At a glance.
- Ransomware hits Massachusetts ferries.
- Zeppelin ransomware implicated in Waikato incident.
- Data exposure at the Anchorage PD.
Cyberattacks targeting essential services rock the boat.
The Steamship Authority, which operates ferry service to the Massachusetts islands of Martha’s Vineyard and Nantucket, is experiencing service delays as the result of a cyberattack, Security Week reports. The Record by Recorded Future notes that the online reservation system is down and availability of credit card systems is limited, so passengers will need cash to board. As the Wall Street Journal explains, this incident is the most recent in a series of attacks targeting essential US services. New York’s Metropolitan Transportation Authority disclosed yesterday that it experienced a cyberattack in April, and fuel provider Colonial Pipeline was hit by an attack last month that forced them to pay a ransom of $4.4 million in order to restore operations. This shift from targeting retailers and financial institutions to focusing on essential service providers indicates threat actors are finding it more lucrative to hold operations (instead of data) hostage. “Pharmaceuticals, hospitals, healthcare, public companies, organizations that don’t have the talent and skills to defend themselves—they’re getting sucker punched,” said Kevin Mandia, chief executive of cybersecurity firm FireEye. As Russian-speaking cyber groups have been connected to many of the attacks, US President Joe Biden will be discussing the possibility of sanctions with Russian President Vladimir Putin this month at a Geneva summit.
Charles Herring, CTO and Co-Founder of WitFoo, emailed to point out the nested complexity of the ransomware challenge:
"The ongoing ransomware attacks are systemic of a Russian doll of problems. The inner problem is a lack of comprehensive hygiene aligning to frameworks such as NIST. Large gaps in security architecture at private and public sector organizations need to be rapidly addressed to make it much more difficult to succeed. The recent guidance from the Biden administration to roll out EDR, zero trust, log collection and analysis and multi factor authentication have been ignored best practices for years. Every executive needs to rapidly deploy these controls.
"The intermediate layer in the systemic failures is lack of coordination between law enforcement and private organizations. Law enforcement agencies need to prioritize threat and crime intelligence collection from private organizations to get ahead of these criminal campaigns. Cybersecurity vendors should be researching and developing innovations to reduce risk and costs associated with this “neighborhood watch” approach.
"The outer layer of the broken system is national security and intelligence agencies need access to data collected by law enforcement in the underlying layer to inform military and diplomatic strategy and campaigns.
"We are quickly learning that a paralysis of safely sharing information (while protecting liberties and privacy) are as important to thwarting evolving cybercrime as it was in combating terrorism after 9/11."
Zeppelin ransomware connected to Waikato DHB attack.
In continuing coverage of the cyberattack on New Zealand’s Waikato District Health Board (DHB), RNZ reports that cybersecurity experts have identified the ransomware at the root of the attacks as RaaS (ransomware-as-a-service) Zeppelin. If correct, Emsisoft’s Fabian Wosar says this would be the largest Zeppelin attack to date, and given the value of the data stolen, he predicts the threat actors could demand a ransom of up to eight figures. However, Wosar explains there’s a chance DHB might not need to fork over the cash: "Especially older versions of Zeppelin have certain vulnerabilities that would allow a company like us to recover the data and decrypt the data without the involvement of the threat actor, meaning without them having to pay any form of ransom.”
Alaska police department exposes personal data.
The Anchorage Police Department announced Wednesday that a system error led to the exposure of the private data of more than 11,000 people, Alaska Public Media reports. In February, an employee discovered that for the past two years traffic collision report records were not properly redacting personal info like birth dates and driver’s license numbers. Captain Sean Case explained, “For lack of a better word, there’s a toggle switch, there’s a box you check on that has the public traffic collision report redacted. And that box or that toggle switch was unchecked.” The department has implemented an extra security check to prevent the issue going forward, and impacted individuals will be offered free credit report monitoring.