At a glance.
- Thai travel records compromised.
- Breach at a Texas school district.
- BlackMatter ransomware.
- Update on Alaska cyberespionage incident.
A decade’s worth of Thai travel records compromised.
Comparitech discloses that tourists who vacationed in Thailand over the past ten years are at risk of data exposure. Researchers discovered an unprotected Elasticsearch database containing over 106 million records, or about 200GB of data on travelers to the popular tourist destination including names, passport numbers, residency status, and other travel details. Bob Diachenko, the researcher who identified the database in August, found details about his own travels to Thailand among the entries. He immediately notified the Thai authorities, who promptly secured the data, but it’s unclear how long it was exposed before detection. Security Week adds that this is the second recent data breach involving travelers to Thailand, as a Thai government website designed to help foreigners secure the COVID-19 vaccine leaked users’ names and passport numbers in June.
Texas school district data breach.
GovTech reports that North East Independent School District, located in the US state of Texas, experienced a data breach as the result of an intruder gaining unauthorized access to an employee’s email account. In an attempt to pilfer school funds, the hacker used stolen credentials to break into the account of a member of the payroll department. Luckily the school district detected the intrusion before any money was transferred, but it’s possible the threat actor viewed employee payroll data like names and Social Security numbers.
BlackMatter breaks its own rules (dog bites man).
Computer Weekly examines the impact of the surge in activity from Russia-based ransomware group BlackMatter, responsible for recent attacks on marketing firm Marketron, beverage purveyor La Martiniquaise, and optical technology company Olympus. The group also hit grain co-op New Cooperative, especially noteworthy given BlackMatter has a rule against attacking firms that provide critical infrastructure like food supply. However, in negotiation communications with the company, BlackMatter refused to back down, claiming New Cooperative doesn’t truly provide a critical service. Who would have thought you couldn’t trust a cybercriminal? Sophos senior security adviser John Shier explained, “This attack will be the first to test the new US government policy on reporting attacks against critical infrastructure to CISA and the Biden administration’s response to such an attack.” This wave of BlackMatter attacks comes on the heels of the announcement that US authorities will be imposing sanctions on traders and cryptocurrency exchanges to prevent them from laundering money for cybergangs.
Alaska cyberattack, update and comment.
Alaska's Department of Health and Social Services continues to work toward recovery from the cyberattack it disclosed last week. The disclosure said, in part, “Regrettably, cyberattacks by nation-state-sponsored actors and transnational cybercriminals are becoming more common and are an inherent risk of conducting any type of business online." Citing research by Mandiant, Ars Technica and others have in general confirmed that the attack was the work of a nation-state, presumably undertaken for reasons of espionage. There has been no indication of a ransom demand. A partial list of the categories of information compromised includes: "Full names, Dates of birth, Social Security numbers, Addresses, Telephone numbers, Driver’s license numbers, Internal identifying numbers (case reports, protected service reports, Medicaid, etc.), Health information, Financial information, [and] Historical information concerning a person’s interaction with DHSS."
Purandar Das, Co-founder and the chief security evangelist at Sotero commented on the pace of the Department's recovery:
“The inability to restore services a full four months after the attack is indicative of a number of issues. The state of readiness or lack thereof by organizations in anticipating such attacks is evident. The continued use of legacy technology stacks and prior lack of investments in security preparedness is another. The inability to isolate the actual loss and the individuals is alarming. Broad notifications without specifying the actual information lost or the individuals leads to a sense of panic and eventually loss of faith. This creates even more incentives for attackers and criminals while minimizing or eliminating awareness amongst consumers. Also offering credit monitoring is misleading. Credit bureaus only offer partial cover for the potential misuse of stolen information.”