Sponsored by RSA Conference RSA Conference APJ July 15-17, 2020 – A Virtual Learning Experience
The world’s leading cybersecurity event is going virtual 15-17 July.Join your peers and industry experts for three days of insights.Watch over 50 sessions live during Singapore business hours—or stream them later.Register today for free .V2 | Issue 125 | 6.29.20 E-learning data exposure.
Ransomware attacks (at least one is successful).Summary Data exposure at an e-learning platform.
Report: Connecticut law firm sustains ransomware attack.Lion brewery resumes operation after REvil attack.University of California decides to pay ransomware extortion.
E-learning platform leaves unsecured database in the AWS cloud.
vpnMentor has discovered an exposed AWS database belonging to OneClass, a Toronto-based e-learning platform widely used in Canada and the US.vpnMentor says the database held “27 GB of data, totaling 8.9 million records, and exposed over 1 million individual OneClass users.” OneClass, which secured the database upon notification, says the data were on a test server, bore no relation to actual individuals, and thus that no personal information was actually exposed.
vpnMentor believes to the contrary that that database did indeed hold information on students and lecturers.The researchers checked some of that data against various open sources and think they have sufficient evidence to call what they found a breach.The data are said to include full names, email addresses (“some masked, many viewable”), schools and universities attended, phone numbers, course enrollment details, and OneClass account details.
vpnMentor points out that such data are valuable in conducting phishing attacks.
Report: Coles, Baldwin, Kaiser & Creager hit with Sekhmet ransomware.
ITWire reports that the major Connecticut law firm Coles, Balwin, Kaiser & Creager has been attacked with the Sekhmet Windows ransomware.The firm represents many large and prominent US corporations.Beer may be back, but the threat to data hasn’t gone away.
Australia’s Lion brewery has resumed operations and is supplying customers in Australia and New Zealand again.Gizmodo says the beverage firm (Lion also does juice and milk in addition to beer) has restored operations after the ransomware attack it sustained earlier this month.Some of the better-known brands the company produces include XXXX, Tooheys, Little Creatures and James Squire.Lion is a subsidiary of Japan’s well-known Kirin.
The attack Lion suffered was from the REvil gang, which usually steals information as well as rendering it unavailable.Lion said, in an update on the incident it issued late last week, that it didn’t think it had lost any data, but it was properly cautious: “To date, we still do not have evidence of any data being removed.As we indicated last week, it remains a real possibility that data held on our systems may be disclosed in the future.
Unfortunately, this is consistent with these types of ransomware attacks.”
REvil has threatened, according to Security Affairs, to release stolen data.Pay up, they told Lion, “otherwise all your financial, personal information your clients and other important confidential documents will be published or put up for auction.” University of California San Francisco pays ransomware extortionists.
The University of California has decided to pay a gang that infected “a limited number of servers” at its University of California San Francisco unit with Netwalker ransomware, Computer Business Review reports .The university said the encrypted data were “important to some of the academic work we pursue as a university serving the public good.We therefore made the difficult decision to pay… for a tool to unlock the encrypted data and the return of the data they obtained.” The “public good” claim appeared to suggest that COVID-19 research was impeded, but Bloomberg, which put the amount of ransom paid at $1.4 million, says the university maintains its work on the virus was unimpeded.The BBC has an account of the negotiations between UCSF and the gang in which the extortionists explicitly threaten to release stolen student information.
Ilia Kolochenko, founder & CEO of web security company ImmuniWeb , sent comments on the incident, which he sees as a symptom of under-investment in cybersecurity on the part of public institutions.”Public schools frequently save money on cybersecurity, trying to invest budgets into apparently more appealing areas to deliver more value for students and society.
Unfortunately, the road to hell is paved with good intentions, and unscrupulous attackers readily exploit any inadequate resilience and unpreparedness to extort money.Covid-19 largely exacerbates the situation with the surge of shadow IT, abandoned servers and unprotected applications serving as an easy entry point into disrupted organizations.Crypto currencies turn cyber extortion and racketeering into a highly profitable and riskless business given that in most cases the attackers are technically untraceable and thus enjoy impunity.We will likely see a steady growth of ransomware hacking campaigns targeting the public sector in 2020.”
