Cyber Incident Weekly Report - Week of June 12, 2023
Montclair Township, NJ, Victim of Cyber Attack
WHAT HAPPENED: On Tuesday, June 6, 2023, Montclair Mayor Sean Spiller released a video announcing that the information technology (IT) department of the township experienced a cyber incident. The township is working with the New Jersey and national offices of Homeland Security, the FBI, and state law enforcement to identify the attacker, determine the damage, and restore full operation. According to Spiller, the attack did not effect critical systems or voting systems, as voters cast ballots for state Senate and Assembly seats.
CONCERNING: Cities, Townships, Local Government
SENSCY'S ANALYSIS: SensCy has been observing a rise in cyber attacks on small governments and townships since the beginning of 2023. Although the details of the attack on Montclair are currently unavailable due to the ongoing investigation, we can already expect that the attacker chose Montclair as a target this week due to the potential impact it would have on the ongoing elections. Whether or not the threat actors had a political agenda, it is typical to see a rise in cyber attacks around elections as townships and cities scramble to provide their constituents easy access to voting systems and machines. It is also likely that the threat actor is one known to law enforcement and has already targeted other municipalities or local governments. During those busy periods around elections, local governments need to pay close attention to their network security and cybersecurity. Threat actors know that local governments are already vulnerable due to their use of outdated systems and limited resources. Although cybersecurity is a year-round issue, it is more relevant around local government election periods.
Austin Hospital, Ascension Seton, Reports Data Breach
WHAT HAPPENED: On June 7, 2023, the Austin hospital Ascension Seton reported a data breach that took place on its legacy websites on March 1st and 2nd. An investigation involving law enforcement and forensic investigators is currently ongoing. The stolen data potentially includes private and sensitive information, including name, address, Social Security number, payment information, and insurance information. The affected websites were taken down and replaced by new websites.?
领英推荐
CONCERNING: Healthcare, Hospitals, Third-party Vendors, Third-party risk
SENSCY'S ANALYSIS: Although the investigation is still at an early stage on the breach at Ascension Seton, some indicators can help us understand what happened to the health organization. Since we know that the threat actors gained access to the company’s data by compromising two websites, we can expect that those websites had known vulnerabilities that the threat actors could exploit. A simple external vulnerability scan against the organization’s external facing IP address would have likely exposed those vulnerabilities. Regular scans, including internal, external, and penetration testing, can be an excellent way for organizations to manage and oversee their network infrastructure to ensure they are not missing any gaps that threat actors could exploit. Ransomware against health care has only grown and impacted over 42 million Americans in the past five years. SensCy recommends that all healthcare organizations review and implement recommendations from the National Cybersecurity Strategy and the guidelines provided by the US Food and Drug Administration (FDA).
Giant Manufacturing YKK’s U.S. Operation Targeted by Hacker
WHAT HAPPENED: The Tokyo-based manufacturer of zipper YKK confirmed this week that hackers had targeted its U.S. operations. Although YKK announced that the incident was rapidly mitigated and that no significant damage was done with no exfiltration of sensitive data, the LockBit ransomware group posted on June 2nd that they had YKK’s data, threatening to start leaking it beginning on June 16th. At the moment, it is unclear what type of data was potentially stolen by the ransomware group.
CONCERNING:? Manufacturing, YKK, Ransomware, LockBit
SENSCY'S ANALYSIS: The LockBit group continues to be one of the most prolific ransomware gangs in the world. The group is considered a Ransomware as a Service (RaaS), meaning other threat actors can hire LockBit or their tools to conduct ransomware attacks. Their software, also named LockBit, targets the most critical systems and is the most frequent and successful attacker in the manufacturing sector. It is unlikely that LockBit would be bluffing when sharing that they have stolen YKK’s sensitive data. LockBit has been described as a Russia-affiliated ransomware gang. However, it is unclear if they respond directly to the Kremlin. Still, they will likely target companies that do not support the Russian cause, notably in the ongoing conflict in Ukraine.?