At a glance.
- Notification delayed by email issues.
- Sturdy Memorial Hospital reports data incident.
- SmiNet breached.
- US police departments sustain ransomware attacks.
Email glitch delayed Accellion FTA patch notifications.
The December cyberattack on tech firm Accellion impacted dozens of companies that used the popular Accellion FTA, an online file sharing and hosting appliance. The Reserve Bank of New Zealand, the Australian Securities and Investments Commission, the University of Colorado, Singapore's telecommunications firm Singtel, and the grocery chain Kroger were just a few of the victims. Now, the Record by Recorded Future reports that a malfunctioning email tool delayed efforts to notify Accellion customers of patches for the zero-day vulnerability that led to the hack.
Patches were released as early as December 20, mere days after the intrusion was detected, but according to the Reserve Bank of New Zealand, employees were not immediately notified that patches were available. A report from the Bank released Monday states, “The email tool used by the vendor, however, failed to send the email notifications, and consequently the Bank was not notified until January 6, 2021.” Many customers were left unaware that a fix was available (or, for some, that an attack had even occurred) until the press reported it in January, giving the attackers additional weeks of unfettered access to the exposed data. While the FTA appliance was retired in April, the report, compiled by auditing firm KPMG, should inform the impacted companies’ investigations as they continue their own remediation efforts.
US hospital hit by ransomware attack.
Sturdy Memorial Hospital, located in the US state of Massachusetts, disclosed that it had suffered a cyberattack in February that might have exposed patient data, WJAR reports. According to a statement on the hospital’s website, the attackers demanded a ransom which the hospital paid: "In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed.” The hospital is notifying patients whose data was potentially compromised.
Swedish infectious disease database breached by intruder.
Security Week reports that the Swedish Public Health Agency was forced to shut down SmiNet, the agency’s infectious disease database, last week after multiple attempts from an intruder to gain unauthorized access. The database, which includes data on COVID-19 cases, was brought back online over the weekend with tighter security restrictions, but it is still unclear whether the hacker obtained any sensitive data. The agency has notified the necessary authorities and has begun an investigation.
Two more US police departments suffer data exposure during ransomware attacks.
Police departments in Azusa, California, and Clearfield, Pennsylvania, have disclosed unrelated ransomware attacks that resulted in data breaches, Tech Nadu reports. The Azusa Police Department warned citizens to be alert for signs that their personal data were being used for fraud. An unauthorized party accessed databases containing “Social Security numbers; driver's license numbers; California identification card numbers; passport numbers; military identification numbers; financial account information; medical information; health insurance information; and/or information or data collected through the use or operation of an automated license plate recognition system.”
The Clearfield Borough Police Department was taunted on the MarketoLeaks site about an allegedly successful ransomware attack. GovInfoSecurity wonders, not on the strength of these two incidents alone, whether ransomware attacks have now become common enough, and damaging enough, to impede criminal prosecution.
Ilia Kolochenko, Founder of ImmuniWeb and a member of Europol Data Protection Experts Network, doesn’t think we’re seeing coordinated attacks on police departments, at least not yet:
“These attacks seem to be uncoordinated and do not target police departments specifically. The ransomware pandemic is, however, rapidly becoming out of control, smashing critical national infrastructure, governmental entities and law enforcement agencies. Most ransomware attacks also involve stealth exfiltration of top-secret governmental data or priceless trade secrets that are later resold on the Dark Web to state-backed hacking groups who may leverage the stolen information, among other things, for sophisticated economic espionage campaigns or interference with elections.
“Most of the victims have significant flaws in their cybersecurity strategy. Many large organizations still have incomplete data and asset inventory, outdated and vulnerable software on hosts accessible from the internet and misconfigured public cloud exposing terabytes of confidential data. Few organizations properly maintain and follow information security management policies and procedures, eventually falling victims to cybercriminals who aptly exploit their disorganization. The newly enacted cybersecurity legislation should educate, encourage and enable data protection rather than punish the would-be victims. Government should allocate additional cybersecurity budget for information security improvement programs for the private sector, [and] promote sustainable cybersecurity management by implementing such standards as ISO 27001 or NIST SP 800-53.”