Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT system. Show all posts
Ransomware
American Water Works Cyber Attacks Data HMI IT system Ransomware

American Water Works faces Cyberattack





American Water Works, the country's largest provider of water services to 14 states, recently reported that it was cyber attacked on its information technology system. The current report has indicated that operational technology systems that control delivery of water within the company are not affected. As reported by Bloomberg, the company disclosed to shareholders in a filing with the U.S. Securities and Exchange Commission which forced the company to temporarily suspend billing and limit customer support.

On its website, the American Water Works explained its statement in announcing that certain systems were turned off in an attempt to prevent more damages on its customers' information. Its MyWater online service has been temporarily halted, thus stopping billing processes until the systems can be brought back online. The company assured that water quality is not affected and safe for drinking. Whether the customers' information was accessed remains a determination to be made.

Response to the Incident

The company cannot yet fully assess the impact of the incident but confirms that its water and wastewater operations are unaffected. American Water Works first detected unauthorised activity in its networks on October 3. Upon discovery, the company activated its cybersecurity response protocols and sought the assistance of third-party cybersecurity specialists to help contain and investigate the incident. Law enforcement was notified promptly and are actively involved in ongoing inquiries.

The company's IT teams are scrambling to protect data by isolating some systems that might prevent any possible damage. The exact nature of the attack is still unknown, but such cases of ransomware attacks scare cybersecurity experts, who have noted recent instances in which hackers carried out ransomware attacks. The separation of the IT network from the OT networks by the company, a critical step in cybersecurity for critical infrastructures, may have allowed it to contain the spread of the attack that did not penetrate the core operations.


Cyber Threats Against Water Utilities

The incident is part of a worrying trend of cyberattacks on water utilities. Just two weeks back, a Kansas water utility fell under similar attacks, reviving the renewed debate on protection of critical services. According to a report by Cyble, a cybersecurity firm, groups such as Russia-linked People's Cyber Army are increasingly threatening the water sector through cyber attacks. The report has identified significant vulnerabilities and pointed out that many US water utilities are using outdated systems and those lacking in their cybersecurity practices.

Notably, a similar alarm is sounded by the latest GAO report against the Environmental Protection Agency, which presses for better cybersecurity requirements in water utility providers. A review of the water utilities through inspections reported that almost 70% of them don't comply with basic cybersecurity guidelines, which puts it at the risk of a potential disruption in its operations or even contamination. Cyble's research calls out for contemporary security measures such as network segmentation and strengthening of controls over control systems, among others.


Experts recommend network segmentation for water utilities to separate IT from OT systems; also HMIs that can lock down their monitoring systems. As more and more water utilities bring their systems onto the internet, the chance of cyber threats increases continually. Even as American Water Works works through its recent cyber incident, pressure is growing throughout the industry to harden its defences and protect critical infrastructure in a manner that ultimately protects public health.

Recently, the American Water Works was attacked via a cyber attack that portrays a need for stronger cybersecurity practices in the water industry. As attacks increase in terms of frequency and complexity, companies must implement strong security measures to protect the essentials and assure the public regarding the safety of delivering water.


Read more »
Software
CrowdStrike Cyber Security Global Airlines IT system Microsoft 365 Software

Global IT Outage Disrupts Airlines, Hospitals, and Financial Institutions

 



A major IT outage has affected a wide array of global institutions, including hospitals, major banks, media outlets, and airlines. The disruption has hindered their ability to offer services, causing widespread inconvenience and operational challenges.

International airports across India, Hong Kong, the UK, and the US have reported significant issues, with numerous airlines grounding flights and experiencing delays. In the US, major airlines such as United, Delta, and American Airlines implemented a "global ground stop" on all flights, while Australian carriers Virgin and Jetstar faced delays and cancellations. According to aviation analytics firm Cirium, over 1,000 flights worldwide have been cancelled due to the outages.

At Indira Gandhi International Airport in Delhi, passengers experienced "absolute chaos," with manual processes replacing automated systems. Similar situations were reported in airports in Tokyo, Berlin, Prague, and Zurich, where operations were significantly hampered.

