11
Jul, 2022
data_breach_175517129_400.jpg

A Look Back at Q1 2022’s Worst Data Breaches

data_breach_175517129_400.jpg

Despite their best efforts, cybersecurity can be a major cause for concern for all kinds of businesses and organizations. Even with a full team of cybersecurity professionals, data breaches can occur, and many of the worst data breaches of 2022 have been quite devastating. Let’s take a look at some of the worst ones so far.

We want to emphasize that data breaches can happen to anyone, not just high-profile businesses. You’ll need to invest not just in protecting your business, but also in training your staff. If you want some help with this, you can contact NuTech Services for any and all concerns with your cybersecurity.

January 2022

Crypto.com

January 17 saw the cryptocurrency market become the target of a hacking attack. In this particular attack, 480 users’ cryptocurrency wallets on Crypto.com were targeted, with the hackers making off with $18 million in Bitcoin and $15 million in Ethereum and other currencies. The hackers managed to bypass the two-factor authentication to gain access to these wallets.

Tourisme Montreal

A hacking group called Karakurt targeted Montreal’s tourism agency. This hacking group became known all over the world for its extortion tactics, stealing data and demanding payment, threatening to release the data if the victim didn’t pay up. Over 60 million people were affected by this prolonged six-month attack.

Bernalillo County, New Mexico

Bernalillo County became the victim of a ransomware attack that forced the county office to close during the first week of January. This attack prevented employees from accessing local databases, which in turn kept them from doing their jobs. As a result, the county implemented cybersecurity policies and invested $2 million in revamping their computing infrastructure.

Ukraine

Before Russia invaded Ukraine, the latter was targeted by a cyberattack threatening the Ukrainian government that they should “be afraid and wait for the worst.” This attack brought down the Ministry of Foreign Affairs and other agency databases, and Ukrainian citizens were directed to the nation’s social media channels until the issue was taken care of.

February 2022

GiveSendGo

A Christian fundraising website called GiveSendGo became the target of a politically motivated data breach. The hackers redirected visitors to the Canadian Freedom Convoy protestors, all while posting the personal information of the 90,000 donors to the Freedom Convoy on the website.

Oiltanking Deutschland GmbH & Co.

A major supplier of fuel for Germany, Oiltanking Deutschland GmbH & Co., was forced to declare “force majeure” and scale back operations following a cyberattack. This declaration resulted in them being absolved of their contractual obligations for a limited time. This incident is estimated to cause the company over $4.5 billion in ransomware demands, downtime, and other costs.

Wormhole

A blockchain company called Wormhole had about $324 million in cryptocurrency stolen by hackers, resulting in a loss of 120,000 wETH (wrapped Ethereum). The company went offline to handle maintenance with a loss of millions of dollars. The company even put out a bug bounty of $10 million to learn more about the cause of the hack.

Washington State

Over 250,000 Washington residents had their personal data exposed as a result of the Washington State Department of Licensing database breach. They had to momentarily shut down their POLARIS system thanks to the breach. Some of the data stolen included personal and financial information for any vocation in Washington that needed a license.

San Francisco 49ers

The NFL team became the target of a ransomware attack, resulting in hackers making off with some of the team’s financial data. The hacking group responsible, BlackByte, gave the 49ers enough of a shock to restructure their entire cybersecurity strategy (but not before paying the ransom).

Ukraine

In the moments leading up to the Russian assault on Ukraine, websites for the Ukrainian army, the defense ministry, and most of their major banks were brought down. 

OpenSea

In a heist involving hundreds of NFTs and $1.7 million, users on the peer-to-peer networks of OpenSea were tricked into signing a malicious payload that authorized free gifts of NFTs back to the hacker.

March 2020

Viasat

Millions of broadband subscribers in eastern Europe lost access to their Internet networks as a result of a major cyberattack against Viasat. The company confirmed that it was indeed a cyberattack that brought down these connections—a DDoS attack, specifically.

