Kansas urgent care provider confirms over 220,000 patient’s data swiped in a cyberattack

Posted in Commentary with tags on March 11, 2025 by itnerd

Sunflower Medical Group, a Kansas healthcare provider with multiple urgent care facilities, confirmed a cyberattack on December 15th exposed sensitive information from nearly 221,000 of its patients. 

The company said it initially discovered the breach on January 7, but the investigation revealed that hackers had been inside their systems since mid-December and made copies of Sunflower’s files.

Data potentially impacted includes: 

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Driver’s license numbers
  • Medical information
  • Health insurance information

The Rhysida ransomware gang took credit for the attack in January on its dark web leak site with proof of claims, threatening to leak the stolen data if a ransom of about $800,000 was not paid.

When Rhysida leaked the data, they claimed they had 7.6 TB, consisting of 5,277,062 files. A DataBreaches investigation found that entire backups were included, as well as folders with patient data.

Lawrence Pingree, VP, Dispersive:

“Systems and Identities must be segmented properly, to eliminate lateral movement and authentication without multi-factor can leave you vulnerable. Rapid backup and restore is also important to help defend against ransomware.”

While the number isn’t huge by 2025 standards, this is still very bad. And it will get worse for those affected as the data that was swiped will undoubtably be used in secondary attacks. Which means that this will have knock on effects for a long time to come.

Leave a comment »

Backblaze Selects Cologix to Expand Delivery of High-Performance Cloud Storage Solutions

Posted in Commentary with tags on March 11, 2025 by itnerd

Cologix today announced Backblaze, a publicly traded cloud storage company, has deployed its services at Cologix’s TOR3 digital edge data center in Toronto. This deployment features a high-capacity setup with dedicated power and a direct fiber connection to Cologix’s TOR1 digital edge data center, Canada’s largest carrier hotel, providing fast access to multiple network providers and TorIX.

Backblaze’s expansion into TOR3 marks a significant step in ensuring data sovereignty compliance for businesses operating in Canada. This collaboration allows Backblaze to offer cloud storage solutions that meet strict local regulations, enabling companies to store and process data within Canadian borders.

The move aligns with the rapidly expanding Canadian cloud services market, which is driven by industries such as healthcare, finance and government that often require data to remain within national borders. Backblaze’s presence in TOR3 demonstrates its commitment to supporting businesses in their digital transformation efforts while ensuring adherence to Canadian data sovereignty requirements.

Strategically located in downtown Toronto, TOR3 is a 20,000-square-foot, Tier III facility with two megawatts of power. TOR3 is a highly secure and efficient colocation and interconnection hub that features industry leading cooling designs, robust 24/7 security with biometric dual authentication access, and compliance with SOC 1, SOC 2, HIPAA and PCI-DSS as well as ISO 27001 certification by Schellman. It also provides diverse, high-capacity connectivity to 160+ networks and 50+ cloud providers.

Over the past decade, Cologix has significantly expanded its Canadian operations, extending its leadership in the country’s data center market. The company now operates a portfolio of 22 data centers across Montréal, Toronto and Vancouver, providing 1,057,000 square feet of space and 94MW of power. Cologix also has a robust Canadian interconnection ecosystem of 350 networks, 200+ cloud providers, 15 public cloud onramps and three internet exchanges. Currently, Cologix is the leading provider of public cloud onramps in Canada, including Amazon Web Services® Direct Connect, Google Cloud Interconnect, IBM Cloud, Microsoft® Azure ExpressRoute and Oracle FastConnect.

Leave a comment »

Zoho Launches Projects Plus

Posted in Commentary with tags on March 11, 2025 by itnerd

 Zoho Corporation today launched Projects Plus, a flexible, collaborative new platform providing data- and intelligence-driven project management for mid-sized and large organizations. Through native integration of four key Zoho applications—Projects, WorkDrive, Analytics, and Sprints—Projects Plus enables asynchronous collaboration, seamless file management, real-time business intelligence, and Agile or Waterfall workflows.

