Cybersecurity news provided by NetworkTigers on Monday, 8 March 2021.
SAN MATEO, CA — Chinese hack of Microsoft Exchange Server, Virginia adopts consumer data protection law, Microsoft releases script that scans for evidence of compromised data, SITA (IT operations provide for airlines) data hacked, Russian cybercriminals forums hacked, ransomware gang attacks Qualys, lawmakers consider new data breach notification law, social media platform Gab hacked, Florida-based rail operating company CSX hacked, Microsoft determines attack carried out by hacking group Hafnium, data breach on vulnerable Accellion software, FBI investigates cyberattack against the city of Kingman, Arizona.
Chinese hack of Microsoft Exchange Server felt in North Dakota
Illustrating the tremendous reach of Hafnium’s attack on Microsoft Exchange Server, the North Dakota Department of Information Technology has stated that it believes the Chinese hacking group had access to and control of public email servers associated with the state’s cities, schools, and counties. While the effect of the hack on Microsoft’s product is still being investigated and understood, networks all over the nation have potentially had data exposed and fallen victim. The research is ongoing as IT departments update their programs in order to mitigate damage and end the vulnerability. Read more.
Virginia to become second US state to adopt consumer data protection law
With the signing of the Consumer Data Protection Act, Governor Ralph Northam has made Virginia the second state after California to adopt a law to protect consumer data on the internet. Taking effect in 2023, the law allows individuals to both prevent websites from collecting their personal data as well as view and delete information said websites are currently storing. The law also restricts companies from obtaining data pertaining to race, sexual orientation, religion, and more without permission from the user. While critics feel that the law may be too lenient towards the companies tasked with data protection, the bill is one of a growing number of state-led advancements towards cybersecurity laws in the absence of federal action. Read more.
Microsoft releases tool to scan for Exchange compromise
In the wake of a Chinese hacker led attack on Microsoft Exchange Server, the software giant has released a script that scans log files for evidence of any compromised data. CISA is recommending that all users of Exchange Server run the script due to the critical nature of the potentially exposed information. The vulnerabilities affect Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019. Microsoft is also urging all users of Exchange Server to perform an update. Read More.
Attack on SITA exposes data of multiple airlines
SITA, an IT operations provider for 90% of the world’s airlines, has disclosed that its servers have been hacked, exposing the data of hundreds of thousands of individuals across a number of carriers. While a statement reads that login data and other more sensitive information was not accessed in the leak, airlines have been communicating to customers to change their passwords out of caution. This news follows an earlier statement this week from Malaysia Airlines regarding a similar breach of their customer data. Read more.
Forums favored by Russian cybercriminals hacked
Four of the most popular forums favored by Russian cybercriminals have been hacked over the past three weeks, leaving some members to speculate that the attacks have been carried out by government entities in an effort to seed mistrust in the community. The hacking of the Mazacraft forum in particular has resulted in the leaking of a 35 page document containing usernames, passwords, and contact information associated with users. Hacks of other forums have exposed private messages and cryptocurrency information. Participants are concerned that the data from separate forums could be used to identify users and subject them to criminal charges. Read more.
Cybersecurity company suffers data leak
Having been affected by the recent security incident involving Accellion, cybersecurity company Qualys has sustained a data breach. A ransomware gang has shared screenshots of compromised information online to provide proof that the company has been hacked. Qualys has stated that only a limited number of customers have been affected and it has reached out to those who have had their data exposed. The material stolen contains purchase documents, tax information, and scan reports. Read more.
SolarWinds hack prompts bipartisan willingness to consider new breach notification law
The dissection of the Russian hack carried out on SolarWinds continues as its effects on both data security and the political manner in which to address it continue to play out. Lawmakers on both sides of the aisle have signaled a willingness to consider new rules that would require companies and agencies to notify the U.S. government if an attack takes place. Currently, the lack of such a requirement combined with contractual difficulties make the sharing of information related to cyber attacks both optional as well as legally challenging. Read more.
Social media platform Gab hacked
Social media platform Gab has been compromised as a hacker has accessed and acquired 70 Gb of backend data containing user posts and personal information. The data is currently possessed by a group known as Distributed Denial of Secrets who state that their plan is not to release the sensitive information to the public but to selectively allow access to reporters and journalists seeking to study or research conspiracists, militia groups, and potentially dangerous far right movements. Said users have settled in Gab en masse after a similar hack resulted in the recent dissolution of Parler, their previously favored social network. Read more.
Rail operator CSX reports Accellion-related compromise of private data
The Clop ransomware gang has reportedly shared screenshots of internal files stolen from Florida-based rail operating company CSX. The information contains personal data related to both current employees and retirees and is associated with the recent exploitation of a vulnerability in a piece of Accellion software that was nearing the end of its life. CSX states that the breach has not had any effect on business activities or their ability to serve their clients. However, because Clop is known to use stolen information to target customers associated with their victims, those affected are encouraged to be vigilant. Read more.
Chinese hackers execute attack on Microsoft Exchange Server
Cyber security firm Volexity has determined that Chinese state-sponsored hackers have exploited vulnerabilities within Microsoft Exchange Server to gain access to email accounts which they used to install malicious code. The installed malware was then used to gain long term access to private information. The Microsoft Threat Intelligence Center has determined the attack to have been carried out by China-based hacking group Hafnium. Research has shown that the attacks may have been taking place since January 6th. Read more.
Accellion breach impacts Malaysia Airlines
Members of Malaysia Airlines’ Enrich frequent flyer program have had sensitive data exposed in a breach related to an attack on a piece of vulnerable Accellion software. The airline states that the names, birth dates, membership numbers, gender, and contact information have been compromised, but that payment card and reservation/itinerary data was not at risk. While the attack did not affect the airline’s main IT infrastructure and there is not yet any evidence of personal data being used maliciously, Enrich members are still being encouraged to change their passwords as a precaution. Read more.
Arizona city computers locked down due to cyberattack
The FBI is investigating a cyberattack carried out against the city of Kingman, Arizona, which has resulted in a precautionary total shutdown of the city’s computer systems. While email is down, employees must conduct business and communication by telephone. Emergency fire and police dispatch phone lines are still functional and residents will not suffer late fees if they are unable to pay their bills on time due to the hack. The incident is symptomatic of an increase in hacks and ransomware attacks targeting small government networks due to their relative lack of security. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402