Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Celebrate Cybersecurity Awareness Month
Canada’s Communications Security Establishment (CSE) and the Get Cyber Safe campaign are recognizing October as Cyber Security Awareness Month with the theme “Fight phishing: Ruin a cyber criminal’s day!” Check out the Get Cyber Safe website and explore a wealth of resources on how to handle, recognize, and prevent phishing attacks.
Russian-backed hacking group launches denial-of-service attack on U.S. airport websites
At least 14 American airport websites were temporarily down on October 10 after a co-ordinated series of denial-of-service attacks was launched by Russian-backed hacking group Killnet.
New York City’s LaGuardia Airport website was targeted in the cyber attack, along with the websites for airports in Atlanta, Los Angeles, Chicago, and Des Moines, among others.
Site outages ranged from 15 minutes to over two hours. Spokespersons for the various airports confirmed that the attacks were limited to the informational websites, and at no time was passenger safety, security, or airport operations affected.
Killnet, who have claimed responsibility for the incidents, specialize in disruptive denial-of-service attacks. Last week, the group launched a campaign against the websites of several U.S. states, successfully taking down the “colorado.gov” website for over a day, and interrupting services on the state government websites for Connecticut, Kentucky, and Mississippi as well. Killnet has also claimed responsibility for launching recent cyber attacks against NATO member countries, including Estonia and Lithuania.
The cyber attacks come on the same day that Russia escalated its attacks on Ukraine, as the war in the region approaches its eighth month.
Patch alert: Fortinet recommends “immediate upgrade” for critical vulnerability
On October 7, cybersecurity company Fortinet issued a warning for administrators to update FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premises management platforms to the latest versions to address a critical severity vulnerability.
“Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade,” the company reportedly said in an internal advisory memo.
The security flaw – tracked as CVE-2022-40684 – creates an authentication bypass that could allow threat actors to access and perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, according to a formal PSIRT advisory issued by Fortinet.
The advisory provides a complete list of potentially vulnerable devices and the recommended patch versions for each. Fortinet also provides guidance for a workaround for customers that cannot immediately deploy security updates. The workaround involves disabling the vulnerable HTTP/HTTPS administrative interface for FortiOS, FortiProxy, and FortiSwitchManager until upgrades can be safely applied.
City of Tucson discloses data breach affecting over 123,000 people
The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 123,000 individuals.
In a data breach notice filed with the Attorney General of Maine (since at least 33 Mainers were potentially affected by the breach), the City confirmed that a cyber attack in late May resulted in the exfiltration of an undisclosed number of files containing sensitive information. In all, 123,513 individuals – including some in Canada – were potentially affected.
During the cyber attack, threat actors used a “network account credential” to gain access to the city’s systems for approximately two weeks before deploying ransomware that knocked out the City’s “tucsonaz.gov” website for over 36 hours. At the time, local reports indicated that the incident had not caused “any major disruptions to service outside of the [water] bill pay system,” which was unable to accept electronic payments or access customer information as a result of the incident.
After a two-month investigation, the City suspected that personal information had been compromised, when they learned “that certain files may have been copied and taken from the City’s network”. A further review was arranged and, six weeks later, their fears were confirmed: “On September 12… the review determined that the information at issue included certain personal information,” according to an announcement on its official website at the time. “The information within the potentially accessed files included certain individuals’ name, Social Security number, driver’s license or state identification number, and passport number.”
There is no evidence that the stolen data has been used by the attackers, but the City is providing identity protection services, and is recommending that citizens monitor their credit reports for any suspicious activity.
U.S. hospital chain CommonSpirit still recovering from cyber attack
CommonSpirit, one of the largest hospital chains in the United States, is still facing a wide range of service disruptions and technical issues after an October 3 ransomware attack. The chain has issued a pair of brief announcements regarding the attack on their website, but reports persist about delayed surgeries, disruptions in scheduling and patient care at its locations across the U.S. Among those locations affected are CHI Memorial Hospital in Tennessee, a number of St. Luke’s hospitals in Texas, and Seattle’s Virginia Mason Franciscan Health.
According to their statement, “CommonSpirit Health has identified an IT security issue that is impacting some of our facilities. We have taken certain systems offline. We are continuing to investigate this issue and follow existing protocols for system outages,” which reportedly involved taking parts of its network infrastructure offline.
A report in Becker’s Hospital Review reveals the wide variety of challenges still faced by individual facilities under the CommonSpirit umbrella. The chain has made no announcement regarding ransom demands, or whether data was exfiltrated during the incident.
CommonSpirit is the second largest non-profit health system in the United States, with 1,000 care sites – including 140 hospitals – across 21 states.