“With that said, I haven’t seen anything that’s suggesting that Kaseya will pay for the universal decryptor, meaning the one that decrypts both their customers and their customers’ customers,” Hanslovan added in a “Squawk Box” interview.

The REvil hacker gang is publicly demanding $70 million in cryptocurrency to unlock data from the attack, which spread to hundreds of small and medium-sized businesses across a dozen countries.

 

Call Now

 

Jack Cable of cybersecurity-focused Krebs Stamos Group told Reuters that one of the group’s affiliates, in a private conversation, already expressed a willingness to lower the asking price for a “universal decryptor” to $50 million. While it can be difficult to determine who speaks on behalf of the hackers, Cable said that his conversations suggested they are “definitely not attached” to their $70 million demand.

Kaseya CEO Fred Voccola said Monday that between 800 and 1,500 businesses were affected by the attack, with the fallout expected to continue Tuesday as people return to the office after the Fourth of July weekend.

“My guess would be [that the] total number of companies, and from everything we’ve seen, the hackers don’t have a feedback loop into just how many people were compromised,” Hanslovan said, adding that hacker claims of infecting 1 million systems are just “bragging.”

Network security experts said the gang targeted software supplier Kaseya using its network-management package to spread the ransomware through cloud-service providers. The breach temporarily shut down hundreds of Sweden’s Coop grocery stores after cash registers were locked up. It also affected more than 10 schools and several kindergartens in New Zealand.

The company is headquartered in Miami and has offices all over the U.S., Canada, Europe and the Asia Pacific region.

“Everybody was awakened to a synchronized attack. What that means is they target managed service providers, and it’s kind of a one-to-many attack that impacts many industries,” Hanslovan said, pointing out that health-care companies, legal firms and even federal entities have faced similar attacks.

The White House said Sunday it’s reaching out to victims of the attack “to provide assistance based upon an assessment of national risk.”

This article originally appeared on CNBC.

 

Call SpartanTec, Inc. now and let our team of IT experts assess your network and determine if you're safe from data breach.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Myrtle Beach – What Are The Biggest Data Breaches of 21st Century?

In the past, a data breach affecting a few million individuals would have made the headlines. Now, data breaches that affect billions of consumers have become a common incident. Here’s a list of the biggest data breaches of the 21st century.

This is a list of the biggest data breaches according to the number of consumers whose information was compromised. Don't be one of these companies. Secure the help of an IT expert so you can develop a disaster recovery and data backup plan.

Biggest Data Breaches

Adobe

Back in October 2013, Brian Krebs, a security blogger reported a data breach involving almost 3 million credit card records and the login information of an unspecified number of user accounts. One month after, Adobe increased that estimate to 38 million active users whose IDs and encrypted passwords have been compromised.

 

Call Now

 

Adult Friend Finder

In October 2016, about 412.2 million Adult Friend Finder accounts were compromised. The stolen information spanned 20 years on six databases and they included data such as names, passwords, and email addresses.

Canva

In May 2019, 137 million user accounts have been compromised when the Australian graphic design tool website suffered a cyberattack. The names, usernames, residence, and hashed and salted with bcrypt passwords were compromised. According to Canva, the cybercriminals were able to view but not steal the files of the clients which included payment data and partial credit card information.

eBay

eBay also suffered an attack back in May 2014 and about 145 million users including addresses, dates of birth, names, and encrypted passwords. The hackers used the data of three employees to access the company’s network and had access for about 229 days.

Equifax

Equifax is one of the biggest US credit bureaus. In Sept 2017, an application flaw in one of their websites resulted into a data breach, which involved around 147.9 million clients. The personal information such as addresses, birth dates, as well as the social security numbers of 143 million clients were compromised.

Dubsmash

In December 2018, Dubsmash, which is a New York-based video messaging service, suffered an attack that compromised the usernames, email addresses, and other personal information of 162 million users. The stolen information were sold as a part of a collective dump which also included the likes of MyHeritage, Armor Games, MyFitnessPal, and ShareThis.

Heartland Payment Systems

In March 2008, about 134 million credit cards were exposed. At that time, Heartland was processing about 100 million credit card payment transactions every month for 175,000 small to medium sized retailers. The cyberattack was discovered in January 2009 when MasterCard and Visa notified Heartland of unauthorized transactions from accounts that it managed to process. The cybercriminals exploited a flaw that allowed them to carry out an SQL injection attack.