Emergency services and hospitals have also been severely impacted. In the US state of Alaska, officials warned that the 911 system might be unavailable, and some hospitals have had to cancel surgeries. In Australia, however, authorities confirmed that triple-0 call centres were unaffected.

Hospitals in Germany and Israel reported service disruptions, while GP services in the UK were also affected. These interruptions have raised concerns about the ability of medical facilities to provide timely care.

The media sector did not escape the impact, with many broadcast networks in Australia experiencing on-air difficulties. Sky News UK went off air for a period but has since resumed broadcasting. Retail operations were also disrupted, with supermarkets like Coles in Australia facing payment system failures, forcing the closure of self-checkout tills.

Cybersecurity firm CrowdStrike has confirmed that a defective software update for its Microsoft Windows hosts caused the outage. In a statement, CrowdStrike assured that the issue had been identified, isolated, and a fix deployed, emphasising that the incident was not a cyberattack. They advised organisations to communicate with CrowdStrike representatives through official channels to ensure proper coordination.

Earlier in the day, a Microsoft 365 service update had noted an issue impacting users' ability to access various Microsoft 365 apps and services. Microsoft later reported that most services were restored within a few hours.

The outage has highlighted the vulnerabilities of global IT systems and the widespread reliance on third-party software. A spokesperson for Australia's home affairs ministry attributed the issues to a technical problem with a third-party software platform used by the affected companies. The country's cybersecurity watchdog confirmed that there was no evidence of a malicious attack.

As companies scramble to resolve the issues, the incident serves as a stark reminder of the critical need for robust IT infrastructure and effective crisis management strategies. The global scale of the disruption underscores the interconnected nature of modern technology and the potential for widespread impact when systems fail.

This incident will likely prompt a reevaluation of cybersecurity measures and disaster recovery plans across various sectors, emphasising the importance of resilience and preparedness in the digital age.


Read more »
IT system
Crown Employee Cyber Attacks CyberCrime Cybersecurity CyberThreat Forklift IT system

Cyberattack Cripples Forklift Giant Crown Equipment's Production

 


In a recent report to the company's employees, Ohio-based Crown Equipment, which is one of the world's largest industrial and forklift truck manufacturers, confirmed that it had been attacked by a cybercriminal organization. After a cyberattack, the company has had to shut down its operating systems due to a cyberattack on one of its biggest forklift manufacturing companies. The Crown Equipment Group reported a cyberattack on Wednesday and is investigating the incident, announcing that the attack was the result of a successful social engineering attack against an unidentified “international cybercriminal organization. 

There have been suspicions at BornCity that this attack was the result of a social engineering attack against a Crown employee. However, no further details were provided regarding the nature of the incident by the company, except the fact that it was perpetrated by an international cybercriminal organization, leading some to believe the firm might have been the victim of a ransomware attack. As part of the investigation into the cyberattack, the Federal Bureau of Investigation has also been engaged. 

In addition to the incident catching the attention of the Information Technology (IT) community, Chief Executive Officer Bryan Hornung of Xact IT and Cybersecurity has been involved in the attack as well. Since he started Xact IT and Cybersecurity twenty years ago, Hornung has spent twenty-five years in the industry. One of the largest forklift manufacturers in the world, Crown employs 19,600 people across 24 production plants situated in 14 locations around the world. Crown is a company with more than 20 years of experience.  

Approximately six days ago, Crown employees started reporting that the company had been compromised and that all IT systems had been shut down. Employees were advised that they should not accept MFA requests or be wary of phishing emails and to stop accepting MFA requests. The company has been experiencing problems with its IT systems, causing employees to not be able to clock in their hours, access service manuals, or, in some cases, deliver machinery. Initially, employees were told that if they wanted to get paid for those days they missed, they would have to file for unemployment or use their banked paid time off (PTO) and vacation days. 

