Security News Round-Up: Legal Services Provider Struck By Ransomware
News Round-Up – Get a Quick Rundown of What You Need to Know
Evolver’s Cyber News Round-Up looks into recent reports and journalism covering cyber threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @EvolverInc. Visit our cybersecurity services page to learn more about cyber risk assessment and threat protection.
Epiq Legal Services Provider Struck by Ransomware
On February 29th, the legal services company known as Epiq was struck with ransomware, causing the company to pull all systems offline around the world. According to Security Week, they are working with a third party to investigate and have not yet discovered reason to believe that any data was misused. Furthermore, it remains a mystery as to what strain of ransomware was used in the attack. Some sources claim that while the company has highlighted their strong security plan and team, their computers were failing to keep systems updated and running old versions of Windows, says the article. Epiq’s website currently remains offline.
SpaceX Contractor’s Sensitive Data Published Online
According to Info Security Magazine, an industrial and aerospace manufacturer known as Visser Precision had its internal documents containing sensitive data exposed online when posted by ransomware attackers. Visser Precision is a contractor for a number of popular companies including Tesla and SpaceX, Lockheed Martin, Boeing, and more. The ransomware used to steal the data was the DoppelPaymer version, which has also been used on Nunavut territory in Canada as well as Pemex, a petroleum company based in Mexico. Details on future products, NDAs, and more were all posted by the attackers, says Info Security Magazine.
600,000 Tesco Cards Replaced Due to Hacks
Around 600,000 loyalty cards are being replaced by UK supermarket Tesco due to hackers accessing them through a brute force method. The criminals had discovered the login information from other data breaches, allowing them to simply enter the data they had to hack the accounts, says Info Security Magazine. The incident highlights the dangers of using the same password amongst multiple websites, especially as data breaches continue to rise. Tesco revealed that they immediately restricted accounts that were affected from being accessed to give customers a chance to change their passwords.
$10 Million Fraud Committed by Ex-Microsoft Engineer
Voldymyr Kvashuk, an ex-Microsoft engineer, has been convicted after using the company’s online retail system to steal over $10 million. Kvashuk moved from the position of contractor to full-time engineer at Microsoft between 2016 and 2018, Bank Info Security says. He was instructed to test out the online retail system, which he ended up using his access to for stealing money for his own account at first and later to other accounts in larger sums. With the stolen funds, he made large purchases of a $160,000 Tesla vehicle as well as a $1.6 million lake house, according to the article. Kvashuk has been convicted of 18 charges relating to the scheme.
Suspects Walk Free After Ransomware Steals Police Evidence
Six suspected drug dealers were freed after a ransomware attack hit Florida’s Stuart Police Department, says Hack Read. In April 2019, the ransomware hit the department’s computers and made the evidence that could keep the six suspects in jail for years inaccessible. As a result, a grand total of 11 narcotics cases they were involved in had to be dropped, the article states. The attackers used Ryuk ransomware via a spearphishing delivery method and demanded $300,000 in Bitcoin as a ransom payment. There were 28 charges involved in the cases involving producing, selling, delivering, and possessing a variety of drugs.
200+ Million Record Database Exposes U.S. Property and Demographic Info
A database that contains the property and demographic information of U.S. citizens with over 200 million records was left exposed online without any password protection, as reported by The Hacker News. Personal data exposed includes names, emails, ages, addresses, ethnicities, credit ratings, employment, investment preferences, income, net worth, and more. As for property information included in the incident, the details were market value, mortgage amount, rate, type, and lender, refinance amount, rate, type, and lender, property type, previous owners, bedroom and bathroom numbers, tax assessment information, and year built, the article notes. Worsening the incident, researchers discovered the database on January 27th and not secured by the company until a month later by Google’s cloud team.