Yellow Pages Canada Confirms Cyber Attack as Black Basta Leaks Data
Summary:
Yellow Pages recently disclosed that it was the target of a cyber attack, resulting in the sensitive data of its customers and employees being accessed. Founded in 1908, Yellow Pages is a Canadian director publisher which currently owns and operates the YP.ca and YellowPages.ca websites, along with Canada411 online service. Following the disclosure, Black Basta ransomware actors claimed responsibility for the attack, posting samples of the allegedly stolen documents and data on their data leak site. This data includes:
ID documents (such as scans of passports and driver licenses) exposing people's date of birth and address
Tax documents—exposing Social Insurance Number (SIN)
Sales and purchase agreements
'Accounts Receivable' spreadsheet dated February, 28 2023
Budget and debt forecast dated December 2022
It is unclear how much ransom was demanded by the actors. Yellow Pages stated that it is currently working cyber security experts to conduct an internal investigation and determine the full scope of the attack.
Analyst comments:
The company says it has already notified impacted individuals and privacy regulatory authorities. Given that sensitive data was allegedly accessed, cybercriminals will more than likely use this information to conduct identity theft, social engineering, and targeted phishing emails. As such Yellow Pages customers should closely monitor their financials and be on the looking out for malicious emails sent from unknown senders.
Mitigation:
Backup your data, system images, and configurations, regularly test them, and keep the backups offline: Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.
Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware in a timely manner. Consider using a centralized patch management system; use a risk- based assessment strategy to drive your patch management program.
Test your incident response plan: There's nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?
Check Your Security Team's Work: Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.
Segment your networks: There's been a recent shift in ransomware attacks – from stealing data to disrupting operations. It's critically important that your corporate business functions and manufacturing/production operations are separated and that you carefully filter and limit internet access to operational networks, identify links between these networks and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised. Regularly test contingency plans such as manual controls so that safety critical functions can be maintained during a cyber incident.
Train employees: Email remains the most vulnerable attack vector for organizations. Users should be trained how to avoid and spot phishing emails. Multi Factor authentication can help prevent malicious access to sensitive services.
Source:
https://www.bleepingcomputer.com/