Tag: MONTHS | Page 3

Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data

September 11, 2023/in Internet Security

Investigations have begun into a massive ransomware attack that has affected Sri Lanka’s government cloud system, Lanka Government Cloud (LGC).

The investigation is being conducted by the Sri Lanka Computer Emergency Readiness Team and Coordination Center (CERT|CC). Sri Lanka’s Information and Communication Technology Agency (ICTA) confirmed the attack to several local news outlets on September 11, 2023.

The attack likely started on August 26, 2023, when a gov[dot]lk domain user said they had received suspicious links over the past few weeks and that someone may have clicked one.

LGC services and the backup systems were quickly encrypted. Mahesh Perera, CEO at ICTA, estimated all 5000 email addresses using the “gov[dot]lk” email domain, including those used by the Cabinet Office, were affected.

The system and the backup were restored within 12 hours of the attack.

However, since the system didn’t have any backup available for the data spanning May 17 to August 26, 2023, all affected accounts have permanently lost data covering this period.

Concerning Security Failings

Perera told the press that LGC was introduced in 2007 and first used Microsoft Exchange Version 2003, but was updated to Microsoft Exchange Version 2013 in 2014.

“This was in use till the attack. But that version is now obsolete, outdated and vulnerable to various types of attacks,” he said.

Although the Agency had planned to upgrade LGC to the latest version (currently Exchange Server 2019 CU11 Oct21SU) from 2021, the decisions had been delayed due to “fund limitations and certain previous board decisions.,” Perera added.

Following the attack, ICTA has started taking measures to enhance its security, including initiating daily offline backup routines and upgrading the relevant email application to the latest version.

The Sri Lanka CERT|CC is also helping ICTA to retrieve the lost data.

The Sri Lankan government had previously been criticized for failing to efficiently promote serious cybersecurity measures within its public administrations and its private sector.

The country ranks 83rd out of 175 countries in the Estonia-based e-Governance Academy Foundation’s National Cyber…

Source…

UK election watchdog failed to discover system hack for 15 months

August 8, 2023/in Internet Security

The UK’s Electoral Commission today announced it suffered a cyberattack in August 2021, with attackers gaining access to registers that contained the names and addresses of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

In a statement issued by the Electoral Commission via its website, the election watchdog said that although attackers first gained access to electoral registers and the commission’s email system in August, the hack wasn’t identified until October 2022, when the electoral body became aware of a suspicious pattern of log-in requests being made to its systems.

The commission said while it is “not able to know conclusively” what information had been accessed, the personal data most likely to have been accessible includes names, addresses, email addresses, and any other personal data sent to the commission by email or held on the electoral registers. Due to large parts of the UK’s electoral system still being paper based, however, “it would be very hard to use a cyber-attack to influence the [electoral] process.” The Commission also sought reassure those that might have been affected by the breach by noting that the hack will not impact an individual’s ability to take part in the democratic process or affect their current registration status or eligibility to vote.

“We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems,” Shaun McNally, the Electoral Commission chief executive, said in a statement.

In line with requirements under the law, McNally said the Electoral Commission notified the Information Commissioner’s Office (ICO) within 72 hours of identifying the breach and the ICO is currently investigating the incident.

“The Electoral Commission has contacted us regarding this incident and we are currently making enquiries,” a spokesperson for the ICO said in a statement. “We recognise this news may cause alarm to those who are worried they may be affected and we want to…

Source…

Lawyer says MPS hasn’t contacted hacking victims 5 months later

July 7, 2023/in Internet Security

Thousands of files, including sensitive information, were released online in March after the district didn’t pay a $1 million ransom.

MINNEAPOLIS — Five months after cyber criminals attacked Minneapolis Public Schools, a new, scathing report from the Associated Press says that officials still haven’t informed the victims.

Some of the information, including highly sensitive medical records, like assault complaints, social security numbers and union grievances, were leaked online after the district didn’t pay a $1 million ransom.

One lawyer now representing some of the victims says his firm is investigating whether the district violated any of its obligations under Minnesota’s Data Practices Act.

The breach, that the Minneapolis school district said included the release of personal data, wasn’t disclosed until mid-March. Experts call it an aggressive attack that included 300,000 files.

“This is not an MPS problem, this is not a Minneapolis problem, this is not a public school problem,” said cybersecurity expert Ian Coldwater. “This happens all over the place to all kinds of places.”

Research shows one in three districts across the country were breached by 2021. What little resources there were then were spent on remote learning and internet connectivity.

Minnesota’s IT specialists confirm it got a $5.5 million boost from lawmakers this legislative session. The state also got another $18 million in federal funds that entities, like school districts, can apply for to upgrade its infrastructure.

“These families are floored and totally taken by surprise,” said attorney Jeff Storms, who represents some of the victims.

“They had no idea their children’s sensitive information had been leaked on the internet and from what we’ve seen from the scope of this breach, the district did not take reasonable measures to…

Source…

Dallas Officials Say Ransomware Recovery Could Take Months

May 14, 2023/in Internet Security

(TNS) — It could be months before Dallas systems are fully restored after a cyber attack last week, city officials said Thursday.

Dallas information technology staff are still working with consultants and outside groups to help review and clean servers possibly impacted by ransomware with a focus on restoring systems from public safety departments first, then other public facing agencies, and then everything else. But it’s the restoration of some internal systems described as having background functions that will likely take the longest to complete.

“We are going to be working at this for weeks and months to do all the clean up,” Brian Gardner, the city’s chief information security officer, told The Dallas Morning News Thursday.

Gardner and Jack Ireland, the city’s chief financial officer, said no evidence has been found at this point that data stored by the city of personal information from employees and residents was leaked, nor is there any evidence found that internal data stored, such as police evidence or municipal court files, have been lost. They both said investigations and monitoring are still ongoing.

“We took some things down as precaution, probably more than we needed to, in order to isolate and make sure that it was clean before it was brought back into service,” Ireland said. “So it is taking some time to work through those different systems.”

Thursday marked day nine of the city dealing with the fallout of a ransomware attack from last Wednesday. Ransomware is a type of software often used to extort money from organizations by threatening to block access to files or release confidential information unless money is paid.

Ireland declined to say whether the city has issued any ransom, citing an ongoing criminal investigation by the Dallas police and FBI.

“There are things we’re just not able to share because it is an open investigation and a criminal act against the city,” said Ireland, who oversees the city’s information and technology services department.

City Manager T.C. Broadnax said Ireland “didn’t share specifics about any requests,” and that he wasn’t…

Source…

Tag Archive for: MONTHS

Concerning Security Failings