Tag Archive for: delays

Court delays mount 2 weeks into ransomware attack on Colorado public defender’s office – Greeley Tribune

/in


The Office of the Colorado State Public Defender remains crippled by a ransomware attack two weeks after the malware first forced the statewide agency to disable its computer systems — and the shutdown is raising growing concern across the state court system as delays mount.

Most public defenders have regained access to their computers, court filings and “some client files” since the ransomware was discovered Feb. 9, but “more work is necessary to return to normal operations,” the agency said in a statement Friday.

Officials with the public defender’s office refused to say how much money was demanded in the ransomware attack, in which criminals blocked access to some of the agency’s files and demanded payment to restore that access.

They also have not said whether the office will pay the ransom, when the agency expects to once again be fully operational, what kind of information was breached, and whether the personal information of attorneys, witnesses or victims of crime was exposed.

Public defenders this week still could not effectively represent their clients in court in most cases, said 18th Judicial District Attorney John Kellner, who serves as the elected prosecutor in Arapahoe, Douglas, Elbert and Lincoln counties.

“It’s reminiscent of the COVID slowdowns a couple years ago,” he said. “We have public defenders asking for continuances or resetting trials on most matters.”

In the week after the attack, the statewide number of rescheduled hearings jumped by nearly 600 compared to the previous week, according to data provided by the Colorado Judicial Department. Hearings were rescheduled in about 3,300 cases across the state in the week before the attack, which increased to about 3,900 cases during the first full week that the public defender’s office was dealing with the ransomware — an 18% jump.

The longer the public defender’s office is non-operational, the more of a problem the repeated rescheduling becomes, said 16th Judicial District Chief Judge Mark MacDonnell.

“I don’t think we’ll be able to continue on this path for a long time,” he said. “It’s been two weeks and it’s getting to the point where if it’s not solved,…

Source…

Dallas delays release of report that reviews ransomware response

/in


An internal report reviewing Dallas’ response to a ransomware attack that was planned to be published Wednesday could now have its public release delayed up to two weeks, city officials say.

The hold up could mean further delaying clarity to the public on how the cyberattack happened and what steps the city took to safeguard residents’ personal information since then.

A full after-action report was scheduled to be released to the public after a briefing on the review’s findings by information technology officials to the City Council on Wednesday, but the briefing was postponed because it was past 8 p.m. by the time the presentation was set to be heard. The City Council meeting started around 9:30 a.m., and the bulk of it was spent discussing amendments to the upcoming budget.

Political Points

Get the latest politics news from North Texas and beyond.

“In the interest of time tonight, we’re going to recommend that we postpone the briefing (letter) C, the ransomware update, until our next briefing day, as well as the executive session that may have been associated with it,” City Manager T.C. Broadnax told the City Council around 8:20 p.m. Wednesday. The elected officials approved delaying the presentation to their next briefing meeting, which is scheduled for Sept. 20.

Catherine Cuellar, the city’s communications director, confirmed Thursday that the report’s release will be delayed as well. A news conference with Chief Information Officer Bill Zielinski and Chief Security Officer Brian Gardner — top officials in the city’s IT department — about the ransomware attack was scheduled for 2 p.m. Thursday. It was canceled four hours after it was announced Wednesday when the council presentation was postponed.

It would have been the first news conference held by the city discussing the ransomware attack since the data breach was announced on May 3.

Hackers accessed some of the most sensitive information stored by the city, including medical information, health insurance information and Social Security numbers of Dallas employees, retirees and their relatives. The personal information of…

Source…

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

/in


Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches.

“The zero-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices,” researchers with Google’s Threat Analysis Group (TAG) said in a report detailing the attack campaigns. “Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.”

The iOS spyware exploit chain

Apple has a much tighter grip on its mobile ecosystem being both the sole hardware manufacturer of iOS devices and the creator of the software running on them. As such, iPhones and iPads have historically had a much better patch adoption rate than Android, where Google creates the base OS and then tens of device manufacturers customize it for their own products and maintain their own separate firmware.

In November 2022, Google TAG detected an attack campaign via SMS that targeted both iOS and Android users in Italy, Malaysia, and Kazakhstan using exploit chains for both platforms. The campaign involved bit.ly shortened URLs that, when clicked, directed users to a web page delivering the exploits then redirected them to legitimate websites, such as the shipment tracking portal for Italian logistics company BRT or a popular news site from Malaysia.

The iOS exploit chain combined a remote code execution vulnerability in WebKit, Apple’s website rendering engine used in Safari and iOS, that was unknown and unpatched at the time. The flaw, now tracked as CVE-2022-42856, was patched in January after Google TAG reported it to Apple.

However, a remote code execution flaw in the web browser engine is not enough to compromise a device, because mobile operating systems like iOS and Android use sandboxing techniques to limit the privileges of the browser….

Source…

Ransomware attack on chip supplier causes delays for semiconductor groups

/in


Disruption from a ransomware attack on a little-known supplier to the world’s largest semiconductor equipment manufacturers will continue into March, in a new setback to chip production after years of coronavirus-related delays.

US-based MKS Instruments told investors and suppliers this week that it had yet to fully recover from a “ransomware event”, first identified on February 3, in an attack that has strained supply chains for the global chip industry.

“We’ve begun starting up the affected manufacturing and service operations,” MKS chief executive John Lee said in a call with analysts and investors on Tuesday.

MKS’s customers include many of the largest companies that produce semiconductors and the specialised equipment necessary to manufacture them, including TSMC, Intel, Samsung and ASML.

The company had revealed on Monday that it could still take “weeks” more to restore operations and would cost hundreds of millions of dollars in lost or delayed sales. Most ransomware victims are able to recover in about three weeks, according to industry estimates.

The attack affected “production-related systems” as well as critical business software, MKS said earlier this month, forcing it to suspend operations at some of its facilities. The Massachusetts-based company makes lasers, vacuum systems and other specialised equipment vital to chip manufacturing.

Lee has said the attack “materially impacted” its systems, including its ability to process orders and ship products in its two largest divisions, photonics and vacuum.

After delaying publication of its latest financial results, which were released on Monday, the company has now told the US stock market regulator that it is unable to file its annual report on time. Missing the extended deadline could result in a fine.

Its forecast of “at least” a $200mn hit to its current quarter’s revenues is about a fifth of the $1bn in sales that it had forecast before the attack. Analysts at Cowen, a broker, estimate the final impact on quarterly sales could total as much as $500mn — more than half what Wall Street had previously predicted.

“The full scope of the costs and related impacts of the incident has…

Source…