Here’s your Cyber Security Incidents Update for wk25 2024
(a once-a-week on Monday glimpse into just a fraction of the Cyber Security events of the previous week to inform regarding the depth and breadth of the incidents world-wide)
(Tough job putting this together this week. No problem finding items, just the opposite. So many to choose from!)
-Organisation
⦿ Department of Public Health, Los Angeles, USA
-Data compromised
⦿ Personal, medical and financial information
-Initial access
⦿ "The incident was caused by an attacker gaining the log-in credentials of 53 Public Health employees through a phishing email" (No or Minimal Security Awareness Training = Compromise in many incidents)
-Possible Prevention
⦿ Security Awareness Training
-Organisation
⦿ The Guest Rewards programme of the US national passenger railroad company Amtrak (not Amtrak directly)
-Data compromised
⦿ Users’ names, contact information, Amtrak Guest Rewards account numbers, dates of birth, partial payment details (such as credit card numbers and expiration dates), gift card information (including card numbers and PINs), and details about transactions and trips with Amtrak
-Initial access
⦿ "The company believes the hackers obtained login credentials from third-party sources" (so a phishing email and/or credential stealing)
-Possible Prevention
⦿ "Amtrak has enabled multi-factor authentication (MFA) for all Amtrak Guest Rewards accounts to enhance security" (always a good idea to enforce MFA after an incident. So much better to do it before of course 🤦♂️)
-Organisation
⦿ CDK Global, a SaaS platform for over 15,000 car dealerships in North America. (While some have resorted to pen and paper, others said they were forced to halt most of their operations)
-Data compromised
⦿ Not yet known but dealerships store large amounts of confidential, personal data, including financing and credit applications, customer financial information and home addresses. (Important to note that as systems were starting to be restored CDK suffered a second incident)
-Initial access
⦿ Not proven yet, but dealerships access CDK via an always-on VPN (my money's on that as the source of compromise)
One piece of good news 👍:
Nigerian national Ebuka Raphael Umeti is facing the prospect of spending up to 27 years in Federal prison in the US after being convicted for carrying out a business email compromise (BEC) scheme which caused losses of more than $1.5 million to victims (caused by: phishing email. Again. Once again No or Minimal Security Awareness Training = Compromise in so many incidents)
Bonus Good News item this week:
Two individuals, Thomas Pavey and Raheim Hamilton, have been charged in the US with operating a dark web marketplace 2018 and 2020 that facilitated over $430 million in illegal transactions. "Empire Market" sold illegal drugs, chemicals, jewellery, credit card numbers, counterfeit money bills and malware. They face the prospect of at least 10 years in prison, possibly up to life imprisonment
One final note:
In a 2022 hack of Australian health insurance provider Medibank the personal data and health claims data of 9.7 million people was compromised. Now, Australia's Information Commissioner has issued a scathing report on the company about its security practices including the lack of mandatory MFA protection (it's lack of MFA again and again in these breaches)