Tag Archive for: Finds

Hackers penetrated LAUSD computers much earlier than previously known, district probe finds

/in


Los Angeles, CA - September 06: Superintendent of Los Angeles Unified School District Alberto M. Carvalho speaks during a press conference at Edward R. Roybal Learning Center on Tuesday, Sept. 6, 2022, in Los Angeles, CA. There's been a major cyberattack on the Los Angeles Unified School District. Major problems over the weekend. (Francine Orr / Los Angeles Times)

Supt. Alberto M. Carvalho speaks at a September news conference about a major cyberattack on the Los Angeles Unified School District. (Francine Orr/Los Angeles Times)

An intrusion into the computer systems of the Los Angeles school district began more than a month earlier than previously disclosed and likely exposed confidential information, including Social Security numbers, of more than 500 people who worked for district contractors, according to information filed with the state.

As the district previously disclosed, the security breach does not appear to extend to the payroll records and Social Security numbers for the tens of thousands of district employees. An undisclosed number of students enrolled at some point from 2013 through 2016 and some employees during that period appear to have lost information that includes their date of birth and address. California school districts don’t collect student Social Security numbers.

The updated information comes by way of a “Notice of Data Breach” that the nation’s second-largest school system was required under state law to send to potential victims.

School district officials Friday did not provide information on the number of possible victims. In addition to having to notify victims, a notice letter must be filed with the state attorney general when the number of those affected surpasses 500 California residents, the mandated threshold for public notification.

District officials had previously stated that there would be a small but not-yet-determined number of victims — “outliers,” as Supt. Alberto Carvalho described them. The victims would be notified and assisted, he added, while emphasizing that the overriding narrative was one of a worse disaster averted.

Hackers made off with about 500 gigabytes of data — a figure agreed on by both the hackers and the school system. That’s a large haul compared with what an individual user would maintain, but a tiny fraction of the data under the control of L.A. Unified.

Stealing data is only one part of an attack. The second part involves encrypting computer systems so that its users cannot get in, paralyzing the ability to conduct everyday business. Hackers managed to encrypt servers in the…

Source…

Cloudflare DDoS Report Finds Increase in Attack Volume and Duration

/in


Cloudflare released its Distributed Denial of Service (DDoS) Threat Report for the fourth quarter of 2022. The report covers the DDoS attack landscape as detected by the Cloudflare network. HTTP DDoS attacks increased 79% year-over-year with ransom DDoS attacks seeing an increase as well. The report found that longer attacks on increasing especially with network-layer DDoS attacks.

Cloudflare found that attacks exceeding 100 gigabits per second increased by 67% quarter-over-quarter (QoQ). Attacks that lasted longer than three hours also increased by 87% QoQ. Omer Yoachimik, Product Manager at Cloudflare, notes that for HTTP DDoS attacks:

While most of these attacks were small, Cloudflare constantly saw terabit-strong attacks, DDoS attacks in the hundreds of millions of packets per second, and HTTP DDoS attacks peaking in the tens of millions of requests per second launched by sophisticated botnets.

QoQ Change in DDoS attack rates in 2022 Q4 as measured by Cloudflare

QoQ Change in DDoS attack rates in 2022 Q4 as measured by Cloudflare (credit: Cloudflare)

 

In August of 2022, Google claimed that they fended off a DDoS attack that peaked at 46 million requests per second. Emil Kiner, Senior Product Manager at Google, and Satya Konduru, Engineering Lead at Google, put the scale of the attack into perspective:

To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.

Yoachimik shares that Cloudflare defended an attack against a Korean-based hosting provider that reached one terabyte per second. The attack in question was an ACK flood and was about one minute in duration. An ACK flood attempts to overload a server with TCP ACK packets. The server consumes resources processing the ACK packages preventing it from handling legitimate requests.

Cloudflare found that HTTP DDoS attacks made up 35% of all traffic to Aviation and Aerospace Internet sites. For Education Management companies 92% of traffic was part of network-layer DDoS attacks. Yoachimik also shared that 93% of network-layer traffic to Chinese Internet properties was part of network-layer DDoS attacks.

Ransom DDoS attacks also increased with 16% of…

Source…

Hacked AIIMS Server Partly Restored After Two Weeks, Ransomware Attack Deliberate, Finds NIA

/in


The National Investigation Agency (NIA) is investigating the “deliberate and targeted” ransomware attack on the servers of AIIMS Delhi, Minister of State for IT Rajeev Chandrasekhar has said.

“I can’t comment on that as it is a subject matter of an investigation by the NIA…It is pretty clear that it is a deliberate and targeted effort…a ransomware attack on AIIMS’ system… and NIA is investigating it,” Chandrasekhar said on Thursday.

Hacked AIIMS Server Partly Restored After Two Weeks, Ransomware Attack Deliberate, Finds NIABCCL

Multi-agency investigation  

The All India Institute of Medical Sciences, Delhi allegedly faced a cyber attack on November 23, paralysing its servers. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.

In a ransomware attack, cybercriminals lock access to data or a device and promise to unlock it after they are paid the desired ransom.

Following the massive outage that crippled the functioning of the country’s top medical facility a multi-agency investigation comprising of Indian Computer Emergency Response Team within the Ministry of Electronics and Information Technology, Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, Central Bureau of Investigation (CBI), National Forensic Sciences University, National Critical Information Infrastructure Protection Centre and NIA, among others were launched.

Hacked AIIMS Server Partly Restored After Two Weeks, Ransomware Attack Deliberate, Finds NIABCCL

AIIMS back to near normal 

After nearly two weeks, the server was restored on Tuesday and near-normal service resumed on Wednesday. 

The online registration of patients resumed on Tuesday after the hospital was able to access its server and recover lost data.

Last week the AIIMS had issued a statement saying that the e-Hospital data has been restored.

AIIMS, tip of the iceberg

It is not just AIIMS Delhi that has been targetted by cybercriminals.

There are also reports that the Indian Council of Medical Research (ICMR) faced around 6,000 hacking attempts within 24 hours on November 30.

Hacked AIIMS Server Partly Restored After Two Weeks, Ransomware Attack Deliberate, Finds NIAPexels

However, the attempts made to hack the ICMR website was not successful and the server was not affected and was running smoothly. The attackers have been blocked and the NIC team prevented the hacking attempts on the ICMR…

Source…

Report finds Census Bureau lacks ‘effective cybersecurity posture’ after red team hack

/in



A new inspector general report details how government-contracted hackers managed to gain covert access to Census Bureau systems in a simulated attack against the federal agency.

Source…