efani.net | 3 Quad-Cities municipalities victim to cyber attacks

Scammers pretending to be Brandt Construction emailed a city of Rock Island accountant to update automatic payment information. After the fraudsters returned a form, the accountant called their company contact to confirm, following the city’s usual practices, only to discover it was fake. Scammers, that time, weren’t paid.

In Bettendorf, the city’s human resources director fielded an emailed request asking to change City Administrator Decker Ploehn’s direct deposit information. When the director, Kathleen Richlen, walked a paper form to Ploehn, he greeted her with surprise. He hadn’t requested a change. Again, the scammers were foiled.

In Rock Island County, scammers impersonating a construction company sent a June 1 email asking the county to update its banking information. The attached documentation looked convincing — a change-account document available on the county’s website and a letter from the vice president of commercial banking at Citizens Bank in Macomb, Ill., verifying the account and routing numbers. The county changed the information, and 18 days later wired $97,042 to the fraudulent account. A month later, another $18,061 was sent before the scam was discovered.

efani | Vestas Wind Systems has reported a data breach

Vestas Wind Systems has reported a data breach against its corporate IT systems that caused shutdowns across its business units.

Vestas Wind is gradually opening up its IT systems in the wake of shutdowns last Friday to contain the damage.

Danish Vestas Wind Systems, manufacturer, seller, installer, and servicer of wind turbines, which has recently been exploring ways to expand its UK operation, has reported an attack against its corporate IT systems that caused shutdowns across multiple business units and locations to contain the issue.

On Monday the company announced that some of its IT infrastructure and internal data have been compromised but also pointed out that according to preliminary findings, there is no indication that third-party operations including customer and supply chains have been caught up. The gradual and controlled reopening of all IT systems is already underway. Although the attack bears the hallmarks of a ransomware attack, Vestas refused to offer any information regarding the specific nature of the attack at this stage.

Ransomware attacks against critical infrastructure, especially healthcare and energy are becoming increasingly common, and cybersecurity experts have already indicated that green energy generators may become targets too.

Vestas, one of the world’s largest manufacturing companies already had a difficult year before the incident. In 2021, it has lowered its operating profit forecasts twice, taking it from 10 to 4 percent. Vestas blamed supply-chain issues and material prices for the deteriorating outlook – steel prices rose by almost 50 percent between the start of 2020 and October 2021. The fact that the price has crashed back down by 25 percent in the past few weeks may improve the company’s fortunes again and help it recover from the 2.63 percent share price drop it suffered on the Nasdaq Copenhagen following the IT breach update.

efani | United Health Centers of the San Joaquin Valley Data Breach

United Health Centers of the San Joaquin Valley announced on Friday it was the victim of a data breach incident that apparently began in August.

The Fresno-based federally qualified health center has a couple of dozen clinics in the Central Valley. The system delivers about 200,000 medical, dental, and other service encounters per year.

On Aug. 28, UHC experienced a disruption to certain computer systems that an investigation a day later determined “was caused by an encryption event.” UHC’s electronic health record system was not impacted.

“UHC worked expeditiously to restore its systems from available backups to avoid an interruption to patient care,” according to a news release.

On Sept. 22, UHC determined that some of its related data had been published to an unindexed website, more commonly known as the “dark web.” Information that may have been impacted includes demographic and clinical information such as names, addresses, dates of birth, Social Security numbers, diagnosis, provider, and medication information.

UHC is currently working with a third-party service provider to confirm the type and full scope of the incident.

“Once UHC has completed its investigation, which includes a detailed review of the potentially impacted data to determine the types of information involved and to whom it relates, UHC will provide written notice directly to impacted individuals,” according to a news release.

Catphishing Fake LinkedIn profiles| efani Partner TheNFG.com

Identity theft. Catphishing in LinkedIn.

Singapore fines travel service for a data breach.

Fake LinkedIn profiles: too real to be true.

Intelligence blogger @hatless1der discovered an operation in which fraudsters are taking advantage of the implicit trustworthiness of the professional networking platform LinkedIn. Scammers create profiles that seem aboveboard at first glance by using AI-created photos, a tagline involving consulting or hiring, recognizable employment history, believable endorsements, and a realistic network of connections. The giveaway is that many of the bios use exactly the same, generic, wording. What, exactly, the scammers are after is unclear, but users should be wary of connection requests from unfamiliar accounts.

 

efani | GoDaddy NYSE: GDDY Breach Leaks 1.2 Million WordPress Customers Data

Web hosting company GoDaddy Inc (GDDY.N) said on Monday email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed to unauthorized third-party access.

The company said the incident was discovered on Nov. 17 and the third party accessed the system using a compromised password.

“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Chief Information Security Officer Demetrius Comes said in a filing.

The company, whose shares fell about 1.6% in early trading, said it had immediately blocked the unauthorized third party, and an investigation was still going on.

In disclosures to the Securities and Exchange Commission, web registrar and hosting company GoDaddy has revealed that it discovered it had been hacked. The company says that it discovered an “unauthorized third party” had gained access to its Managed WordPress hosting environment. Anything up to 1.2 million users have seen their email address and customer number exposed, as well as admin passwords for both WordPress sites hosted on the platform, plus passwords for sFTPs, databases, and SSL private keys.

In addition, it says that it has reset the relevant credentials and will work with users to issue new SSL certificates. Comes ends his statement by saying that the company will, perhaps a little too belatedly, “learn from this incident” and will take steps to prevent such a breach from happening in the future.