Cybersecurity news provided by NetworkTigers on Monday, 10 May 2021.
SAN MATEO, CA — Cyberattack shuts down major fuel pipeline, medical administrative service attacked with ransomware, researchers hack Tesla using drone, Florida teen who hacked homecoming votes charged with felony, old routers putting millions in the U.K. at risk of being hacked, Illinois Attorney General’s office computers remain locked a month after attack, financial institution reports December data breach, report highlights importance of data security for ecommerce sites, Portland students unable to access online classes due to cyberattack, Alaska court suffers cyberattack and goes offline, Scripps Health takes patient services offline after ransomware attack.
Cyberattack shuts down major fuel pipeline
Colonial Pipeline, a top U.S. fuel pipeline operator, has had to take their network down due to a ransomware attack that is sure to disrupt a key component to the country’s infrastructure. Colonial Pipeline has contacted third party cybersecurity firm FireEye Mandiant and alerted law enforcement about the breach. The federal government is also working to assist with regard to this issue. Currently, it is unclear who is responsible for the attack. Read more.
Medical administrative service attacked with ransomware
CaptureRX, a Texas-based healthcare administrative service, fell victim to a ransomware attack that exposed the private health information of over 24,000 people. CaptureRX is currently still unclear as to how much data has been exposed and what the final tally of affected individuals will be. Data accessed by the attackers includes names, dates of birth, prescription information, and medical record numbers. No data misuse has been witnessed thus far and those affected by the breach are encouraged to keep a close eye on their personal accounts. Read more.
Researchers hack Tesla using drone
Security researchers, as part of last year’s “Pwn2Own2020” hacking competition, were able to gain remote control of a Tesla’s infotainment system using a drone that was flying over the car. While taking control of the automobile’s infotainment did not provide access to the driving mechanisms of the car, it did allow access to a multitude of other features like door locks, power door options, radio, climate control, power seats, and more. Tesla was aware of the testing and has since patched the vulnerability that allowed the hack to occur. Read more.
Florida teen who hacked homecoming votes charged with felony
A teenager in Florida is facing felony charges after allegations that she and her mother hacked into the accounts of Pensacola high school students in order to cast fake votes for her as homecoming queen. The teen, according to interviews with other students, bragged about using her mother’s FOCUS account, a system that the school uses to manage information, to cast votes for herself under the names of other students. The county’s State Attorney’s office has stated that the teen is to be tried as an adult. Read more.
Old routers putting millions in the U.K. at risk of being hacked
U.K. consumer watchdog Which? has released a report that claims that two thirds of the 13 most popular router models supplied by ISPs contain security flaws that put users at risk. They estimate that up to six million users may be using devices that have not been updated since 2018. It is suggested that ISPs may be reluctant to push updates to their routers for fear of the hardware failing. Read more.
Illinois Attorney General’s office computers remain locked a month after attack
A ransomware attack carried out against the Attorney General’s office of Illinois a month ago is still being felt, as staff email accounts affected by the attack remain unusable. The FBI has been investigating the incident, at this point believing that hacking group “Dopple Paymer” may be responsible. The Attorney General’s office has enlisted third party assistance in attempting to rebuild their network, but the work has been slow going. Part of the problem, according to the state’s IT Committee, is that Illinois has had a difficult time enlisting top tier experts for their cybersecurity roles with most people opting to work for higher pay in the private sector. Read more.
Financial institution reports December data breach
Financial institution AmeriFirst Financial Inc. has issued a warning to customers that it suffered a data breach in December of last year. The breach was discovered on April 12, 2021, and is reported to have accessed the bank’s data from December 2 through December 10. Information accessed includes Social Security numbers, bank account numbers, tax ID numbers, IRS numbers, passport information, and more. A forensic investigation into the incident is underway. Read more.
Report highlights importance of data security for ecommerce sites
A report published by PYMNTS contains information that underscores the importance of maintaining proper security surrounding the data kept by online retailers as well as the critical nature of consumer confidence in them doing so. According to the report, 65% of consumers say that they would abandon an ecommerce site if it was found to have been compromised even once. 57% of online shoppers say that they are more worried now about online privacy than they were prior to the pandemic. Read more.
Portland students unable to access online classes due to cyberattack
Students of Portland, Oregon’s Centennial School District were unable to access online learning and forced to use paper packets after a malware attack knocked their school offline a week ago. It is believed that only a ransomware attack would have the power to cripple the school’s network in a way that would result in such a slow recovery, although the school has not yet confirmed the nature of the attack. With staff email down indefinitely, communication continues to be an obstacle the school has yet to overcome amidst their efforts. Read more.
Alaska courts suffer cyberattack and goes offline
After discovering that a hacker had tried to insert malware on court computers, Alaska’s court has had to disconnect its servers. As a result, many court cases aren’t available online and hearings are currently taking place over the phone. There is currently no indication that private information was stolen and motives pertaining to the attack are speculative. Online access is expected to be restored within the next few days. Read more.
Scripps Health takes patient services offline after ransomware attack
While outpatient urgent care and emergency services remain open, San Diego’s Scripps Health has had to cancel appointments and take other services offline after the company experienced an “information technology security incident.” The offices are resorting to “offline documentation methods” to continue some on-site patient care. While Scripps has thus far publicly downplayed the incident, an internal memo has revealed that the company has suffered a ransomware attack. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402