Building on Zoho Projects, which doubled its revenue growth in 2024 due to migration away from third-party apps, with 55% of new users migrating from Microsoft Projects and JIRA, Projects Plus drives superior value to mid-sized and enterprise organizations by addressing their operational complexity. Projects Plus, now a platform, expands across four key areas: data democratization, AI, hybrid project management, and collaborative work management. While 18% of Enterprise customers deployed both Zoho Projects and Zoho Analytics, Projects Plus directly addresses these advanced needs by consolidating the two, and more, into a singular, efficient solution.

Business Intelligence Leading to Project Democratization

Project management is rapidly evolving with the advent of Data-Driven Project Management (DDPM), shifting from intuition-based decisions to a focus on data and analytics. Projects Plus utilizes this approach, harnessing data across various aspects, such as time tracking, budgeting, task completion, and team and deliverability metrics and transforming them into actionable insights for smarter decision making. This includes:

  • Predictive Analysis: Using historical data to predict risks, estimate timelines, and anticipate resource needs, predictive analysis is essential for forecasting future project outcomes and allows for proactive project planning and risk management.
  • Progress Tracking and Bottleneck Analysis: Traditional project management relied on static tools like Gantt charts to track project progress. With analytics, project managers can now utilize real-time dashboards that provide dynamic and up-to-date insights into project status.
  • Quality Control Analytics: Analytics can be employed to implement robust quality control measures throughout the project lifecycle. By analyzing data related to project deliverables, project managers can ensure that each component meets predefined standards.

Easier, Faster, Stronger Project Management with Zia

Advanced AI/ML capabilities introduced to Projects Plus via Zia, Zoho’s in-house AI engine, automate complex data analyses and provide predictive insights, reshaping the role of project managers into strategic, data-savvy leaders and allowing for:

  • Improved Efficiency and Productivity: By analyzing data on project performance, businesses can identify areas where processes can be streamlined and optimized. For example, data analytics can reveal bottlenecks in the project timeline, take corrective action, and keep the project on track.
  • Smarter Resource Allocation: Determine where resources are being underutilized or overutilized to optimize resource allocation and employ the right people to the right tasks by taking their skills into account.
  • Accurate Forecasting and Planning: Make more accurate predictions about future project outcomes and adjust plans accordingly to avoid delays and cost overruns, leading to more successful projects overall.

Projects Plus integrates easily across Zoho’s extensive software suite as well as third-party software including Microsoft Office 365, Google Workspace, and popular repository management, collaboration, customer service, and analytics tools.

Pricing and Availability

Projects Plus is available for immediate use globally. Projects Plus is priced at Canadian $20 per user per month, 27% lower than combining Projects, Sprints, Workdrive and Analytics a la carte. For regional pricing, go to https://www.zoho.com/projectplus/.

Leave a comment »

Allstate Sued by NY Over Data Breach And Security Lapses 

Posted in Commentary with tags , on March 10, 2025 by itnerd

New York state sued Allstate accusing the insurer’s National General unit of failing to report a data breach that exposed drivers’ license numbers, and lacking reasonable safeguards to protect drivers’ private information. From Reuters:

The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan.

James said National General’s poor data security led to back-to-back breaches in 2020 and 2021, when hackers targeting its online auto insurance quoting tools accessed license numbers of more than 165,000 New Yorkers and 199,000 people overall.

National General allegedly did not notify drivers or New York state agencies about the first breach, which occurred between August and November 2020, and needed three months to uncover the much larger second breach in January 2021.

James said National General violated the state’s Stop Hacks and Improve Electronic Data Security Act for failing to protect customer information, and violated state consumer protection laws by misleading customers about its data security practices.

The lawsuit seeks civil fines of $5,000 per violation, plus other remedies.

“National General’s weak cybersecurity emboldened hackers to steal New Yorkers’ personal data, not once but twice,” James said. “It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft.”

Erich Kron, security awareness advocate at cybersecurity company KnowBe4, commented:

“As organizations gather more and more information about individuals, the risk of data breaches continues to grow. For many people it feels as if every week contains some sort of news about a significant data breach, and in many cases these people are getting a bit of breach fatigue. Unfortunately, it seems that the amount of data around each person that is being lost in these breaches continues to grow, so it’s no longer just a name, address, and maybe a credit card number or phone number, but now a lot more personal information is included.

