Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Clean Desk/Clean Screen Policy
Cybersecurity extends to your work area too. Particularly if you acquired some loose habits on desktop security while working from home during the pandemic, it’s important to remember to keep working files securely locked up, and sensitive information off your screen when you’re not actively working at your desk. Protect your customers, your company, and yourself by keeping confidential information secure.
Australian telco Optus reveals “significant” data breach
On September 22, Optus (one of Australia’s largest telecom companies, second only to Telstra in the country) revealed that it has been the victim of a cyber attack and data disclosure. The massive breach saw the names, dates of birth, addresses, email, contact details, and other customer information (including, in some cases, driver’s licenses or passport numbers) stolen by unidentified threat actors. The company is still assessing the specific number of records involved in the breach, though Optus chief executive Kelly Bayer Rosmarin described the number as “significant”. Optus has nearly 10 million subscribers across Australia.
The hackers, who are believed to have been coordinated by an organized criminal syndicate or state-sponsored organization, accessed the sensitive information by breaking through one of Optus’ perimeter firewalls.
Optus said that customer financial information, payment details, and account passwords were not compromised, and that the company’s voice, mobile, and home Internet service operations had not affected by the breach.
“We are devastated to discover that we have been subject to a cyber-attack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” said Bayer Rosmarin in the bulletin. In a separate interview with Australia television broadcaster ABC, she apologized on behalf of the company: “We’re so deeply disappointed because we spend so much time and we invest so much in preventing this from occurring… Our teams have thwarted a lot of attacks in the past and we’re very sorry that this one was successful.”
Detroit area school district hit by cyber attack
On September 20, Michigan’s South Redford School District (SRSD) closed schools for two days after being victimized by a cyber attack. In a (since deleted) post on their website, the District announced that the decision “was taken in collaboration with our cyber security teams who support the District as a proactive measure to limit access and exposure to our technology and networked systems. Identification and resolution of such attacks take time and we are thankful for the patience of our school community while we work diligently to resolve the matter.”
The school district in Redford – a western suburb of Detroit – also urged “people to not use District issued devices. District emails can be accessed through not District issued devices.”
By September 21, the SRSD investigation indicated that it was safe to re-open schools for classes starting September 22, while expressing indignation about the incident. The update, which was also deleted within 48 hours of being posted, stated: “It is hard to believe that someone would deliberately try to disrupt our children’s education, but overnight our Cyber Forensics teams made great progress in resolving this attack and securing our systems. Using advanced internet security software, Cyber Forensic teams identified the cyber-attack that appears to have been isolated before it could be spread throughout the District; due in part to early detection, intervention, and proactive measures of the District to limit technology and network usage… We look forward to an opportunity to put all of our time and energy back to where it belongs; educating the students of the South Redford School District.”
No details were published on the nature of the attack, though the District did reassure students and families that there had been no evidence of a data breach or disclosure. 3146 students are registered in the SRSD for the 2022-23 school year.
U.K. government launches cybersecurity initiative for retailers
The National Cyber Security Centre (NCSC) in the U.K. has published a new service designed to help retailers protect themselves and their customers online. The support package is specially designed to provide “tailored advice to support online retailers, hospitality providers, and utility services,” according to the announcement.
The guidance centres around two programs:
- The first program – Authentication methods – gives advice to organizations on the right types of authentication to use to help customers secure their accounts. Current user validation approaches must go beyond simple password protection, and embrace more secure approaches like two-step verification, OAuth, or single-use passwords.
- Meanwhile, Takedown provides step-by-step guidance for organizations to handle the discovery of malicious or otherwise illegitimate spoofing of their brands and web presences. This can include false representation of products and services, fake endorsements, or criminal misuse of corporate brands in phishing campaigns or other social engineering attacks.
Sarah Lyons, the NCSC’s Deputy Director for Economy and Society, commented: “Online shopping is bigger than ever and that’s something to be welcomed – but unfortunately it comes with the risk of shoppers’ accounts being exploited… Businesses have a major role to play in protecting online shoppers which is why we’ve produced new guidance to help them do so… Following this guidance will allow businesses to help keep their customers safe online as well as protecting themselves from potentially crippling cyber attacks.”
Microsoft releases out-of-band security update for Endpoint Configuration Manager
On September 20, Microsoft stepped outside its usually monthly patch release schedule to issue an hotfix for its Endpoint Configuration Manager (ECM) solution. ECM is Microsoft’s tool for managing and deploying software to networked or remote desktops, servers, and laptops. The medium-severity vulnerability – tracked as CVE-2022-37972 – could allow attackers to gain broad access to compromised networks. In its advisory, Microsoft said there is no current evidence of exploitation in the wild, but the vulnerability has been publicly disclosed, thereby increasing the potential for hackers to develop attack methodologies.
In a bulletin, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged administrators to patch vulnerable systems as soon as possible.