In an attempt to rectify this, BleepingComputer was informed that employees would be given their regular salaries in advance as a way of making up for the unused hours. Earlier today, Crown was forced to publicly confirm its involvement in the cyberattack for the first time, saying that its ongoing security measures had a direct impact on limiting the damage caused by the cyberattack. According to the company, it is still working on recovering from the disruption caused by the attack and is still making progress towards returning to normal business operations. 

Additionally, Crown is working closely with its customers to reduce the impact of the incident on their businesses," according to a statement released by the company. While manufacturing continues to be disrupted, the company is slowly resuming operations. However, systems are gradually coming online again. As of right now, Crown has not been able to provide any information on what type of cyberattack they suffered, but they have acknowledged that the incident was likely caused by an "international cybercriminal organization," which would indicate that the company was targeted by ransomware. 

There are unfortunately several dangers associated with the use of ransomware in the computing industry, one of which is that it can also expose corporate data as a result of the cyber attack if it is not paid a ransom. The company has not acknowledged reports of a ransomware attack. But rumours have it that it was caused by ransomware. In the end, it remains to be seen exactly the extent of the compromise: it is possible that it was limited, and that the disruption was mainly caused by Crown's quick response to cut off the network before the malware had a chance to infect the system. 

As an alternative explanation, one may also be able to attribute the long recovery time to the fact that systems have been cleaned before re-installing them and that the backups are not encrypted, rather than having been encrypted from the start. While this is going on, it's quite evident that the reputation of the company with its employees has been damaged, since the employees have been left hanging for days without any or an inadequate explanation as to what exactly their paychecks would look like in consequence of this downtime. In addition to the manufacturing stoppage having an impact on the company's profits, it will also have an impact on businesses that are dependent on Crown becoming fully operational to do their work daily.
Read more »
Technology
Credit Report CyberCrime Data Breachs Federal Trade Commission FTC Gulf Coast Health System HHS IT system Ransomware Rhysida Singing River SSN Technology

Singing River Health System Suffers Major Data Breach, 895,000 Impacted

 


A ransomware attack that took place in August 2023 is now estimated to have affected 895,204 people within the Singing River Health System. The Singing River Health System operates three hospitals in Mississippi, one in Pascagoula, one in Ocean Springs, and one in Gulfport, which collectively provide over 700 beds to its patients. It is one of the largest healthcare providers in Mississippi. It employs a total of 3,500 people, and it also operates two hospices, four pharmacies, six imaging centres, ten speciality centres, and twelve medical clinics throughout the Gulf Coast region. 

The impacted hospitals were experiencing major IT system outages for several services, including laboratory testing and radiology testing. At the time, Singing River said it was working to process all paper-ordered lab tests and radiology exams as quickly as possible, depending on the priority of the exam. It was revealed by the healthcare organization on September 13, 2023, that a data breach had taken place, and in December 2023 the organization announced that 252,890 individuals were affected by the incident. 

According to a new update shared by the Maine Attorney General, the company reported that 895,204 people were affected by the incident. An August 31, 2023, disclosure from the healthcare system was the first time it reported the breach. As of the time of this writing, the US Department of Health and Human Services (HHS) Office for Civil Rights has been informed of the breach as impacting at least 501 individuals. 

The number will be determined once internal and external investigations have been completed. It has been confirmed that the data exposed to the public is a combination of full names, dates of birth, physical addresses, Social Security Numbers (SSNs), medical information, and health information, according to the latest information in the data breach report and on the organization's website. Singing River assured everyone that despite these issues, they have yet to find evidence that the threat actors were using the data to commit identity fraud or theft. 

It is also worth noting that the company also offers two-year credit monitoring services and identity restoration services to those who may be affected by this. A ransomware group known as Rhysida has been reported as responsible for the attack, making it one of the most serious cybercriminals groups targeting healthcare providers. Approximately 80% of the data that the threat actors claim to have gained from the Singing River has been exposed thus far, which includes 420,766 files totalling 754 GB in size, which comes with a catalogue of 420,766 files that they claim have gained from the Singing River. 

