Category: Uncategorized

Photo: Tim Samuel/Pexels
This month, more than 114,000 individuals may have experienced personally identifiable information and protected health information exposures from these incidents, while an email marketing hack is a new source for phishing attacks.
On January 17, mscripts, a cloud-based mobile pharmacy platform that focuses on patient engagement and medication adherence solutions, reported to the U.S. Department of Health and Human Services unauthorized access/disclosure that involved protected health information of 66,372 individuals, according to the Office for Civil Rights cases under investigation list.
The San Francisco-based platform, owned by Dublin, Ohio-based Cardinal Health, uses interactive SMS messaging and branded mobile apps to provide dosage and refill reminders and other prescription management functions. 
It has partnerships across the healthcare space and customers include retailers like Kmart and Wegmans, and providers like Intermountain Healthcare, Banner Health and the Henry Ford Health System.
Mscripts and Cardinal Health have not posted data breach notices to their websites.
The mscripts privacy policy on Henry Ford’s website indicates that PII, as well as PHI, may be collected by mscripts from users and their pharmacies. 
According to a UCHealth announcement posted to its website January 17, “Diligent provides hosted services to UCHealth and reported to UCHealth that Diligent’s software was accessed and attachments were downloaded including UCHealth files.”
The Colorado-based healthcare provider noted that electronic medical records and email systems were not part of the breach, but “some of UCHealth’s patient, provider or employee data may have been included in this incident.” 
UCHealth reported to OCR that 48,879 individuals were affected by the hacking incident, according to the agency.
The medical provider said the stolen data may have included:
Mailchimp announced on its website that on January 11 it identified an unauthorized actor had compromised administration tools and accessed 133 accounts, exposing customer data, through a second social engineering attack on the company in six months. 
The email marketing service provider temporarily suspended those accounts to protect user data. 
Mailchimp was first breached in April 2022, and threat actors were able to view around 300 user accounts and obtain audience data from 102 of them, as reported by the chief information security officer to the HHS cybersecurity program. 
As a result, HC3 warned healthcare organizations of phishing campaigns leveraged by the email marketing platform. 
While it is not a HIPAA-covered entity with a business associate agreement, a number of medical practice management applications integrate with Mailchimp, and a number of mail marketing service providers for doctors and providers work with Malchimp, Constant Contact and other email marketing platforms.
In the previous social engineering attack in August, Mailchimp specified that the 214 accounts affected were largely cryptocurrency and finance organizations.
However, DigitalOcean, a large cloud provider across industries, including healthcare, confirmed its clients had been affected by malicious password resets, and the provider migrated email services away from the platform.
Also, CloudSEK’s BeVigil research team released a December report that API keys for Mailchimp, along with Mailgun and Sendgrid, had been leaked, potentially allowing threat actors access to email conversations and potentially sensitive information.
“An API key leak in Mailchimp would allow a threat actor to read conversations, fetch customer information, expose email lists of multiple campaigns containing [PII], authorize third-party applications connected to a MailChimp account, manipulate promo codes and start a fake campaign and send emails on behalf of the company,” according to Business Standard’s coverage of the report.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS publication.
More Whitepapers
More Webinars

