Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • After the SolarWinds hack, we need contact tracing for our data

    • While the attack on SolarWinds software is arguably the most significant state-sponsored hack we’ve seen in years, it’s more than an isolated incident. It is emblematic of a constant reality of the digital era: We’re all likely to get hacked at some point. Our ability to respond determines our ability to operate. Digital security is now a broad governance imperative.
    • It takes a company 207 days to identify that a breach has occurred, and another 73 days to contain it.
    • A victim’s fundamental questions are, “Who has accessed our data? Which data, when, and why?” In other words, the ability to trace all contact with sensitive data is vital.
    • Applied to digital systems, contact tracing could become a powerful security technique.
    • The idea is for organizations to be able to share details of how they were attacked and what was targeted—the who, what, and when—as quickly as possible with other organizations. 
    • This concept could help organizations identify breaches sooner and remediate faster and more effectively. Through sharing, attack techniques could be more thoroughly understood, and with the right reporting mechanism, the resulting threat intelligence could be shared to help more organizations avoid a breach in the first place.
    • Data contact tracing could dramatically shrink the “dwell time”—the period between detection of an attack or compromised system and notification to the world.
    • The technology exists to contact-trace our data and to automate the real-time extraction of insights.
    - Doug Merritt | February 18, 2021
    hak-iq.us20.list-manage.comFebruary 18, 2021

  • Data Breaches: ShinyHunters' Dominance Continues

    • The ShinyHunters cybercrime operation runs a data exfiltration and sales business that appears to be off to a roaring start again this year, following on the heels of its data breach spree last year.
    • Many of last year's biggest hits apparently trace back to one gang: ShinyHunters.
    • After nearly 50 data breaches in 2020, so far this year, the gang has already been blamed for data breaches at e-commerce site Bonobo and dating site MeetMindful.
    • Last month, ShinyHunters posted stolen Bonobo data to cybercrime forum RaidForums, including account information for nearly 2 million registered users.
    • In January, for example, a RaidForums user called "Spiral" posted what they said was the set of data exposed in the September 2020 breach of Australian PDF-creation service Nitro, which the user said had been "dumped by ShinyHunters."
    • "ShinyHunters has made a number of posts about being frustrated that people were reselling their data, so they release it for free or dirt cheap," said Zack Allen, director of threat intelligence at ZeroFOX.
    - Mathew Schwartz | February 18, 2021
    hak-iq.us20.list-manage.comFebruary 18, 2021

  • California DMV hit by data breach, exposing millions of drivers' personal information to hackers

    • The California Department of Motor Vehicles is alerting drivers of a security breach that potentially leaked millions of drivers' registration records.
    • "Approximately 38 million records have potentially been compromised," said Anita Gore, a spokeswoman for the DMV.
    • Since many drivers own multiple vehicles, the number of people possibly affected is less than the number of records compromised.
    • A billing contractor, the Seattle-based Automatic Funds Transfer Services, was hit by a ransomware attack in early February. The DMV has worked with the organization since mid-2019 "to correct and verify vehicle registration addresses," according to the department.
    • The agency has since stopped sharing data with the contractor and is investigating whether the hackers involved have used any information obtained in the attack.
    - Joshua Bote | February 18, 2021
    hak-iq.us20.list-manage.comFebruary 18, 2021

  • Manchester Schools' Internet Disruptions Caused By Outside Attack

    • Internet issues within the Manchester Township Schools that forced the district to shut down in-person classes and have teachers teach from home have been determined to be an attack on the schools' internet by outside groups.
    • The traffic was intercepted by the district's firewall, so no personal information was compromised.
    • The district's system was hit multiple times and caused the district's network to shut down.
    • To resolve the issue the district had to subscribe to an outside service to stop it from happening.
    - Karen Wall | February 17, 2021
    hak-iq.us20.list-manage.comFebruary 17, 2021

  • Jones Day is hit by vendor data breach; hackers post files they claim were stolen from the law firm

    • A hacking group has posted files that it claims to be from Jones Day after the law firm was hit by a data breach at one of its vendors.
    • Jones Day is the second law firm to acknowledge that it was affected by the hack of a file transfer vendor, Accellion.
    • Former President Donald Trump is among Jones Day’s clients.
    • A website linked to a hacker known as Clop has posted some documents said to be from Jones Day.
    • Jones Day denied that its own network had been hacked and said the vendor hack was not a ransomware attack.
    - Debra Cassens Weiss | February 17, 2021
    hak-iq.us20.list-manage.comFebruary 17, 2021

  • Chatham County recovers from cyber attack

    • On Oct. 28, the Chatham County Management and Information System was attacked by DoppelPaymer, a ransomware linked to several high-profile cyber attacks last year. The operators of the ransomware typically threaten to block access to data or leak the information publicly in exchange for money.
    • That threat became a reality Feb. 8 when the personal information of county employees and others was published by the operators of the ransomware.
    • The county is continuing its efforts to rebuild its computer system, a news release stated. As a result of the October attack, the county lost access to its internet, computers and office phones.
    • In the immediate aftermath, staff borrowed laptops from other counties and towns to keep the local government operating.
    • As part of the recovery efforts, Chatham County is beefing up its security. Staff are evaluating and implementing additional security measures and emphasizing employee training, the release stated. The county also updated its software.
    - Jasmine Gallup | February 16, 2021
    hak-iq.us20.list-manage.comFebruary 16, 2021

