Cyber Incident Weekly Report - Week of November 4, 2024

Cyber Intrusion Suspected in Washington State Court System Outages

WHAT HAPPENED: Washington state courts are experiencing widespread outages due to suspected unauthorized access to their network. The Washington State Administrative Office of the Courts (AOC) informed residents of this potential cyber intrusion, which has impacted courts across several counties and municipalities. The AOC has taken steps to secure critical systems, though disruptions to its website and other services are ongoing. Some courts are reporting system outages affecting electronic filings, phone lines, and payment platforms, while Thurston County has postponed certain hearings. AOC officials stated they do not believe this was a targeted attack but have not provided further details on the issue’s nature.

CONCERNING: Washington State Courts, Breach.

SENSCY'S ANALYSIS: SensCy continues to observe the increasing number of cyber attacks on court systems, notable in California, Ohio, Texas, and Pennsylvania. A successful cyber attack on a court system can lead to severe consequences. Sensitive information, such as personal data, case details, and evidence, could be compromised, risking the privacy and safety of individuals involved in court cases. Disruptions to court operations can delay trials, hearings, and essential services, potentially impacting legal proceedings and denying timely justice. If hackers gain access to or manipulate legal records, it could lead to wrongful convictions, tampered evidence, or cases being dismissed, undermining public trust in the judicial system. Additionally, ransomware attacks could force court systems to pay high ransoms or face extensive service outages, leading to financial and reputational damage. To mitigate such risks, SensCy recommends that court systems implement proactive cybersecurity measures. Regular security audits and vulnerability assessments can help identify and address weaknesses before attackers exploit them. Installing endpoint protection and network monitoring solutions can detect and respond to suspicious activity in real time. Ensuring strong, regularly updated encryption protects sensitive data. Courts should also conduct staff training on recognizing phishing and other cyber threats, as human error often leads to breaches. Finally, establishing a cyber incident response plan will prepare the court system to act quickly in the event of a cyber incident, reducing potential impacts.

Texas Oilfield Impacted by Ransomware Attack

WHAT HAPPENED: Newpark Resources, a supplier for oilfields, reported a ransomware attack discovered on October 29, which has disrupted and limited access to some of its internal systems and applications. In a filing to the SEC, the company stated that, although its operations and corporate functions were affected, it continued manufacturing and field activities through established downtime procedures. Newpark has yet to determine the financial impact of the attack, but it doesn’t expect significant effects on its financial health or operational results. No group has claimed responsibility for the attack.?

CONCERNING: Newpark Resources, Oil, Gas, Natural Resources, Ransomware.

SENSCY'S ANALYSIS: Cyber attacks on oilfield suppliers can have far-reaching consequences, disrupting the energy supply chain and affecting industries reliant on oil and gas products. When suppliers are compromised, attackers may gain access to proprietary information, sensitive customer data, and industrial control systems, leading to intellectual property theft, data breaches, or even operational disruptions. Attacks on suppliers can result in production delays, financial losses, and potential safety hazards, especially if malware interferes with equipment controls or automated processes used in oilfield operations. These attacks affect the supply chain by slowing down or halting the flow of materials, tools, and resources essential for exploration, extraction, and distribution. Delays in equipment or services can disrupt project timelines, driving up costs for both suppliers and their clients. Additionally, customers may need to find alternative suppliers, which could further stress global supply chains and impact pricing and availability in critical markets, including energy, construction, and transportation. Cyber attacks on oilfield suppliers often occur through phishing, ransomware, or direct exploitation of unpatched vulnerabilities in IT systems and industrial control systems (ICS). Attackers may enter via compromised employee credentials or unsecured remote access points, sometimes leveraging supply chain weaknesses to spread malware through connected systems. To protect against these risks, oilfield suppliers should implement a robust cybersecurity framework. Regular security audits, timely software updates, and patching of ICS and IT infrastructure are essential. Network segmentation separates operational systems from internet-facing services, reducing the risk of cross-infection. Multi-factor authentication (MFA) and strong access controls protect against unauthorized access, especially for privileged accounts. A web application firewall (WAF) helps prevent attacks on public-facing systems, and endpoint detection and response (EDR) tools can identify suspicious activity early. Additionally, educating employees on recognizing phishing attacks is crucial, as human error is often a major factor in security breaches. A comprehensive incident response plan ensures that companies can respond swiftly to minimize disruptions, safeguarding both operations and the broader supply chain.

Major Retailer SelectBlinds Hit by Malware Attack, Exposing 200,000 Customers' Data

WHAT HAPPENED: Over 200,000 customers of SelectBlinds had their credit card information and other personal data stolen after hackers embedded malware on the retailer's website. The breach, discovered by employees on September 28, revealed that the malware had been present since January, capturing login credentials and payment details from the checkout page. Stolen information includes names, emails, addresses, phone numbers, and full credit card details, including CVV codes. SelectBlinds has since locked user accounts, prompting password resets, and removed the malware from its site. The company advises affected users to change passwords on any accounts using similar login credentials.

CONCERNING: SelectBlinds, Malware Injections, Data Breach.

SENSCY'S ANALYSIS: Malware injections into websites are a significant cyber risk, where malicious code is embedded into a website's system to compromise data, redirect users, or take control of web functionalities. These injections can lead to data theft, unauthorized access to user accounts, and compromised payment information, which can harm both the organization and its customers. Website defacement, phishing, and distribution of additional malware to visitors are also common, damaging a site’s reputation and causing financial and legal consequences. Malware injections typically occur through methods like SQL injection, cross-site scripting (XSS), or remote code execution. Hackers exploit vulnerabilities in website code, plugins, or third-party applications to insert malicious scripts. Outdated software, weak access controls, and unpatched security flaws increase the risk, especially in commonly used content management systems (CMSs) like WordPress. Attackers may also gain initial access via stolen administrator credentials obtained through phishing or brute-force attacks. To protect a website, implementing strong security practices is essential. Regularly updating the website’s software, plugins, and underlying systems closes known vulnerabilities. Input validation and sanitization prevent SQL injection and XSS attacks by ensuring that user-supplied data does not contain executable code. Additionally, employing a web application firewall (WAF) adds a layer of defense by filtering out malicious traffic and blocking injection attempts. Secure user authentication, including multi-factor authentication (MFA) for administrator accounts, reduces unauthorized access risk. Encrypted HTTPS connections are critical to protect data in transit, and frequent security scans and penetration testing help detect vulnerabilities early. Finally, implementing a solid backup and disaster recovery plan allows rapid recovery in the event of an attack, minimizing downtime and data loss.