LinkedIn

LinkedIn has become a great option for cyberattackers who are looking to carry out social engineering attacks. In 2012, 6.5 million passwords were stolen and was posted on a Russian hacker forum. But it was only until 2016, when the full extent of the data breach was revealed.

 

You don’t have to be a huge organization to be at risk of a cyberattack. Hackers also target small and medium sized companies. Call SpartanTec, Inc. now and let our IT security professionals help protect your business against cybersecurity breach.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Some TurboTax Accounts Were Hacked Due To Poor Passwords

Hackers around the world have been busy this year, with Intuit being the latest company to fall victim to data breach.

The TurboTax company recently announced that their network was breached following a series of account takeover attacks, and that as a consequence, an undisclosed number of Turbo Tax customers had their personal data compromised.

The company stressed that this breach was not a consequence of failed network security on their part, but rather, bad password practices in use by some of their customers.

The way an ATO (Account Take Over) attack works is this: A customer is in the habit of using the same password on multiple sites. A hack occurs on another site that the customer uses, and his password there is exposed.

Knowing that many people reuse passwords, hackers attempt to use the passwords they glean from one cybersecurity breach on accounts for other sites, hoping to get lucky. In many cases, they do. That's what happened here.

 

Call Now

 

Although the number of impacted accounts seems disturbingly large, the reality is that Turbo Tax serves over 100 million customers a year. So the impacted accounts represent a tiny fraction of the total. Granted, that's small consolation for those who have had their data compromised, but understanding how it happened and the context of the scope and scale is still important.

Now for the bad news: If your account was compromised, the hackers likely made off with information like your tax returns for prior years, your current tax return, your social security number, date of birth, driver's license number, and a wide range of financial information. Put another way, the hackers now have in their possession, everything they need to steal your identity and/or make your life a living hell. Be careful and check your credit report regularly for the next few months.

 

Call SpartanTec, Inc. now if you need help in boosting your cybersecurity strategy to lower your risk of data breach.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Bose Is Latest Company To Have Employee Data Breached

Bose is the latest in an unending parade of major companies to disclose that they've been the victim of a ransomware attack. In the company's data breach notification letter, they indicated that they first detected the incursion on March 7th, 2021, with the attack itself having occurred on April 29th.

Additionally, as is quite common in these cases, the company indicated that they immediately began working with both law enforcement and a third-party cybersecurity agency to continue the investigation. According to the official notification, Bose did not pay the demanded ransom, and was able to restore their corporate network to full functionality with minimal disruption to the company's business operations.

In terms of scope and scale, the company identified a small number of individuals whose data was impacted and notified everyone who was affected by mail. Based on the forensic analysis, the company determined that the files accessed by the hackers contained personal information related to an unspecified number of current and former employees, including names, social security numbers, salary, and other HR-related information.

 

Call Now

 

In the aftermath of the attack, Bose took the following steps to further bolster their security:

• Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
• Performed detailed forensics analysis on impacted server to analyze the impact of the malware/ransomware.
• Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
• Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
• Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
• Changed passwords for all end-users and privileged users.
• And changed access keys for all service accounts.

The bottom line is, although unfortunate, the company's handling of the incident has been commendable. We just hope that the day comes when there won't be quite so many stories like this one.

 

Call SpartanTec, Inc. now and let our IT support professionals to set up the most effective cybersecurity strategy to keep hackers at bay.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

SolarMarker Malware Stealing User Information Through PDFs

The hackers behind the malware called SolarMarker have begun using an innovative and unexpected means of distributing their poisoned code.

They've started publishing PDF documents filled with SEO (Search Engine Optimization) keywords in a bid to boost the visibility of malicious websites that pose as Google Drive, but in fact, are simply repositories for the malware itself.

A potential victim may get an email containing a PDF promising detailed information on attractive insurance rates or attractive credit card deals. Clicking on the links in the PDF will redirect the victim to a site designed to look like Google Drive, with instructions to download a different file on the drive. It is the act of clicking the file on the drive that dooms the user.

SEO is a tried and true marketing tactic used by legitimate business owners to drive traffic to their sites, co-opted, in this case, for a nefarious purpose. Unfortunately, it has proven to be a wildly effective thus far.