Samsung

A hacking collective called Lapsus$ managed to steal 190GB of proprietary information from Samsung. The hacking group also teased the hack on social media claiming that they had “confidential Samsung source code.”

At Least Six US States

A cyber attacking group, called APT41, sponsored by the Chinese government took over the computing infrastructures of at least six U.S. states. This breach was a supposed espionage mission carried out by some of the most wanted cybercriminals out there.

Ubisoft

Ubisoft, a France-based video game developer, had its operations disrupted for several days following a cyberattack. Although no personal information was stolen, it became clear later on that Lapsus$ were the culprits behind the attack.

Israel

The Israeli government had their websites taken offline for over an hour thanks to a cyberattack. It was so bad that the National Cyber Directorate declared a state of emergency. It is thought that it was a state-sponsored DDoS attack.

Jefferson Dental and Orthodontics

Jefferson Dental and Orthodontics became the target of a data breach that affected over a million Texans. Hackers stole Social Security numbers, driver’s license numbers, health information, and financial data.

Microsoft

Lapsus$ struck again when it leaked the source code for Microsoft’s Bing search engine and Cortana personal assistant. All it took was compromising a single account. Microsoft was able to shut down the operation before more was stolen.

ELTA

The National Postal Service for Greece was hit by a ransomware attack. Even though the hack was caught early on, operations were brought to a halt. Over 1,400 physical locations were affected, and operations had to be shut down for some time.

Axie Infinity

A cryptocurrency startup tied to Axie Infinity became the target of hackers, resulting in a loss of $540 million. Hackers gained access through the game and emptied users’ crypto accounts, something which became the second largest cryptocurrency theft thus far.

These attacks were the result of various threat methods and actors, proving that your organization cannot overlook anything security-related. NuTech Services can protect your business and help you implement better security practices and solutions. To learn more, reach out to us at 810.230.9455.

22
Apr, 2022
dataTransfer_437810489_400.jpg

Data Scraping Explained

dataTransfer_437810489_400.jpg

There are times when you, as a business owner, might receive unsolicited emails from organizations asking you to try a product or asking for your input on something. More likely than not, the one responsible used data scraping to get your contact information. If it’s used appropriately, data scraping can be an effective marketing tool, but it can also be utilized by scammers to make your life miserable.

What is Data Scraping?

Data, or web scraping, is when you export data from a web page to a spreadsheet or local file. Chances are that this is the method you’ve used when taking data off the Internet or a web page. Basically, it’s as simple as data transfer, taking it and moving it to a different location in the form of a file on your computer. This file can be manipulated and adjusted as needed. It’s not the best method of transferring data, but it’s useful for certain situations.

How Can It Be Used?

Here are some of the ways an average business might use data scraping:

  • Comparing the costs of various goods, products, or services in one single document.
  • Conducting market research to generate new leads; this is primarily for public data sources, as depending on the location, data scraping of directories, websites, or social media can be illegal.
  • Researching web content for the purposes of building up your business.
  • Gathering data for easy analysis and providing it with structure

There are other uses for data scraping, but this should give you a broad general understanding of how it might be used by businesses. It can help you find the best deal on a product, research your competitors, compile data from a web source, and so on. There are plenty of tools out there that can make the process easy and efficient—just get in touch with us and we can point you in the right direction.

What About Hackers?

Data scraping can be used by people for email harvesting, particularly when it comes to scammers and hackers. Many organizations house employee contact information in a publicly available directory on their websites. If someone can scrape this information, they can sell it to spammers and hackers, and you don’t need us to tell you that this information being used in spam and phishing campaigns is bad news. Plus, depending on the location, using this information for commercial purposes is illegal, and it leaves a bad taste in peoples’ mouths. This doesn’t stop scammers and spammers, though, so you’d best be on your guard.

We want to make sure that you stay apprised of the latest practices in business technology, so be sure to follow our blog! We cover interesting topics such as this, as well as other topics related to IT, cybersecurity, and technology best practices.