Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Don’t use “admin” accounts for daily activities
Never use an administrator account or other privileged “super user” credentials for your day-to-day work. Admin accounts provide heightened access to your system – and potentially others – so they should only be used in cases where those powers are required. If your device is lost, stolen, or hacked, administrator privileges could be abused; and even if malice is not involved, unnecessary overuse of admin accounts could create opportunities for innocent errors. Set up one account for daily use, and (after changing the default password!) leave admin for appropriate occasions only.
Western Digital suffers data breach
In a May 5 update, hardware storage manufacturer Western Digital revealed that a March cyber incident had resulted in the exfiltration of data from their network.
According to the announcement and a broadcast email sent to affected customers the same day, Western Digital revealed that the “network security incident” had affected personal information collected through its online store.
“Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers. The information included customer names, billing and shipping addresses, email addresses, and telephone numbers,” according to the email. Encrypted passwords and partial credit card numbers were also taken.
“We have temporarily suspended online store account access and the ability to make online purchases. We expect to restore access the week of May 15, 2023.”
The hackers allegedly made off with 10 terabytes of information from Western Digital. The hackers used the ALPHV ransomware platform to publish alleged samples of stolen data, though the hackers deny connections to the gang.
City of Dallas recovering from ransomware attack
On May 1, the city of Dallas, Texas was hit with a ransomware attack that affected a number of municipal services including law enforcement, the city hall website, billings, court services, and city libraries. Despite the extent of the disruptions, the city advised that fewer than 200 of the city’s thousands of connected devices had been compromised in the incident.
The city has provided frequent detailed updates on their progress in managing the incident, and has been working hard through the weekend to restore services and minimize further disruption. “We are confident we have contained the source of the infection and not seen any new spread,” according to their May 6 update.
The city has confirmed that the Royal ransomware gang initiated the attack and demanded an unspecified ransom to release the encrypted systems. Just two months earlier, CISA had issued an advisory about the Royal gang, warning that they had been targeting “numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education.” The city does not intend to pay any ransom.
Report: Cloud app malware downloads on the rise
In a report issued May 3, researchers at Netskope discuss recent trends seen in malware delivered through cloud applications. The report explains that 55% of HTTP/HTTPS malware downloads in their study came from cloud apps, up from 35% for the same period one year earlier. Cloud malware downloads have seen quarter-over-quarter increases since Q1 2022, a trend fueled by an increase in malware downloads from enterprise cloud applications like Microsoft OneDrive and SharePoint. The number of applications with malware downloads reached a high of 261 distinct apps in Q1/2023, but only a small fraction of total web malware downloads were delivered over web categories traditionally considered risky. Malware downloads are spread out among a wide variety of sites: the largest proportion of downloads came from content delivery networks (CDNs), only accounting for 7.7% of the threats.
The report also noted the changes in the tactics used by threat actors in recent months: “In Q1, 72% of all malware downloads detected by Netskope were new, as attackers added new malicious functionality and made changes to evade detection.”