| Section | Details |
|---|---|
| Threat Actors | Everest cybercrime gang |
| Campaign Overview | Data breach at STIIIZY, exposing customer IDs, passports, and personal information. The breach occurred between October 10, 2024, and November 10, 2024. |
| Target Regions (Victims) | Customers who bought products from STIIIZY locations in San Francisco, Alameda, and Modesto, California. |
| Methodology | Attackers compromised point-of-sale systems through weak credentials, unpatched vulnerabilities, and phishing, acquiring personal data. |
| Product Targeted | STIIIZY’s point-of-sale system and customer data |
| Malware Reference | Everest cybercrime gang’s extortion methods (not ransomware-based) |
| Tools Used | Encrypted communication channels, unpatched vulnerabilities, phishing |
| Vulnerabilities Exploited | Weak credentials, unpatched vulnerabilities |
| TTPs | • Extorting victims rather than deploying ransomware. • Targeting multiple industries (healthcare, government, infrastructure). • Using secure communication for obfuscation. |
| Attribution | Everest cybercrime gang |
| Recommendations | • Strengthen point-of-sale system security. • Implement better credential management practices. • Regularly patch systems and educate employees on phishing. |
| Source | The Record |
Read full article: https://therecord.media/marijuana-dispensary-warns-of-data-breach
The above summary has been generated by an AI language model
Stay Updated with Our Newsletter
Related posts:
Krispy Kreme Cyber Attack Disrupted Online Ordering in the US
Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted
UAC-0099 Attack Detection: Cyber-Espionage Activity Against Ukrainian State Agencies Using WinRAR Exploit and LONEPAGE Malware
American private equity firm buys Israeli spyware company Paragon
Leave a Reply