© 2023 Healthcare IT News is a publication of HIMSS Media

source

On January 19, 2023, reports began to surface about a potential Zendesk data breach. While the company has yet to publicly confirm that it was the target of a cyberattack, some of the company’s customers report receiving emails informing them of a data breach. Based on the currently available information, the incident resulted in an unauthorized party gaining access to certain clients’ account information. After confirming that consumer data was leaked, Zendesk began sending out data breach notification emails to all individuals and businesses that were impacted by the recent data security incident.
If you received a data breach email from Zendesk, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Zendesk data breach, please see our recent piece on the topic here.
The available information regarding the Zendesk breach comes from various news sources, several of which contain first-hand accounts of Zendesk customers. According to these sources, on October 25, 2022, Zendesk learned that several of the company’s employees were targeted in an SMS phishing campaign. Evidently, the attack resulted in an unauthorized party obtaining several Zendesk employees’ login credentials.
In response to learning about this incident, Zendesk enlisted the assistance of a cybersecurity firm to assist with the company’s investigation and review of all compromised unstructured data. The investigation confirmed that “unstructured data from a logging platform from September 25, 2022 to October 26, 2022 was accessed.”
Upon discovering that sensitive data was made available to an unauthorized party, Zendesk began to review the affected files to determine what information was compromised and which consumers were impacted. By January 12, 2023, Zendesk had at least partially completed its review of the affected files, notifying some customers that their account service data was compromised.
Subsequently, Zendesk sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. As of the time of publishing, Zendesk has not filed official notice of a data breach, and the total number of data breach victims remains unknown. However, the Zendesk breach was only reported a few weeks ago, and additional information may soon become available.
Founded in 1007, Zendesk is a developer of customer relationship management software based in San Francisco, California. Through its various products, Zendesk helps businesses of all sizes provide a better customer experience. Zendesk currently has approximately 100,000 customers across 160 countries and territories. Zendesk employs more than 6,000 people and generates approximately $1.6 billion in annual revenue.
See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Console and Associates, P.C. | Attorney Advertising
Refine your interests »
Back to Top
Explore 2022 Readers’ Choice Awards
Copyright © JD Supra, LLC

source

Search

UCHealth was recently informed by Diligent Corporation, a software company that provides business operations tools for UCHealth and other organizations, that Diligent experienced a security incident that impacted data held by Diligent on its servers. Some of UCHealth’s patient, provider or employee data may have been included in this incident.
Diligent provides hosted services to UCHealth and reported that Diligent’s software was accessed, and attachments were downloaded including UCHealth files.
Importantly, UCHealth’s systems, including its electronic medical record, were not impacted by this incident.
UCHealth values its patients, employees and providers, and protecting their data is a top priority. Though we have no reason to believe the person who took the data from Diligent’s system shared or misused it in any way, we are sharing this security incident so individuals may protect themselves by watching for any suspicious activity or possible identity theft. Individuals who may be involved are being notified per state and federal reporting requirements.
Information involved varied based on the type of attachments downloaded by the cybercriminal and may have included name, address, date of birth and treatment-related information. In very limited cases, Social Security numbers and financial information, such as banking information, may have been involved.
We apologize for the concern and inconvenience this data breach may cause, and we remain committed to safeguarding our patients’, employees’ and providers’ information.
Diligent says it has taken additional steps to protect its data and prevent this type of attack from happening again.
Additional information is available on UCHealth’s website. Individuals can get information on protecting themselves from identity theft from the notice potentially involved individuals receive in the mail, from the Federal Trade Commission, by visiting the Colorado Attorney General’s Stop Fraud website, or by calling 877.ID-THEFT (877.438.4338). National credit reporting agencies can be contacted at:
 
1-866-349-5191
www.equifax.com
P.O. Box 740241
Atlanta, GA 30374
1-888-397-3742
www.experian.com
P.O. Box 2002
Allen, TX 75013
1-800-888-4213
www.transunion.com
P.O. Box 2000
Chester, PA 19016
 
Get the most popular stories delivered to your inbox monthly

 
Metro Denver
720.848.0000
Northern Colorado
970.495.7000
Southern Colorado
719.365.5000
Para información en español llame al
844.945.2500
Download the UCHealth App

source

RISK AND FINANCIAL ADVISORY SOLUTIONS
FIND AN EXPERT
TRENDING TOPICS
OUR WORK
CAREERS
Thu, Jan 26, 2023
David White
Data breaches have become an unfortunate reality of the digital world we live in. While there is no doubt that efforts can be made to mitigate the chances of a data breach, living in a completely data breach-free world is not realistic. Apart from having processes and technology in place to prevent data breaches, companies should also have a plan of action in case they do suffer a breach. 
One aspect of being prepared is understanding how vulnerable your industry may be to data breaches. Kroll handles thousands of incidents every year and in its Data Breach Outlook – Year in Review, it has ranked which industries continually top the charts. 

