Blog Post
April 2023 Cyber Event Roundup
May 2, 2023
Shields Health Care Group discloses March 2022 Data Breach
Shields Health Care Group, a medical imaging services provider, has disclosed that in March 2022 it suffered a data breach which exposed the data of 2.3M users. According to the forensic investigation, malicious actors had access to Shield’s network between March 7th to March 21st 2022, during which the attacker exfiltrated data which may include personal information of Shield users, such as Social Security numbers, diagnosis information, billing information, and more.
Kovrr Insights: No Additional Disclosures
According to Kovrr’s Cyber Incidents Database, the ransomware group Karakurt published Shields Health Care Group as one of their victims, with the company appearing on the Karakurt website on June 30th, 2022. From information available to Kovrr it cannot be determined whether the March 2022 attack was carried out by Karakurt, however no additional breach notification has been issued by Shields Health Care Group, other than for the incident reported above.
FBI Seizes Genesis Underground Marketplace
The FBI has seized the Genesis Marketplace, one of the largest and most popular Dark Web forums for various attacking tools, such as stolen cookies and credentials, and bots and other tools for initial access to victim networks.
The market, founded in 2017, included access to more than 400,00 bots, or compromised systems, and various stolen data which could be used to facilitate additional compromises. This takedown is one of several law enforcement takedowns of criminal underground infrastructure, and comes after the takedown of the BreachForums hacker underground site in March.
Kovrr Insights: Compromised Credentials
As written earlier, credentials are extremely important in order to carry out a successful cyber attack. Though this takedown is not expected to significantly hurt cyber criminal efforts in the long run, as Genesis will be replaced by other sources of credentials, it will hamper the efforts of cyber criminals, as one source for their most popular initial access vector has dried up.
To learn more about the risk of compromised credentials and internet-exposed assets, read Kovrr's report.
Magecart Steals Credit Card Data Through Realistic Checkout Pages
Magecart, a large cybercrime organization composed of multiple attack groups, which all specialize in attacks involving credit card data theft, have recently started using extremely realistic checkout forms to steal user credit card information.
The actors are able to hack online stores, and display pop-up checkout modals which look exactly like, or even better than the checkout modals of the original website. When a user is tricked into entering their credit card data in these modals, they are then presented with a fake error message and redirected to the real payment site, but only after their credit card details have been sent to Magecart servers.
Kovrr Insights: Fraud Frequency
According to data collected by Kovrr’s Cyber Incidents Database, the frequency of credit card fraud has increased by 37% between 2021 and 2022, with the loss rate of reported incidents increasing by 52%, from $173M in 2021 to $264M in 2022.