Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Virginia. Show all posts

IT breach Forces Virginia Museum to Shut Down its Website

 

The Virginia Museum of Fine Arts announced this week that it identified an intrusion in the security of its information technology system late last month that forced the museum to take the website offline for a state investigation. 

The Richmond Times-Dispatch reports that there’s no evidence to suggest that the breach is linked to the ransomware attack on Virginia legislative agencies’ IT systems. The state police are investigating a ransomware attack on state legislative agencies, which was unearthed late Sunday night. 

In addition, there is no evidence that private or financial detail was accessed or compromised, spokeswoman Jan Hatchette stated in response to an inquiry by the Richmond Times-Dispatch. The museum said it hopes to restore the website by the end of next week.

 
According to the museum, an independent agency of the state, the Virginia Information Technologies Agency discovered a breach in the website in late November, along with “evidence indicating an existing security threat from an unauthorized third-party.”

As a precautionary measure, the museum website will remain offline until the breach is investigated, contained and the website’s functionality is restored. A temporary website was put up “until the restoration is complete,” Hatchette stated.

"We realize that this has been an inconvenience to our members, visitors, community and staff and we appreciate their patience and support as we work diligently to restore our website to its full capacity (hopefully by end of day Friday). We are committed to the ongoing enhancement of our website security infrastructure in an effort to prevent incidents like this from occurring again," she concluded.

Earlier this week, the Department of Behavioral Health and Developmental Services also acknowledged that its IT system for employee timesheets has been "crippled" by a ransomware attack on the global KRONOS network that serves the executive branch agency. However, the organization adopted a manual system to ensure that the staff was paid on time. "State facilities have switched back to manual systems that are very time-intensive, but they will get the job done and ensure staff are paid," spokeswoman Lauren Cunningham stated.

Last year, Fairfax County Public Schools, Virginia’s largest school system was targeted and the hackers demanded a ransom payment in exchange of stolen personal information. The school system blamed the problems on internet provider Verizon, but Verizon said it did not experience any service outages.

Virginia Defense Force Email Accounts Hit by a Cyber Attack

 

In July, a hacker invaded the email accounts of the Virginia Military Department and the Virginia Defense Force, told a representative from the Virginia National Guard. 

The attack "impacted" the e-mail reports of the Virginia Department of Military Assistance as well as the Virginia Department of Defense, but still, no proof of violations has been identified. Joint investigation with the State and Federal cyber security and law enforcement officials have made all these revelations. 

The Virginia National Guard's Chief of Public Affairs, A. A. Puryear, stated that the organization was alerted in July of potential cyber threats to the Virginia Defense Force and started investigating instantly in synchronization with state and federal cyber security officials and law enforcement to ascertain what all was affected by the severe cyber-attack. 

The National Guard of Virginia comprises the Virginia Army National Guard and the Virginia Air National Guard. It's a component of the Virginia government, the federal state has largely financed the Virginia National Guard throughout the United States. The National Guard is the only military organization authorized by the United States to operate as a state. The Virginia Defense Force is the Virginia National Guard's all-voluntary reserve and "serves as a force multiplier" in all domestic activities of the National Guard. 

"The investigation determined the threat impacted VDF and Virginia Department of Military Affairs email accounts maintained by a contracted third party, and there are no indications either VDF or DMA internal IT infrastructure or data servers were breached or had data taken," Puryear said. 

"There are no impacts on the Virginia Army National Guard or Virginia Air National Guard IT infrastructure. The investigation is ongoing with continued coordination with state and federal partners to determine the full impact of the threat and what appropriate follow-up actions should be taken." 

However, on the 20th of August, a treasure dataset obtained from the Virginia military department was published on Marketo - marketplace for stolen information. They argued to have 1GB of data that was available for sale. 

Findings have suggested that although administrators of Marketo are not sellers, certain data on their website is believed to have been collected and advertised which compelled victims to pay ransom during ransomware attacks. 

Earlier Marketo used to be in the headlines for selling the Japanese tech firm Fujitsu's data. Digital Shadows published in July an article about this group that was established in April 2021 and frequently publishes its stolen information on Twitter via an account. The organization has often argued that it was an "informational marketplace" and not a ransomware group. 

"They have taken the same route that Babuk did and are all 'data leaks.' To the best of our knowledge, they don't claim to steal the data themselves and instead, they offer a public outlet to groups who do, whether they are ransomware or not," Allan Liska, member of the computer security incident response team at Recorded Future said. 

Threat analyst and ransomware specialist, Brett Callow from Emsisoft stated that it is still not obvious exactly how Marketo obtains the data they sell, and also that their responsibilities for hacking or simply act as commission-based brokers aren't really clear. He said that certain victims on Marketo's leak site have lately been affected by attacks from ransomware, such as the X-Fab attack that the Maze ransomware attack in July 2020 and the Nefiliim ransomware attacks of Luxottica in September. 

"That said, at least some of the data the gang has attempted to sell may be linked to ransomware attacks, some of which date back to last year. Leaked emails can represent a real security risk, not only to the organization from which they were stolen but also to its customers and business partners," Callow said. 

Recently, the group has identified hundreds of institutions, including the US Defense Department, and normally leaks a new one weekly and mostly sells data from companies in the US and Europe.