In 2022, health care overtook finance as the most breached industry, accounting for 22% of the breaches handled by Kroll, compared to 16% in 2021; a 38% increase year over year. Finance dropped to second place with 19% of the cases in 2022, a 3% drop from 2021 where it accounted for 22% of breach cases.
Still in recovery from the pandemic, it is hardly surprising that the health care industry was particularly vulnerable to data breaches in 2022; at the very least, data management may have become less of a priority, potentially putting data at risk of exposure. The finance industry continued to report a substantial number of breaches, likely because of the regulatory obligations in the industry which increase the amount of data breach disclosure. But, for a similar reason, it was surprising to see insurance slip out of the top five in 2022.

It was interesting to see the proportion of breaches hitting industrial services double in 2022. This points to a wider trend of industries which have previously considered the data they hold as “less sensitive,” falling victim to data loss or cyberattacks, causing data compromise and consequently having to begin a notification process.
Other Notable Industry Shifts in 2022:

Further investigation into the data unveils some insights into how concerned consumers are in these respective industries about the data breaches in question. While health care may have suffered the largest proportion of incidents in 2022, the number of incoming calls related to these data breaches and the number of consumers which take up identity protection—often a combination of identity and credit monitoring—were still less than in the finance industry.
Findings Include:

This potentially reveals that consumers are more concerned about their financial data than personal data related to health care. While in both industries personally identifiable information is at risk, given those looking to utilize this information—often cybercriminals—are largely perceived to be doing so for financial gain, it is understandable that financial data would be perceived to be more sensitive than health information. In reality, however, much of the data gathered from health care organizations—for example, social security numbers—could be used to set up fraudulent accounts and transactions. Concern is not misplaced, given the amount of revenue researchers believe is generated from this type of stolen data. 


It is possible to extrapolate the interpretation of this data further to indicate what organizations should perhaps be prepared for following a data breach. Perhaps the high number of calls and the take up of identity monitoring from the financial industry indicates that consumers are not only concerned about their data but potentially unhappy about how it has been managed. It may be wise for those organizations in the finance industry which suffer a breach to get prepared for litigation. Alternatively, it may show that the consumer support being provided by the finance industry is both accessible and necessary. 
Understanding the drivers behind the Data Breach Outlook figures is subjective, and it is important that businesses combine this data with their own insight from talking to customers and market research. It is also true that while an industry may make up less of the overall number of data breach cases, it is not immune from the impact of a data breach and should similarly have playbooks if an incident was to occur.
This data may also be of interest to insurers looking to estimate the financial exposure of data breaches. A more engaged population of consumers impacted by a data breach could result in more identity monitoring and higher costs for the insurer and/or organization.
To understand more about how the data breach notification process works and what you can do ahead of time to ensure it runs as smoothly as possible with minimal financial and reputational damage, see this recent article on demystifying breach notification.
You may also be interested in reading our 2021 Data Breach Outlook – ‘Under-Attacked’ Industries Feel the Heat.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll’s data breach notification, call centers and monitoring team brings global breach response expertise to efficiently manage regulatory and reputational needs.
Services include drafting communications, full-service mailing, alternate notifications.
A notification letter can generate lots of questions for those affected by a data breach. Kroll’s call center services are provided by skilled representatives who know how to handle difficult questions and stand at the ready to serve your breached population.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll’s unique combination of identity monitoring services can detect more types of identity theft than credit monitoring alone, providing practical help to combat identity theft and fraud.
Credit monitoring can be a powerful tool to offer in the wake of a data breach. Kroll provides a monitoring alert system that’s backed by the expertise of our licensed investigator team.
Jan 23, 2023
by Stephen Green, Elio Biasiotto
Jan 16, 2023
by Jason N. Smolanoff, Megan  Greene
Jan 18, 2023
by Rahul Raghavan
Nov 08, 2022
by Laurie Iacono, Keith Wojcieszek,  George Glass
Apr 13 – Dec 07, 2023 | Online Event
55 East 52nd Street 17 Fl
New York NY 10055

+1 212 593 1000
Subscribe to Kroll Reports
Thank you! A confirmation email has been sent to you.
Sorry, something went wrong. Please try again later!
Sign up to receive periodic news, reports, and invitations from Kroll. Our privacy policy describes how your data will be processed.
© 2023 Kroll, LLC. All rights reserved. Kroll is not affiliated with Kroll Bond Rating Agency, Kroll OnTrack Inc. or their affiliated businesses. Read more.

