2023 Week 48

-

 

Summary

This week's news focused on the legal and water sectors.  On the water side we saw two high profile attracts in the US but it is still unclear if they are related.

News

SLTT

The Kansas Judicial Branch has confirmed that hackers stole sensitive files in a breach last month.  The October attack impacted the availability of several systems at the time.  These systems included the eFiling system, electronic payment systems, and case management systems.  
It appears that, like other attacks recently, the threat actors stole data prior to the ransomware phase of the attacks.  Neither Kansas nor the threat actors have identified who is responsible.

The New York City Bar Association has disclosed in filings to the states of Main and Vermont that an investigation completed in October confirmed that hackers gained access to internal files last December.  This corroborates the Clop ransomware gang claim in January.  In that announcement, they threatened to leak 1.8 TB of data.  The Bar Association is providing victims with 12 months of free credit monitoring, identity theft protection services, and up to 1 million dollars of insurance.  This was a rare attack by Clop who in this case took the step of encrypting the data and stealing it, as is their normal mode of operation.

Water

A group calling themselves CyberAv3ngers has claimed attacks on several water systems worldwide that are using the Unitronics SCADA software.  This now includes the municipal water system of Aliquippa, Pa.  They detected the attack in one of their pumping stations and were able to take that station offline.

The North Texas Municipal Water District has announced it was the target of a ransomware attack.  The district has said that no disruption of services has occurred.  The ransomware group Daixin Team has claimed responsibility for the attack.  They state that they have obtained PII to include Social Security numbers.  They are threatening to release the 33,844 records if they do not get a payment.  This follows a trend of late to start the attack by exfiltrating the data and holding it hostage.  The district says it is working with law enforcement and a forensic specialist.  

Healthcare

Ardent Health Services has fallen victim to a ransomware attack that has taken its entire network offline.  This is affecting hospitals in 6 states to include emergency services.  Ardent is working with law enforcement and is working with 3rd party experts.  

Healthcare product and services provider, Henry Schein, reported being a victim of a second cyber attack this month.  In both cases, it appears to be the BlackCat/ALPHV ransomware gange. The group encrypted systems for the 3rd time since October.  In the second situation, the group performed the action after negotiations faltered from the first encryption.

Portneuf Medical Center in Portneuf Idaho is investigating a possible security breach.  As a precaution, the emergency room is currently on divert, but other hospital operations are continuing.  At the time of this writing, their website says that the ER is back open.  

Capital Health, which operates several hospitals in New Jersey and Pennsylvania, is dealing with a cyber attack.  They report they are still serving patients including Emergency Room visits.  They are working with authorities, law enforcement, and 3rd parties to investigate the situation.  


Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more