My news choice this week focuses on the breach that affected 2.5 million student loan borrowers. EdFinancial and the Oklahoma Student Loan Authority (OSLA) will be notifying 2.5 million student borrowers that their information has been breached. However, it is fascinating because i have a loan originating from ED Financial and i am hoping that my information is not one of the breached information because hackers can actually leverage this breach to impersonate, use information as part of social engineering gimmicks. A good question to ask is that although, they stated that the malicious activity was blocked is it that the information security with regards to safeguarding this information is weak or was this breach perpetuated by an insider. Why can’t organization have a robust means of protecting customer information or they just don’t have enough systems in place.
In summary, the article states that the LA Unified School District had a cyber-attack. The attack caused disruption to email, computer systems and application, teachers lesson plans and student attendance. The attack was detected because there was unusual activity. The district stated that the breach was external and a ransomware attack.
The article also explains why data held in schools makes them a cyber target and states “Education institutions often hold confidential records and thus are more likely to comply with ransom demands”. Additionally, the article goes on and states that educational institutes tend to make high ransom payments , which makes them a top target.
The statistic is also provided that “A staggering 9% of higher education schools take over three months to recover from ransomware attacks, more than double the average time for other sectors”.
The article I have chosen to highlight this week speaks to the Ransomware group Vice Society. Vice Society has been targeting critical infrastructure such as healthcare, government, and education sectors. Of its last 10 attacks more than half of them were healthcare and education sectors. These sectors are typically looked at as “off-limits” due to the humanity elements encapsulated in them. It’s not like trying to bring down a corporate tycoon who is merely just profiting off of generic sales of merchandise. Instead, children and those who are sick/dying are put in harms way. It can be viewed the same way with war. While war in of itself is gruesome and unforgiving, there are “rules”. You don’t attack civilians when/where possible. You treat Prisoners of War humanely, etc. The same thought process applies to most ransomware groups. They also utilize third-party ransomware instead of crafting their own. They most recently leveraged Window’s zero day vulnerability “PrintNightmare”. This vulnerability was across all windows OS’s. This was such a large and critical vulnerability that Microsoft even went back to legacy OS’s and implemented patches. The vulnerability leveraged the print spooler to either execute remote code or gain privilege escalation.
The major airline technology provider Accelya was a victim of a ransomware attack. The company provides passenger, cargo, and industry analytics platforms for airline retailing to some of the largest airlines in the work like Delta, British Airways, JetBlue, United, Virgin Atlantic, and American Airlines. The AlphV/Black Cat ransomware group is responsible for the attack publishing confidential company data such as emails and worker contracts. A representative of Accelya told reporters that the ransomware had been located, quarantined, and there is “no evidence to indicate that the malware could have moved laterally from our systems to our customers’ environments”. The airline industry has seen an uptick in serious cyber-attacks this year, in May Spicejet Airlines and a Canadian Fighter Jet supplier both fell victim to expense ransomware attacks.
This week’s case study opened my eyes to the impact one successful malware attack can have; I was in shock that 10% of all the credit/debit cards in the United States were affected by this breach. Doing some supplementing research about other large retail attacks I came across this article. Accelya is a major vendor in the airline industry, compromising their system could potentially give the attackers access to many other large airlines. Like the case study, the attackers targeted a vendor to create a backdoor into a larger company’s network. Luckily, Accelya was able to locate and quarantine the malware but if they had ignored the intrusion, like Target, the malware could have spread to their customer’s systems. This article for me is a great example of risk management, Accelya couldn’t prevent the attack from happening but once they detected it, they did everything in their power to limit the damage.
This article speaks about a zero-day security flaw that has been found to be actively exploited in the wild in the Chrome browser. According to the, “This zero-day flaw occurs dues to insufficient data validation in Mojo resulting in a high severity vulnerability.” What is concerning is that, this is the 6th zero-day vulnerability found just in 2022 affecting google chrome.
This article documents how the LA school district network came under attack from the Vice Society Ransomware group after some ransomware was detected in the network. Students remained in person but their emailing system has lost access and it is not clear right now whether or not student records, personal information, or grades were accessed by the hackers. It is also not clear if only certain parts of the network were compromised as the school district contains over 400,000 students and that could lead to a very big vulnerability. On top of that, this past year 56 percent of lower education and 64 percent of higher education organizations were attacked by some form of ransomware this past year which this article details as a considerable bump up from the previous year.
In this Krebs on Security article, Brian Krebs reports on a particularity bad response by a bank to the news of a breach becoming public. I thought this article was particularly appropriate since we were looking at the Target breach. Like Target’s initial response, Banorte, and their cyber response firm Group-IB, tried to suppress the news of the breach.
Group-IB tried to bully the administrator of cybercrime forum Breached into removing posts that referenced the stolen credentials from Banorte by claiming they were fake and sending DCMA takedown requests. The response from admin Pompompurin, was not what they hoped. Instead of removing the post, Popompurian instead purchased and posted the data.