  • North Korea accused of Pfizer Covid vaccine cyber attack

    • An apparent cyber attack on pharmaceutical company Pfizer was probably an attempt to steal Covid-19 vaccine information by North Korean state-backed actors, according to South Korea’s intelligence service.
    • North Korea has reported no cases of Covid-19, although its borders remain closed in a national quarantine effort and, given the nature of the North Korean regime, it is highly improbable that Covid-19 is not present there.
    • The country is set to receive two million doses of the AstraZeneca/Oxford University vaccine later this year, via the Covax programme.
    • If South Korea’s intelligence is accurate, the attack on Pfizer is the latest in a string of cyber attacks by North Korea against organisations involved in the research and development of Covid-19 vaccines.
    • “We have to remember that North Korea is not a normal country. No other country in recent history has resorted to printing fake US dollars. No other country deploys ransomware to blackmail bitcoins from their victims. No other country hacks international banking networks in order to steal money. In that line of thinking, it wouldn’t be surprising for them to try to hack vaccine data either.” - F-Secure chief research officer Mikko Hypponen
    - Alex Scroxton | February 16, 2021
    hak-iq.us20.list-manage.comFebruary 16, 2021

  • Hoffman data breach exposes security challenges

    • The challenges dealing with protecting data have been highlighted in a breach involving Hoffman, one of the the largest general contractors headquartered in the Pacific Northwest. 
    • On December 16, Hoffman "discovered" that an unauthorized individual may have accessed information relating to its self-insured health plan between July 31-August 4, 2020. The breach covered employee names, addresses, dates of birth, Social Security numbers, and benefits information. 
    • The information was released publicly on February 12, 2021.
    • Hoffman has no indication that any information was actually viewed by the unauthorized person, or that it has been misused.
    • However, out of caution, Hoffman recommends that its current and former employees, and their beneficiaries and dependents, review any statements that they receive from their healthcare providers or health insurer.
    - Dominic Ellis | February 15, 2021
    hak-iq.us20.list-manage.comFebruary 15, 2021

  • Washington auditor’s office warned agencies of data-breach risks. Then it got hacked

    • On Christmas Eve last year, Washington State Auditor Pat McCarthy’s office issued a dire warning that state agency computer systems and data make “attractive targets for cyberattacks.”
    • The next day, Christmas, unknown actors compromised the auditor’s own computer files, exposing a vast trove of private information in what may be the largest-ever cyberbreach for a Washington state agency.
    • The data included driver’s license, Social Security and bank account numbers of more than 1.4 million unemployment claimants. It also included audit data involving 25 state agencies and 100 local governments, including the city of Seattle, as well as adoption files of 30 children and their families.
    • The auditor relied on two-decade-old technology to store and transmit sensitive data — and some questioned whether the auditor needed to amass so much detailed personal information in the first place.
    • “Given the nature of the data and the risk of harm, certainly there should have been heightened security and heightened care given to this type of data transfer,” said Emory Roane, policy counsel for the California-based nonprofit Privacy Rights Clearinghouse.
    • In revealing the breach, McCarthy (Auditor) repeatedly pointed blame at Accellion, the California tech firm whose aging digital file-sharing service, known as FTA, the auditor’s office had relied on for more than a decade.
    • Accellion said it had been encouraging customers to upgrade to its newer, more secure software.
    • The nearly 20-year-old product was still in use by “hundreds of organizations in the finance, government and insurance sectors,” making it “a juicy target” for cybercriminals.
    - Jim Brunner and Paul Roberts | February 15, 2021
    hak-iq.us20.list-manage.comFebruary 15, 2021

  • ASD says cyber attack intervention will be 'rare' under critical infrastructure Bill

    • As described in the current form of the Security Legislation Amendment (Critical Infrastructure) Bill 2020, government assistance will be provided to entities in response to significant cyber attacks on Australian systems. Tech giants operating in Australia, such as Amazon Web Services, Cisco, Microsoft, and Salesforce, have all taken issue with these "last resort" powers.
    • ASD may be requested by the Secretary of the Department of Home Affairs to assist in responding to a serious cybersecurity incident. The Minister for Home Affairs must consult with the asset owner or operator before authorising the Secretary to request ASD assistance, and the measures authorised must be "proportionate and technically feasible".
    • Before stepping in, the government must be satisfied that a cybersecurity incident has occurred, is occurring, or is imminent; that the incident is having a relevant adverse impact on the functioning of a critical infrastructure asset; the incident is posing a material risk to the social or economic stability of Australia, its people, national defence, or national security; the relevant entity or entities are unwilling or unable to take all reasonable steps to respond to the incident; and no other options for a practical and effective response exist.
    • The tech community is concerned such governmental intervention would undermine the objectives of defence and recovery. Microsoft, for example, believes this would result in "The Fog of War", further complicating any attempt to mitigate cyber attack response.
    • Under the proposal, once a responsible entity becomes aware of a cybersecurity incident, it must be reported within 12 hours if the incident is having a significant impact on the availability of the asset; or 72 hours if the incident is having an impact on the availability, integrity, or reliability of the asset or on the confidentiality of information about, or held by, the asset.
    - Asha Barbaschow | February 15, 2021
    hak-iq.us20.list-manage.comFebruary 15, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence