Monday 8th July 2024

Good morning everyone, another intriguing week ahead of us in the cybersecurity world. In today's edition, we look into a ransomware breach in Alabama's education department, Florida's stand against cyber extortion, and Russia's latest attempts to sow discord in France. From hacked health data to digital campaigns targeting the Paris Olympics, it's clear that the battle for control and influence is increasingly fought online. Stay informed and vigilant—let's dive in.

Alabama education department suffers data breach

The Alabama State Department of Education (ALSDE) thwarted a ransomware attack on June 17, but not before hackers accessed some data and disrupted services. Superintendent Eric Mackey disclosed the breach, noting that while the attack was interrupted, the exact scope of compromised data is still under investigation.

What's at stake?

There's potential that student and employee information was accessed. Thankfully, employee bank account and direct deposit details remain secure, as they aren't stored on state servers. Mackey advised parents and education employees to monitor their credit as a precaution.

What we know:

• The attack was stopped before all targeted data could be accessed.
• The breach’s full extent is yet to be determined.
• ALSDE is collaborating with external experts to investigate the incident.

Mackey emphasised the importance of remaining cautious, saying, “They should assume that there is a possibility that some of their data was compromised.” The department is focused on identifying the breach's full impact to prevent future occurrences.

RansomHub targets Florida Department of Health

RansomHub, a notorious hacking group, claims to have exfiltrated and published 100 GB of sensitive data from the Florida Department of Health after the department refused to meet its ransom demands. The hackers announced their actions on July 1 via a post on X by HackManac, a cyberattack tracking company.

What went down

RansomHub demanded an undisclosed ransom, threatening to release the stolen data if not paid by Friday. Florida, adhering to the Cybersecurity and Infrastructure Security Agency's guidelines, refused to pay. Consequently, RansomHub published the data on the dark web, including medical records, Social Security numbers, and health insurance information.

Key points:

• Florida’s policy is to not pay ransoms, as payment doesn’t guarantee data recovery.
• RansomHub posted the stolen data link with a statement highlighting the department’s role and responsibilities.
• The Florida Department of Health has not commented on the incident.

Brett Callow, a threat analyst at Emsisoft, confirmed the legitimacy of RansomHub’s claim, noting the department had acknowledged a cybersecurity incident. Callow highlighted the increased targeting of the U.S. healthcare sector by cybercriminals, posing risks to both personal information and lives.

This attack is part of a troubling trend, with 2,207 U.S. hospitals, schools, and governments affected by ransomware last year, according to Emsisoft. Florida has seen other incidents, such as Black Cat’s attack on the state court system and a phishing scam in Fort Lauderdale.

The state’s approach remains firm against paying ransoms, even as cyberattacks proliferate. The latest state budget proposal suggests reallocating $40 million from the Local Government Cybersecurity Grant back to the general fund, a move that could impact future cybersecurity efforts.

Russia ramps up disinformation campaigns against France

Disinformation campaigns targeting France have surged, with Russian operatives orchestrating various schemes to sow discord and undermine the French government. These efforts include everything from tagging Holocaust memorials with blood-red hands to creating fake military recruitment drives for Ukraine.

Starting last summer, Russian bots began circulating photos of graffitied Stars of David in Paris, which were followed by vandalism at a Holocaust memorial. French intelligence linked these acts to the Russian intelligence agency FSB, with photos amplified by fake accounts tied to the Russian disinformation site RRN. The campaigns have ramped up in response to France's legislative elections and the upcoming Paris Olympics.

Key incidents:

• Fake recruitment for the French army in Ukraine.
• Caskets at the Eiffel Tower marked "French soldiers in Ukraine."
• Mirrored French news sites redirecting to disinformation content.

Cybersecurity experts, like Brett Callow from Emsisoft, emphasize the broader strategy of undermining democratic institutions and NATO, while French officials monitor the ongoing posts warning of unrest ahead of the Olympics.

The disinformation has fueled political tension, particularly benefiting the far-right National Rally, which defeated Macron’s party in recent European Parliament elections. The Kremlin's goal appears to be pushing the political spectrum to extremes, as stated by French cybersecurity expert Baptiste Robert.

These campaigns aim to erode faith in the media and government while reducing Western support for Ukraine. By exploiting social discord and creating confusion, Russia’s long-term strategy is to destabilize democratic societies. The French government’s cybersecurity watchdog, Viginum, continues to release reports on these efforts, warning of their potential impact on the 2024 Paris Olympics.