He also suggests that, if you were to bet on form, you would guess that the attackers got in by taking advantage of lax digital hygiene.“The disclosed technical details of the attack are obscure and insufficient to derive definitive conclusions about the origins and nature of this exorbitant incident.In light of the well-known malware reportedly used in the attack, we may, however, assume that the attack exploited a lack of IT asset visibility, improperly implemented security monitoring or patch management.
Selected Reading
Lion Believes the Beers Are Back on After Ransomware Attack (Gizmodo Australia) Lion has said its breweries are back in action after an alleged ransomware attack crippled its IT systems and production efforts earlier in June.
REvil operators threaten to leak files stolen from Australian firm Lion (Security Affairs) Australian beverage company Lion announced that it has found no evidence that hackers have stolen information from its systems.The Australian brewery and dairy conglomerate Lion suffered two cyber attacks in a few days this month.Lion is a beverage and food company that operates in Australia and New Zealand, and a subsidiary of Japanese beverage […]
Big-name Connecticut legal firm takes a hit from Sekhmet ransomware (IT Wire) A gang of hackers has used the Sekhmet ransomware to attack the site of Coles, Baldwin, Kaiser & Creager, a legal firm based in Connecticut, that has a long list of well-known clients.The company, which is also known as CBK Law, describes itself as having a national experience base with its law…
Security breach impacts Maine State Police database (Boston.com) State police said the most common documents shared on the database are crime information and situational awareness bulletins.
California University Paid $1.14 Million After Ransomware Attack (Bloomberg) The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack.
University of California: We Paid a £1 Million Ransom (Computer Business Review) The University of California says it made the “difficult decision” to pay a ransom of $1.14 million after a “Netwalker” ransomware attack this month.
Knoxville expects it won’t need to pay ransom after IT systems held hostage in cyber attack (WBIE) The city is currently working to have all employee computers up and running within the next 10 days after restoring core system functionality.
Russian hackers Evil Corp target US workers at home (BBC News) Hackers are using a new computer virus to hold company files to ransom for millions of dollars.
Evil Corp blocked from deploying ransomware on 30 major US firms (BleepingComputer) The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, at least of them being Fortune 500 companies.
Warning: Russian hackers may be trying to target you with ransomware.Here’s how (Fortune) Security firm Symantec has notified businesses that Russian hacking group Evil Corp has targeted remote employees with so-called ransomware attacks.
Pegasus Spyware Targets Moroccan Journalist (Voice of America) Omar Radi wasn’t surprised to find he was the target of apparent surveillance by Moroccan authorities.The freelance investigative journalist has been threatened and arrested for his coverage of the government, and was most recently summoned by police on June 24.
“The situation of journalists in Morocco is very tough,” Radi told VOA earlier this week.
Morocco Rejects Amnesty’s Allegations on Spying on Journalist (New York Times) Moroccan authorities on Friday rejected an Amnesty report saying they have spied on journalist Omar Radi using Israeli-made technology.
Chinese malware used in attacks against Australian orgs (BleepingComputer) The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country.
TikTok: Beneath Its Fun Exterior Lies A Sinister Purpose (Forbes) TikTok is a very irresponsible company, dangerous by design.It’s the application of Chinese philosophy on the internet — we want to see everything, know everything, analyze everything without limits — to a West where, apparently, we’re trying to put some kind of limits on it.
Data Scraper Asks High Court To Leave LinkedIn Ruling Alone (Law360) Data analytics startup hiQ Labs Inc.
has urged the U.S.Supreme Court not to review a Ninth Circuit ruling that made way for the startup to scrape LinkedIn’s publicly available information in order to resell it, arguing that the appeals court’s reading of the Computer Fraud and Abuse Act to exclude viewing and gathering public information is correct.
Pa.Convenience Store Chain Wants Data Breach Suit Tossed (Law360) A chain of Pennsylvania gas stations and convenience stores has said it had no explicit or implicit duty to protect consumers’ credit card information from hackers in its privacy statement or when customers make purchases, and it urged a federal court to toss a proposed class action over a 2018 data breach.
Does analyzing employee emails run afoul of the GDPR? (Help Net Security) A desire to remain compliant with the GDPR and other privacy laws has made HR leaders wary of any new technology for analyzing employee emails..
