Welcome to the first weekly edition of The Sting cyberattack newsletter!
01/14/2023
Norton LifeLock Warns On Password Manager Account Compromises
Norton LifeLock customers have fallen victim to a credential-stuffing attack. Cyberattackers used a third-party list of stolen username and password combinations to attempt to break into Norton accounts, and possibly password managers, the company is warning. Gen Digital, owner of the LifeLock brand, is sending data-breach notifications to customers, noting that it picked up on the activity on Dec. 12, when its IDS systems flagged "an unusually high number of failed logins" on Norton accounts. After a 10-day investigation, it turns out that the activity stretched back to Dec. 1, the company said. While Gen Digital didn't say how many of the accounts were compromised, it did caution customers that the attackers were able to access names, phone numbers, and mailing addresses from any Norton accounts where they were successful. Full Story
Source: DarkReading
01/13/2023
Okanagan College In British Columbia Hit By Cyberattack
A cyberattack and subsequent network shutdown on Jan. 9 left nearly 16,000 Okanagan College students and 1,200 staff unable to access campus network services. In a written statement on Jan. 11, President Neil Fassina said the institution’s IT services team uncovered the attack while conducting routine surveillance. Fassina said the attack, launched by an “undetected outside agent,” forced the IT services team to shut down and disable network access on all campuses in Kelowna, Vernon, Penticton and Salmon Arm. He said the team is investigating the incident with the help of outside cybersecurity experts, but campus network services had not been restored (at the time of writing). “The outage has impacted our public website and learning management site Moodle. It has impacted our ability to send user emails to our students and staff.” Full Story
Source: Canada Today
01/12/2023
UK's Royal Mail Services Hit By Major Cyberattack
The UK’s Royal Mail has been forced to suspend overseas services amid serious disruption caused by a cyberattack of an as-yet unspecified nature. The attack has hit its international export services and means it is currently unable to dispatch letters or parcels outside the UK. “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident,” said a spokesperson. “Our teams are working around the clock to resolve this disruption and we will update customers as soon as we have more information. We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities." The National Cyber Security Centre (NCSC) confirmed via Twitter that it is providing assistance. Full Story
Source: ComputerWeekly.com
01/11/2023
Hackers Leak Sensitive Files After Attack On San Francisco Transit Police
Criminal hackers have posted an enormous trove of sensitive files to the internet from a San Francisco Bay Area transit system’s police department, including specific allegations of child abuse. The breach comes from the Bay Area Rapid Transit System (BART) Police Department. BART’s chief communications officer, Alicia Trost, said in an email officials were investigating the posted files and that the hackers had not impacted BART services. It’s unclear when the hack occurred. The perpetrators are an established group of ransomware hackers, one of the many who attack specific organizations and either encrypt sensitive files or threaten to post them on the dark web. The website the BART Police leaks were posted includes more than 120,000 files, according to an NBC News review. Full Story
Source: NBC News
01/10/2023
Iowa's Largest City Cancels Classes Due To Cyberattack
Iowa’s largest school district has cancelled classes for today after determining there had been a cyberattack on its technology network. Des Moines Public Schools announced yesterday that classes would be cancelled for its 33,000 students after being “alerted to a cyber security incident on its technology network." The district said in a news release that it took its internet and network services offline while it assessed the situation. It didn't describe the nature of the attack or say whether sensitive information might have been stolen, and it didn't immediately respond to a request for further information. The district will decide this afternoon whether to hold classes tomorrow. Sports and other activities are cancelled at Des Moines schools today, but teams will be allowed to compete at schools outside the district. Full Story
Source: ABC News
01/09/2023
Hacker Collective Anonymous Downs Serbian Defence Ministry Website
Hacker collective Anonymous has claimed responsibility for a cyberattack on the Serbian defence ministry website. The group has sent threats to President Aleksandar Vucic since December, urging Serbia to stop its actions in Kosovo. The threats came amid an escalation of the situation in northern Kosovo where local Serb erected barricades in protest against the authorities in Pristina. On Jan. 5, the Ministry of Defence website was not reachable (it is back online now). “#Anonymous has launched #OpSerbia taking numerous government websites down the past few days. Targeting government infrastructure,” said a tweet from the Anonymous Operations Twitter account. Serbian President Aleksandar Vucic responded by posting a video of himself playing with his dogs on Instagram with the caption” "We are getting ready to fight against anonymity.” Full Story
Source: BNE Intellinews
01/07/2023
U.S. Family Planning Nonprofit MFHS Says Patient Medical Data Stolen In Ransomware Attack
U.S. nonprofit healthcare giant Maternal & Family Health Services has confirmed hackers accessed sensitive patient, financial and medical information months earlier. In an advisory published on its website on Jan. 5, MFHS said a “sophisticated ransomware incident” exposed the sensitive information of current and former patients, employees and vendors. This information included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account data and payment card information, usernames and passwords, and medical and health insurance information. The organization, which serves more than 90,000 individuals across Pennsylvania, said it was made aware of the incident on Apr. 4, 2022 but may have been initially compromised as far back as Aug. 21, 2021. Full Story
Source: TechCrunch
01/06/2023
14 UK Schools Hit By Cyberattack And Documents Leaked On The Dark Web
Highly confidential documents from 14 UK schools have been leaked on the dark web by hackers, the BBC can reveal. One of those was Pates Grammar School in Gloucestershire, targeted by a hacking group called Vice Society. The documents, seen by the BBC, include children's SEN information, child passport scans, staff pay scales and contract details, stolen in 2022. The Vice Society has been behind a high-profile string of attacks on schools across the UK and the USA in recent months. It allegedly stole 500 gigabytes of data from the entire Los Angeles Unified School District, according to WIRED. The FBI in America has already released an alert on the group's activities. Full Story
Source: BBC
01/05/2023
Billion-Dollar Rail Firm Confirms Data Breach After Suspected Ransomware Attack
One of the world’s largest rail and locomotive companies announced a data breach this week that involved troves of employee information following an alleged ransomware attack last summer. Wabtec, which has about 25,000 employees and operates in 50 countries, began sending out breach notification letters on Dec. 30 letting people know that data was stolen from their systems during a cyberattack they discovered last June. In a statement, the company said it contacted the FBI and hired a cybersecurity firm, which discovered that the hackers “introduced malware” to certain systems as early as March of last year. The investigation found that systems containing sensitive information were accessed and data was exfiltrated before being posted to a leak site. Wabtec confirmed the findings on Nov. 23. Full Story
Source: The Record
01/04/2023
Hackers Claim Ransomware Attack On Los Angeles Housing Authority
The Housing Authority of the City of Los Angeles, or HACLA, has confirmed it is investigating a cybersecurity incident shortly after the LockBit ransomware gang claimed responsibility for a cyberattack on the agency. HACLA, which provides affordable housing to more than 19,000 low-income families across Los Angeles, was added to LockBit’s dark web leak site on Dec. 31. The listing, seen by TechCrunch, claims that LockBit has stolen 15 terabytes of data from the housing agency. Screenshots posted by the cybercriminals suggest the data includes the personal details of people who sought housing assistance from the city, as well as data from the city agency’s payroll, human resources and accountancy files. Full Story
Source: TechCrunc