Case Study

September Cyber Roundup

September 29, 2022
Download

Intercontinental Hotels Group allegedly breached by Vietnamese couple

Link: https://www.bbc.com/news/technology-62937678

Intercontinental Hotels Group (IHG) reported it was breached on September 6th, 24 hours after customers reported widespread issues with the hotel chain’s website. The alleged hackers contacted the BBC through Telegram, and said that they are a Vietnamese couple. The couple said that they accessed the company by finding that the master password for IHGs password vault was Querty1234. After gaining access, they attempted a ransomware attack which was thwarted by the company’s IT staff. As their ransomware attack was unsuccessful, the hackers performed a wiper attack, and deleted data from the company’s systems. 

Kovrr insights: industry benchmark

Once again, this simple but destructive attack shows the power of compromised or weak credentials. Through a single password, hackers were able to cause much financial and publicity damage to a large corporation. 

Breach exposes data of 2.5 million student loan records

Link: https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/

Nelnet Servicing, a servicing system and web portal provider, notified that it was breached on July 21st. As Nelnet provides services for EdFinancial and the Oklahoma Student Loan Authority (OSLA), the breach caused the exposure of 2.5 millions records held by both companies. It is unclear how Nelnet was breached - the company stated it was breached by a vulnerability, but no further details were provided. This is not the first time an Oklahoma public organization was breached. 

Kovrr insights: industry benchmark

Kovrr’s cyber incidents database includes several dozen breaches of Oklahoma public organizations, with an average breach cost of $595,000. 

Instagram fined 405M Euro by GDPR due to privacy settings for underage users.

Link: https://www.cpomagazine.com/data-protection/e405-million-gdpr-fine-for-instagram-over-privacy-settings-for-underage-users/

Instagram was fined 405M Euro by Ireland’s Data Protection Commission (DPC), after it was found that the company made the contact information of users aged between 13-17 public, including their email addresses and phone numbers. The investigation, which took two years to complete, handed Instagram the second highest GDPR fine to date. Meta, the parent company of Instagram, can appeal the fine. 

Kovrr insights: industry benchmark

Kovrrs’ cyber incidents database also includes a collection of GDPR fines, but data privacy and data breach related infringements. The average fine for these issues, for decisions made since January 2021, is 2.3M Euro, however fines vary greatly depending on the infringement, and on the size of the infringing company. 

Emotet botnet now used to push Blackcat and Quantum ransomware

Link: https://www.bleepingcomputer.com/news/security/emotet-botnet-now-pushes-quantum-and-blackcat-ransomware/

Emotet, one of the most widespread and effective botnet networks of recent years, is now using its network to download Blackcat and Quantum ransomware onto the devices of users infected with Emotet. The previous ransomware pushed by the network was Conti, which shut down in June of this year. 

Kovrr insights: industry benchmark

Kovrr’s cyber incidents database has observed 91 attacks by Blackcat and Quantum since the start of 2022, a number which is expected to greatly increase following the association with Emotet. Both actors have mainly been targeting organizations in the Education sector.

No items found.
Ask for a demo
Icon Name
Icon Mail
Icon Company
Icon Message
By providing my contact information and ticking the box below, I agree to Kovrr's Privacy Policy and consent to communications from kovrr at the contact information provided.
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.