At a glance.
- Service NSW breach investigation substantially complete.
- Newcastle University incident appears to have been a DoppelPaymer ransomware attack.
- Oregon State University discloses unauthorized access to an e-learning server.
- NetWalker ransomware hits Argentina's immigration agency.
- Chile's Banco Estado suffers REvil ransomware attack.
Update on the Services NSW breach.
The Sydney Morning Herald has an update on the data breach at Service NSW: forty-seven compromised employee email accounts were used to obtain personal data of 186,000 customers and staffers. The incident has been under investigation since April, and the government now believes it has a handle on what happened. The authorities stress that "at-risk" customers are being notified by mail, not by either email or telephone, since those two modes of notification are inherently more susceptible to exploitation by scammers.
The opposition Labor Party has expressed its dissatisfaction with the way the government’s handled the affair. Labor's shadow minister for public services, Sophie Cotsis, said that Minister for Customer Service Victor Dominelllo needs to face the public and face the music for the breach. "Under Mr Dominello’s watch cybercriminals have broken into Service NSW and may have stolen people’s birth certificates, credit card details, medical records, financial information and even sensitive legal enforcement information", Ms Cotsis said, enumerating the kind of personally identifiable information believed to have been compromised.
Update on the Newcastle University cyber incident.
Newcastle University has offered additional information on the "IT incident" it's been struggling with since August 30th. Investigation and remediation are in progress, although the university says it will take "several weeks" to return systems to normal. Security Affairs reports that the incident was a DoppelPaymer ransomware attack. That, of course, must now be considered a threat to data privacy as well as availability.
Data breach at Oregon State University.
Oregon State University (OSU) disclosed late last week that it had sustained a data breach when unauthorized persons gained access to the university's E-campus server over the summer, the AP reports. About seventeen hundred students' and faculty members' data were exposed. The compromised information includes names and OSU email addresses. In some cases "personal mailing addresses and phone numbers" were also exposed.
Argentina's immigration agency suffers NetWalker ransomware attack.
BleepingComputer reports that, according to a criminal complaint filed in the incident, Argentina's immigration agency sustained a NetWalker ransomware attack that disrupted border crossings in the country on August 27th. The government says it has no intention of paying, and, again, the attackers are threatening to release information stolen during the attack, some samples of which have already appeared online. "Your data has been stolen," the ransom note reads in part.
Chilean state bank sustains a ransomware attack.
Chile's Banco Estado yesterday sustained a ransomware attack that caused it to suspend operations for a day. According to ZDNet, the strain of ransomware involved was REvil. We heard from Tony Lambert, intelligence analyst with Red Canary, who thinks the bank did many of the right things:
“In this case, Banco Estado appears to have done many things right, including properly segmenting its internal network, limiting what the hackers could encrypt. That effort protected mission-critical services to accelerate recovery time. While the affected network didn’t intersect with services like the bank's website, banking portal, mobile apps, and ATMs, it did serve humans providing essential services to bank operations.
"The incident allegedly originated from a malicious Office document received and opened by an employee. This underscores why organizations should strive to provide defense-in-depth, because it leverages such a dynamic array of techniques. Implementing strong email security controls, staying up-to-date with web application patches, and restricting administrative access are low-hanging fruit for better cyber hygiene. The best mitigating control for ransomware is a robust disaster recovery and business continuity strategy that includes backups. One recommended practice is the 3-2-1 method: make at least three copies of data, on at least two different device types, with at least one backup stored offsite.
"Additionally, not that this was the case here, but macros can be a point of vulnerability for organizations trying to thwart ransomware attacks. We don't see macros controls implemented nearly enough in these situations. If an organization doesn’t need document macros from the Internet, there are controls to explore via Microsoft Windows Group Policy Objects to restrict what macros may execute on systems.”