In January  2024,  the  US Department  of Health  and  Human  Services  received  reports  of 24
             healthcare data breaches, affecting 10,000+ records each. Perry Johnson & Associates, Inc.
             (PJ&A),  a transcription  service provider,  reported  two of the breaches.  In November  2023,  a
             cyberattack  affected  almost  9  million  individuals.  Concentra  Health  Services  and  North
             Kansas City Hospital added to the total of over 13.45 million affected individuals. Source


             In April 2023, Shopify suffered a data breach that affected over 100,000 merchants who used
             their online  store services.  The breach occurred  due  to a malicious  code  injection in a third-
             party app called Mailchimp. Attackers accessed customers' names, email addresses, payment
             information,  and order details. Shopify faced lawsuits, regulatory scrutiny, and potential fines.
             Source


             In Jan. 2023, Peloton announced that Strava's third-party software caused a security flaw that
             exposed personal and health data of 3 million users. Names, emails, workout stats, and heart
             rate data were compromised. Peloton faced legal action and reputational  damage as a result.
             Source


             In 2021, T-Mobile disclosed a data breach that compromised the personal information of over
             50 million customers. The breach was due to a compromised  server rented from a third-party
             cloud provider, resulting in lawsuits, regulatory scrutiny, and potential fines. Source


             In 2021, a ransomware  attack on Colonial Pipeline caused operational  disruption for several
             days. The cybercriminals exploited a leaked password from a third-party vendor, leading to gas
             shortages  and  price  increases  in  the  US.  Despite  paying  $4.4  million  as  ransom,  Colonial
             Pipeline suffered significant losses from the attack and recovery efforts. Source







            It is  common  for companies  to  do CTI  analysis  to protect  themselves.  Some  companies  use  internal
            resources, and others use external resources to determine the supplier’s cybersecurity posture, including
            a perimeter scan of the supplier’s network, scans of low-end cybercrime data (TOR), and a review of the
            company’s  source  code.  CTI can enhance  this  vetting by  focusing  on threats  based on access  to the
            Surface Web, Dark Web (TOR) / Deep Web, and Vetted / invite-only cybercrime communities. This
            allows for the following questions to be answered with high confidence:

            Is the supplier breached, and if so, by whom? What is their motivation? What data has been leaked?

            Are there precursors of a breach that a threat actor could use to breach the supplier if they elected to do
            so?






            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          178
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.