Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: SANS cheat sheets
Did you know? The SANS Institute offers a one-stop link page for its extensive collection of quick reference cheat sheets for security specialists of all skill levels. From general IT security and DFIR to cloud security and ICS defenses, there’s something for everyone on the list. Bookmark and save!
Alberta Dental Service Corporation discloses cyber incident
On August 10, Alberta Dental Service Corporation (ADSC) announced that “an outside third party [had] gained unauthorized access to a portion of ADSC’s IT infrastructure, obtaining certain types of personal information relating to registrants enrolled in provincial government health benefit programs and health providers.”
The original incident was discovered on July 9, after it was discovered that threat actors had been residing on ADSC systems for just over two months. The Russian ransomware group 8base is allegedly behind the incident, according to Lyle Best, ADSC president and Chairman of the Quikcard Group of Companies. ADSC reportedly paid the ransom demands made by 8base, helping them to recover “the affected systems and data from backups with only minimal data loss,” but conceded that a significant amount of data had been exfiltrated from their systems.
According to the announcement, the affected information includes the names and addresses of an estimated 1.47 million individuals, and for about 7300 of those people – all Dental Assistance for Seniors Plan clients – personal banking information was disclosed as well. ADSC is in the process of directly contacting those affected.
ADSC has posted an FAQ page, a dedicated web page, and a questionnaire-style look-up tool to help people determine whether their data may have been compromised in the incident. ADSC is also launching a special customer service hotline service that opens on August 14.
ADSC has been the dental benefits administrator for various Government of Alberta programs for over 25 years.
Indigo financial results still suffering after February cyber incident
In an August 10 press release, Indigo Books & Music reported a 12% decrease in revenue in the past quarter over the same period last year, due in part to the “carryover impacts of the ransomware attack that occurred in the fourth quarter of fiscal 2023”. The retailer reported that disrupted inventory replenishment capabilities hampered sales, while the effects of the attack on the Indigo’s website and app negatively affected the company’s search engine optimization, leading to “a weaker online presence and a decrease in online traffic.”
According to Indigo CEO Peter Ruis, the quarter “continued to be challenged by the impacts of the ransomware attack, and diminished consumer confidence due to the current macro-economic environment.” On an earnings call with analysts on August 11, Ruis advised that while Indigo had “made substantial progress to achieve almost full operational function by the end of the quarter, the ransomware attack did have a material impact on quarterly sales.”
Over $6M stolen in cyber attack on Connecticut school district
According to an August 10 announcement by the mayor of New Haven, Connecticut, hackers were able to steal over $6M (all figures USD) in a business email compromise (BEC) scam on New Haven Public Schools (NHPS) in June. According to Mayor Justin Elicker, authorities have recovered over half of the stolen money, and hope to recoup even more as the investigation into the incident continues.
The money was stolen in a series of six unauthorized bank transfers, with hackers impersonating the city’s chief operating officer and private vendors over email. They managed to intercept two payments totaling $76,000 that were originally destined for a law firm contracted by the NHPS. The remaining $5.9 million was stolen over the course of four misdirected payments meant for First Student, the district’s school bus contractor. The incident came to light when the school bus operators reported that they had not been paid on time. When authorities realized what had happened, an attempted seventh fraudulent transaction was thwarted.
In the announcement, Mayor Elicker declined to comment on whether law enforcement had identified or arrested any suspects, citing the ongoing investigation and attempts to recover the remaining $2.4 million still outstanding.
According to a report in the New Haven Independent, the mayor also said that the city is “reviewing both their financial and cybersecurity protocol and safeguards to strengthen their defense against future attacks,” though he declined to get into specifics, citing concerns that details about policy changes “might assist hackers in circumventing the city’s security systems down the line.”