Threat actors will no doubt take advantage of these opportunities to generate other illicit activities, such as phishing if the stolen data includes details that can provide additional information. Due to this, recipients of the free identity restoration and monitoring services provided by the Federal Trade Commission are recommended to immediately apply for them to avoid becoming victims of such campaigns. 

A ransomware gang known as Rhysida was responsible for the attack, as well as other healthcare systems including Prospect Medical Holdings and Lurie Children's Hospital. According to the Health Sector Cybersecurity Coordination Center at HHS, the group has targeted educational institutions, the manufacturing industry, as well as the Chilean army in the past, as well as numerous other institutions.   
The IDX recommendation is that impacted individuals enrol in IDX's services as soon as possible, act with caution when responding to unsolicited communications, monitor all accounts for suspicious activity, and consider placing a security freeze on their credit reports to protect themselves. Threat actors are becoming increasingly attracted to the healthcare sector due to its data holdings and the importance of these data for a community or country, thus making it a highly attractive target for data breach attacks. 

In a cyberattack that occurred last week, DocGo, a provider of mobile medical services, was compromised. For individuals who have been impacted by the SRHS, IDX identity theft protection is offering a free twelve months of credit monitoring services provided by IDX for twenty-four hours a day. Moreover, the company offers guidance on how to prevent identity theft and fraud, which includes steps to report suspicious incidences, as well as placing fraud alerts or security freezes on the credit record to protect the information. 

As well as that, they will be providing information on how users can protect themselves from tax fraud, how to contact consumer reporting agencies, and how to get a free credit report. A report by the Singing River Health System has reviewed the account statements of individuals impacted by the breach and recommended that they monitor their credit reports and account statements closely. 

In the wake of a recent ransomware attack on the Singing River Health System, which resulted in the theft of data belonging to 895,000 individuals, authorities are urging affected persons to take immediate action. It is strongly recommended that anyone who suspects they may be a victim of identity theft or fraud report these incidents to the appropriate authorities without delay. 

Key organizations to contact include the Federal Trade Commission (FTC), which handles consumer complaints and can guide users in protecting their identity. Additionally, individuals should reach out to their state's Attorney General's office, which often has resources and support for victims of identity theft. Reporting the incident to local law enforcement is also crucial, as it helps authorities track and investigate such crimes. By taking these steps, individuals can not only protect themselves from further harm but also assist in the broader effort to combat cybercrime and bring those responsible to justice.
Read more »
Patient Data
Cybersecurity Data Breach Data Safety data security Hacker attack Healthcare Breach IT system Patient Data

DocGo Confirms Cyberattack: Patient Health Data Breach

 

In a recent turn of events, DocGo, a prominent mobile medical care firm providing healthcare services across the United States and the United Kingdom, has fallen victim to a cyberattack. The breach, confirmed by the company in a filing with the U.S. Securities and Exchange Commission (SEC), has raised concerns about the security of patient health data and the impact on DocGo's operations. 

Here's what we know so far: According to the SEC filing, DocGo discovered unauthorized activity within its systems and promptly initiated an investigation with the assistance of third-party cybersecurity experts. While the company has not disclosed the specific nature of the cyberattack, it is common practice for organizations to shut down affected IT systems to prevent further compromise. 

As part of their investigation, DocGo determined that the hackers gained access to a "limited number of healthcare records" belonging to the company's U.S.-based ambulance transportation business. This breach has raised serious concerns about the security of patient health information and the potential impact on individuals affected by the attack. In response to the breach, DocGo is actively reaching out to individuals whose data may have been compromised. The company assures that no other business units have been affected, and they have not found evidence of continued unauthorized access. 

Despite the breach, DocGo believes that the incident will not have a significant impact on its operations and finances. One of the key concerns following a cyberattack of this nature is the possibility of ransomware involvement. If the attackers deployed ransomware and a ransom demand is not met, there is a risk that the stolen data could be used as leverage for future extortion attempts against DocGo. However, as of now, no threat actors have claimed responsibility for the breach. The breach at DocGo underscores the importance of robust cybersecurity measures in protecting sensitive medical data. 

