Minnesota Mandates Updated Cybersecurity Incident Reporting
Article Link: https://mn.gov/mnit/about-mnit/security/cir/
- Starting December 1, 2024, Minnesota public agencies and contractors must report cyber incidents affecting their operations.
- Mandated by Minnesota Statute Section 16E.36, the goal is to strengthen state protections by collecting and sharing anonymized incident data.
- Cyber incidents include any actions affecting systems or data. Reporting within 72 hours is believed to augment the State’s ability to defend digital infrastructure.
- Reports are submitted via an online form from Minnesota IT Services (MNIT), promoting collaboration to protect digital assets. The form can be found in the article link.
- Link to MN State Statute Section 16E.36: https://www.revisor.mn.gov/statutes/cite/16E.36
New York Fines GEICO $9.8 Million Over Data Breach
Article Link: https://www.reuters.com/business/finance/new-york-fines-geico-98-million-over-data-breach-2024-11-25/
- GEICO and Travelers have been fined $11.3 million by the State of New York for failing to protect the personal information of over 120,000 residents.
- Cyberattacks during the COVID-19 pandemic exploited flaws in the insurers’ online quoting systems, exposing sensitive data like driver’s license numbers. Fraudsters used the stolen information for schemes such as false unemployment claims.
- GEICO’s breach affected 116,000 individuals, and the Travelers’ breach impacted 4,000. Investigations revealed both companies violated state data protection regulations by neglecting proper security measures.
- As part of the settlement, the insurers must upgrade their security practices to better safeguard consumer data.
RansomHub Gang Says It Broke into Networks of Texas City, Minneapolis Agency
Article Link: https://therecord.media/ransomhub-cybercrime-coppell-texas-minneapolis-parks-agency
- RansomHub, a ransomware-as-a-service group, claimed responsibility for attacks on the city of Coppell, Texas, and the Minneapolis Parks and Recreation Board, disrupting critical services and exposing sensitive data.
- Active since February 2024, this group encrypts and steals data, demanding payment to prevent leaks. Over the past several months, the group has rapidly expanded, targeting multiple sectors.
- Coppell faced Internet, library, and court outages affecting 40,000 residents, while Minneapolis saw phone outages and possible breaches across 7,059 acres of parkland.
- Authorities urge businesses to stay alert with system updates, employee training, and detailed response strategies to curtail ransomware risks.
Ransomware Payments Are Now a Critical Business Decision
Article Link: https://www.helpnetsecurity.com/2024/11/28/ransomware-payment-demands/
- Ransomware attacks are hammering organizations worldwide, with most facing demands soaring past $1 million, a jaw-dropping price tag in the fight against digital extortion.
- Armed with advanced tactics like multi-factor authentication (MFA) bypasses and crafty social engineering, attackers are infiltrating systems with alarming ease. Even after paying ransoms, many victims fail to fully recover the data, and repeat attacks often come knocking.
- These relentless attacks don’t just drain wallets, they cause chaos. Organizations endure paralyzing operational disruptions, damaged reputations, and spiraling costs that leave them reeling.
- The best defense? Staying a step ahead. Organizations need to train employees, keep systems updated, and prioritize strong backup strategies to cut ransomware attackers off at the knees.
T-Mobile Shares More Information on China-Linked Cyberattack
Article Link: https://www.securityweek.com/t-mobile-shares-more-information-on-china-linked-cyberattack/
- T-Mobile thwarted an intrusion by China’s Salt Typhoon hacking group, successfully protecting customer data.
- The attackers exploited a connection through another provider’s network, but T-Mobile quickly detected unusual activity and cut off all access.
- Part of a larger espionage campaign targeting U.S. telecoms like AT&T and Verizon, this attack stresses the importance of quick responses to protect critical systems and sensitive customer data.
- T-Mobile models vigilance by working with authorities and enhancing protections to address evolving threats.
