Thanks to all 17,171 subscribers. It really takes a community to fight against cyberattacks. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network!
In this week's Cyber Weekly:
NextGen Healthcare is an electronic health records software provider. They recently confirmed that over one million patients were affected by their latest data breach. According to a detailed analysis, an unknown third party leveraged previously stolen credentials to enter the system. This type of hack is called credential stuffing. It’s when hackers steal credentials from one attack and then use the stolen credentials on other platforms in an effort to penetrate the system. This is one of the oldest forms of hacking, because people tend to use the same password across platforms and that’s how hackers get in. (infosecurity)
My thoughts: The title is a lie. It was click bait! This isn’t a rare form of hack. It happens all the time. Please don’t use the same passwords across platforms. And if you own a business, look into automated detection and remediation services to catch this type of hack early. Let me know if you need help!
The U.S. Transportation Department (USDOT) were breached exposing the personal information of 237,000 federal employees. The breach attacked the system that reimburses government employees for commuting costs. The breach impacted 114,000 current employees and 123,000 former employees. Federal employees have been the victims of attacks in the 2014 and 2015. (Reuters)
My thoughts: Why is the information of SO many former employees still in the active system? Why not have a process to move old or stale data to archives? That data compromise could have been avoided.
SchoolDude is a cloud-based work order management system for the education industry to submit and track maintenance orders. Last month, they were breached and over three million users were affected. The hackers stole their names, email addresses, account passwords and phone numbers.
“When reached for comment, spokesperson Annie Satow did not dispute that the stolen SchoolDude passwords were unencrypted, but declined to comment beyond the company’s data breach notice. Brightly also declined to say how the breach occurred, or say who — if anyone — was responsible for overseeing cybersecurity at the company at the time of the breach.” (techcrunch)
My thoughts: Third-party verndor risk management should be mandatory for public industries. 3 MILLION people were affected by this one breach. And hackers will work tirelessly to hack their other accounts – especially those related to the school. The worst part is that this business is owned by Siemens, a very large corporations with a lot of resources. Why wasn’t security a priority?
National Gallery of Canada in Ottawa is still trying to fully recover from a cyber attack 3 weeks after it happened. The attack was detected when there was an interruption to their IT services. Some operational information was lost. Luckily, the organization doesn’t store full credit or debit card information in their systems. The gallery did not close during this time and remains open.
“We have taken this incident very seriously,” interim director and CEO Angela Cassie said in an email to the Citizen. “Our core focus was on protecting personal or sensitive information, and the safe operation of the gallery.” (artnet)
My thoughts: This issue of Cyber Weekly really feels like every public organization is getting virtually attacked. How can we prioritize the safety of the public sector?
To cap off this month's Cyber Weekly, I wanted to highlight my excitement about one of our newly onboarded vendors, Abnormal Security. The reason why Assurance IT decided to make this strategic investment with Abnormal was due to their platform's effectiveness at significantly mitigating losses related to business / vendor email compromise by leveraging advanced user behavior profiling and behavioral data science.
Abnormal offers a free non-invasive, minimal-overhead, Email Risk Assessment which highlights the residual risk that is bypassing an organization's existing email security controls. If you'd like to learn more about Abnormal and their free Risk Assessment, please write ABNORMAL in the comments below. We can discuss in further detail.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.