AT&T Alerts 9 million Customers of Data Breach After Vendor Attack
Article Link: https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/
- AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January, exposing Customer Proprietary Network Information (CPNI).
- According to AT&T, the data exposed includes customer first names, wireless account numbers, wireless phone numbers, and email addresses for all 9 million impacted. Additionally, a smaller percentage of this number had exposure of rate plan name, past due amount, monthly payment amount, and various charges and/or minutes used. Per AT&T, the data was several years old.
- It was noted that AT&T’s systems weren’t compromised in this incident. Customers are advised to toggle off CPNI data sharing on their accounts by making a CPNI Restriction Request to reduce exposure risks in the future if AT&T uses it for third-party vendor marketing purposes.
Cyberattacks on School Districts, Like the One in Minneapolis, are on the Rise
- Cyberattacks, like the one that paralyzed the Minneapolis Public Schools’ computer systems in late February, are becoming a growing threat to school districts, prompting a dramatic rise in cyber liability insurance premiums and a scramble to figure out what can be done to secure student and staff data.
- School districts face a variety of unique challenges, including providing thousands of school-issued devices used by children, widespread staffing issues, and limited budgets. Additionally, the increasing cost of cyber liability insurance has surged, further stretching the limits of school district IT teams. The article specifically noted a cyber insurance increase of $21,000 for the Minneapolis Public School district and nearly a $60,000 increase for the St. Paul Public School district.
- In addition to having limited resources available, many school districts are prime targets for bad actors due to the sensitivity of the data they hold. Districts have confidential files with contact information for employees and students, financial records, student health and psychological assessment data, civil rights investigation records, and files on sexual violence allegations all of which put school districts into a difficult position, should these records be released publicly.
How CISOs can do More with Less in Turbulent Economic Times
Article Link: https://www.csoonline.com/article/3689814/how-cisos-can-do-more-with-less-in-turbulent-economic-times.html
- Despite the appearance that cybersecurity is recession-proof, CISOs should anticipate budget reductions and be ready to do more with less as circumstances dictate. This includes trimming security waste, maximizing resources, and mitigating risk across critical business resources.
- Tips provided in the article include reducing duplication in security tools, aligning goals with the goals of the CFO, and doing more with what already exists in your environment.
Hard-Coded Secrets Up 67% as Secrets Sprawl Threatens Software Supply Chain
Article Link: https://www.csoonline.com/article/3689892/hard-coded-secrets-up-67-as-secrets-sprawl-threatens-software-supply-chain.html
- According to GitGuardian’s State of Secrets Sprawl 2023 report, the number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022.
- Hard-coded secrets and secrets sprawl pose significant threats to the security of software supply chains. The exposure of these secrets, which can be lost to subcontractors or stolen by bad actors, can lead to DDoS attacks and enhance the risk of CI/CD pipelines.
- Tips for limiting secrets include monitoring commits and merge/pull requests in real-time, enabling pre-receive checks to harder central repositories, developing a strategy for addressing incidents discovered through historical analysis, and implementing a secrets security champion program.
- Link to GitGuardian’s Report: https://www.gitguardian.com/state-of-secrets-sprawl-report-2023?ref=gitguardian-blog-automated-secrets-detection
What Happens If You “Cover Up” a Ransomware Infection?
Article Link: https://www.theregister.com/2023/03/10/sec_blackbaud_3m_penalty/
- Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which hackers stole more than a million files on around 13,000 of the cloud software company’s customers.
- Specifically, Blackbaud denied that cybercriminals had access to personal data, such as bank account information and social security numbers. Despite this claim, Blackbaud personnel discovered that unencrypted bank account information and social security numbers were accessed. Employees allegedly didn’t tell senior management about the theft because Blackbaud “did not have policies or procedures in place designed to ensure they do so,” according to court documents.
- As a result, Blackbaud omitted this information regarding the incident’s scope when they reported it to the SEC. A month after reporting to the SEC, Blackbaud amended their report to say that criminals “may have accessed some unencrypted” customer banking information. Likewise, Blackbaud continues to neither confirm nor deny that they were breached to the degree that likely occurred.
Microsoft: Business Email Compromise Attacks can take Just Hours
Article Link: https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/
- Microsoft’s Security Intelligence team recently investigated a BEC attack and found that attackers move rapidly, with some steps taking mere minutes and attacks being completed in just a few hours.
- Based on analysis of a BEC incident, the time from first sign-in to deletion of the final sent email took only 127 minutes to complete.
- Link to Microsoft’s Blog Post: https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/xdr-attack-disruption-in-action-defending-against-a-recent-bec/ba-p/3749822
Young Government Workers Show Poor Password Management Habits
Article Link: https://www.helpnetsecurity.com/2023/03/10/government-workers-cybersecurity-risks/
- According to a report from Ivanti, which surveyed more than 800 government workers globally, 70% of government employees reported working virtually at least some of the time.
- Additionally, many government workers expressed a “not my job” attitude towards security risk. Specifically, 34% of respondents don’t believe their actions impact their organization’s ability to stay safe, 17% don’t feel safe reporting security mistakes to the cybersecurity team, 36% didn’t report a phishing email they received at work, and 21% don’t care if their organization is hacked.
- Last, the survey highlighted that Gen Z and Millennial workers aren’t necessarily better at password security and mismanagement. The report noted that younger workers are more than twice as likely to reuse passwords between work and personal accounts and across multiple devices.
- Link to Ivanti’s Report: https://www.ivanti.com/company/press-releases/2023/new-ivanti-report-finds-that-with-70-of-government-employees-working-virtually-at-least-some-of-the-time-government-organizations-underprepared-for-effects-of-hybrid-work-and-new-vulnerabilities
Medusa Ransomware Gang Picks Up Steam as it Targets Companies Worldwide
Article Link: https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/
- A ransomware operation known as Medusa, which started in 2021, has begun to pick up steam in 2023, targeting corporate victims and school districts, like the Minneapolis Public Schools, worldwide with million-dollar ransom demands.
- Like most ransomware operations, Medusa has a data leak site named ‘Medusa Blog.’ This site is used as part of the gang’s double-extortion strategy, where they leak data of victims who don’t pay. They’ve also sent out screen recordings of the data they’ve stolen to add ransom payment pressure.
- The breaches published offer three different paid options relating to the ransomed files. These include options to delay the release of data, delete the data, and download the data.
Microsoft to Boost Protection Against Malicious OneNote Documents
Article Link: https://www.helpnetsecurity.com/2023/03/10/protection-malicious-onenote-documents/
- Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document, a known high-risk phishing file type.
- As a result of Microsoft starting to block VBA macros from running by default last summer, bad actors have tried to find different ways to exploit unsuspecting victims. Among other techniques, the use of malicious OneNote documents has risen as a popular attack vehicle.
- Microsoft stated that, “Users will receive a notification when the files seem dangerous to improve the file protection experience in OneNote on Windows.” However, it is unclear exactly what this notification will look like or how it will determine what is truly dangerous.
- Link to Microsoft 365’s Roadmap: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=122277