Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Don’t overshare on social media
The Victoria Day weekend is the unofficial start of summer for many of us. While it’s fun to share cottage pictures and travel updates on social media, remember that you may be disclosing too much information about your whereabouts online. Avoid oversharing while on vacation as much as possible: take care not to reveal details about dates when your home may be empty, and consider waiting to share pictures and stories until you’re safely back home. Also, never post pictures of passports, boarding passes, driver’s licenses, or other personal documentation that could lead to identity theft.
Third-party data breach exposes data of nearly 500,000 Chicago students
The Chicago public school system has revealed that a ransomware attack on one of its business partners has resulted in a data breach affecting almost 500,000 students and over 56,000 employees.
The third-party vendor is Battelle for Kids, a not-for-profit educational organization that analyzes public school student data to design instructional models and evaluate teacher performance. Battelle for Kids suffered a ransomware attack in December 2021.
The breach notification page on the Chicago Public Schools (CPS) website explains to parents and guardians that “an unauthorized party gained access to your child’s name, date of birth, gender, grade level, school, Chicago Public Schools student ID number, State Student ID number, information about the courses your student took, and scores from performance tasks used for teacher evaluations during school years 2015-2016, 2016-2017, 2017-2018 and/or 2018-2019.”
Meanwhile, staff at CPS facilities over the same period had their name, school, employee ID number, CPS email address, and Battelle for Kids username exposed in the attack.
CPS has issued breach notification letters to those affected, while providing assurances that no personal health or financial information was exposed in the breach. According to the letter, “Battelle for Kids is currently monitoring and will continue to monitor the internet in case the data is posted or distributed. We can report that as of this time, there is no evidence to suggest that this data has been misused, posted, or distributed.”
Conti ransomware gang shuts down – but for how long?
According to a report by researchers from AdvIntel , the infamous Conti ransomware gang has ceased operations. However, indications are that Conti has been orchestrating its own demise for the last two months, and is in the process of splintering into smaller cells to create more operational flexibility and help better evade law enforcement.
Conti has a lengthy list of victims – thought to number over 1000 – including Ireland’s Health Service (HSE) and Department of Health, the Volkswagen Group, Nokia, JVCKenwood, and numerous schools and governments at the municipal, regional, state, and federal levels.
But a number of recent developments have generated increased attention from the authorities. Conti created controversy by making statements in support of Russia’s invasion of Ukraine. This hurt the Conti “brand” and created internal dissent among members and customers alike, many of whom are Ukrainian or simply do not support the war.
Further, by pledging allegiance to the Russian government, Conti aligned itself with a country currently undergoing severe global sanctions. Consequently, in the United States, for example, ransom payments have therefore evolved from data extortion into a federal offence as a violation of government sanction policies against Russia. The U.S. State Department has raised the stakes by offering rewards up to $10 million (USD) for “information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Conti ransomware variant transnational organized crime group.”
The AdvIntel report even suggests that the current, high-profile attack on the federal government of Costa Rica has actually been a combination publicity stunt / smokescreen to hide the rebranding activities as Conti winds down its operations. The next steps for the central American country (which had 27 government institutions affected by ransomware in recent weeks, leading it to declare a state of emergency) and other current victims of Conti remain unclear.
Report: 82% of Canadian CISOs surveyed feel expectations on their role are excessive
Proofpoint has released its 2022 Voice of the CISO Report, an analysis that provides global insights into CISO challenges, expectations, and priorities. Among the findings in the report are that 72% of Canadian CISOs surveyed fear a material cyber attack at their organization (against a global percentage of 48%), while 82% feel that the expectations placed on them in their roles are excessive (against a global percentage of 49%). Canadian CISOs placed supply chain attack at the top of the list of concern.
On the bright side, 87% of Canadian CISOs – the most of any nationality – feel that employees understand their role in protecting their organization against cyber attack.
The report, which summarizes CISO survey data from 14 nations around the globe, “explores how CISOs are adjusting in the wake of pandemic disruption, adapting strategies to support long-term hybrid work and battling an increasingly sophisticated threat landscape,” as well as identifying elevated risk areas and exploring the changing role of the CISO as we emerge from the COVID-19 pandemic.
FBI’s Internet Crime Complaint Center issues e-commerce site warning
The FBI has issued a flash warning, drawing attention to an e-commerce site compromise from January 2022 that they are concerned could be repeated elsewhere. The flash explains that “unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server. The unidentified cyber actors also established backdoor access to the victim’s system by modifying two files within the checkout page.”
The flash (coded MC-000170-MW) provides technical details including IOCs like malicious IP addresses, malware tools, and telltale code snippets that can help businesses improve their network defenses.
Organizations operating e-commerce sites are encouraged to inspect their systems for these IOCs, along with observing the list of best practices outlined in the flash bulletin. In particular, it is essential to implement isolated networks for these at-risk servers, and monitor them for unauthorized changes and access requests.