source

Searching for your content…
In-Language News
Contact Us
888-776-0942
from 8 AM – 10 PM ET
News provided by
Jul 27, 2022, 00:01 ET
Share this article
60% of breached businesses raised product prices post-breach; vast majority of critical infrastructure lagging in zero trust adoption; $550,000 in extra costs for insufficiently staffed businesses
CAMBRIDGE, Mass., July 27, 2022 /PRNewswire/ — IBM (NYSE: IBM) Security today released the annual Cost of a Data Breach Report,¹ revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

The perpetuality of cyberattacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organizations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.
The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.
Some of the key findings in the 2022 IBM report include:
“Businesses need to put their security defenses on the offense and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.” said Charles Henderson, Global Head of IBM Security X-Force. “This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked.”
Over-trusting Critical Infrastructure Organizations
Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments’ cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM’s report reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and healthcare companies amongst others.
Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation’s cybersecurity, only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report. Add to that, 17% of breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.
Businesses that Pay the Ransom Aren’t Getting a “Bargain”
According to the 2022 IBM report, businesses that paid threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay – not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs – all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts and looking at potential federal offenses.
The persistence of ransomware, despite significant global efforts to impede it, is fueled by the industrialization of cybercrime. IBM Security X-Force discovered the duration of studied enterprise ransomware attacks shows a drop of 94% over the past three years – from over two months to just under four days. These exponentially shorter attack lifecycles can prompt higher impact attacks, as cybersecurity incident responders are left with very short windows of opportunity to detect and contain attacks. With “time to ransom” dropping to a matter of hours, it’s essential that businesses prioritize rigorous testing of incident response (IR) playbooks ahead of time. But the report states that as many as 37% of organizations studied that have incident response plans don’t test them regularly.
Hybrid Cloud Advantage
The report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.
The report highlights that 45% of studied breaches occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43% of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs². Businesses studied that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains.
Additional findings in the 2022 IBM report include:
Additional Sources
About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force^® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development, and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.
Press Contact:
IBM Security Communications
Georgia Prassinos
[email protected]
¹ Cost of a Data Breach Report 2022, conducted by Ponemon Institute, sponsored, and analyzed by IBM
² Average cost of $4.53M, compared to average cost $3.87 million at participating organizations with mature-stage cloud security practices
SOURCE IBM
More news releases in similar topics
Cision Distribution 888-776-0942
from 8 AM – 9 PM ET

source

January 27, 2023
Telecommunications company Charter Communications said one of its third-party vendors suffered from a security breach after data from the company showed up on a hacking forum.
On Thursday, a forum user posted information allegedly stolen from the company that included names, account numbers, addresses and more for about 550,000 customers. 
“We are aware of the post and following our security protocol in response. The initial evidence suggests that one of our third-party vendors had a security breach,” a spokesperson said. “At this time, we do not believe that any customer proprietary network information or customer financial data was included.”
The spokesperson did not respond to follow-up questions about what third-party vendor was hacked, when the hack occurred or when affected customers will be notified. 
Charter Communications is the second largest cable operator in the U.S. and fifth largest telephone provider – with more than 32 million customers in 41 states. On Friday, it reported nearly $14 billion in revenue for the last quarter of 2022. 
The hacker post says the database includes a range of information on repairs and sales. 
IntelBroker has added the database of Charter Communications (https://t.co/m9djfZPZl0) to the hacker's forum, claiming that it contains 550K user records including AcctountNumber, UniqueID, address, and so on.#USA 🇺🇸#darkweb #deepweb #databreach #cyberrisk pic.twitter.com/LIYZti0T2q
The breach comes just two weeks after the Federal Communications Commission voted unanimously to investigate potential changes to the breach notification rules for telecommunications companies.
FCC Chairwoman Jessica Rosenworcel said the rules the agency created more than 15 years ago are no longer compatible with a modern world where telecommunication carriers have access to a “treasure trove of data about who we are, where we have traveled, and who we have talked to.”
In a 40-page proposal document, the FCC explained that there have been multiple breaches affecting the country’s largest telecommunications companies: Verizon, T-Mobile and AT&T. 
“The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” Rosenworcel said. 
“This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