Researchers Discover First UEFI Bootkit Malware for Linux
Article Link: https://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/
- Researchers have uncovered “Bootkitty,” the first-ever Unified Extensible Firmware Interface (UEFI) bootkit targeting Linux, with a focus on certain Ubuntu configurations.
- This sneaky malware rewrites the boot process, by passing kernel checks to execute unauthorized code right from the setup.
- Once primarily a Windows problem, UEFI bootkits are now creeping into Linux territory, posing serious risks of persistent, hard-to-detect infections.
- Activate UEFI Secure Boot, stay on top of firmware updates, and follow trusted security practices to lock out this new threat.
Starbucks, Grocery Chain Hit by Blue Yonder Ransomware Attack
Article Link: https://www.securityweek.com/starbucks-grocery-stores-hit-by-blue-yonder-ransomware-attack/
- A ransomware attack on Blue Yonder disrupted operations for retailers like Starbucks and U.K. grocery chains Morrisons and Sainsbury’s.
- The attack caused system outages, forcing Starbucks to revert to old-school style operations, with pen and paper, while Morrisons and Sainsbury activated their contingency plan to maintain their operations.
- This incident shows how deeply supply chains depend on software, creating a domino effect resulting in customer displeasure and that business contingency plans do work.
- Companies should vet their vendors and prepare for the unexpected by establishing response plans to minimize the effects of future supply chain attacks.
Supply Chain Managers Underestimate Cybersecurity Risks in Warehouses
Article Link: https://www.helpnetsecurity.com/2024/11/27/warehouses-cybersecurity-concern/
- Ivanti’s “Supply Chain and Warehouse Trends in 2024 and Beyond” surveyed 800 professionals across the U.S., U.K., France, and Germany, finding many warehouses neglect digital security, leaving operations exposed.
- Increased use of Internet of Things (IoT) devices and warehouse modernizations raises risk, yet 41% of workers lack security training, enabling attacks like social engineering.
- Attacks on warehouses can halt operations, harm reputations, and disrupt supply chains, making this a pressing issue for businesses relying on seamless logistics.
- Warehouses should prioritize training, adopt strong endpoint protections, and upgrade their systems to reduce their attack surface.
- Link to Ivanti’s Survey: https://www.ivanti.com/blog/supply-chain-and-warehouse-trends-in-2024-and-beyond
U.S. Citizen Sentenced for Spying on Behalf of China’s Intelligence Agency
Article Link: https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html
- Ping Li, a 59-year-old U.S. citizen originally from China, was sentenced to four years in prison for conspiring to act as an unregistered agent for China’s Ministry of State Security (MSS).
- While working at Verizon and later Infosys, Li sent sensitive data about critics of the Chinese government and internal corporate training materials to MSS operatives using anonymous email accounts.
- This case exposes the risk of foreign influence targeting political activists and corporate entities. The U.S. Department of Justice has prosecuted over 55 cases of espionage involving Chinese operatives across 20 states since 2021.
- The U.S. government is actively prosecuting unregistered foreign agents. Companies should train employees to recognize insider threats and adopt stringent monitoring to detect suspicious activities.
Junior School Student Charged for Infecting Computers With ‘Test of Skill’ Virus
Article Link: https://cybersecuritynews.com/junior-school-student-charges-for-infecting-computers/
- A 15-year-old (14 at the time of offense) student from Saitama Prefecture, Japan was charged with creating and spreading malware, violating Japan’s Unauthorized Access Prevention Act.
- In April 2024, the student allegedly infected another student’s computer, stealing sensitive data like IDs and passwords. By October, additional malware was discovered on the student’s own device, further implicating his involvement.
- This case presents a glimpse into the increasing risks posed by cyber offenses involving young people under 18, raising serious concerns about privacy breaches, identity theft of minors, and the misuse of technology.
- Furthermore, this incident emphasizes the importance of early education on ethical technology use, proactive measures to identify and address harmful online behavior, and awareness of the consequences associated with regional laws.