The Week in Breach – Fighting ransomware attacks is now the Department of Homeland Security’s number one priority

Make sure to add us or contact us for the latest news

Real-Time Service Alerts




Fighting ransomware attacks is now the Department of Homeland Security’s number one priority, and a plan to be more proactive is already in place.

Fighting ransomware attacks is now the Department of Homeland Security’s number one priority, and a plan to be more proactive is already in place.

In an RSA conference webcast Wednesday, Alejandro Mayorkas, the U.S. Secretary of Homeland Security, discussed current cybersecurity challenges and outlined a strategy intended to tackle the top threats first, using the government’s limited resources. Mayorkas outlined five areas to improve on: detection, information sharing, modernizing federal cybersecurity, federal procurement and federal incident response.

To combat what he referred to as a “monumental challenge,” the government devised new initiatives such as 60-day “cyber sprints” to address urgent priorities. The first sprint will tackle ransomware.

“Let me be clear: Ransomware now poses a national security threat,” Mayorkas said in the webcast.

Ransomware attacks have increased in recent years as operators adopted new tactics like public leak sites where they post stolen data if a ransom goes unpaid. Attacks spiked significantly during the pandemic, impacting some of the most vulnerable sectors including hospitals and schools. During the webcast, Mayorkas referred to the ransomware attacks against those and other critical infrastructures as “horrendous acts” and said those behind them should be held accountable.

“There are actors out there who maliciously use ransomware during an unprecedented and ongoing global pandemic, disrupting hospitals as hundreds of thousands die. This should shock everyone’s conscience,” he said.

In response to the increase in malicious activity, the government plans to step up its efforts to fight ransomware, which will occur in the coming weeks. According to Mayorkas, that includes action to minimize risk of becoming a victim in the first place, as well as an awareness campaign to engage with partners like cyber insurance companies.

In addition, Mayorkas said DHS will step up law enforcement action against cybercriminals and dark web markets that contribute to the threat. “With respect to responding to ransomware attacks, we will strengthen our capabilities to disrupt those who launch them and the marketplaces that enable them,” he said.

Additionally, the webcast provided an update to last year’s massive supply chain attack on software vendor SolarWinds, which impacted a number of high-profile victims including several federal agencies. In response to the ongoing threat, which initially exploited a malicious update in SolarWinds’ Orion platform, Mayorkas acknowledged that the government was unaware it had been hacked for months until it was alerted by another victim of the nation-state attack, cybersecurity vendor FireEye.

Mayorkas said supply chain attacks pose additional risks, which may require a different approach.

“Following last year’s supply chain compromise targeting the federal government, we must build back better,” he said. “It will take months or years to implement. Exploitation of SolarWinds highlighted that we need to think of supply chain risks holistically. We need a risk-based approach to assess all supply chain risks.”

As multiple high-profile victims of the attack on SolarWinds were being revealed, another major hack hit the Microsoft Exchange Server. Like SolarWinds, it also impacted the federal government.

On March 2, Microsoft disclosed that Chinese nation-state actors exploited four vulnerabilities in its on-premises email server software. Patches were released, and while attacks were initially thought to be limited, that proved not to be the case. An emergency directive was issued shortly after from the Cybersecurity and Infrastructure Security Agency (CISA), warning all government civilian departments and agencies to update immediately.

During Wednesday’s webcast, Mayorkas said progress is being made in both attacks. “In the first two months, the administration has made significant strides in mitigating the SolarWinds and Microsoft Exchange incident.”

Mayorkas said the attack on SolarWinds is just one of many incidents that underscores the need for the federal government to modernize cybersecurity.

“One hard truth is that no one is immune from cyber attacks, including the government or our most advanced technology companies. Ultimately, it’s not a question of if you’ll be hacked, but rather when,” he said.

To improve the U.S.’ cyberdefense, Mayorkas said there are “urgently needed” principles that should be adopted. That includes bold and immediate innovations, widescale investments and raising the bar of essential cyber hygiene.

To that end, the government is working on nearly a dozen actions for an upcoming executive order, which Mayorkas said will be released soon. –

Dark Web ID’s Top Threats This Week


 

Northwestern Memorial HealthCare

https://portswigger.net/daily-swig/data-breach-at-third-party-provider-exposes-medical-information-of-us-healthcare-patients

Exploit: Third-Party Data Breach

Northwestern Memorial HealthCare: Hospital System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.771= Severe

A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.603= Severe

The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.

Customers Impacted: Unknown

How It Could Affect Your  Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.

IntegraMSP to the Rescue: Building a zero-trust framework is a popular and successful planning choice for a reason. Learn more about how it helps mitigate risks like stolen PII. SEE NOW>>


Morgan Stanley

https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/

Exploit: Third-Party Data Breach

Morgan Stanley: Financial Services Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.216 = Severe

Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.462 = Severe

Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts.

Customers Impacted: Unknown

How it Could Affect Your  Business Ransomware can have ripple consequences that complicate response for everyone involved, creating unexpected risk.

 IntegraMSP to the Rescue: Are you selling and delivering security awareness training to all of your clients? If not, let us show you how to get started in only 15 minutes! WATCH NOW>>


Republican National Committee (RNC)

https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee

Exploit: Nation-State Cybercrime

Republican National Committee (RNC): Political Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223=Severe

Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.

IntegraMSP to the Rescue:  Learn more about the factors that make it easy for employees to make mistakes and how you can mitigate them for a better staff. SEE THIS WEBINAR>>

GETTR

https://therecord.media/gettr-leaks-email-addresses-and-user-details-in-api-security-snafu/

Exploit: Hacking

GETTR: Social Media Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.575 = Severe

A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.502 = Severe

According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.

Customers Impacted: 40,000

How it Could Affect Your  Business Strong endpoint security and security awareness training are vital for the success of security plans

IntegraMSP to the Rescue: Building a strong security culture is essential. Learn more about how to do it in a webinar full of tips from team-building experts! WATCH WEBINAR>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.