“Insurance organizations are well known for collecting and using credit information to influence rates, and to check credit they need to collect some rather sensitive data such as Social Security numbers. In addition, insurers are asking customers to install telemetry devices in their vehicles, or through their phone apps, to track their location, speed, time of driving, braking and acceleration data, and a laundry list of other bits of data that most people would probably prefer remains private.

“Given the amount of information collected, it is extremely discouraging to see organizations try to cover up breaches or fail to notify victims of breaches in a timely manner. By failing to notify the victims, bad actors can use the stolen data against the customers in a number of ways. One easy way a bad actor could use this against a customer is to contact them while pretending to be from the insurance company, then convincing them that they need to pay a bill, or that their bill has gone up due to their driving behaviors. If the scammer can reference a time and date when that person was actually driving the vehicle, it could have the effect of convincing the victim that this really is the insurance company contacting them, and that they need to pay this additional fee or have their insurance dropped.

“While we still seem to concern ourselves when Social Security numbers and other information like that is stolen, organizations seem not to value this other information in the same way, however it can be used against their customers easily. When a data breach occurs, organizations should contact the victims whose data has been stolen and provide them advice in a timely and actionable way. If

I have one word to say on this.

Good!

The thing is that some companies will only take cybersecurity seriously if the financial penalties and reputational damage are greater than covering up an incident. This is something that is proven to work in the EU. And it’s about time that that this approach is seen here in North America.

Leave a comment »

Twitter Was Actually A Victim Of A DDoS Attack

Posted in Commentary with tags on March 10, 2025 by itnerd

It appears that Elon Musk was shockingly telling the truth about Twitter being under attack today. I say that because of this:

Using the hashtag #takedowntwitter (the site’s former name before Musk bought the platform in November 2022), a BlueSky user who goes by the name ‘Puck Arks’ posted that a pro-Palestinian hacker group known as the Dark Storm Team has laid claim to Monday morning’s interruptions.

“#DarkStorm has confirmed that the DDOS attack against Twitter will continue throughout the day as a protest against Musk and Trump,” they posted, stating the attacks are expected to last for at least another four hours.

Musk’s platform has been experiencing intermittent outages worldwide since about 6:00 a.m. Eastern Time, impacting roughly 40,000 users in the US at its 10:00 a.m. peak, and about 10,800 X users in the UK.

“Due to Elon Musks and Donald Trumps blatant fascism and lack of humanity we as a digital army for the people will continue our peaceful DDOS protests against X formerly known as Twitter. Thank you for your love and support, Puck Arks in said his third post addressing the outages.

So who is Dark Storm? Let me help you with that:

According to a cyber risk intelligence report by Security Scorecard from 2023, Dark Storm has been busy claiming attacks “on targets both inside Israel and out” focusing on taking down Israeli infrastructure and advertising its actions on its Teleram channel created in August 2023.

The group appears to follow a hacktivist playbook similar to the pro-Russian KillNet gang, which spent most of 2023 targeting victims with DDoS attacks in support of Ukraine, until it decided to commercialize its operations in favor of a hacker-for-hire model.

I would suspect that these attacks will be ongoing. And Elon will have to figure out how to deal with them. And this is on top of his other problems, like Tesla stock falling off a cliff, Tesla sales falling off a cliff, and protests outside Tesla stores. And I’m not even going cover his numerous personal problems with his “baby mammas” as that’s way too much drama. It truly seems that Elon has 99 problems at the moment. And his problems are likely to grow.

UPDATE: Roger Grimes, data-driven defense evangelist at cybersecurity company KnowBe4, commented:

“X was having widespread operational issues for over 8 hours. Even if it’s due to a massive cyberattack, service interruption for over 8 hours is unacceptable for a major platform. It’s the longest outage of a major platform I can remember in my over 36 year career, and there have been a lot of multi-hour outages.

“Every major platform knows it’s a target and plans accordingly. Certainly, such a major controversial platform has to have been planning for this. So the question is, “What went wrong? What did they not expect? What didn’t operate as expected?” The answer can’t be, “Well, this was just such a massive unexpected attack our response couldn’t handle it!” Nope. The answer has to be something that shows a mistake or an entirely new attack method the world isn’t aware of. Because users of the platform (and I’m one) and investors want to understand that it won’t happen again. And this isn’t the first time X has had operational issues. This is the first time it wasn’t self-inflicted. But now that X has been hit and taken down for basically a full day. how can they reassure users and investors that it won’t happen again?”  

