Massachusetts Town Loses $445,000 in Email Scam
Article Link: https://statescoop.com/massachusetts-town-loses-445000-email-scam/
- Recently, the town of Arlington, MA, a suburb of Boston, reported the theft of over $445,000 via a business email compromise (BEC) attack. It was noted that allegedly no additional sensitive data was taken, and that the town’s bank was able to recover $3,308 of the stolen funds.
- According to Arlington’s town manager, the incident was the result of threat actors compromising the email accounts of one or more town employees. The hackers leveraged email filtering rules and email deletion to remain undetected and coerce the town to change a vendor’s payment information while the town and the vendor resolved a legitimate payment issue in late 2023.
- The town was made aware of the incident in January 2024 after the vendor informed the town of three months of unpaid invoices. During the investigation, it was identified that the threat actors tried to intercept other wire payments, totaling $5 million, but these attempts failed.
Exploit for Veeam Recovery Orchestrator Auth Bypass Available, Patch Now
Article Link: https://www.bleepingcomputer.com/news/security/exploit-for-veeam-recovery-orchestrator-auth-bypass-available-patch-now/
- Recently, an independent security researcher developed a proof-of-concept exploit that allows malicious users to bypass authentication to access the Veeam Recovery Orchestrator (VRO) service.
- Veeam reported that threat actors would need to already know the exact username, role of the account, and have an active VRO UI access token to effectively leverage the exploit.
- However, the researcher who developed the exploit highlighted that this information is relatively easy to acquire. Specifically, VRO only has five role options that can be assigned, the SSL certificates obtained by connecting to endpoints offer up domain-related clues to determine usernames, and the exploit created rotates between possible role and username options while generating access tokens.
- Link to Veeam’s Bulletin: https://www.veeam.com/kb4585
Student’s Flimsy Bin Bags Blamed for Latest NHS Data Breach
Article Link: https://www.theregister.com/2024/06/13/nhs_bin_bag_data_breach/
- According to an announcement from the United Kingdom’s NHS, several sensitive medical documents were discovered by a passerby in the back alley of a Newcastle suburb.
- The NHS reported that the data leak was the result of a medical student, who was completing a clinical placement, improperly disposing of sensitive documents.
- It was noted that at least two patients had documents leaked as part of the data exposure, with at least one of the documents marked as “Private and Confidential.” The NHS declined to comment on whether or not the medical student has or will face any repercussions for the incident.
Phishing, BEC Attackers Target Candidates in Local Election, Among Others
Article Link: https://news.sophos.com/en-us/2024/06/13/election-phishing-campaign/
- The article looks at the threat of phishing and BEC attacks in both Federal elections and local elections. Specifically, the author provides insight from their local school board election.
- As one may expect, people who run for public offices are required to divulge important information, such as their name, phone number, and email address to the public through documents like a notice of intent to be a candidate.
- As the article emphasizes, threat actors will often leverage public information to send out phishing emails, some of which may contain malicious PDFs or other suspicious documents, in an attempt to compromise potential candidates. As a result, the article highlights the importance of vigilance, leveraging multifactor authentication and password managers, and separating out personal contact information from campaign contact information.
- Link to CISA’s Election Security Resources: https://www.cisa.gov/topics/election-security
Cyber Insurance Isn’t the Answer for Ransom Payments
Article Link: https://www.helpnetsecurity.com/2024/06/07/ransomware-attacks-impact-cost-on-organizations/
- According to a report from Veeam, who surveyed 1,200 organizations that suffered at least one cyberattack within 12 months of the survey, ransomware was the greatest source of unplanned IT outages and downtime and impacted 3 out of 4 organizations in 2023.
- Veeam also noted that 81% of organizations paid a ransom, 86% had some form of cyber insurance and 65% paid with their insurance. Veeam suggests that just because organizations have cyber insurance doesn’t mean they will (or can) use it in every circumstance.
- In addition to a variety of other statistics within the report, Veeam also noted that 63% of organizations are at risk of reintroducing infections while recovering from ransomware due to the possibility of key recovery steps being skipped.
- Link to Veeam’s Report: https://www.veeam.com/news/ransomware-continues-to-cause-mayhem-as-victims-are-unable-to-recover-43-percent-of-affected-data.html
Mastering the Tabletop: 3 Cyberattack Scenarios to Prime Your Response
- Many organizations have developed incident response and business continuity plans. However, without running tabletop exercises, an organization can never truly know how they would enact their plans and respond to an incident.
- The article references CISA’s Tabletop Exercise Packages (CTEPs) and highlights three key scenarios for organizations to potentially practice with.
- Specifically, the article looks at a compromised open-source software (OSS) package scenario, a ransomware attack and response scenario, and an insider threat scenario.
- Link to CISA’s Tabletop Information: https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages
Upleveling the State of SMB Cybersecurity
Article Link: https://www.securityweek.com/upleveling-the-state-of-smb-cybersecurity/
- Seventy-six percent of small and medium businesses (SMBs) stated that they lack the in-house skills to properly deal with cybersecurity issues and ninety-four percent noted having previously suffered a cybersecurity attack, according to a report from ConnectWise who surveyed 700 IT and business decision makers at SMBs in the U.S., U.K., Canada, Australia, and New Zealand.
- The article expands upon ConnectWise’s findings by outlining a number of security challenges that SMBs face. Several issues include limited resources, sophisticated threats, and regulatory compliance.
- Additionally, the article discusses what to look for when searching for a good managed service provider (MSP) to help reduce the challenges that SMBs face. Several key considerations include transparency and reporting, partnership and communication, and the MSP’s technology and tools.
- Link to ConnectWise’s Report: https://www.connectwise.com/company/press/releases/connectwise-research-finds-78-of-smbs-concerned-a-cyber-attack-could-put-their-organizations-out-of-business
DORA Compliance Strategy for Business Leaders
Article Link: https://securityaffairs.com/164535/laws-and-regulations/dora-compliance-strategy-for-business-leaders.html
- In January 2025, the Digital Operation Resilience Act (DORA) will start being regulated in the European Union. DORA applies cybersecurity requirements on all financial and insurance organizations operating within the European Union as well as any third-party information and communication technology (ICT) partners, including partners based in the United States.
- DORA contains five key compliance pillars that organizations must follow. These include ICT risk management and governance, incident reporting, digital operational resilience testing, third-party risk management, and information sharing.
- While the regulations include considerations for non-EU third parties, many outside articles note that enforcement may vary due to the nature of territorial outlining that accompanies most regional regulations applied to global organizations.
- Link to DORA’s Full Text and the EU’s Additional Information: https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en
- Link to Additional Information: https://www.upguard.com/blog/what-is-the-digital-operational-resilience-act