|
IT Security News Blast – 9-22-2021
This is the IT Security News Blast.
In its 13th year, we try to provide a brief situational awareness report for key sectors and events of note. It has always been curated by Mike Hamilton, Critical Insight Co-Founder. Sign up for the blast here:
https://www.criticalinsight.com/resources/daily-news
Days after targeting feed company, DarkMatter targets media marketing company
In a notice to its customers on Tuesday, Idaho-based Marketron offered a workaround and said it was diligently trying to determine the root cause of the issue and get systems back up and running. Marketron works on multimedia advertising campaigns with more than 6,000 media organizations globally and manages $5 billion in annual U.S. advertising revenue, representing some 1 million advertisers.
https://www.scmagazine.com/news/cyberespionage/marketron-becomes-the-second-company-hit-by-blackmatter-ransomware-gang
CISA Must Update Critical Infrastructure Protection Plans
"Apart from the question of crumbling infrastructure, the problem is compounded by a new focus on operational technologies and industrial control systems," says Hamilton, who is now the CISO of security firm Critical Insight. "Because a cyberattack on a dam operation has the potential to cause physical damage and loss of life and the fact that many dams also contribute power to the grid, dams will likely be the poster child for this focus."
https://www.govinfosecurity.com/cisa-must-update-critical-infrastructure-protection-plans-a-17575
Hacking Incidents Lead to 2 Big Eye Care Provider Breaches
Hamilton notes that specialty healthcare organizations - especially smaller entities - are often appealing and vulnerable targets for hackers. [...] Hamilton notes that his firm's analysis of healthcare records breaches for the first half of 2021 indicates that "threat actors are intentionally moving down-market to … clinics and specialty care organizations."
https://www.healthcareinfosecurity.com/hacking-incidents-lead-to-2-big-eye-care-provider-breaches-a-17587
Alaskan health department still struggling to recover after 'nation-state sponsored' cyberattack
News of the breach first emerged in May, but Alaskan officials now say that "nation-state sponsored" hackers exploited a vulnerability in the health department's website to gain further access to department data. The hackers may have accessed Alaskans' Social Security numbers and health and financial information, officials said.
https://www.cnn.com/2021/09/20/politics/alaska-health-cyberattack/index.html
Improper Hard Drive Disposal Leads to Health Data Breach for 100K
Further investigation determined that some personally identifiable information (PII) and protected health information (PHI) of patients was involved. The information at risk includes names, addresses, birth dates, Social Security numbers, medical insurance information, lab results, medical record numbers, and treatment records.
https://healthitsecurity.com/news/improper-hard-drive-disposal-leads-to-health-data-breach-for-100k
Financial Industry Regulators Continue Crack Down on Cybersecurity
Broker-dealer and investment advisory firms are not alone in this focus. For example, the SEC has announced that it plans to issue proposed rules in October to enhance issuer disclosures regarding cybersecurity risk governance. In the wake of the SolarWinds attack, the SEC has also issued a letter formally asking public companies to disclose cyber attacks against them.
https://www.jdsupra.com/legalnews/financial-industry-regulators-continue-1290320/
Multi-party breaches cause 26-times the financial damage of the worst single-party breach: Report
A median multi-party breach causes 10 times the financial damage of a traditional single-party breach. In comparison, the worst of the multi-party breach events causes 26 times the financial damage of the worst single-party breach. It typically takes 379 days for a ripple event to impact 75% of its downstream victims, and the median number of organizations impacted by ripple events across the data set was 4.
https://www.zdnet.com/article/some-multi-party-breaches-cause-26-times-the-financial-damage-of-the-worst-single-party-breach-report/
High levels of remote working have increased companies’ vulnerability to cyberattacks
“In the past, the finance function was focused on financials,” says Tim Wakeford, VP financials product strategy at Workday. “What we are seeing now is growing recognition among CFOs of the impact that security breaches can have on a company’s financials. “There has also been an increase in the risk velocity of cybersecurity breaches. CFOs need to be tuned into the potential impact of these adverse effects.”
https://www.financialdirector.co.uk/2021/09/21/high-levels-of-remote-working-have-increased-companies-vulnerability-to-cyberattacks/
Union Supports Revised Civilian Cyber Reserve Program
The American Federation of Government Employees opposed the original measure over concerns it would demoralize the permanent cybersecurity workforce at U.S. Cyber Command and create conflicts of interest by allowing private-sector workers to serve in short-term stints without public disclosure requirements.
https://www.nextgov.com/cybersecurity/2021/09/union-supports-revised-civilian-cyber-reserve-program/185504/
US to Unveil Sanctions on Use of Cryptocurrency for Ransoms
As early as this week, the Biden administration may unveil plans to curtail the ransomware attacks that have crippled corporate networks this year. According to a report from The Wall Street Journal, the Treasury Department will announce sanctions and similar guidance designed to disrupt the financial infrastructure that has enabled ransomware attacks to date.