Evan Dornbush, former NSA cybersecurity expert adds this:

  “Cybersecurity is not a cost, it is an investment. Preventing breaches, DDoS attacks, and other business impacts is more cost-effective than dealing with the inevitable, highly public, aftermath of one.

  “In this volatile employment market, there’s no shortage of highly talented and respected engineers who can help.”

UPDATE #2: Chris Hauk, Consumer Privacy Champion at Pixel Privacy, has provided the following comment:

“Small scale denial of service attacks like this are generally conducted by minor groups of hackers, as it is easier than ever to create a botnet for attacks like this. While the attacks may indeed be due to Musk’s recent actions, attacks on this scale generally do not come from major players, who do things on a much larger scale.”

Leave a comment »

Forrester Warns Quantum Security Isn’t Hype And You Should Prepare Now 

Posted in Commentary with tags on March 10, 2025 by itnerd

According to a new Forrester report, the commercial availability of quantum computers that can compromise traditional asymmetric cryptography is still five to 10 years away, but warns security and risk (S&R) professionals must assess and prepare for the impact of quantum security now.

Stefan Leichenauer, VP of Engineering at SandboxAQ, commented:

“The Forrester report is exactly right about the threat of quantum computers: in as little as five years we could see a quantum computer crack traditional cryptography, and because of “hack now, decrypt later” attacks, the vulnerability exists today.

“Even if we have doubts about whether a quantum computer will arrive in that timeframe—maybe you think it’s only a 10% chance—a modest probability of a trillion-dollar-loss event is still a big problem.

“We’ve seen a number of recent announcements from the quantum computing industry showing that the roadmap is advancing, so our confidence that quantum computers are coming has only gone up. Every organization needs to evaluate their cryptographic posture, which begins with a careful inventory of their use of encryption and then a crypto-agile migration to post-quantum key exchanges. It’s a multi-year process, so the time to start is now.”

This should make those who defend against attack take a more urgent approach to defending themselves. I say that because threat actors can pwn you now and try to make you pay later. Thus the play has to be is to avoid the pwn now part so that the pay later part is a non-issue.

Leave a comment »

Twitter Is Back Up….. But That’s Only The Start Of The Story

Posted in Commentary with tags on March 10, 2025 by itnerd

Earlier today, Twitter was down. As in it wasn’t working for anyone. And this went on for hours. But in the last hour it came back up. And as I type this, it seems to be mostly working. Though its not completely stable. At the time I said that Twitter themselves had not said anything about the outage. But that changed with this:

Now, you have to take anything that Elon says with a grain of salt because he loves to play fast and loose with the truth. But let’s pretend that he’s telling the truth in this case. This is a massive escalation in terms of forms of protest against Elon. Besides that, a cyberattack against Twitter would not be beyond the realm of possibility. Specifically a DDoS or a Distributed Denial of Service attack which I think is what Elon is getting at in his Tweet. If that’s true, then the level of traffic that would have to be directed at Twitter to take them down should be easy to spot. Thus we’ll get to the bottom of Elon’s claims soon enough.

Needless to say, this is still potentially a developing story and updates are sure to come.

1 Comment »

A Cyber Attack In Mission Texas Has Forced A State Of Emergency

Posted in Commentary with tags on March 10, 2025 by itnerd

Last week, the government of the border town Mission, Texas, declared a state of emergency after a February 28th cyberattack exposed all of the data held on city systems. The mayor made a statement on this situation:

The City of Mission, Texas, has suffered a cybersecurity incident such that the entire City computer server is at severe risk of a cyberattack that could release protected personal information, protected health information, civil and criminal records, and/or any and all other data held by the City of Mission and all departments within the City.

I have determined that this incident is of such severity and magnitude that extraordinary measures must be taken to alleviate the immeasurable and imminent cybersecurity incident. Pursuant to §418.00 of the Texas Government Code, I am requesting that you declare a state of emergency for City of Mission, Texas, and issue appropriate directives to deal with the emergency.

