We’re doing Byte Sized News a little differently this week.
BSN shifting to Monday gives us a better chance to fill you in on an entire week’s worth of cybersecurity news stories in one concise blog post. Get a recap of last week’s biggest headlines, giving you a jump start to the beginning of your week.
Last week’s top stories include the State of Wyoming leaking COVID-19 test data and other personal information, the British Prime Minister’s phone number being exposed in an old press release, reports of First Horizon Bank customers having their accounts drained, and much more.
Let’s get to the news.
According to Threatpost, if you live in Wyoming and have taken a COVID test, there’s a one in four chance that your personal data has been posted online.
The Wyoming Department of Health (WDH) said last Wednesday it accidentally posted COVID test results of state residents onto their public-facing storage buckets. The WDH said in a public advisory that an employee fumbled the information of about 164,021 Wyoming residents and of people from other states dating back to as early as November 5, 2020. The department learned about the incident on March 10. The 2020 census showed that Wyoming has about 577,000 residents, meaning that the spill affected about 25% of the state’s population.
The leaked data included 53 sets of files. Besides test results for COVID-19 and influenza, the cache also contained a file with breathalyzer test results; name or patient IDs; addresses; dates of birth; and the dates when patients were tested. A big caveat to the news is that the COVID-19 test results weren’t limited to Wyoming, but instead included tests taken between January 2020 and March 2021 from individuals located all over the United States.
The employee blamed for the incident mistakenly uploaded the data files to the private and public online storage repositories in the cloud.
This is far from the first time that we’ve seen developers “fat-finger” public health records like this, and it definitely won’t be the last.
A phone number belonging to the United Kingdom’s Prime Minister, Boris Johnson, has been publicly accessible online for over fifteen years. InfoSecurity Magazine has more on the story.
Johnson’s phone number was listed on a think tank press release published on the Internet back in 2006, back when he was the Member of Parliament for the town of Henley in Buckinghamshire. This breach was first reported by the website Popbitch in a piece titled ‘Hoping not to butt-dial Boris Johnson.’ The piece led into a statement reading “It’s not as though the Prime Minister’s personal phone number could just be floating out there on the internet, is it?”
According to the BBC, it appears that the exposed number is still in use by the Conservative prime minister. Leader of the opposing Labor party, Sir Keir Starmer, described the news of the number’s availability as a “serious situation (that) carries a security risk.”
Home Officer minister Victoria Atkins said that the PM was “aware of his responsibilities” on national security and that she had “complete and utter confidence” that he and his group of advisors would uphold those responsibilities.
In a story also brought to us by Threatpost, F5 Networks’ Big IP Application Delivery Services appliance contains a Key Distribution Center (KDC) spoofing vulnerability.
According to researchers at Silverfort, the KDC-spoofing flaw, tracked as CVE-2021-23008, can be used to bypass Kerbos security and sign into the Big-IP Access Policy Manager or admin console. Kerbos is a network authentication protocol that’s designed to provide strong authentication for client/server applications by using secret-key cryptography.
With this vulnerability, a cyber criminal could gain unfettered access to Big-IP applications without the need for legitimate credentials. The potential impact of this vulnerability could be significant: F5 provides enterprise networking to some of the largest tech companies in the world, including Facebook, Microsoft, and Oracle, and a mass amount of Fortune 500 companies that includes many of the biggest financial institutions and ISPs.
As ransomware continues to ravage the cybersecurity industry, Cyberscoop reports that the hacking groups behind these attacks are getting greedier.
The average demand for a digital extortion payment shot up in the first quarter of 2021 to $220,298, up over 43% from the previous quarter, according to a quarterly report from Covewave, a ransomware response firm. The median payment also jumped 58% from $49,450 to $78,398.
The majority of ransomware attacks carried out in the first quarter of 2021 also involved theft of corporate data, a continuation of a trend we’ve seen where ransomware attackers rely heavily on exfiltration and extortion demands. 77% percent of ransomware attacks also included the threat to publish stolen data, which is up 10% from the same time period in 2020.
This report drops in the middle of attempts by the United States government to improve law enforcement actions targeting the infrastructure that supports these nefarious ransomware gangs.
Coveware also found that — so far this year — fewer victims were actually paying ransom demands. But with extortion attempts on the rise and average demands rising with attacks, victims are feeling more pressure than ever to open up their wallets, even if they’re better off avoiding the exchange of currency entirely.
One of the largest banks in the United States has disclosed a breach that had over 100 of its customers’ funds accessed by an unauthorized intruder. InfoSecurity Magazine has more on the report.
First Horizon Bank claimed in a filing with the Securities and Exchange Commission (SEC) yesterday that less than $1 million was stolen in total from those accounts. The attack itself seems to have relied on stolen or brute force customer credentials, plus the exploitation of a vulnerability inside the financial services company.
“Based on its ongoing investigation, the company determined that an unauthorized party had obtained login credentials from an unknown source and attempted access to customer accounts,” the SEC filing explained.
First Horizon Bank, formally known as First Tennessee Bank, said it had remediated the bug in question, reset the affected customer passwords, and reimbursed those impacted by the breach.
Given the bank’s profits exceeded $500 million last financial year, the raid would indeed not seem to have made a serious impact on its bottom line. However, experts argued that the incident should serve as a warning for IT security teams that layered defenses are essential today.