Tag Archive for: Illinois

CL0P ransomware hackers went after Illinois state agencies

/in


Ransomware hackers accessed systems used by Illinois government agencies for a few hours May 31, according to the Illinois Department of Innovation and Technology, which said Friday it’s not clear what information was accessed or affected but that they expect it to end up affecting a “large number” of people.

Federal authorities have attributed the attack to the CL0P Ransomware Gang, which also went after major companies around the world last month. CL0P hackers gained access to MOVEit software, getting in to Illinois’ network for about three hours, officials said.

Sanjay Gupta, Illinois’ chief information officer, said state security teams have verified “that the vulnerability could no longer be exploited in our system.”

Officials haven’t released information on what information could have been vulnerable — or whether a ransom was demanded for the compromised information, as the gang has done in the past.

The BBC, British Airways and Boots — Walgreens’ UK-based retail and health stores — previously told a combined 100,000 employees that payroll data might have been taken in the same attack on MOVEit systems used by their payroll provider.

Considered “one of the largest phishing and malspam distributors worldwide” by the federal Cybersecurity and Infrastructure Security Agency, CL0P has been blamed for compromising more than 8,000 organizations globally since 2019. 

The latest attack on MOVEit systems was launched earlier in May and discovered June 2.

A separate attack was conducted by the ransomware group in January, using phishing scams and threats to release information. Ransom notes were sent to “upper-level executives” of companies affected by the scams, with the emails claiming to have stolen “important information” from more than 100 victims, federal officials said.

“If you ignore us, we will sell your information on the black market and publish it on our blog,” the ransom notes threatened.

Hackers have targeted Illinois in the past. Illinois Attorney General Kwame Raoul’s office…

Source…

State of Illinois victim of global ransomware attack

/in


The state of Illinois was among the victims of a global ransomware attack late last month that is believed to have exploited a vulnerability in a popular file transfer program, the state’s information technology agency announced Friday.

The FBI and the federal Cybersecurity and Infrastructure Security Agency have attributed the attack, which hit Illinois state government May 31, to a ransomware gang called CL0P, which exploited the popular MOVEit Transfer file-sharing software.

Other victims of the attack include the BBC, British Airways and Nova Scotia’s government, according to The Associated Press.

The attack on Illinois’ computer systems was contained within three hours, according to the state Department of Innovation and Technology. But spokeswoman Jennifer Johnson said the agency still is working to determine the extent of the intrusion.

“MOVEit is a file transfer utility used by many state agencies to transfer a variety of files,” Johnson said.

The department’s “current efforts are focused on determining an accurate population of impacted individuals for appropriate notifications,” she said.

The department “believes a large number of individuals could be impacted.”

The Russian CL0P ransomware syndicate announced on its dark web site late Tuesday that its victims — who it suggests number in the hundreds — had until June 14 to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online.

“This is potentially one of the most significant breaches of recent years,” Brett Callow, an analyst at the cybersecurity firm Emsisoft, told the AP. “We’ll have a better sense of how significant it is as more details emerge about the number and type of organizations impacted.”

Ransomware is malicious software that infects a computer system. Those behind ransomware then demand money to allow the system to work properly again or threaten to post sensitive information online if they don’t receive payment.

CL0P claims it does not extort governments, cities or police agencies, the AP reported, but cybersecurity experts say that’s likely a tactic employed in an effort to avoid direct conflict with law enforcement, and that the financially…

Source…

Watch now: Central Illinois universities wary of cybersecurity threats | Local Education

/in


NORMAL — Illinois State University is working to address several potential cybersecurity weaknesses identified in its most recent state audit. The changes come as universities across the country are working in a constantly evolving cybersecurity landscape.

The audit from the Illinois Auditor General identified weakness associated with the formal information technology policies as well as more specific issues around the management of application accounts. Released May 26, the report covers the period from June 30, 2020, to June 30, 2021.

Dan Taube, chief information security officer for the university, said ISU staff members are working to address the issues brought up in the audit, and to make continual efforts toward keeping the university’s networks safe.



Dan Taube

Taube


Those efforts include formalizing updated IT policies, which are central to making sure all 60,000 accounts that interact with the ISU network are not becoming vulnerabilities, Taube said.

“The truth about cybersecurity is it’s everyone,” he said.


Illinois State University’s financial audit summary for fiscal year 2021 from the state auditor’s office.


Other steps ISU has taken to address weaknesses include improving communication to delete accounts from some applications soon after an employee leaves the university or changes jobs.

Managing what accounts have access to certain data can help address the issue with measures such as limitations on what student accounts can access, FBI Springfield Computer Scientist Justin Harris said….

Source…

StratCities: Computer Security in Tinley Park

/in