Port of Seattle says it was hit with ransomware attack


The criminal organization behind the attack, known as Rhysida, did steal data, according to the port.

SEATAC, Wash. — The system outages at Seattle-Tacoma International Airport in August were the result of a ransomware attack, the Port of Seattle confirmed Friday. 

The criminal organization behind the attack, known as Rhysida, did steal data, according to the port. It’s currently unclear what data was stolen, but Rhysida may post it to its dark website after the port refused to pay the ransom demand.

“From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” Steve Metruck, executive director of the Port of Seattle, said in a prepared statement. “Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars.”

The port said it is committed to assessing the data and notifying people who may have been impacted. If employee or passenger personal information was obtained, the port said it would inform them.

Travel at Seattle-Tacoma International Airport remains safe, according to the port, which owns and operates the airport.

The Port of Seattle discovered outages consistent with a cyberattack on Aug. 24. The attacker encrypted access to some data. The port disconnected its systems from the internet. The combination of the attack and encryption hindered services including baggage, check-in kiosks, ticketing, WiFi and more.

The majority of the systems were brought back online within a week, according to the port. The airport said its system is fully restored for passengers.

According to the port, steps are being taken to strengthen its digital systems further as they are being restored and rebuilt. 

Source…

Iceland among the best countries in the field of cyber security


Iceland ranks 10th among European nations in the field of …

Iceland ranks 10th among European nations in the field of cyber security.
Photo/Colourbox

Iceland”s cyber security capacity has increased dramatically in recent years according to the International Telecommunication Union’s newly published cyber security index for 2024.

This is stated in an announcement on the Government Cabinet’s website.

Five areas are measured that pertain to the country’s cyber security, and Iceland received 99.1 points out of a possible 100. In the last assessment, carried out in 2020, Iceland received 79.8 points.

“This is an amazing achievement”

“This is an amazing result that we are extremely proud of. Among other things, we are now reaping the benefits of systematically working on a cyber security plan that we introduced two years ago, and during that time we have worked closely with a number of parties on what is needed to improve cyber security.

I am very grateful for that cooperation and how much ambition our partners have shown in improving what concerns them,” Áslaug Arna Sigurbjörnsdóttir, Minister of Higher Education, Science and Innovation, who is also in charge of electronic communications and internet security, is quoted as saying.

Iceland ranks 10th among European nations

Iceland is currently ranked 10th among European nations in the field of cyber security, but was ranked 31st in 2020.

“Iceland is now in the highest category, the so-called exemplary category, and is therefore considered among the top 10% of the 194 countries included in the assessment,” is reported in the announcement.

Source…

Windows vulnerability abused braille “spaces” in zero-day attacks


Windows logo with a red background

A recently fixed “Windows MSHTML spoofing vulnerability” tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group.

When first disclosed as part of the September 2024 Patch Tuesday, Microsoft had not marked the vulnerability as previously exploited. However, on Friday, Microsoft updated the CVE-2024-43461 advisory to indicate it had been exploited in attacks before it was fixed.

The flaw’s discovery was attributed to Peter Girnus, a Senior Threat Researcher at Trend Micro’s Zero Day, who told BleepingComputer that the CVE-2024-43461 flaw was exploited in zero-day attacks by Void Banshee to install information-stealing malware.

Void Banshee is an APT hacking group first tracked by Trend Micro that targets organizations in North America, Europe, and Southeast Asia to steal data and for financial gain.

The CVE-2024-43461 zero-day

In July, Check Point Research and Trend Micro both reported on the same attacks that exploited Windows zero-days to infect devices with the Atlantida info-stealer, used to steal passwords, authentication cookies, and cryptocurrency wallets from infected devices.

The attacks utilized zero-days tracked as CVE-2024-38112 (fixed in July) and CVE-2024-43461 (fixed this month) as part of the attack chain.

The discovery of the CVE-2024-38112 zero-day was attributed to Check Point researcher Haifei Li, who says it was used to force Windows to open malicious websites in Internet Explorer rather than Microsoft Edge when launching specially crafted shortcut files.

“Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL,” explained Li in a July Check Point Research report.

These URLs were used to download a malicious HTA file and prompt the user to open it. When opened, a script would run to install the Atlantida info-stealer.

The HTA files utilized a different zero-day tracked as CVE-2024-43461 to hide the HTA file extension and make the file appear as a PDF when Windows prompted users as to whether it should be opened, as shown below.

ZDI…

Source…

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack


Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Pierluigi Paganini
September 15, 2024

Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack that hit the agency in August.

In August, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted.

Media reported that the Port of Seattle, which also operates the Seattle-Tacoma International Airport, suffered a cyber attack that impacted the websites, email and phone services. According to The Seattle Times, the cyber attack disrupted travel plans.

“A spokesperson for Alaska Airlines said staff was manually sorting over 7,000 bags, because “a majority” of checked bags missed their flights this weekend.” reported The Seattle Times.

“We believe this was a cyberattack,” said Lance Lyttle, managing director of aviation for Sea-Tac Airport, at a news conference Sunday afternoon.”

“We are conducting a thorough investigation with assistance of outside experts We have contacted and are working closely with federal partners, including TSA and Customs and Border Protection,” Lyttle added.

Port of Seattle cyberattack
Source NewsBytes

The Port of Seattle first reported it was experiencing an internet and web systems outage. According a message posted on X, the problems impacted some systems at the airport.

Passengers were recommended to check with their airlines for the latest information for their flights.

In response to the incident, the Port isolated critical systems.

Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack. The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government…

Source…