Cybersecurity news provided by NetworkTigers on Monday, 31 May 2021.
SAN MATEO, CA — Solarwinds hackers breach federal agency, FBI warns of Fortinet exploit, Avaddon ransomware increasing in aggressiveness, regulations regarding cybersecurity of pipeline operators taking effect, St. Louis parking app suffers breach, Irish health facilities remain compromised two weeks after cyberattack, third party used by Canada Post compromised, DHS to require pipeline companies to report cyberattacks, New Zealand hospitals remain offline after ransomware attack, Air India breach associated with SITA hack, Mac owners urged to update due to photo-taking malware, Tulsa residents unable to pay water bill after ransomware attack.
SolarWinds hackers breach federal agency
Russian hacking group Nobelium, responsible for last year’s far-reaching hack of SolarWinds, have reportedly hacked the U.S. Agency for International Development (USAID). The cybercriminals gained access to the agency’s email marketing account which it then used to launch a phishing scam targeting 3,000 email addresses. Microsoft, who reported the attack, has stated that it was not carried out using a vulnerability within their software, but says that the investigation into the breach is ongoing. Read more.
FBI warns of Fortinet exploit
The FBI has issued a flash warning with regard to vulnerabilities within Fortinet that are being exploited by advanced persistent threat groups. A statement from the FBI says that cybercriminals have been exploiting a FortiGate appliance to target a broad range of victims across many industries. The exploit is not new, which is causing the FBI and CISA to continue to remind users to keep their systems up to date to ensure they are patched against legacy threats. Russian hacking group Nobelium, responsible for last year’s far-reaching hack of SolarWinds, have reportedly hacked the U.S. Agency for International Development (USAID). The cybercriminals gained access to the agency’s email marketing account which it then used to launch a phishing scam targeting 3,000 email addresses. Microsoft, who reported the attack, has stated that it was not carried out using a vulnerability within their software, but says that the investigation into the breach is ongoing. Read more.
Avaddon ransomware increasing in aggressiveness
Avaddon ransomware, discovered in 2019, has remained a consistent threat but is increasing in volatility as of late. The malware has been appearing more frequently in spam and phishing campaigns. The distributors of the ransomware, notably, state that they do not support attacks on government, healthcare, or charity organizations, perhaps signaling a greater willingness to avoid federal law enforcement crackdowns. MSSP has compiled a list of mitigations to take regarding Avaddon. Read more.
Regulations regarding cybersecurity of pipeline operators taking effect
In the wake of the hack of the Colonial Pipeline, U.S. pipeline operators are now required to conduct a cybersecurity assessment. Operators are also required to report malicious cyber activity to the federal government and have a cybersecurity coordinator at the ready at all times. Failure to comply with the new regulations will result in financial penalties. The directives apply to any pipelines or gas facilities that are determined to be a critical part of the country’s infrastructure. Read more.
St. Louis parking app suffers breach
ParkLouie, an app used by St. Louis, MO residents to pay parking meters via their phones, suffered a data breach that leaked information such as addresses, phone numbers, and license plate IDs. ParkMobile, the app’s developer, says that no payment information has been leaked although they are encouraging users to change their passwords and be vigilant of scams. The breach, according to the company, took place via a third party vendor. Read more.
Irish health facilities remain compromised two weeks after cyberattack
Ireland’s HSE has stated that facilities related to radiology and laboratory work remain very compromised due to a breach that hit the agency two weeks ago. Earlier this month, the agency completely shut down its IT services following a ransomware attack that sought to pilfer data from HSE servers. No personal data has been leaked online thus far, and authorities have not disclosed who they feel is behind the attack. Read more.
Third party used by Canada Post compromised
Canada Post has disclosed to 44 of its largest business customers that Commport Communications, a third party vendor used to manage shipping data, was the victim of a cyberattack earlier in the month. The breach has exposed the data of 950,000 customers. Canada Post has contacted affected businesses and is guiding them through the next steps required to maintain safety. Read more.
DHS to require pipeline companies to report cyberattacks
In the wake of the hack of the Colonial Pipeline, which is still resulting in gas shortages in certain parts of the country, the Department of Homeland Security is issuing a mandate that requires pipeline companies to disclose any data breaches. This is in contrast to the current ruling which makes such reports voluntary. The directive is to be issued by the TSA, and is reportedly the first step in what will be a fortification of the country’s cybersecurity protocol and infrastructure. Read more.
New Zealand hospitals remain offline after ransomware attack
Five hospitals in the New Zealand district of Waikato are still offline after suffering a ransomware attack last week. Patients are urged to bring paper records and documents to their appointments, and others are being encouraged to seek alternative avenues of treatment unless they are critically unwell. Peoples’ personal information is thought to have been breached in the cyberattack, and an official statement says that there is no intention giving in to the hackers’ demands by paying the ransom. Read more.
Air India breach associated with SITA hack
Air India has disclosed that 4.5 million passengers have had sensitive data and credentials stolen. The breach, according to the airline, is the result of the hack that was carried out against SITA discovered in February. SITA is the data processor for Air India’s passenger service system, serving 90% of the world’s airlines. The information stolen in the hack covers the last decade of the carrier’s air travel. Read more.
Mac owners urged to update due to photo-taking malware
Malware discovered last year that was able to slip through Apple’s security and record Zoom meetings is at large again, this time exploiting a weakness in OS security. The malware is known as XCSSET, and while the intentions of the malware’s creator isn’t currently clear, researchers indicate that there is a great degree of interest in creating a backdoor to be utilized on Apple’s OS. Read more.
Tulsa residents unable to pay water bill after ransomware attack
The computer system for the city of Tulsa, Oklahoma has been shut down after an attempted cyberattack, according to a city spokesperson. No personal information was accessed and the system was shut down as a precautionary measure. Residents are currently unable to pay their water bills online as a result of the shutdown, and may not be able to for up to a week. Officials have stated that they know who is responsible for the attack, but have not disclosed that information. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402