2022 Week 22 Security review

-


Summary

Hopefully, these will be a bit more regular now that the semester is over.  
We are seeing attacks against all infrastructure areas increasing.  This week's report has school breaches, SLTT breaches, SCADA news, and several healthcare attacks.

News

SLTT

Texas Department of Transportation had a data breach that impacted over 7,000 records.  This included employee information with PII including Social Security Numbers (SSN).  

The Texas Department of Insurance (TDI) announced that 1.9 million people in the state who filed claims for compensation had their information publically available from March 2019 to January 2022. 

K-12 schools in Fort Sumner New Mexico and Washington Ohio were attacked by CIOp ransomware group.  This group is an Eastern European threat actor.  In general cyber attacks against schools have been VERY high.

Chicago Public Schools announced a data breach that involved PII of about 500,000 students and 56,000 employees.  The breach occurred as part of a larger ransomware attack on a 3rd party supplier Battelle for Kids.

 

IBM is expanding its free cybersecurity services for k-12 schools.  Last year there were 6 schools that received the free services, and that has been increased to 10 schools this year.  


Somerset County New Jersey had a ransomware attack that affected several county functions including email.  The county said they had active their Emergency Operations Center and were working off their Continuity of Operations of Government Plan.  

Data from a Linn County, Oregon data breach was released this week.  County officials decided not to pay the ransom as they felt they had sufficient backups and the data was not sensitive in nature.  They indicated that they were able to recover from backups by the end of the week at the time of the attack.  After working with consultants who contacted the Conti threat actors, it was decided that any data would be considered open records under Oregon law, so there was no harm in its release.
I think it is important to note here, that this seems to signal that Conti has been reorganized and is "back in business" after the actions of the last 2 years caused many to go underground.  



General SCADA/ICS

Cisco Talos announced that they have found 8 vulnerabilities in the Open Automation Software version 16.00.0112.  This software is used to transfer data between devices and applications in a SCADA system.  They are listed as:

DarkReading has a really good summary of the cyber challenges we have with the growth of Industry 4.0.  This is one of the areas of research I have written some papers about and it is good to see there is some exposure outside academia.  We as a society are going to have to embrace security as we build smarter more automated production or all the gains can become a HUGE Trojan Horse.


Healthcare

The United States Senate Health, Education, Labor, and Pensions Committee held a hearing on how the federal government can assist health and education sectors with their cyber security posture.  This comes as attacks against Health and Education have taken a raise over the last couple of years.

Almost 200,000 patients have been notified of a breach from Regional Eye Associates which is in West Virginia.  It appears to be tied to several other provider notices due to a ransomware attack on a cloud-based electronic medical record vendor.

Greenland health services are severely limited due to a cyberattack.  There is some belief that this might be tied to a previous attack in April.  

The UK's central cyber center the National Cyber Security Centre (NCSC) released a report that indicated vaccine-related Phishing is a big attack vector.  This makes sense given the importance of vaccines right now.


Aerospace

SpiceJet, India's 2nd largest air carrier, announced it was the victim of an attack, but was able to successfully defend its servers prior to full take-over.  Customers saw flight delays and were not able to book online for several hours 

Legislative actions 

The U.S. House and Senate have both passed a bill that seeks to help the federal and SLTT governments work together to combat cybercrime by directing the Cybersecurity and Infrastructure Security Agency (CISA) to develop a strategy to set baseline objectives for SLTT cyber efforts.  It also establishes a $500 million cost-sharing grant to increase cyber funding to SLTT's.

Bill:



Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more