Healthcare organizations must remain vigilant against evolving cyber threats and prioritize the security of patient information. Additionally, swift and transparent communication with affected individuals is crucial in mitigating the potential impact of a data breach. As the investigation into the cyberattack continues, DocGo is likely to implement additional security measures to prevent future incidents and safeguard patient health data. 

However, the full extent of the breach and its implications for affected individuals remain to be seen. The cyberattack on DocGo serves as a stark reminder of the persistent threat posed by cybercriminals to organizations across all sectors, including healthcare. It highlights the need for continuous monitoring, robust cybersecurity protocols, and proactive response strategies to mitigate the risks associated with data breaches
Read more »
VF Crop
Breach Unveils Cyberattacks CyberCrime Cyberhackers Cybersecurity Data Breach Data Disaster IT system Ransomware VF Crop

Data Disaster: 35M Customers in Peril as VF's Breach Unveils

 


With its 13 brands, VF Corporation is one of the largest global apparel and footwear companies in the world. They own JanSport, Dickies, Eastpak, Timberland, Smartwool, Vans, The North Face, and The North Face brands that accounted for 55% of the backpack market in 2015. It has been reported that VF Corp has been the victim of a ransomware attack in December 2023. 

As a result of the ransomware attack, some of the company's systems were taken out of operation and were forced to contain the threat. There has been a cyber attack on VF Corp's customer data, reported TechCrunch. VF Corp, the parent company of popular brands like Vans, Supreme, and The North Face, claims it stole data from 35.5 million customers in a December attack, according to a regulatory filing. Nevertheless, the company has not provided any information on what type of personal information was compromised. 

Even though the report says that the filing does not explicitly state what personal information was stolen, the company stated that, for its consumer businesses, it does not retain Social Security numbers, bank account information, or credit card numbers. 

A Denver, Colorado-based company, VF Corp, reported its data breach to regulators on Thursday and did not have any evidence that hackers had stolen customer passwords. The Denver-based company did not have any evidence that the hackers had stolen customer passwords. There is no specific information in the filing about what kind of personal data was taken, or if the company has yet been aware of what has been stolen. 

The VF Corp spokesperson did not respond to TechCrunch's email requesting additional information. In addition to the fact that VF Corp does not collect any information about a consumer's Social Security number, bank account number, or credit card, nor does it have any evidence that hackers have stolen any of the company's customer passwords, the company says it does not maintain this information. 

Social Security number and financial information are not stored by VF Corp in its systems, according to the company. Furthermore, VF Corp says that it has not found any evidence that customer passwords have been stolen. As a result of the shutdown of certain systems, VF encountered disruptions in its operations. 

As a result of the incident, retail stores were interrupted in replenishing inventory and orders were delayed. Several and varied issues have resulted in cancellations of orders on the part of customers and consumers, reduced demand on e-commerce sites of some brands, and delayed shipments of some wholesale products. 

The company has managed to restore all of the impacted systems, although minor issues are still being encountered. A VF spokesperson said on Thursday that the company has not disclosed what information was stolen from its IT systems, but it did indicate certain data that was not stolen and that it is still investigating. 

In addition, there has been no evidence to suggest that the company has stolen the passwords of its customers and that Social Security numbers, bank account details, or credit card numbers are stored in its computer system. 

VF, as a co-founder and chief innovation officer for CyberSaint, is providing a certain level of assurance to the SEC and their investors that the 35 million records were not tampered with with highly sensitive [personally identifiable information] PII. Padraic O'Reilly, co-founder and chief innovation officer for CyberSaint, explained that what was not taken. 

According to his view, based on this information, we can presume that consumer names, addresses, demographic information, and information regarding their purchases may be included in the investigation. 8-Ks are usually released in stages as investigations progress, so stay tuned in this situation.
Read more »
United Kingdom
Cyber Security IT system NCSC security measures United Kingdom

In Q2 2022, NCSC Plans to Launch a New Assurance Scheme for IR and SimEx

 

In Q2 2022, the National Cyber Security Centre (NCSC) plans to implement a new assurance scheme for incident response (IR) and simulated exercises (SimEx), which might be a game-changer in the security sector. This will essentially result in the standardization of IR and SimEx across the board, as well as the expansion of commercial reach, opening up new markets for assured suppliers. Previously, the NCSC only offered the Cyber Incident Response (CIR) Service – shortly to be renamed CIR Level 1 – to UK Central Government and major corporations with complex IT systems that were regarded to have "national significance" networks. 

