Last week, breaches and cyberattacks occurred across several industries from the shipping industry, banking, government to the healthcare industry. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them when possible.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Ports in Australia remain closed as Federal Police investigate a cybersecurity breach. DP World, which manages container terminals in Sydney, Melbourne, Brisbane and Fremantle, said they detected a cybersecurity incident on Friday, with ports closing that same night. It is expected for ports in Australia to remain closed for several days as the Australian Federal Police investigate the cybersecurity incident. Home Affairs Minister, Clare O’Neil said that the government has invoked the national crisis management framework (the National Coordination Mechanism), is receiving regular briefings and is “working with DP Word Australia to understand the impact of this incident and enable engagement across government”. It was also added that the Australian Signals Directorate’s Australian Cyber Security Centre is engaged with DP World, and is providing technical advice and assistance. Industrial and Commercial Bank Of China confirms ransomware attack. The Industrial and Commercial Bank of China (ICBC) confirmed their services were disrupted by a ransomware attack that impacted their systems on 8 November. This prevented the US Treasury from settling trades on behalf of other market players. ICBC stated that ICBC Financial Services disconnected and isolated impacted systems to contain the incident immediately after discovering the incident. It was also added that ICBC FS is conducting an investigation, and reported this incident to law enforcement. ICBC also highlighted that the incident did not impact the systems of the ICBC New York Branch, the ICBC Head Office, and other affiliated institutions domestically and abroad. McLaren Health Care: Data breach impacted 2.2 million people. McLaren Health Care is notifying 2.2 million people that a data breach occurred between late July and August this year and that their sensitive personal information has been exposed. McLaren published a statement on their website, alerted the U.S. authorities and impacted individuals. McLaren identified a security breach on 22 August, and investigations revealed that the breach had compromised their systems since 28 July. The exposed data includes full name, social security number, health insurance information, birth date, billing or claims information, diagnosis, physician information, medical record number, medicare/medicaid information, prescription/medication information, diagnostic results and treatment information. For each impacted individual, the specific types of exposed data differ. This depends on the type of information each shared with the organisation, and the services they received. All impacted individuals will receive an email on instructions to enrol to identity protection services for 12 months. McLaren also highly advised individuals to remain vigilant, monitor and review all financial and account statements, and to report any suspicious activity. Data breach at Singapore’s Marina Bay Sands affected the data of 650,000 lifestyle rewards members. Investigations found that an unknown third party had accessed customer data of about 665,000 non-casino reward programme members (Sands LifeStyle rewards programme members) on the 19 and 20 of October. The affected exposed data includes names, email addresses, phone numbers, country of residence, membership number and tier. In an email sent to MBS customers, chief operating officer Paul Town said that MBS “immediately took action” to resolve the issue. MBS also reported the incident to the relevant authorities in Singapore, and other countries where applicable. The resort also stated that there is no evidence so far that the unauthorised third party has “misused the data to cause harm to customers”. The State of Maine announced that the MOVEit data breach affected 1.3 million people. The State of Maine announced that their systems were breached after threat actors exploited the MOVEit vulnerability, and accessed the information of 1.3 million people, which also includes minors (which is close to the state’s population). The press release states that the State of Maine was aware of the MOVEit vulnerability on 31 May 2023, and found that cybercriminals had accessed and downloaded files belonging to certain agencies in the State of Maine between 28-29 May 2023. The exposed information includes full name, social security number, birth date, driver’s licence, state identification number, taxpayer identification number, and health insurance information. The exact data exposed for each individual varies depending on their interaction with Maine’s state agencies. The most impacted agency was Maine’s Department of Health and Human Services, which is then followed by the Maine Department of Education. Other departments affected, though to a lesser extent, are the Administrative and Financial Services, Workers’ Compensation, Bureau of Motor Vehicles, Corrections, Economic and Community Development, Professional and Financial Regulation, and Labor. The state also clarified that they delayed in notifying the public as they were conducting a thorough investigation. All affected citizens whose social security numbers or tax information was exposed will receive a free-of-charge 2 year credit monitoring and identity theft protection services. Okta confirms October data breach: 134 customers affected. Okta has confirmed details of their October breach, and reported that the incident led to 134 customers’ files being compromised or “less than 1 percent of Okta customers.” However, with so many high profile companies among Okta’s user base, 1 percent is still a concern. Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop, and this was the most likely avenue of how cybercriminals gained access to Okta’s systems via the compromise of the employee’s personal Google account or personal device. Okta troubles continued this week, as they also admitted that a third-party breach exposed records belonging to nearly 5,000 current and former employees. TransForm, a shared service provider, states that ransomware data breach affects 267,000 patients. TransForm, a shared service provider, published an update and clarified that it was a ransomware attack that recently impacted operations in multiple hospitals in Ontario, Canada. TransForm confirms that the attackers managed to steal a database containing information on 6.5 million patient visits, which corresponds to approximately 267,00 unique individuals. The ransomware attack happened in late October, and impacted 5 hospitals operating under the organisation’s umbrella. The incident caused operational disruptions, forcing healthcare providers to reschedule appointments, and redirect non-emergency cases to other clinics in the area. TransForm also emphasised that they did not pay the ransom. The organisation explained that the attackers compromised an operations file server that hosted employee data, and also the shared drive space used by the impacted hospitals. The shared drive has varying impact on the hospitals, as each opted to store different types and amounts of data in it, click here to find out more. Mr Cooper, a home loan service provider, found customers’ data exposed in data breach. Mr Cooper, the largest home loan servicer in the U.S., found evidence of customer data exposed during the 31 October cyberattack. Mr Cooper stated they are still investigating the nature of the compromised data, and will provide more information to the affected customers over the coming weeks. However, they did emphasise that customers’ financial information was not accessed as the impacted systems did not store such data. The company urged customers to monitor their credit reports and bank accounts, and to report any suspicious activity to their bank. The 31 October cyberattack forced the company to shut down their IT systems. This includes access to phone lines, support chatbot, and the online payment portal. OpenAI confirms DDoS attacks behind ChatGPT ongoing periodic outrages. OpenAi has confirmed that denial-of-service (DDoS) attacks were behind the “periodic outrages” that affected their API and ChatGPT services within the last 24 hours on 8 November. Those affected by these issues see “something seems to have gone wrong” errors, with ChatGPT adding that “There was an error generating a response” to their queries. OpenAI had said on 8 November in an update that they are working to mitigate this. As of 9 November, the incident has been resolved and status of their services have returned to normal. Sumo Logic disclose security breach: Recommends API key resets. Sumo Logic, a security and data analytics company, disclosed a security breach after finding out that their Amazon Web Services (AWS) account was compromised last week. The company detected evidence of the breach on 3 November, after discovering that an attacker used stolen credentials to gain access to a Sumo Logic AWS account. The company stated that their systems and networks were not impacted, and customer data remains encrypted. After detection, the exposed infrastructure was immediately locked down and rotated out every potentially exposed credential for their infrastructure. They also added extra security measures to further protect their systems. Sumo Logic highly advised customers to rotate credentials used to access its services or any credentials shared with Sumo Logic for accessing other systems. Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks. Threat actors are exploiting a zero-day vulnerability (identified as CVE-2023-47246) in SysAid, a service management software, to gain access to corporate servers for data theft and to deploy Clop ransomware. This vulnerability was discovered on 2 November after hackers exploited it to breach on-premise SysAid servers. The Microsoft Threat Intelligence team discovered the exploitation of the vulnerability and notified SysAid about the issue. After learning of the vulnerability, SysAid developed a patch for the vulnerability, which is available in a software update. All SysAid users are strongly advised and recommended to switch to version 23.3.36 or later. They also recommend conducting a thorough compromise assessment of their SysAid server, and reviewing any credentials or other information that would have been available to someone with full access to their SysAid server and checking any relevant activity logs for suspicious behaviour. A list of indicators of exploitation can be found here. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|