Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Protect your personal financial information
Legitimate companies won’t ask you for your credit card number, bank account information, or other sensitive financial information by email or over the phone. If you are unsure about a message you’ve received, reach out to the company directly using a phone number you have sourced independently and trust – not the information included in the message.Â
VW America discloses third-party data breach affecting 3.3 million customers  Â
In a June 10 letter to the Attorney General of Maine, Volkswagen America disclosed that a data breach at a third-party marketing vendor exposed the personal information of some 3.3 million VW customers, most of whom are Audi car owners or prospective buyers. The personal information affects customers and prospects across Canada and the United States.Â
According to the letter, Volkswagen learned of the incident on March 10, 2021, but only confirmed in late May that personal information had been disclosed. The exposed data was gathered from customers from 2014 to 2019, while the breach took place between August 2019 and May 2021 (the vendor took two months to fix the problem after discovering an unsecured customer database in its network).Â
For the majority of the individuals affected, the breached data consists of Audi customer/prospect information including full name, mailing address, email address, and/or phone number; in some cases, extensive details about the vehicles associated with those individuals was also disclosed.Â
The letter advised the news was potentially worse for some 90,000 Audi customers or interested buyers. For them, the data disclosed also contained more sensitive information relating to vehicle acquisition eligibility, including financial details, driver’s license numbers and, in a few instances, date of birth, SIN or SSN, account or loan numbers, and tax identification numbers.Â
VW America started notifying the millions affected on June 11. Given the detailed nature of the data disclosed, the potential for targeted phishing attack is heightened; further, more “traditional” criminal elements like car thieves may take an interest in the catalog of recent and potential Audi owners.Â
Avaddon ransomware group closes its virtual doorsÂ
The threat actors behind Avaddon ransomware surprised the cybersecurity world this week after shutting down their operations. Most importantly, the group released decryption keys (available through Emsisoft at https://www.emsisoft.com/ransomware-decryption-tools/avaddon) for nearly 3,000 systems compromised by the ransomware over the last year. A complete user guide and instructions are provided.Â
There was no official statement or announcement from the threat actors: on June 11, the gang sent an email to the Bleeping Computer website with the decryption codes, and then quietly decommissioned its servers and dark web posting board, and profiles and posts from gang members disappeared from hacking forums.Â
Tempering any celebration is the news that the group may simply be on a hiatus. The Avaddon gang has come under intense scrutiny in recent weeks, as the high-profile ransomware attacks on Colonial Pipeline and JBS meat processors put key infrastructure cybersecurity in the spotlight. Disbanding temporarily may simply be an effort to elude law enforcement efforts to track the gang down.Â
Microsoft provides new incident response resources Â
Microsoft has released a series of incident response “playbooks” offering advice to business on how to defend against the most common cyber threats. The free, online guides were published in May in response to some of the global attacks seen over the last several months. Â
Microsoft has developed specific playbooks to help business respond to the attacks target recent flaws identified in hosted versions of Microsoft Server Exchange Server, and to manage Nobellium/Solorigate attacks.Â
Microsoft also provides documents on more generic attacks. They have recently released playbooks addressing phishing, password spraying, and granting application consent. Each guide provides readable, practical advice and useful security checklists aimed at preventing, preparing for, and investigating cyber attacks. Additional playbooks are planned for release later this year.Â
Understandably, they only focus on Microsoft technologies, but are still useful as a starting point for companies looking to develop incident response procedures, or as a double-check against existing internal resources and plans. Â
The playbooks are part of Microsoft’s Security Best Practices resource centre (formerly known as the Azure Security Compass or Microsoft Security Compass), a library of videos and online guides that are “designed to help you increase your security posture and reduce risk whether your environment is cloud-only, or a hybrid enterprise spanning cloud(s) and on-premises data centers”.Â