The result of this poorly executed threat was a perfect example of how not to handle breach response. The attempt to sweep it under the rug and threatening a hacker forum admin resulted in the data being made more public and available.
This article discusses the release of iOS 16 on apple mobile devices and the addition of Lockdown and Security Check. Lockdown Mode is a security feature only meant for high-risk individuals such as human rights defenders, journalists, and dissidents, from target attacks with spyware. Lockdown mode hardens device defenses and strictly limits functionalities, resulting in a much smaller attack surface for exploitation. Once the mode is toggled, additional message, browsing, and connectivity protection blocks commercial spyware used by government-backed attackers. Usually these kinds of exploits utalize zero-clicks exploits targeting web browsers or messaging apps. Lockdown Mode blocks vulnerable features as well as message attachment types other than images, just-in-time JavaScript compilation, uncalled for invitations or service requests, configuration profile installation, and MDM joining.
In addition, Safety Check is a privacy tool that defends its user base whose personal safety is in immediate danger from domestic or intimate partner violence. This works by immediately removing all access previously granted to apps and other people, changing who can access sensitive information, and helping to review account security.
Both of these new features are designed to help Apple’s efforts in defending their customers from spyware attacks and boosting the operating system’s privacy protection capabilities. On top of this, Apple has now added a new category to their security bounty program to those who find Lockdown Mode bypasses with a reward up to two million dollars.
This article discusses the breach recently disclosed by U-haul that took place from November 5th, 2021, through April 5th, 2022. The investigation began in July of 2022 and was just disclosed to customers via a letter on September 7th. The data breach included customer’s names and driver’s license information also known as PII. U-haul notes that no credit card information was compromised. The hacker obtained access to a customer contract search tool by compromising password information. Once discovered, U-Haul changed both passwords. The company did not disclose how the passwords were compromised. U-haul provided free identity theft monitoring services to the impacted customers through Equifax.
My news choice this week focuses on the breach that affected 2.5 million student loan borrowers. EdFinancial and the Oklahoma Student Loan Authority (OSLA) will be notifying 2.5 million student borrowers that their information has been breached. However, it is fascinating because i have a loan originating from ED Financial and i am hoping that my information is not one of the breached information because hackers can actually leverage this breach to impersonate, use information as part of social engineering gimmicks. A good question to ask is that although, they stated that the malicious activity was blocked is it that the information security with regards to safeguarding this information is weak or was this breach perpetuated by an insider. Why can’t organization have a robust means of protecting customer information or they just don’t have enough systems in place.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
https://cybernews.com/news/ransomware-attack-cripples-los-angeles-unified-school-district/
In summary, the article states that the LA Unified School District had a cyber-attack. The attack caused disruption to email, computer systems and application, teachers lesson plans and student attendance. The attack was detected because there was unusual activity. The district stated that the breach was external and a ransomware attack.
The article also explains why data held in schools makes them a cyber target and states “Education institutions often hold confidential records and thus are more likely to comply with ransom demands”. Additionally, the article goes on and states that educational institutes tend to make high ransom payments , which makes them a top target.
The statistic is also provided that “A staggering 9% of higher education schools take over three months to recover from ransomware attacks, more than double the average time for other sectors”.
https://www.fortiguard.com/threat-signal-report/4730/joint-cybersecurity-advisory-on-vice-society-aa22-249a – Joint CyberSecurity Advisory on Vice Society (AA22-249A)
The article I have chosen to highlight this week speaks to the Ransomware group Vice Society. Vice Society has been targeting critical infrastructure such as healthcare, government, and education sectors. Of its last 10 attacks more than half of them were healthcare and education sectors. These sectors are typically looked at as “off-limits” due to the humanity elements encapsulated in them. It’s not like trying to bring down a corporate tycoon who is merely just profiting off of generic sales of merchandise. Instead, children and those who are sick/dying are put in harms way. It can be viewed the same way with war. While war in of itself is gruesome and unforgiving, there are “rules”. You don’t attack civilians when/where possible. You treat Prisoners of War humanely, etc. The same thought process applies to most ransomware groups. They also utilize third-party ransomware instead of crafting their own. They most recently leveraged Window’s zero day vulnerability “PrintNightmare”. This vulnerability was across all windows OS’s. This was such a large and critical vulnerability that Microsoft even went back to legacy OS’s and implemented patches. The vulnerability leveraged the print spooler to either execute remote code or gain privilege escalation.
The major airline technology provider Accelya was a victim of a ransomware attack. The company provides passenger, cargo, and industry analytics platforms for airline retailing to some of the largest airlines in the work like Delta, British Airways, JetBlue, United, Virgin Atlantic, and American Airlines. The AlphV/Black Cat ransomware group is responsible for the attack publishing confidential company data such as emails and worker contracts. A representative of Accelya told reporters that the ransomware had been located, quarantined, and there is “no evidence to indicate that the malware could have moved laterally from our systems to our customers’ environments”. The airline industry has seen an uptick in serious cyber-attacks this year, in May Spicejet Airlines and a Canadian Fighter Jet supplier both fell victim to expense ransomware attacks.
