This Month in Cybersecurity - November Edition

McLaren Health Care Notifies User of Data Breach

Health Care delivery system, McLaren Health Care has sent out an incident notification letter stating that roughly 2.2 million individuals in their system have had their personal information compromised. The data breach, which occurred earlier this year has been confirmed to be related to an unauthorized access to the company’s network, which was determined to have taken place between July 28th and August 23rd of 2023.

The user information has not been shown to have been misused in any way but ransomware group Alphv/BlackCat has claimed to be the organization that stole the data and is threatening to auction it. No further insight on how the breach occurred, but McLaren has been working with the Maine Attorney General and disclosing information regarding the leak.


AI Company ChatGPT Experiencing Regular Outages

Generative application ChatGPT has reported that they were experiencing outages on both the ChatGPT interface and the associated APIs, that allow other programs to directly interface with ChatGPT. According to parent company OpenAI, the outages were due to continual DDoS attacks. They have claimed that the incident has been resolved, but security experts warn that this is the beginning of attention directed at OpenAI and other AI companies.

Leading experts agree that as AI grows and garners more attention, attacks like these will be more commonplace and used to hide attempts to perform data exfiltration efforts. AI is a prime target for threat agents and ransomware groups, as these companies have access to massive amounts of valuable data.

OpenAI did not confirm who the attacker was, but a group known as Anonymous Sudan has claimed responsibility, citing political reasons as the primary motive behind the attack.


SEC Draws Line in the Sand With Latest Suit

Over the years, organizations dealing with sensitive data from the government have flouted cybersecurity risk regulations from Department of Defense (DoD) contracts and other federal contracts by simply entering perfect scores, knowing that no true audit would be conducted. However, as the SEC has shown with the recent lawsuit against SolarWinds for the exact thing many are guilty of, they have shown that the government is coordinating to enforce cybersecurity regulations and hold those organizations accountable.

The self attestation that the DoD has required for prime and subcontractors are rooted in the lucrative contracts these organizations sign, but as of last year, only 36% of those contractors were reporting scores to the federal database, according to a study conducted by Merrill Research. These guidelines are due to get an overhaul in the new Cybersecurity Maturity Model Certification (CMMC) 2.0 regulation that is pending.

The CMMC will institute a new program that will enforce and audit the contractors, holding them truly accountable for the first time, as cybersecurity becomes more and more of a concern for the United State’s government. In a worst case scenario, if the contractor is found to not be in compliance, the organization will be subject to action by SEC and the cancellation of current and future contracts with the DoD and United State’s government.

Cyber Defense is available to discuss and to help implement these updated regulations to avoid any negative consequences from not being in compliance. Please reach out, if you require assistance!

 

Defensible Strategies

Learn from those who have been attacked

Data of Aerospace Company Boeing Leaked by Ransomware Group

After a cybersecurity event that occurred in late October, aerospace giant Boeing has had more than 43 gigabytes of data leaked by LockBit. LockBit is a ransomware-as-a-service group that has been one of the largest and most resilient groups, having been active for more than four years and having thousands of victims. The information the group was able to secure after the attack was posted to their website after not receiving any contact from Boeing, according to the ransomware group.

The data, while not confirmed by Boeing, seems to be of system information, configuration backups, and logs for monitoring and auditing tools. Some of the data published are backups from Citrix appliances, which has sparked speculation that the attack may have been perpetuated by the ransomware group taking advantage of a recently disclosed Citrix vulnerability (CVE-2023-4966), but no confirmation of the method of the attack has been made by either LockBit or Boeing.


Data Breach Disclosed by State of Maine, 1.3 Million People Impacted

The government organization of the State of Maine has disclosed a data breach that has occurred after a large scale hacking campaign targeting the use of the MOVEit file transfer tool. The attack took place between May 28th and May 29th of 2023, but the data breach was only confirmed in a recent notice of Security Incident.

According to the State, the incident was limited to only the file transfer tool, but that sensitive data include Social Security numbers, driver’s license/state identification numbers, and other data of 1.3 million people was compromised. According to the notice, the State of Maine moved to immediately block internet access to and from the MOVEit server and other methods to secure the information.

Due to the attack, the State of Maine has set up a call center to help people determine if their data was involved. The state has also offered two years of complimentary credit monitoring and identity theft protection services to those who had their data exposed.

NOTICE

New York has implemented an amendment to the DFS Regulation that may significantly impact your operations. Many of these changes were original proposed in the regulation proposal stage.

For a comprehensive overview of these changes, we have prepared a detailed web page where Jim has outlined the amendments section-by-section. You can access this valuable resource at the following link: https://cyberd.us/dfs-reg-500-2nd-amendment

Cyber Defense is happy to assist with navigating these changes and getting your company, so please do not hesitate to contact us as soon as possible!