Cyber Week in Review: The Result of Human Error, White House Report Details 11 Severe Government Breaches in 2023, Rare Vulnerabilities Found

We have now reached MORE than 23,170 subscribers! Thanks for your unwavering support! Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network.

Be sure to read the "My thoughts" section to learn strategies for navigating and combating cyber attacks. I'm here to assist you in avoiding and battling these threats should they ever affect you.

Contact me if you have any questions regarding your enterprise's cybersecurity strategy --> Luigi Tiano.

Is human error the weakest link??

?

US healthcare organization Ascension revealed that a ransomware attack in May 2024 was initiated by an employee downloading a malicious file, mistaking it for a legitimate one. The breach led to some systems being taken offline as a precaution. Investigations have shown that the attackers exfiltrated data from a small number of file servers, potentially affecting protected health information (PHI) and personally identifiable information (PII) of certain individuals. No evidence indicates that data was taken from Electronic Health Records (EHR) or clinical systems. Although the attackers were not officially attributed, sources suggest Black Basta ransomware was involved. Following the incident, the American Hospital Association (AHA) and FBI issued advisories on Black Basta, recommending urgent technical mitigations to prevent future attacks. ( cyberdaily.au ) ?

?

Human error is often the weakest link in cybersecurity. Breeding a security (cybersecurity) first culture in the enterprise can be the most impactful way of protecting the longevity and health of the business. Organizations must invest in regular training programs to educate staff on identifying phishing attempts and handling files securely. The financial impact of such breaches is large, not just in terms of ransom payments, but also in operational disruption, data recovery and reputational damage. Train and educate your employees. It’s worth it.??

Club Penguin Hackers Breach Disney Servers, Steal 2.5 GB of Internal Data?

?

In a recent cyberattack, vengeful hackers breached Disney's internal servers and stole 2.5 GB of data. The hackers, reportedly fans of the discontinued Club Penguin game, initially sought old game-related information but ended up uncovering a significant amount of current internal data about Disney's broader business operations. The stolen data includes internal documents about Club Penguin, as well as sensitive information on Disney+, corporate strategies, advertising plans, and undisclosed internal tools named Helios and Communicore. These tools are used for creating interactive experiences and asynchronous messaging within Disney's distributed applications, respectively. The breach was facilitated using previously exposed credentials and has raised concerns about further vulnerabilities due to links to internal Disney websites being compromised. Disney has yet to respond to these reports. ( gizmodo.com ) ?

?

My Thoughts: This breach is particularly concerning given the nature of the stolen data. Source code and internal documents are highly sensitive and can be exploited in various ways, from creating counterfeit versions to identifying and exploiting further vulnerabilities. The theft of 2.5 GB of current internal data not only compromises Disney's proprietary information but also exposes the company to potential future attacks. The disclosure of internal tools like Helios and Communicore could provide valuable insights to competitors or malicious actors seeking to exploit Disney’s systems. Very concerning, for such a large name.??

Where does your data sit? Find out below.?

White House Report Details 11 Severe Government Breaches in 2023?

?

The White House report revealed that US federal agencies experienced a 9.9% increase in cybersecurity incidents in 2023, totaling 32,211 incidents. The most common type was "improper usage," followed by phishing and malicious emails, which saw a significant increase. Despite the rise in attacks, none were rated higher than "medium" on the National Cyber Incident Scoring System (NCISS). The report highlighted 11 major incidents across various departments, including significant breaches at Health and Human Services (HHS), the Treasury Department, and the Department of Justice. These major incidents involved ransomware attacks, zero-day exploits, and phishing, compromising personal data of millions of individuals. The report underscores the ongoing challenges and vulnerabilities within federal cybersecurity defenses. ( theregister.com ) ?

?

My Thoughts: The increase in phishing and malicious email incidents points to a persistent challenge in securing human elements within cybersecurity protocols. The major breaches at HHS, Treasury, and Justice departments expose systemic issues in contractor management and incident response. These breaches demonstrate that even with immediate actions post-incident, the preventative measures in place are insufficient. Strengthening training, enhancing detection systems and ensuring rapid response protocols are essential. The role of high-level oversight, such as from (CISOs), is crucial in addressing these threats and preventing future incidents. Federal agencies must prioritize not just reactive but proactive strategies to safeguard national security and public trust.?

Calendar link ?

?

Vulnerabilities within testing environments??

?

The Toronto District School Board (TDSB) is investigating a ransomware attack that targeted its technology testing system. While the TDSB’s operational systems remain unaffected, the school board has informed the Toronto Police Service and the Information and Privacy Commissioner of Ontario. The TDSB has assured parents that if any personal information is found to be compromised, affected individuals will be notified. Cybersecurity expert Francis Syms noted that testing systems could be vulnerable if they lack multifactor authentication, although he is not directly involved in the investigation. The TDSB continues to work with third-party experts to assess the situation. ( thestar.com ) ?

?

As an expert, I find this incident concerning due to the potential vulnerabilities within testing environments. Testing systems often serve as critical points for identifying and resolving issues before full deployment, but they can also be a weak link if not properly secured. This can be very bad.?

?

?