What do water plants, hospitals, and Social Security numbers have in common? Well, this week, it’s unfortunately cybersecurity headlines.
Earlier this week, Krebs on Security reported, “A service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look up the SSN or background report on virtually any American.” Quite coincidentally, that same day a US District Judge in Tampa, Florida sentenced a Ukrainian to eight years in federal prison for selling the Social Security numbers of US citizens.
Additionally, Social Security numbers were among the data obtained by the ransomware group, Daixin Team, after they allegedly stole nearly 34,000 files in an attack on the North Texas Municipal Water District. Across the country, the Pennsylvania water authority was also the victim of a cyberattack that “forced operators to switch a pumping station to manual control.”
As 2023 comes to a close, cyberattacks are becoming more prolific impacting everything from state court systems to water plants to high schools, hospitals and a US nuclear research facility.
To learn more about incident response, business continuity, and disaster recovery, explore the content available in our Library.
Dec. 1: A new Security Code feature allows WhatsApp users to use passwords to protect sensitive conversations.
Dec. 1: The Maine Wire reported, “Nearly every resident of the state of Maine has had their personal data, including social security numbers and medical records, stolen by a foreign criminal organization.”
Nov. 30: In advance of the 2024 election, Meta has warned that foreign governments, particularly Russia, Iran, and China, will continue to spew misinformation and disinformation via fake social media accounts.
Nov. 30: Infosecurity Magazine reported, “A major data breach at IT provider Zeroed-In Technologies has impacted two million end users, including thousands of Dollar Tree and Family Dollar employees.”
Nov. 29: Japan’s Aerospace Exploration Agency announced that it was hit with a cyberattack after attackers successfully exploited a vulnerability in network equipment.
Nov. 28: “Amir Hossein Golshan, 25, of Los Angeles, was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes, including one involving SIM swapping,” Security Week reported.
Nov. 28: After security vendor, Hunters Security, released proof-of-concept code demonstrating a weakness in Google Workspace, Google disputed the characterization of the issue as a design flaw.
Nov. 27: Cybersecurity Dive reported, “A cyberattack targeting Fidelity National Financial led to disruptions across its services, including title insurance and mortgage transactions, after it was forced to block access to certain systems.”
Nov. 27: The European Union’s cyber emergency response team warned that Fancy Bear, a Russian hacking group, has been targeting European governments with custom-tailored spearphishing campaigns.
Nov. 26: The Department of Homeland Security announced, “the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) today jointly released Guidelines for Secure AI System Development to help developers of any systems that use AI make informed cybersecurity decisions at every stage of the development process.”