Information Security News 4-8-2024

Share This Post

US Cancer Center Data Breach Impacting 800,000

Article Link: https://www.securityweek.com/us-cancer-center-data-breach-impacting-800000/

  • Recently, the cancer treatment and research organization, City of Hope, began notifying 827,149 people about a security incident that occurred in September and October 2023. The organization is based in California but has facilities across the United States.
  • According to City of Hope, the threat actors may have stolen patient contact information, dates of birth, Social Security numbers, government ID information, financial data, health insurance information, and medical history information.
  • The investigation is still ongoing, and City of Hope is offering two free years of identity monitoring.
  • Link to City of Hope’s Breach Notice: https://www.cityofhope.org/notice-of-data-security-incident
  • Link to City of Hope’s Maine Attorney General Filing: https://apps.web.maine.gov/online/aeviewer/ME/40/1bb296e2-ea79-438c-b357-28ef738a0bf6.shtml

Jackson County, MO in State of Emergency After Ransomware Attack

Article Link: https://www.bleepingcomputer.com/news/security/jackson-county-in-state-of-emergency-after-ransomware-attack/

  • Officials in Jackson County, MO disclosed that they were hit with a ransomware attack on April 2nd, which impacted several services including the Assessment, Collection, and Recorder of Deeds offices.
  • The county noted that both the Kansas City Board of Elections and Jackson County Board of Elections were not impacted by the outage. Likewise, resident financial data was not compromised due to the county leveraging a 3rd party payment service provider, Payit.
  • Jackson County’s executive declared a state of emergency as a means of expediting the ransomware response efforts. The declaration also allows the county to utilize its emergency fund to assist with the response efforts.

Federal Weather System Experiences Outage Amid Severe Weather Nationwide

Article link: https://www.nextgov.com/modernization/2024/04/federal-weather-system-experiences-outage-amid-severe-weather-nationwide/395425/

  • On April 2nd, several National Weather Service (NWS) forecast offices across the nation experienced a network outage for over five hours, likely due to a hardware failure.
  • As a result of the outage, the NWS had to switch their network services to a different data center.
  • While the event is still being investigated, it highlights an overarching goal by the NWS to move to cloud-based systems for their weather forecasting and radar as a means of increasing reliability.

US Health Dept Warns Hospitals of Hackers Targeting IT Help Desks

Article Link: https://www.bleepingcomputer.com/news/security/us-health-dept-warns-hospitals-of-hackers-targeting-it-help-desks/

  • Recently, the Department of Health and Human Services (HHS) released a warning regarding hackers actively trying to socially engineer IT help desk teams across the Healthcare and Public Health sector.
  • The threat actors launch their attacks by using spoofed local area codes to call the target organizations and then pretend to be an employee in the organization’s financial department. The bad actors then provide stolen ID verification information to the help desk and claim that they have a new smartphone and need the device to be re-enrolled with the system’s MFA.
  • The advisory noted that once access is given to payment services, the attackers redirect funds being sent into the organization to bank accounts that the hackers control. Additionally, the threat actors have been known to pose as an organization’s CFO, use typosquatted domains, and leverage AI voice cloning tools to further deceive victims and help desk members alike.
  • Several risk mitigation techniques include requiring the caller to call the help desk back to verify the employee’s request, monitoring for suspicious ACH changes, revalidating all users who have access to payer websites, leveraging in-person change requests, requiring supervisors to verify change requests, and training help desk personnel to identify and report social engineering and verify caller identities.
  • Link to HHS’ Sector Alerts: https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts

Google Chrome Aims to Solve Account Hijacking with Device-Bound Cookies

Article Link: https://www.csoonline.com/article/2084025/google-chrome-aims-to-solve-account-hijacking-with-device-bound-cookies.html

  • Google Chrome developers recently announced a new feature that is currently being developed to counter the theft of browser session cookies, which are often stolen to circumvent MFA.
  • The new feature is called “device bound session credentials (DBSC)” and will allow authenticated browser sessions to be tied to the physical device instead of the website cookies themselves. However, this new feature does not prevent local browser hijacking for active user sessions.
  • The use of DBSC is still in the testing phase, but will likely leverage either TPM chips, a dedicated portion of device memory on most modern devices, or software-based secure key storage solutions, such as virtualization-based security (VBS). Additionally, the feature will likely allow for more aggressive detection rules for websites when validating users.
  • Link to Google Chrome’s Announcement: https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html

Considerations for Operational Technology Cybersecurity

Article Link: https://thehackernews.com/2024/04/considerations-for-operational.html

  • This article looks at the convergence between OT and IT systems, highlighting the risk exposure that tools, like the Industrial Internet of Things (IIoT), poses to organizations who leverage OT.
  • While an outage to any system can be crippling, OT outages are especially impactful. OT operates in real-time where a system issue could lead to a catastrophic physical event, like a power plant failure.
  • OT also lacks a variety of basic security measures that often come standard in IT systems. These include a lack of encryption, 3rd party remote connections, and embedded or easy to guess credentials.

Security Pros are Cautiously Optimistic About AI

Article Link: https://www.helpnetsecurity.com/2024/04/05/ai-integration-cybersecurity/

  • According to a report from the Cloud Security Alliance and Google Cloud, who surveyed 2,486 IT and security professionals, 55% of respondents plan on adopting generative AI solutions within the next year and 67% have already started testing AI for security-related purposes.
  • While 63% of those surveyed believe that AI can enhance their security measures, when asked about if AI gives an advantage to defenders or attackers, 31% noted that AI is equally advantageous and 25% see it as possibly being more advantageous to bad actors.
  • Last, as AI has risen to prominence within many organizations, C-suite executives appear to be investigating the new technology for potential business cases, compared to their security teams. Specifically, 51% of C-suite executives responded stating that they have an understanding of AI use cases and 52% noted a self-reported level of familiarity with AI technologies, compared to 14% and 11%, respectively, for their staff.
  • Link to the Cloud Security Alliance’s Report: https://cloudsecurityalliance.org/artifacts/the-state-of-ai-and-security-survey-report


Reach out to our incident response team for help

More To Explore

Information Security News – 1/6/2025

Emerging Threats & Vulnerabilities to Prepare for in 2025 Article Link: https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025 These Were the Badly Handled Data Breaches of 2024 Article Link: https://techcrunch.com/2024/12/26/badly-handled-data-breaches-2024/ Biden

Information Security News – 12/23/2024

CISA Orders Federal Agencies to Secure Microsoft 365 Tenants Article Link: https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/amp/Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.