The new CIR service will dramatically broaden its reach to include local businesses, major businesses, and SMEs, while the new Cyber Incident Exercising Service will target large and medium organizations, as well as central and regional UK government. Because of the scope of the undertaking, the NCSC aims to hire Assured Scheme Partners to assess and onboard Assured Service Providers to police the scheme. 

The government agency is presently selecting its Assured Scheme Partners, with whom it will collaborate to develop the operating model and define how it will execute its technical standards across both services. 

SimEx can range from simple desktop exercises to full-fledged simulations, allowing corporate teams to respond to a given attack scenario. They could take the shape of a ransomware or phishing assault, DDoS simulation, or sensitive data being released on the dark web. A simulated exercise's purpose is to practise, analyze, or enhance the IR plan, so the true learning comes from how effectively the incident response process functions. 

Although it is unclear how the new Cyber Incident Exercising Service can support this wide range of activities, the NCSC has announced that it will include table-top and live-play formats. It will likely provide a sliding scale of increasingly complicated services, bringing much-needed clarity to the market. 

One of the main difficulties with SimEx today is that once the business considers testing its IR, prices may quickly escalate, so a formal framework with multiple techniques would help teams know precisely what they've signed up for and how much bang for their buck they're getting. 

Rather than the organization blindly investing in technology and presuming that its policies are being followed, these tests evaluate the effectiveness of security protocols by using attack scenarios that the organization is likely to face in the current threat landscape, informing the business of what is/isn't working and where the disparities are so that future spend can be focused.
Read more »
United Kingdom
Cyber Attacks IT system Nation-State Attacks United Kingdom

Attack on UK's Defence Academy Compelled a Rebuild of the IT System

 

According to a former senior officer, a probable nation-state attack on the UK's primary defense training facility last year compelled the academy to replace its IT infrastructure. Air Marshal Edward Stringer recently retired as the director-general of joint force development and the UK Defence Academy. 

Every year, the academy teaches roughly 30,000 UK armed forces personnel, as well as civil officials and military personnel from foreign countries. However, it was caught off guard by a cyber-attack in March of last year, which had "significant" operational ramifications, according to Stringer. 

IT team had to find backup ways to use regular internet, etc, to keep the courses running, which they did - but not as smoothly as before, to be fair, added Stringer.

He claimed he didn't know whether the hackers were criminals or a hostile state, but his main concern was whether the hackers sought to use the Defence Academy as a "backdoor" into much more secret portions of the MOD's IT systems. When asked if the cyberspies were effective, Air Marshal Stringer replied, "No, I was quite confident, that there hadn't been any other breaches beyond the Defence Academy." 

Despite the fact that no important information is believed to have been stolen, teaching was disrupted when courses were shifted online owing to the pandemic. “It doesn’t look like a violent attack, but there were costs. There were costs to operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage,” Stringer said. “What could we be spending the money on that we’ve had to bring forward to rebuild the network? There are no bodies in the streets, but there’s still been some damage done.” 

The MOD's digital branch launched an inquiry into the cyber-attack, but no findings - such as who was behind it - have been made public. The incident was also reported to the National Cyber Security Centre, a part of GCHQ. 

That rebuilding looks to be ongoing, with a note on the present Defence Academy website stating: “new website coming soon … please bear with us while we continue to update our site … check back soon for updates.” 

Serco, an outsourcing contractor, is purportedly in charge of the academy's IT systems, including website maintenance. While China, Russia, and other adversaries would surely have been motivated to undertake an attack, Stringer stopped short of attributing it to state-sponsored operatives.
Read more »
Subscribe to: Posts (Atom)