Project Hyphae

Information Security News 3-13-2023

Share This Post

AT&T Alerts 9 million Customers of Data Breach After Vendor Attack

Article Link:

  • AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January, exposing Customer Proprietary Network Information (CPNI).
  • According to AT&T, the data exposed includes customer first names, wireless account numbers, wireless phone numbers, and email addresses for all 9 million impacted. Additionally, a smaller percentage of this number had exposure of rate plan name, past due amount, monthly payment amount, and various charges and/or minutes used. Per AT&T, the data was several years old.
  • It was noted that AT&T’s systems weren’t compromised in this incident. Customers are advised to toggle off CPNI data sharing on their accounts by making a CPNI Restriction Request to reduce exposure risks in the future if AT&T uses it for third-party vendor marketing purposes.

Cyberattacks on School Districts, Like the One in Minneapolis, are on the Rise

Article Link:

  • Cyberattacks, like the one that paralyzed the Minneapolis Public Schools’ computer systems in late February, are becoming a growing threat to school districts, prompting a dramatic rise in cyber liability insurance premiums and a scramble to figure out what can be done to secure student and staff data.
  • School districts face a variety of unique challenges, including providing thousands of school-issued devices used by children, widespread staffing issues, and limited budgets. Additionally, the increasing cost of cyber liability insurance has surged, further stretching the limits of school district IT teams. The article specifically noted a cyber insurance increase of $21,000 for the Minneapolis Public School district and nearly a $60,000 increase for the St. Paul Public School district.
  • In addition to having limited resources available, many school districts are prime targets for bad actors due to the sensitivity of the data they hold. Districts have confidential files with contact information for employees and students, financial records, student health and psychological assessment data, civil rights investigation records, and files on sexual violence allegations all of which put school districts into a difficult position, should these records be released publicly.

How CISOs can do More with Less in Turbulent Economic Times

Article Link:

  • Despite the appearance that cybersecurity is recession-proof, CISOs should anticipate budget reductions and be ready to do more with less as circumstances dictate. This includes trimming security waste, maximizing resources, and mitigating risk across critical business resources.
  • Tips provided in the article include reducing duplication in security tools, aligning goals with the goals of the CFO, and doing more with what already exists in your environment.

Hard-Coded Secrets Up 67% as Secrets Sprawl Threatens Software Supply Chain

Article Link:

  • According to GitGuardian’s State of Secrets Sprawl 2023 report, the number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022.
  • Hard-coded secrets and secrets sprawl pose significant threats to the security of software supply chains. The exposure of these secrets, which can be lost to subcontractors or stolen by bad actors, can lead to DDoS attacks and enhance the risk of CI/CD pipelines.
  • Tips for limiting secrets include monitoring commits and merge/pull requests in real-time, enabling pre-receive checks to harder central repositories, developing a strategy for addressing incidents discovered through historical analysis, and implementing a secrets security champion program.
  • Link to GitGuardian’s Report:

What Happens If You “Cover Up” a Ransomware Infection?

Article Link:

  • Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which hackers stole more than a million files on around 13,000 of the cloud software company’s customers.
  • Specifically, Blackbaud denied that cybercriminals had access to personal data, such as bank account information and social security numbers. Despite this claim, Blackbaud personnel discovered that unencrypted bank account information and social security numbers were accessed. Employees allegedly didn’t tell senior management about the theft because Blackbaud “did not have policies or procedures in place designed to ensure they do so,” according to court documents.
  • As a result, Blackbaud omitted this information regarding the incident’s scope when they reported it to the SEC. A month after reporting to the SEC, Blackbaud amended their report to say that criminals “may have accessed some unencrypted” customer banking information. Likewise, Blackbaud continues to neither confirm nor deny that they were breached to the degree that likely occurred.

Microsoft: Business Email Compromise Attacks can take Just Hours

Article Link:

Young Government Workers Show Poor Password Management Habits

Article Link:

Medusa Ransomware Gang Picks Up Steam as it Targets Companies Worldwide

Article Link:

  • A ransomware operation known as Medusa, which started in 2021, has begun to pick up steam in 2023, targeting corporate victims and school districts, like the Minneapolis Public Schools, worldwide with million-dollar ransom demands.
  • Like most ransomware operations, Medusa has a data leak site named ‘Medusa Blog.’ This site is used as part of the gang’s double-extortion strategy, where they leak data of victims who don’t pay. They’ve also sent out screen recordings of the data they’ve stolen to add ransom payment pressure.
  • The breaches published offer three different paid options relating to the ransomed files. These include options to delay the release of data, delete the data, and download the data.

Microsoft to Boost Protection Against Malicious OneNote Documents

Article Link:

  • Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document, a known high-risk phishing file type.
  • As a result of Microsoft starting to block VBA macros from running by default last summer, bad actors have tried to find different ways to exploit unsuspecting victims. Among other techniques, the use of malicious OneNote documents has risen as a popular attack vehicle.
  • Microsoft stated that, “Users will receive a notification when the files seem dangerous to improve the file protection experience in OneNote on Windows.” However, it is unclear exactly what this notification will look like or how it will determine what is truly dangerous.
  • Link to Microsoft 365’s Roadmap:

Reach out to our incident response team for help

More To Explore

Information Security News 11-27-2023

East Texas Hospital Network Can’t Receive Ambulances Because of Potential Cybersecurity Incident Article Link: Canadian Government Discloses Data Breach After Contractor Hacks Article Link:

Information Security News 11-20-2023

PJ&A Says Cyberattack Exposed Data of Nearly 9 Million Patients Article Link: Google Workspace Weaknesses Allow Plaintext Password Theft Article Link: New York

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.