Threat Intelligence
Threat Intelligence Feeds
Threat Intelligence Platform
Payment Fraud Intelligence
© Copyright 2023 | The Record from Recorded Future News

source

Cloud storage company Dropbox has suffered a data breach after its employees were targeted by a phishing attack.
The attack, which took place on October 14, saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees and gain access to Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to access Github. 
Through the attack, the hacker gained access to some of the code Dropbox stores using the platform, including API keys used by its developers.
Dropbox was alerted to the breach by GitHub after suspicious activity was noticed on its account. The hacker was able to access and copy the code for 130 of Dropbox’s code repositories, although this did not contain any code for its core apps or infrastructure.
In a statement, Dropbox assured users that the threat actor did not gain access to the contents of any Dropbox accounts, passwords or payment information. Instead, the hacker was able to access a “few thousand names and email addresses belonging to Dropbox employees, current and past customers, sales leads and vendors”. The company said the risk to those who had their information accessed in the breach was “minimal” but has contacted all those affected.
Github itself reported a similar phishing attack on September 16, which also involved a malicious actor posing as CircleCI to gain access to various user accounts.
The phishing site used by the hacker relayed time-based-one-time-passwords (TOTP) two-factor-authentication codes to the hacker in real time, allowing them to gain access to accounts protected by TOTP two-factor authentication. Accounts protected by hardware security keys were not vulnerable to this attack.
Through the attack, the malicious actor was able to gain access to and download multiple private code repositories and use techniques to preserve their access to the account even in the event that the compromised user or organization changed their password. 
01 March, 2023
Online
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
15 March, 2023
Online
March 21, 2023
Free CS Hub Online Event
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-04-12
10:00 AM – 11:00 AM EST
2023-03-15
10:00 AM – 11:00 AM EST
2023-03-15
10:00 AM – 11:00 AM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

Why Cybersecurity Regulations And Oversight Are As Important As Safety Standards In The Modern Workplace  Forbes
source

Founded in 1993 by brothers Tom and David Gardner, The Motley Fool helps millions of people attain financial freedom through our website, podcasts, books, newspaper column, radio show, and premium investing services.
Founded in 1993 by brothers Tom and David Gardner, The Motley Fool helps millions of people attain financial freedom through our website, podcasts, books, newspaper column, radio show, and premium investing services.
You’re reading a free article with opinions that may differ from The Motley Fool’s Premium Investing Services. Become a Motley Fool member today to get instant access to our top analyst recommendations, in-depth research, investing resources, and more. Learn More
For more crisp and insightful business and economic news, subscribe to The Daily Upside newsletter. It’s completely free and we guarantee you’ll learn something new every day.
Fancy a firewall, mate?
Manchester-based retailer JD Sports is the latest victim in a string of cyber attacks on major UK entities this month. So far, hackers have descended upon retail, postal delivery, fast food, and news outlets.
On Monday, JD Sports announced that the data of 10 million customers — including names, addresses, emails, phone numbers, and the last four digits of payment cards — were exposed in a recent cyberattack. The company said it doesn’t save full payment info and that there is no reason to believe customers’ online passwords have been obtained. So for now, patrons can rest easy.
The hack might have limited effects on JD’s bottom line. People still need a place to get their Air Jordans, and the company expects to surpass $1 billion in sales for the first time next fiscal year, but the pilfering speaks to growing concern over cyber attacks in the UK. Though not quite fire sale territory, it appears hackers are diversifying their victims:
Gone Phishin’: In 2022, the UK was hit by the third most cyber attacks, right after Canada and the US, according to NordLocker. The UK National Cyber Security Centre has warned that more spear-phishing scams from Russian and Iranian state-sponsored groups are likely to come. Spear-phishing is a very targeted form of cyber attack, often involving emails that appear to be from people or businesses you’re familiar with. It’s slightly more clever than the old Nigerian Prince scam. A word of advice, if your “boss” sends you an odd email asking you to open a link and enter sensitive information, don’t do it. Your real boss will thank you for keeping the company out of harm’s way.
Invest better with The Motley Fool. Get stock recommendations, portfolio guidance, and more from The Motley Fool’s premium services.
Making the world smarter, happier, and richer.

