Project Hyphae
Search

Information Security News 2-20-2023

Share This Post

Phishing Scam Cost Small Ohio City $219,000, Finance Director His Job

Article Link: https://www.usatoday.com/story/news/nation/2023/02/17/hilliard-ohio-fires-finance-director-phishing-scam/11282093002/

  • In December, emails from a fake paving company landed in the inbox of an accounting assistant working for a Columbus, Ohio suburb with the goal of having the assistant change the vendor’s routing information.
  • Shortly after the phish was received, the city paid $218,992.06. While routing number changes regularly occur, city officials noted that there is a verification protocol that typically occurs but was not followed in this instance.
  • Following the payout, the city’s finance director waited 35 days to inform city leadership about the incident. The finance director has since been fired, presumably due to waiting over a month to notify city personnel, and the assistant has resigned. Additionally, the impacted city has filed an insurance claim to recoup the lost money; however, it is currently unclear what will be covered by insurance.

GoDaddy: Hackers Stole Source Code, Installed Malware in Multi-Year Breach

Article Link: https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/

  • GoDaddy discovered a security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains. Upon further investigation, it was identified that the attackers had access to the company’s network for multiple years.
  • The subsequent investigation has determined that source code was stolen, and malware was installed on servers.
  • GoDaddy highlighted that the multi-year campaign was tied to previous breaches, such as ones disclosed in November 2021 and March 2020. GoDaddy is still trying to determine the root cause of the entire campaign.

Atlassian Data Leak Caused by Stolen Employee Credentials

Article Link: https://www.bleepingcomputer.com/news/security/atlassian-data-leak-caused-by-stolen-employee-credentials/

  • On February 15, Atlassian suffered a data leak after threat actors used stolen employee credentials to steal data from Envoy, a third-party vendor. The data leaked included employee records and the floor plans for Atlassian’s Sydney and San Francisco offices.
  • The hackers gained access to Envoy’s application with Atlassian employee credentials that were accidentally published to a public repository.
  • In addition to investigating the incident, Envoy and Atlassian collaborated to enhance the physical security of the sites with leaked floor plans.

Build Cyber Resiliency with These Security Threat-Mitigation Considerations

Article Link: https://www.darkreading.com/vulnerabilities-threats/build-cyber-resiliency-with-these-security-threat-mitigation-considerations-

  • Keeping up with emerging threats and challenges in 2023 can help organizations get on the path to developing a coherent security strategy.
  • The article highlights several persistent and emerging concerns for security teams. These include the increase in cyberattacks and evolution of tactics, increases in supply chain risks, the emergence of data-well poisoning attacks, and the continual changes in the overarching tech, threat and regulatory environments.
  • Despite the variety of ever-changing issues, the article discusses what organizations should focus on when creating a security strategy to navigate the various emerging challenges. Tips include aligning security with the business strategy and expressing cybersecurity issues as business risk and not just an IT issue, determining and defining your organization’s cyber risk tolerance, and embarking on the continual journey of building cyber resiliency.

5 Biggest Risks of Using Third-Party Services Providers

Article Link: https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html

  • As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services. Despite this, the use of third-party services can also come with significant, often unforeseen, risks.
  • Risks discussed in the article include the compromise of customer and company data from cyberattacks, the financial risk from incident costs and lost business in the wake of intrusions, reputational damage and loss of customer trust from a 3rd party breach, geopolitical risk and the potentiality for services to be sanctioned by governments, and regulatory compliance risk if the 3rd parties aren’t compliant themselves.

How Security Teams Can Protect Employees Beyond Corporate Walls

Article Link: https://www.darkreading.com/vulnerabilities-threats/how-security-teams-can-protect-employees-beyond-corporate-walls

  • Bad actors are increasingly targeting employees in social engineering scams that originate on their personal networks (social media and texts), with the ultimate goal of compromising the workplace. According to Tessian, 56% of employees said they received a text message scam in the past year.
  • It’s clear that security needs to extend outside of corporate walls, but there’s an important balance that security leaders must strike to respect boundaries on employees’ personal accounts and devices.
  • The solution is two-fold. First, it is vital to develop a security culture where employees are encouraged to flag mistakes and suspicious activity, as opposed to being shamed. Second, there needs to be a level of trust and transparency between organizations and their personnel. The ability for employees to ask questions or raise concerns about personal security should be available.

High-Risk Users may be few, but the Threat They Pose is Huge

Article Link: https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

  • High-risk users represent approximately 10% (12.8%) of the worker population and are found in every department and function of the organization, according to Elevate Security research.
  • While high risk users make up a small percentage of the population of total users, they represent a significant threat to the organization. Specifically, high risk users are said to account for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure browsing incidents, and 42% of all malware events.
  • The study also suggests that the vast majority of employees aren’t considered “high risk”, contractors are typically less likely to be high risk employees, and there doesn’t appear to be a correlation between high-risk users who click on phishing simulations and those who click on real phish threats.
  • Link to Elevate Security’s study: https://elevatesecurity.com/elevate-security-and-cyentia-institute-release-third-annual-research-study-on-user-risk/


Reach out to our incident response team for help

More To Explore

Information Security News – 4/14/2025

Oracle Confirms “Obsolete Servers” Hacked Article link: https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/    Phishing Kits Now Vet Victims in Real-Time Before Stealing Credentials Article link: https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/    Neptune RAT

Marcus Cylar April 14, 2025

Information Security News – 4/7/2025

Criminal Group Claims Responsibility for Cyberattack on Minnesota Casino Article Link: https://cdcgaming.com/brief/cybersecurity-incident-at-minnesota-tribal-community-casino-prompts-shutdown/ As CISA Downsizes, Where Can Enterprises Get Support? Article Link: https://www.darkreading.com/cybersecurity-operations/roundtable-cisa-downsizes-where-can-enterprises-look-support Oracle Privately

Jo Moldenhauer April 7, 2025

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.