At a glance.
- Iowa school district grapples with data breach.
- More on the Twitter data breach.
- Police app leaks sensitive raid data.
- Australian fire rescue attacked by Vice Society.
Iowa school district grapples with data breach.
Classes are scheduled to resume today in a US public school district after operations were canceled for two days as the result of a cyberattack. The Des Moines Register reports that IT staff at Des Moines Public Schools, the largest school district in the state of Iowa, were compelled to shut down the district’s internet and network services Monday morning after detecting “unusual activity on the network.” After launching an investigation into the disturbance, the district issued a statement announcing that classes would be canceled Tuesday. “Because many technology tools that support both classroom learning as well as the management and operation of the school district are not available at this time, the prudent decision is to close the district for the day,” the district said in a statement. The website was brought back online on Wednesday, but the district decided to cancel classes another day as they worked to “remove any and all threats” to the system.
The Iowa Department of Education, the local offices of the Federal Bureau of Investigation and Department of Homeland Security are working with district officials to determine the nature and scope of the incident. US schools have been increasingly targeted by hackers in recent years, and the Record by Recorded Future notes that this incident comes just one week after a ransomware attack disrupted operations at forced several schools across the state of Massachusetts. As the Daily Nonpareil explains, the Iowa school districts of Glenwood, Cedar Rapids, and Davenport have also all recently been hit with cyberattacks.
Blake Lohn-Wiley, Security Automation Architect at Swimlane, wrote to expand on the disruptive effects a ransomware attack so often works on its victim.
“Unfortunately, this cyberattack that has disabled Iowa public schools is the most recent in a slew of attacks against the education sector. Educational institutions are data-rich, but often lack the funding and resources to maintain proper security compliance. The effects of the COVID-19 pandemic are still rippling through the education sector as many schools face staffing shortages and cybersecurity challenges presented by online learning. The past several months have seen a steady flow of cyberattacks against schools, including attacks against Los Angeles public schools, colleges in North Carolina and Idaho, Michigan public schools and, just last week, a Massachusetts community college. With the persistent attacks against educational institutions, the Cybersecurity and Infrastructure Security Agency (CISA) has published resources to assist schools in detecting and combating cyber threats.
"To mitigate the negative repercussions of having limited cybersecurity resources in schools, organizations should leverage security automation to assist with the detection of and response to these threats in real-time. By adopting low-code security automation, organizations gain full visibility into IT environments and can implement repeatable and reliable response processes that improve their ability to handle threats. Low-code security automation also alleviates the need for a full staff in under-employed organizations by automating basic security tasks that would typically require more hands on deck.”
More on the Twitter data breach.
In our continued coverage of the alleged data breach at Twitter, the social media giant says they have found “no evidence” the data of over 400 million users which is reportedly being sold on the dark web was obtained by exploiting vulnerabilities in its systems. Variety reports that in a Wednesday blog post, Twitter said their investigation had determined “there is no evidence that the data being sold online were obtained by exploiting a vulnerability of Twitter systems,” adding, “The data is likely a collection of data already publicly available online through different sources.” The blog post recounts that in 2021 the company received a report through its bug-bounty program of a vulnerability in Twitter’s systems that let someone use email addresses or phone numbers to reveal Twitter accounts associated with the info. Twitter resolved the issue in June 2021, but learned in 2022 that hackers had exploited the bug and had used it to compile user data, which they were selling online. “We also encourage Twitter users to remain extra vigilant when receiving any kind of communications over email, as threat actors may leverage the leaked information to create very effective phishing campaigns,” the company said in the blog post. “Be wary of emails conveying a sense of urgency and emails requesting your private information, always double check that emails are coming from a legitimate Twitter source.”
Police app leaks sensitive raid data.
WIRED details how an app used by police to take down a sex offender ring exposed sensitive law enforcement data. In one of the largest raids of its kind, law enforcement agents from five counties and over sixty-four agencies in the US state of California conducted Operation Protect the Innocent, an operation to raid over six hundred suspected sex offenders. The raid was coordinated using a free trial of an app called SweepWizard, which was designed by ODIN Intelligence to help law enforcement coordinate multi-agency police raids. The raid was a success, but unfortunately SweepWizard had been leaking confidential details about the operation to the open internet including sensitive data about the suspects that could alert them to the raid or reveal intel on individuals who had not yet been convicted of a crime. Security experts found that due to a misconfiguration in the app, SweepWizard had also previously exposed confidential info about hundreds of sweeps from dozens of other police departments. When contacted by WIRED, Los Angeles Police Department (LAPD) Captain Jeffery Bratcher said the department was unaware of the issue. Captain Kelly Muniz of the LAPD’s Media Relations Division said “the department is working with federal law enforcement to determine the source of the unauthorized release of information, which is currently unclear. At this point in the investigation, it has not been determined if the third-party application or another means is the source of the unauthorized release.”
Australian fire rescue attacked by Vice Society.
Ransomware gang Vice Society has claimed responsibility for a cyberattack in which the hackers disrupted the communications infrastructure and accessed employee data at Fire Rescue Victoria. Yesterday the threat group released a data set allegedly stolen from the Australian emergency rescue agency’s network as evidence that they were responsible for the attack. The published data, which Cybersecurity Connect reports have been verified, include job applications and budget reports, and it is likely Vice also accessed personal information of the fire rescue’s staff, contractors, and other emergency service workers from associated agencies. The West Australian explains that earlier this month the agency had reassured its staff that no data had been posted online, but yesterday confirmed the data had been released. "It is a complex task to analyse the data that has been shared on the dark web and we have cyber security specialists assisting with this analysis," Fire Rescue Victoria said. "As we identify what information may have been released, we will provide further information."