Weekly CyberTip: Don’t send sensitive personal data over email
Never use regular email to transmit personal or confidential information. Emails can be forwarded or copied – either deliberately or accidentally – and may not offer adequate encryption or other security controls to protect sensitive information. Even if your organization uses a DLP solution to identify and block the transmission of personal information like credit card data, you can do your part by remembering not to divulge PII, passwords, or other confidential data using email.
Eight zero-day vulnerabilities discovered in Carrier-brand industrial control system
Researchers from Trellix have identified a family of eight zero-day vulnerabilities affecting an industrial control system from Carrier. The vulnerabilities affect the LenelS2 Mercury access control panel, which is widely used across organizations in the healthcare, education, transportation, and government sectors. The access control panel is often used to grant physical access to secure facilities and integrate with other building systems.
The vulnerabilities can be exploited remotely, with low attack complexity. Carrier has released a product service advisory regarding the vulnerabilities. Organizations using the control panels are strongly encouraged to assess their infrastructure, implement threat mitigations, and upgrade the firmware on their systems as soon as possible.
Another healthcare cyber attack: Shields suffers one of the largest breaches of the year
Shields Health Care Group, a medical services provider specializing in diagnostic imaging, radiation oncology, and ambulatory surgical services from over 40 healthcare facilities in the New England area, has disclosed a data breach that exposed the personal information of over two million patients. The breach looks to be one of the largest in the healthcare sector in 2022.
According to an announcement on the Shields website, the data breach stems from a cyber attack earlier this year. In the release, Shields was “alerted to suspicious activity that may have involved data compromise,” on March 28, 2022. Their investigation revealed that “an unknown actor gained access to certain Shields systems from March 7, 2022 to March 21, 2022,” and that the attacker had “acquired” certain data during their reconnaissance period.
The release details an extensive list of sensitive personal information that was disclosed in the incident, including “full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient ID, and other medical or treatment information.”
Shields advised that they have no current evidence to suggest that any information from the incident has been used to commit identity theft or fraud, but are still warning affected patients to monitor for potential misuse of their data.
Report: Managers and executives make up 10% of users, but 50% of most severe attack risk
Proofpoint recently released “The Human Factor 2022“, their annual look at the “people side” of today’s threat landscape. The report, available for free download, explores three facets of user risk by examining key developments in the threat landscape, exploring the evolving relationships between cyber criminal groups, and the benefits of developing defenses that consider the human factor.
Some of the interesting findings revealed in the report include:
– managers and executives typically make up about 10% of a user base, they still account for half of most severe attack risk
– while malware detection is important, malicious URLs are actually 3-4 times more common than malicious attachments
– in the United States alone, there are over 100,000 voice-based phishing attacks every day; meanwhile, SMS-based attacks increased over 100% in 2021 over the previous year
Municipality of Palermo, Italy hit by significant cyber attack
According to an Italian-language Twitter post from the Sicilian city of Palermo, the city’s entire IT infrastructure has been compromised by a ransomware attack. The June 2 attack affected the city’s data centre and all workstations at the municipal offices, leading to a total shutdown of operations.
The city has posted an action plan outlining its response to the attack, explaining that it is trying to recover systems from backups, as its Veeam and VMWare server infrastructure was taken offline. Local reports say that, while some systems have been restarted, problems are expected to continue for days. For example, while the core city website is back up and running, most of its services and subsites remain offline as of June 13.
In addition to the office computer infrastructure, affected services and operations include police operations, video surveillance management, municipality services, and online booking systems for museums, theatres, sport facilities, etc. The city’s limited traffic zone (LTZ) system has also been affected: the LTZ – which restricts access to city buses, taxis, service vehicles, and local residents with permits, all in an effort to reduce congestion and pollution – now cannot be monitored, as the camera system that photographs vehicle license plates for compliance is also down.
The Vice Society ransomware group has claimed responsibility for the attack. As the city has refused to pay a ransom, the gang followed through on their threat by posting a first tranche of stolen data on their dark web portal on June 12.