This week’s case study opened my eyes to the impact one successful malware attack can have; I was in shock that 10% of all the credit/debit cards in the United States were affected by this breach. Doing some supplementing research about other large retail attacks I came across this article. Accelya is a major vendor in the airline industry, compromising their system could potentially give the attackers access to many other large airlines. Like the case study, the attackers targeted a vendor to create a backdoor into a larger company’s network. Luckily, Accelya was able to locate and quarantine the malware but if they had ignored the intrusion, like Target, the malware could have spread to their customer’s systems. This article for me is a great example of risk management, Accelya couldn’t prevent the attack from happening but once they detected it, they did everything in their power to limit the damage.
https://therecord.media/major-airline-technology-provider-accelya-attacked-by-ransomware-group/
This article speaks about a zero-day security flaw that has been found to be actively exploited in the wild in the Chrome browser. According to the, “This zero-day flaw occurs dues to insufficient data validation in Mojo resulting in a high severity vulnerability.” What is concerning is that, this is the 6th zero-day vulnerability found just in 2022 affecting google chrome.
https://cybersecuritynews.com/chrome-zero-day-flaw-actively-exploited-in-the-wild/
This article documents how the LA school district network came under attack from the Vice Society Ransomware group after some ransomware was detected in the network. Students remained in person but their emailing system has lost access and it is not clear right now whether or not student records, personal information, or grades were accessed by the hackers. It is also not clear if only certain parts of the network were compromised as the school district contains over 400,000 students and that could lead to a very big vulnerability. On top of that, this past year 56 percent of lower education and 64 percent of higher education organizations were attacked by some form of ransomware this past year which this article details as a considerable bump up from the previous year.
https://www.wired.com/story/la-school-district-ransomware-albania-iran-security-roundup/
https://krebsonsecurity.com/2022/08/when-efforts-to-contain-a-data-breach-backfire/
In this Krebs on Security article, Brian Krebs reports on a particularity bad response by a bank to the news of a breach becoming public. I thought this article was particularly appropriate since we were looking at the Target breach. Like Target’s initial response, Banorte, and their cyber response firm Group-IB, tried to suppress the news of the breach.
Group-IB tried to bully the administrator of cybercrime forum Breached into removing posts that referenced the stolen credentials from Banorte by claiming they were fake and sending DCMA takedown requests. The response from admin Pompompurin, was not what they hoped. Instead of removing the post, Popompurian instead purchased and posted the data.
The result of this poorly executed threat was a perfect example of how not to handle breach response. The attempt to sweep it under the rug and threatening a hacker forum admin resulted in the data being made more public and available.
https://www.bleepingcomputer.com/news/apple/apple-released-ios-16-with-lockdown-safety-check-security-features/
This article discusses the release of iOS 16 on apple mobile devices and the addition of Lockdown and Security Check. Lockdown Mode is a security feature only meant for high-risk individuals such as human rights defenders, journalists, and dissidents, from target attacks with spyware. Lockdown mode hardens device defenses and strictly limits functionalities, resulting in a much smaller attack surface for exploitation. Once the mode is toggled, additional message, browsing, and connectivity protection blocks commercial spyware used by government-backed attackers. Usually these kinds of exploits utalize zero-clicks exploits targeting web browsers or messaging apps. Lockdown Mode blocks vulnerable features as well as message attachment types other than images, just-in-time JavaScript compilation, uncalled for invitations or service requests, configuration profile installation, and MDM joining.
In addition, Safety Check is a privacy tool that defends its user base whose personal safety is in immediate danger from domestic or intimate partner violence. This works by immediately removing all access previously granted to apps and other people, changing who can access sensitive information, and helping to review account security.
Both of these new features are designed to help Apple’s efforts in defending their customers from spyware attacks and boosting the operating system’s privacy protection capabilities. On top of this, Apple has now added a new category to their security bounty program to those who find Lockdown Mode bypasses with a reward up to two million dollars.
https://www.bleepingcomputer.com/news/security/u-haul-discloses-data-breach-exposing-customer-driver-licenses/
This article discusses the breach recently disclosed by U-haul that took place from November 5th, 2021, through April 5th, 2022. The investigation began in July of 2022 and was just disclosed to customers via a letter on September 7th. The data breach included customer’s names and driver’s license information also known as PII. U-haul notes that no credit card information was compromised. The hacker obtained access to a customer contract search tool by compromising password information. Once discovered, U-Haul changed both passwords. The company did not disclose how the passwords were compromised. U-haul provided free identity theft monitoring services to the impacted customers through Equifax.