This past month in cybersecurity:
- Multiple US Government Agencies Hacked
- Swatting “pranks” via Smart Home Devices
- Cyberattacks Against Vaccine Distribution Operations
- 45 Million Medical Images Openly Accessible Online
- Baltimore County Schools Ransomware
The US suffered a “grave threat” to national security in a massive cyber attack. Somewhere around 180,000 SolarWinds customers, including several US government agencies, were victims of an enormous cybersecurity attack. It appears likely that Russia mounted the attack, but this has not been confirmed.
The attackers attached malware to a SolarWinds update, which was pushed out to thousands of customers. The attackers then used the malware to snoop around government and private networks stealing massive amounts of sensitive information.
The malware was designed to be stealthy, and it took several months before anyone realized what was happening. During this time, the attackers infiltrated around 40 government agencies and companies via targeted attacks attempting to exfiltrate sensitive data.
Glenn Gerstell, the NSAs general council, said, “It’s as if you wake up one morning and suddenly realize that a burglar has been going in and out of your house for the last six months.”
It’s unclear exactly what data was stolen and how many organizations were targeted. It will be a test of the new Biden administration regarding how they will respond to this attack and how aggressive they will be toward Russia.
“Swatting” is a not-funny-at-all “prank” in which a criminal hacks a victim’s smart home device and uses it to call the police with a made-up story eliciting an emergency response. This is extremely dangerous and has resulted in an innocent person’s death and lots of wasted law enforcement resources.
Attackers use listed of breached credentials to mount “password stuffing” attackers against smart home device users, such as the Ring smart doorbell. Since people frequently use reused and weak passwords when creating their smart device credentials, attackers can access their accounts and then use them to trigger emergency responses remotely.
If you own smart home devices like a Ring, make sure that you have a strong, unique password and multi-factor authentication enabled.
IBM has found that many COVID vaccination distribution chains are under cyber attack. It is unclear if these attacks were mounted in an attempt to steal vaccine related data or if they are meant to disrupt distribution efforts.
It appears the attacks are sophisticated enough to indicate a government-backed adversary, but this has not been confirmed.
The Department of Homeland Security issued a warning and recommended that organizations review IBM’s findings.
CybelAngel found more than 45 million medical images completely unprotected and internet accessible. CybelAngel stressed that no hacking tools were used, and that the images were accessible from the internet and that no password was required.
The culprit appears to be a network-attached storage (NAS) device that was not configured correctly. This was especially surprising considering the increased requirements for protecting health data in the US.
The Baltimore Country School System was hit with a ransomware attack in November. Officials are now saying they believe no personal data was stolen during the ransomware attack, one of the chief concerns when the attack first took place.
However, not everyone is so quick to believe no personal data was stolen. Forensic analysis takes time, and it’s certainly possible that continued investigation will reveal something different.
Thanks for reading! We’ll be back next month with a quick roundup of topics we found interesting.
Did we miss a super important story? Let us know! We’ll do better next time.