Market data powered by Xignite.

source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
Actions to Take Today to Protect ICS/SCADA Devices:
• Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible.
• Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to mitigate password brute force attacks and to give defender monitoring systems opportunities to detect common attacks.
• Leverage a properly installed continuous OT monitoring solution to log and alert on malicious indicators and behaviors.
The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices, including:
The APT actors have developed custom-made tools for targeting ICS/SCADA devices. The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network. Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions.
DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to implement the detection and mitigation recommendations provided in this CSA to detect potential malicious APT activity and harden their ICS/SCADA devices. 
Click here for a PDF version of this report. 
APT actors have developed custom-made tools that, once they have established initial access in an OT network, enables them to scan for, compromise, and control certain ICS/SCADA devices, including the following:
The APT actors’ tools have a modular architecture and enable cyber actors to conduct highly automated exploits against targeted devices. The tools have a virtual console with a command interface that mirrors the interface of the targeted ICS/SCADA device. Modules interact with targeted devices, enabling operations by lower-skilled cyber actors to emulate higher-skilled actor capabilities.
The APT actors can leverage the modules to scan for targeted devices, conduct reconnaissance on device details, upload malicious configuration/code to the targeted device, back up or restore device contents, and modify device parameters. 
In addition, the APT actors can use a tool that installs and exploits a known-vulnerable ASRock-signed motherboard driver, AsrDrv103.sys, exploiting CVE-2020-15368 to execute malicious code in the Windows kernel. Successful deployment of this tool can allow APT actors to move laterally within an IT or OT environment and disrupt critical devices or functions.
The APT actors’ tool for Schneider Electric devices has modules that interact via normal management protocols and Modbus (TCP 502). Modules may allow cyber actors to:
Refer to the appendix for tactics, techniques, and procedures (TTPs) associated with this tool.
The APT actors’ tool for OMRON devices has modules that can interact by:
Additionally, the OMRON modules can upload an agent that allows a cyber actor to connect and initiate commands—such as file manipulation, packet captures, and code execution—via HTTP and/or Hypertext Transfer Protocol Secure (HTTPS). 
Refer to the appendix for TTPs associated with this tool.
The APT actors’ tool for OPC UA has modules with basic functionality to identify OPC UA servers and to connect to an OPC UA server using default or previously compromised credentials. The client can read the OPC UA structure from the server and potentially write tag values available via OPC UA.
The threat from this tool can be significantly reduced by properly configuring OPC UA security. Refer to the Mitigations below for more information. 
Refer to the appendix for TTPs associated with this tool.
Note: these mitigations are provided to enable network defenders to begin efforts to protect systems and devices from new capabilities. They have not been verified against every environment and should be tested prior to implementing.
DOE, CISA, NSA, and the FBI recommend all organizations with ICS/SCADA devices implement the following proactive mitigations:
For additional guidance on securing OT devices, see 
For additional guidance on securing OPC UA enabled devices, see: 
For more information on APT actors’ tools and TTPs, refer to: 
The information in this report is being provided “as is” for informational purposes only. DOE, CISA, NSA, and the FBI do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the DOE, CISA, NSA, or the FBI, and this guidance shall not be used for advertising or product endorsement purposes.
The DOE, CISA, NSA, and the FBI would like to thank Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric for their contributions to this joint CSA.
See tables 1 through 3 for TTPs associated with the cyber actors’ tools described in this CSA mapped to the MITRE ATT&CK for ICS framework. See the ATT&CK for ICS framework for all referenced threat actor tactics and techniques.
Table 1: APT Tool for Schneider Electric ICS TTPs
 
Table 2: APT Tool for OMRON ICS TTPs
 
Table 3: APT Tool for OPC UA ICS TTPs
All organizations should report incidents and anomalous activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. For NSA client requirements or general cybersecurity inquiries, contact the Cybersecurity Requirements Center at 410-854-4200 or Cybersecurity_Requests@nsa.gov. 
April 13, 2022: Initial Version|April 14. 2022: Added Resources|May 25, 2022: Added Additional Mitigations and Resources

source