Weekly CyberTip: Watch out for .ZIP and .MOV web domains
Top-level domains (or TLDs) are the last portion of a website name (“.com” is the TLD for isacybersecurity.com, for example). Google recently registered two new TLDs: .ZIP and .MOV. This may cause confusion, as most people will recognize those as file extensions (ZIP for compressed files, MOV for video and multi-media files). Effective May 10, these domains are in general availability, so more and more websites will go live with those names (so, for example, “www.download.zip” could refer to a filename or potentially a website). Take care in examining any link before clicking on it, but pay particular attention to links containing these terms.
Did you know? As of May 14, 2023, there are 1479 TLDs registered!
Third-party data breach affects education sector
U.S.-based company Brightly Software has disclosed a data breach affecting over 2.9 million users of their cloud-based work order tracking platform called “SchoolDude”. Brightly, a subsidiary of Siemens since August 2022, issued customer notices on May 11, advising that customer personal information and credentials were stolen by attackers who gained access to a key database for the platform.
The data stolen includes customer name, email address, phone number, school district name and account password – all unencrypted. This means that the hackers are now in a position to pivot and attempt to use those email addresses and passwords against other websites and services. This is a clear reminder why you should never reuse passwords.
SchoolDude is used by over 7,000 colleges, universities, and K-12 schools from school districts of up to 600,000 students. Brightly Software is headquartered in Cary, North Carolina, and has offices around the world.
National Gallery recovering from cyber attack
In an email on May 9, Ottawa’s National Gallery of Canada advised members that a cyber attack in late April had disrupted services, but private information, including member files and payment information, had not been breached.
“The Gallery does not store full credit or debit card numbers in our systems,” the email stated in emphasizing that patron data was safe.
The ransomware attack took place on April 23, but aside from a social media post on April 24 advising that ticketing systems were offline, little news of the incident had surfaced until the announcement this week. Many staff have been working remotely until servers have been rebuilt and access has been restored.
“We appreciate that this incident is inconvenient and frustrating for our dedicated staff, the Foundation and some of our partners. We remain diligent in working swiftly toward a full recovery,” advised the email.
“The Gallery has been focused on bringing our IT systems back online… The Gallery has continued to be open to the public and our on-site membership, ticketing and Boutique systems are now functional.”
There has been no word on the nature of the attack or whether a ransom was paid in the incident.
International manufacturing firm ABB hit by Black Basta ransomware incident
Leading electrification and automation technology provider ABB was hit by a ransomware attack launched by cyber gang “Black Basta” on May 7. Reportedly, hundreds of computers were compromised in the incident.
“ABB recently detected an IT security incident that directly affected certain locations and systems,” ABB confirmed in a statement to security researchers at Bleeping Computer.
“To address the situation, ABB has taken, and continues to take, measures to contain the incident. Such containment measures have resulted in some disruptions to its operations which the company is addressing. The vast majority of its systems and factories are now up and running and ABB continues to serve its customers in a secure manner.”
Data breach affects Ontario school board
According to a report in the Sault Star in Sault Ste. Marie, Ontario, the Huron-Superior Catholic District School Board (HSCDSB) has informed students that their personal information has been compromised in a recent cyber attack.
On December 15, 2022, the HSCDSB reported that they had been the victim of a security incident that had affected multiple systems and services, including the board’s website, email system, and phone system.
After the attack, board officials had reported that staff employed between 2019 and 2022 were “likely” affected, with personal information including social insurance numbers, birth dates, compensation information and banking information likely compromised in the incident.
The board has not indicated whether a ransom was paid; however, the letter states: “The cyber criminals have communicated that the data they accessed has been deleted. We have no reason to believe that the cyber criminals have kept or misused the data in any way.” The board did concede that the incident cost $325,000 (CDN) to resolve.
“Additional expenses were covered by the board’s cyber insurance coverage, an amount not released to the public. The board has an open claim with its insurance provider,” according to the news report.