Cybersecurity news provided by NetworkTigers on Monday, 24 May 2021.
CLAREMONT, CA — CISA and FBI release joint cybersecurity advisory on DarkSide ransomware, CNA Financial allegedly paid $40 million ransom, Air India suffers breach of passenger information, Alaska’s Department of Health and Social Services website under attack, Carolina healthcare specialist succumbs to ransomware, Ireland’s health system reels after cyberattack, more ransomware sites disappearing after Colonial Pipeline hack, surveillance camera privacy breach shows video feeds to complete strangers, popular cybercrime forum to ban ransomware activity, cybersecurity firm hacked.
CISA and FBI release joint cybersecurity advisory on DarkSide ransomware
CISA and the FBI have released an advisory detailing precautionary and mitigatory measures with regard to DarkSide ransomware in the wake of the hack of the Colonial Pipeline. The statement contains recommendations as simple as enabling multi-factor identification to more advanced security protocols to be implemented by IT administrators. Victims of the ransomware are instructed to immediately report attacks to CISA. Read more.
CNA Financial allegedly paid $40 million ransom
CNA Financial, after suffering a cyberattack in March of this year, reportedly paid ransomware group Phoenix a sum of $40 million to regain control of their network according to those familiar with the incident. The company allegedly attempted to take back its computer systems, but after a week of failure began to negotiate with the attackers. CNA is not officially commenting on whether or not the ransom was paid, as doing so would draw criticism from those who do not want to encourage further attacks by making them profitable. Read more.
Air India suffers breach of passenger information
According to a statement from Air India, the airline has suffered a data breach that has exposed passenger information from as far back as 2011. The airline said that there is n o evidence that any data was misused. At risk data included birth dates, contact information, passport information, ticket information, and credit card data. The airline has contacted those affected and is encouraging them to reach out for more information about the breach. Read more.
Alaska’s Department of Health and Social Services website under attack
Alaska’s Department of Health and Social Services (DHSS) has reported that disruptions on their website are the result of an investigation into a cyberattack. It is currently not known what the nature of the attack was, who was responsible, or whether or not it may be connected to other recent attacks within the state. The department is currently working to maintain continuation of services as the inquiry unfolds. Read more.
Carolina healthcare specialist succumbs to ransomware
Allergy Partners, a North Carolina healthcare specialist, has started sending notices to an undisclosed number of patients revealing that their information was compromised in a ransomware attack on the company. The attackers demanded $1.75 million in exchange for stolen information that includes Social Security numbers, names, addresses, and clinical information. An FBI investigation into the breach is ongoing. Read more.
Ireland’s health system reels after cyberattack
Ireland’s healthcare system is feeling the consequences of a ransomware attack that forced officials to shut down its entire IT system. Thousands of appointments have been canceled or delayed as a result of the shutdown, and workers are struggling to maintain records and see patients in the absence of a fully functioning network. Irish officials have stated that they are refusing to pay the $20 million ransom demanded by Conti, a Russian ransomware gang associated with the attack. The gang has threatened to begin releasing stolen information unless payment is made. Read more.
More ransomware sites disappearing after Colonial Pipeline hack
Hacker groups known as “AKO” and “Everest” have apparently taken down their websites, leading some experts to believe that there is a concerted effort on the part of hacker/ransomware sites and forums to turn down the temperature following increased pressure from the U.S. government. While it is unclear what the motivations may be, or if the sites were taken down willingly or by law enforcement, both ransomware gangs REvil and Avaddon have released statements saying that they would move forward steering clear of government agencies, healthcare organizations, and the nonprofit sector. Read more.
Surveillance camera privacy breach shows video feeds to complete strangers
A tremendous privacy breach affecting smart home device creator Eufy resulted in strangers seeing video feeds from other peoples’ homes through the company’s app. Eufy has since corrected the bug, issuing a statement that says that only .001% of their users were affected and the breach was fixed in about an hour. The issue reportedly arose from a server upgrade and affected users in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Read more.
Popular cybercrime forum to ban ransomware activity
Russian language hacker and cybercrime forum XSS has issued a post that states that all ransomware activity is to be banned from the site due to increased governmental scrutiny and ideological differences in the wake of the recent wave of high profile ransomware attacks. The turn of events is not without irony for XSS, as ransomware gangs such as DarkSide, REvil, and Babuk have all benefited from recruiting new members on the forum. Read more.
Cybersecurity firm hacked
Cybersecurity firm Rapid7 has reported that it has suffered a data breach resulting in a compromise of part of its source code as well as its customer data. The company was one of hundreds potentially impacted by a cyberattack against Codecov, an organization that provides code coverage and testing tools. Impacted users were notified via email of the breach and concluded via forensics research that the scope of the breach was very limited. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402