https://www.govinfosecurity.com/us-to-unveil-sanctions-on-use-cryptocurrency-for-ransoms-a-17567
Three Former U.S. Intelligence Community and Military Personnel to Pay $1.68M Hacking Fine
U.A.E. CO employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.
https://www.hstoday.us/federal-pages/doj/three-former-u-s-intelligence-community-and-military-personnel-to-pay-1-68m-hacking-fine/
Chinese Hackers Target Indian Agency, Media Company, Report Says
The Unique Identification Authority of India, also known as the UIDAI, contains the private biometric information of more than 1 billion Indian citizens. The authority’s networks were believed to have been breached during intrusions tracked between June and July this year[.]
https://www.bloomberg.com/news/articles/2021-09-21/chinese-hackers-target-indian-agency-media-company-report-says
Russia Accuses U.S. Of Hacking Its Election
It also said that "during the recent elections" the Central Election Commission of Russia had "faced an unprecedented number of cyber attacks" and that "50 percent of them were detected to be conducted precisely from the territory of the United States." "The purpose of these hacks is to discredit our electoral system. We would like to receive detailed explanations of this case from the American side," the statement added.
https://www.newsweek.com/russia-accuses-us-hacking-election-1631100
Mossad Killed Top Iranian Nuclear Scientist Mohsen Fakhrizadeh With a Remote-Controlled Machine Gun
However, firing a machine gun mounted on the bed of a truck, even a parked one, will cause the machine gun to shake after each shot’s recoil, changing the trajectory of subsequent rounds. The 1.6-second delay caused by the satellite uplink to the Mossad command location could also affect the accuracy of the weapon. Therefore, to account for these factors, the robotic system utilized Artificial Intelligence (A.I.).
https://sofrep.com/news/mossad-killed-top-iran-nuclear-scientist-mohsen-fakhrizadeh-with-a-remote-controlled-machine-gun/
Does your sales team want to keep data about your customers forever? Do the recently adopted privacy statutes allow that?
The emerging privacy laws require companies to limit the data they keep to only that which is directly tied to a legitimate business purpose. Companies are also required to disclose publicly the types of information they keep, the reasons why they keep it, and how long it is kept. The more data a company retains without any real chance of benefitting from it, the more complicated the required disclosures become.
https://www.sheehan.com/does-your-sales-team-want-to-keep-data-about-your-customers-forever-do-the-recently-adopted-privacy-statutes-allow-that/
New Cooperative's Ransomware Attack Underscores Threat to Food & Agriculture
"To me, this sounds like a mix of BlackMatter playing dumb, trolling the mandate, and showing that they may continue to target smaller groups that fall within the critical infrastructure sectors," Schless says. "It feels like an athlete committing a foul, then putting their hands up as if they didn't do anything wrong." The justification that New Cooperative didn't operate on a large enough scale to fall within the boundaries of Biden's mandate "just doesn't make sense."
https://www.darkreading.com/attacks-breaches/new-cooperative-ransomware-attack-and-the-threat-to-food-agriculture
Epik Confirms Hack, Gigabytes of Data on Offer
Interestingly, the Anonymous-branded group said that the information that it hacked was “barely salted by a damn thing” and may as well have been kept in plaintext. “Yep, these Russian developers they hired are actually just that bad.” The crew claimed that it was able to obtain account credentials for Epik customers and internal systems, more than 500,000 private keys, Git repositories for Epik internal applications and “a dump of an employee’s mailbox, just because we could.”
https://threatpost.com/epik-confirms-hack-data/174872/
Ransomware victims panicked while FBI secretly held REvil decryption key
The FBI had penetrated the REvil gang’s servers to obtain the key, but after discussing it with other agencies, the bureau decided to wait before sending it to victims for fear of tipping off the criminals, The Washington Post reports. The FBI hadn’t wanted to tip off the REvil gang and had hoped to take down their operations, sources told the Post.
https://arstechnica.com/information-technology/2021/09/ransomware-victims-panicked-while-fbi-secretly-held-revil-decryption-key/
Unpaid Fact-Checkers Are Getting Burnout From Debunking So Many Nazis on TikTok
TikTok is, like every other social media platform, facing a problem with extremism and conspiracy theories. But a report that came out last month from the Institute of Strategic Dialogue suggests that TikTok, now rivalling YouTube for watch time and trouncing platforms like Instagram when it comes to video, is not doing enough to remove troubling content from the platform.
https://www.vice.com/en/article/epn3jj/unpaid-fact-checkers-are-getting-burnout-from-debunking-so-many-nazis-on-tiktok
|