Furthermore, I am asking that successive proclamations be issued and remain in effect until the threat is contained.

Mission is located in Hidalgo County in the Rio Grande Valley of South Texas.

Willy Leichter, CMO, AppSOC: AI governance and application security expert had this to say:

  “Local government agencies are especially vulnerable to cyberattacks, and the impact can be as severe as any other type of physical emergency. When disaster strikes it’s reasonable to expect help from the state or even federal government. But this aid should focus just as much on prevention as recovery. Waiting for disasters and then scrambling to figure out what to do is a recipe for much more severe damage and higher costs. Unfortunately, from the top down, federal cyber protections are being dismantled which will inevitably put states and local governments at greater risk, and citizens will pay the price for greater damage.”

Yogita Parulekar, CEO Invi Grid follows with this:

   “This is not the first and will not be the last. Cities and counties must prepare themselves for this actively and urgently. Having business continuity for emergency services such as policing, fire, water, any healthcare as well as disaster recovery so that city services do not remain shut off for long periods is critical.”

This may not be the first time that a situation like this has happened, but declaring a state of emergency is as non trivial as something like this can get. This should serve as an example that if you get pwned by a threat actor, things can and often will get very bad for you. Thus you should put in as much time and effort to make sure that you don’t end up in a situation like this.

Leave a comment »

IPv4.Global Launches New Lending Program Using IP Addresses as Collateral

Posted in Commentary with tags on March 10, 2025 by itnerd

IPv4.Global, the world’s largest, most trusted and transparent IPv4 marketplace, today announced a first-of-its kind loan facility backed by the borrower’s IPv4 addresses as collateral. 

IPv4.Global’s offering is an important evolution of a financial product, building on the vehicle developed by Cogent, which offered notes secured by the revenues from their leased addresses with back up collateralization of the addresses themselves.

With IPv4.Global’s innovative IPv4 collateral lending structure, the asset itself is the collateral. Customers can now leverage their IPv4 addresses as collateral against a loan, securing needed funding while still having access to – and full use of – their IPv4 assets. In-place leases are not part of the collateral and so none are required.

IPv4.Global is the leading IPv4 address marketplace in the world. The transparent online marketplace is the definitive industry benchmark for IPv4 transactions and transfers. IPv4.Global works with customers to buy, sell, lease, and now borrow against IPv4 blocks, regardless of size, and has completed more transfers globally than any other provider, and its private sales channel manages both seller and buyer interests off-platform.

Leave a comment »

New KnowBe4 Report Reveals Stolen Credentials Emerge as Top Concern in Global Retail Sector

Posted in Commentary with tags on March 10, 2025 by itnerd

 KnowBe4 today released its “Global Retail Report 2025,” revealing a notable shift in cybercriminal tactics targeting the retail sector. The report finds that credential harvesting, which is often orchestrated through phishing attacks, has become the predominant threat, accounting for 38% of all compromised data in 2023, while payment card data theft dropped to 25%.

The research shows an alarming increase in cyberattacks in the retail sector, with attack frequency rising by 56% in 2023 compared to the previous year. This puts retail in the top five industries targeted by cybercriminals. The average cost of a retail data breach reached $3.48 million in 2024, an 18% increase from 2023.

Key findings from the report include:

  • Credential theft now accounts for 38% of all compromised data, while payment card theft dropped to 25%, making credential harvesting the leading threat in retail cyberattacks.
  • North America’s retail sector experienced the highest percentage of attacks (56%), while Latin America saw the second most at 32%, and Europe experienced 11% of attacks.
  • The U.S. retail sector accounted for 45% of global ransomware attacks despite representing only 28% of market share, making retail the second most targeted sector.
  • Conducting security awareness training and simulated phishing evaluations for one year or more can reduce the likelihood of employees falling for phishing attacks for organizations of all sizes.

The report demonstrates the significant impact of security awareness training on reducing human risk in retail organizations. Employee susceptibility to phishing attacks dropped from 42.4% to just 5.2% in large retail organizations, while small and medium-sized retailers saw similar improvements, with rates dropping to 4.7% and 4.5% respectively after one year of continuous training.

To download the full KnowBe4 Global Retail Report 2025, click here.

Leave a comment »

« Older Entries
Newer Entries »