cybersecurity news showing on a tablet on a table with a notebook and coffee

Latest Cybersecurity News 2021-03-08 Edition

Follow ISA on LinkedIn to get notified of the latest cybersecurity news.

March 8 is International Women’s Day

Join ISA Cybersecurity in celebrating International Women’s Day (IWD) 2021! IWD is a global day of celebration of the social, economic, cultural, and political achievements of women and girls around the world – and a time to raise awareness of the work left to be done in achieving equality.

The theme of this year’s event is “#ChoosetoChallenge”, which calls for to us to look beyond the recognition and celebrations, and inspires us to step up, question, and push back against gender inequality.

In support, the Canadian government department Women and Gender Equality Canada (formerly Status of Women Canada) is promoting a #FeministRecovery theme with an emphasis on advancing gender equality and supporting an inclusive recovery from the COVID-19 pandemic. The UN is pursuing a similar initiative under the banner “Women in Leadership: Achieving an Equal Future in a COVID-19 World“, highlighting the impact that girls and women worldwide have had as healthcare workers, caregivers, innovators and community organizers over the past year.

ISA Cybersecurity supports these core themes. Our executive/senior management team continues to be comprised of equal parts women and men, four women and four men respectively. In 2020, we recognized some outstanding achievements by female contributors, such as Olivia Purchase as Employee of the Year.

ISA is not only committed to promote diversity and equality at our workplace but also when addressing the cyber talent gap. We are proud to have helped launch the Master of Cybersecurity and Threat Intelligence (MCTI) course at the University of Guelph in 2020, backed by offering two yearly entrance scholarships – one for women, and a second for men – to participate in the program.

While we have a dedicated global celebration day, we also encourage the discussion beyond the month of March.  Last summer, we hosted a virtual roundtable that brought together female executives in cybersecurity across industries such as public sector, financial services, and healthcare. The panelists shared their unique journeys to leadership positions in cyber, how they tackled barriers to achieve their current success and impact in the ecosystem today, and the importance of engaging with the community. It sheds light to the benefits of having diversity, inclusion and female representation in cybersecurity leadership whilst encouraging and uplifting one another through shared challenges.

How will you help forge a gender-equal world? Talk, tweet, share, and like to show your support for IWD 2021. More importantly, we hope you will keep up the momentum throughout the year, as together, we work to achieve equality in women’s rights.

Recent flaws in Exchange Server claim 30,000 organization victims and counting

According to a report in KrebsonSecurity.com, over 30,000 U.S. organizations have already been victimized by four recently discovered bugs in Microsoft Exchange Server email software, and may have had their email correspondence exfiltrated.

Further, the report suggests that hundreds of thousands of other victim organizations worldwide have been penetrated, allowing attackers to install tools that could allow unauthorized, total remote control over affected systems.

Former CISA director Christopher Krebs tweeted a chilling warning: “This is the real deal. If your organization runs an OWA [Outlook Web App] server exposed to the internet, assume compromise between 02/26-03/03. Check for 8 character aspx files in C:\\inetpub\wwwroot\aspnet_client\system_web\. If you get a hit on that search, you’re now in incident response mode.”

The attacks were reportedly orchestrated by a particularly aggressive Chinese cyber espionage unit. The first attacks were detected on January 6, 2021, the same day as the violent attacks on the U.S. Congress. Attacks have accelerated in recent days as the flaws were reported to – and fixed by – Microsoft.

Microsoft’s blog provides background on the cyberattacks, nicknamed “Hafnium”, and they have published fixes for the vulnerabilities. Microsoft urges companies to evaluate and install the fixes immediately.

Exchange Online services are not affected by the bugs. The vulnerabilities were only detected in on-premise or self-hosted servers running Exchange Server 2013, 2016, or 2019. Microsoft has also taken the rare step of releasing a patch for the officially unsupported Exchange Server 2010 platform. Microsoft reminds administrators that this “defense in depth” patch does not mean ES2010 is now supported; the fix was only provided as a goodwill gesture to provide interim protection.

Cost of UHS cyberattack estimated at $67 million (US)

The September 2020 cyberattack at Universal Health Services in the United States was part of a widespread pattern of attacks against healthcare organizations during the pandemic. And the cost of the UHS incident has now been reported: in their earnings report announcing their Q4 and 2020 financial results, the healthcare provider estimates the cost of management and recovery from the attack created approximately $67 million (US) in pre-tax losses.

UHS, which oversees 400 hospitals and is among the largest healthcare providers in the U.S., attributes the losses to lost revenues in its acute care services, delayed billings, and significantly higher labour costs, professional fees, and other operating expenses revolving around inefficient operations and system recovery during the incident.

In its financial disclosure, UHS reported that they “believe we are entitled to recovery of the majority of the ultimate financial impact resulting from the cyberattack,” relying on its commercial insurance coverage.

Cyberattack disrupts classes for 15 England schools

A “sophisticated cyberattack” on the Nova Education Trust co-operative in Nottinghamshire, England on March 3 has forced all of its 15 schools to shut down their IT systems as the attack is investigated.

According to a report in the Nottingham Post, and by several of the schools on social media channels, the unauthorized access to the trust’s infrastructure has resulted in the shutdown of all existing phone, email, and website services. Online learning facilities have been discontinued, and teachers have been unable to upload course materials. Some of the schools have reportedly resorted to sending text messages, using temporary phone numbers, and conducting lessons over Microsoft Teams to maintain continuity. Up to 8900 students are affected by the incident.

The “incident is being investigated by the central IT team to determine the origin of the attack and its potential impact,” according to an official statement from Nova. “The incident has been reported to the Department for Education and the Information Commissioner’s Office, and the trust is currently working with the National Cyber Security Centre and additional security professionals to resolve the matter.”

Coincidentally, England is allowing its students to return to in-person classes on Monday, March 8. According to the trust’s website, classes will be held as scheduled as the incident investigation continues.

NEWSLETTER

Get exclusively curated cyber insights and news in your inbox

Related Posts

Contact Us Today

SUBSCRIBE

Get monthly proprietary, curated updates on the latest cyber news.

SUBSCRIBE

Get monthly proprietary, curated updates on the latest cyber news.