On average, cybercriminals strike once every 39 seconds, which means over 67,000 breach attempts were made last month alone. Those that are successful could have detrimental effects—especially those that target organizations through their vendors, suppliers and partners. While the magnitude is yet to be understood, here’s the rundown of the most significant data breaches in April 2021.
1. A sneak peek at Apple’s products was released after a manufacturer of the tech giant was targeted by hackers.
Topping the list of breach news of April is the ransomware attack against Quanta, a manufacturer based in Taiwan. As a supplier for many flagship Apple products, including its Macbook line of products, the incident is a prime example of hackers leveraging weaker systems to gain access into extremely valuable systems.
Led by Russian hacker group REvil, the gang accessed confidential data from Quanta’s servers. Some of the stolen blueprints, including those of unreleased products, have already been published on its website. With demands to buy back the data before the end of the month, Apple’s ransom was reported to come with a hefty price tag.
Using the Ransomware Susceptibility Index™, the latest addition to our cyber risk assessments, Black Kite researchers discovered a very high probability that Quanta would experience a ransomware attack. As an increasingly prominent issue across the supply chain, ransomware protection mechanisms are critical for any organization.
2. Another supply chain attack flew under the radar, impacting Procter & Gamble, Washington Post and more.
Approximately 29,000 customers were affected by another supply chain attack on San Francisco-based software auditing company, CodeCov. Discovered two months after the initial exploitation, a vulnerability in CodeCov’s Docker image creation process enabled threat actors to extract sensitive credentials from customers including Procter & Gamble, Washington Post, GoDaddy and more.
The event, like SolarWinds, is yet another example of adversaries targeting developers and programming software in order to launch malicious attacks on infrastructure. CodeCov said there was an ongoing federal investigation into the matter but declined to elaborate on its statement apart from the technical workarounds released on its website.
3. Passwords go unprotected as Click Studios gets striked by malware.
Click Studios, the software company behind Passwordstate, revealed a bad actor leveraged sophisticated malware techniques to infiltrate the In-Place Upgrades database. Only customers that performed In-Place Upgrades between April 20 – 22 were affected, according to the company’s statement. Following this hack, Click Studios has advised its worldwide customer base to begin upgrading passwords.
Password managers are a prime attack vector for any given supply chain because they touch multiple points in an enterprise. For “Passwordstate”, that meant its hackers gaining access into information around customers’:
- Local administrative accounts
- Active directories
- Credential management systems
- Remote sessions
- API integration
- Access control
- Two-factor authentication
Upon examining Click Studio’s cybersecurity posture, Black Kite researchers revealed signals that should have raised a red flag for Click Studios customers. Despite an overall “good” score, continuous monitoring would have raised issues surrounding fraudulent domains, email security and DNS security. This should have called for further analysis, especially given the sensitivity of the data exchanged Passwordstate.
4. Another File Transfer Application (FTA) was targeted, mirroring the Accellion attack that occurred earlier this year.
The Japanese Prime Minister’s Cabinet Office has been named among the first victims of a cyber attack against FileZen, a popular file-sharing network appliance from Soliton. The attackers worked similarly to the group behind the Accellion FTA incident, leveraging a combination of CVE-2020-5639 and CVE-2021-20655 vulnerabilities to breach online systems that weren’t protected behind a firewall.
5. A malware attack kept low-cost airlines grounded.
Following last month’s cyber attack on Star Alliance, another airline software vendor has become a victim of a third-party breach. On April 22, Radixx revealed that its reservation system was affected by a malware incident. Although reports revealed no direct impact on consumers, the incident disrupted the operations of 20 passenger airlines.
Some of the airlines affected included Peach Aviation and ZIPAIR in Japan, as well as Air Belgium, Sky Airlines in Chile, Air Transat Canada, Vietravel in Vietnam, Aero K Airlines in South Korea, Salam Air in Oman, FlySafair in South Africa, Air India Express, and Wingo in Colombia.
To stay updated on data breaches caused by third parties, check out our dedicated webpage.