 

Call Now

 

 

As to the malware itself, SolarMarker is a backdoor malware that steals login credentials and other data from web browsers. So it's not harmful on its own, but it makes it easier for the hackers controlling it to introduce damaging malware down the road and/or steal a victim's identity and bypass computer security.

Crowdstrike was the first company to sound the alarm when researchers at the company first discovered the unusual marketing campaign for the malware. Note that thus far, at least, SolarMarker's makers seem to have focused the bulk of their attention on North America.

PDFs have been used for a very long time to deliver malicious payloads, but the unusual methodology used here makes this cyberattack noteworthy. Be on your guard against any PDFs you or your staff receive from unknown, un-trusted sources. Clicking links embedded in those files may net you much more than you bargained for, and not in a good way.

 

Call SpartanTec, Inc. now and let our team of IT support professionals help protect your company against malware and other online threats by developing an effective cybersecurity strategy.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Over 3 Million Affected By Volkswagen Group Data Breach

The Volkswagen Group of America (VWGoA), a subsidiary of the German Volkswagen Group, recently disclosed a large scale data breach that exposed the personal data of more than three million VW customers.

The incident came about because between August of 2019 and May of 2021, one of VWGoA's vendors left unsecured data exposed on the internet.

The company was notified by the vendor that an unauthorized person or persons had accessed the unsecured data and may have obtained customer information for people who had purchased an Audi or Volkswagen during that time, in addition to exposing some details on the dealerships where the vehicles were purchased. A forensic analysis revealed that information belonging to 3.3 million customers was exposed, and that 97 percent of those records related to customers of Audi vehicles or interested buyers.

The information in the vulnerable database varies widely from one customer to the next, but generally includes full names, email addresses and phone numbers, and more than 95 percent of the compromised records also included driver's license numbers.

 

Call Now

 

A small number of exposed customer records, numbering approximately 90,000, also contained social security numbers. For those customers, VWGoA is offering one year of free credit protection and monitoring, and a $1 million insurance policy that protects against identity theft.

VWGoA has also begun the process of notifying all impacted customers. So if you purchased a BMW or Audi during the time frame mentioned above, or if you expressed an interest in doing so, you may be contacted by Vokswagen.

Unfortunately, the database was left exposed for an extended period of time, and there's no telling how many bad actors may have gained access to it. Right now, security professionals are monitoring the Dark Web in case the data begins appearing there. So far, it has not, but that could happen at any time. Companies, whether big or small, should pay close attention to their cybersecurity and data backup plans. Don't wait for a cyberattack to happen before you prioritize these things.

 

Call SpartanTec, Inc. now for more information about our managed IT solutions and data recovery services.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Data Breach Hits McDonalds In US And Other Countries

McDonalds is the latest major corporation to fall victim to a data breach. The fast-food giant does business in more than 100 countries and has nearly 40,000 locations globally with more than 14,000 in the United States alone. Recently, they disclosed that hackers found a way into their network and stole information belonging to both employees and customers in the US, South Korea and Taiwan.

If there's a silver lining in the disclosure, it lies in the fact that McDonalds was able to confirm that no payment information was stolen. Nonetheless, the hackers were able to abscond with a raft of personal information including email addresses, phone numbers, physical addresses and the full names of an as yet undetermined number of customers and employees.

As part of their disclosure, the company said that they were working with law enforcement and a outside data security vendor to conclude the investigation. They included that they were in the process of contacting any customer whose information was compromised by the breach.

 

Call Now

 

So far, their handling of the aftermath of the hack has been exemplary, though that's at least in part because they've had their share of practice. Back in 2017, the company suffered an attack that revealed a cross-site scripting vulnerability that left customer passwords exposed and stored as plain text.

If you live in the US, Korea or Taiwan and are a regular McDonalds customer and have created a login on the company's site or have downloaded the McDonalds app, you may be getting a letter from the company explaining that the information you shared with the company was compromised. The letter should outline the company's next planned steps. Even if you don't get a communication from them, your best bet is to change your McDonalds or app password right away.

 

Call SpartanTec, Inc. now if you need help of IT support professionals in preventing data breaches and other types of online threats by developing effective cybersecurity solutions.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence