Tag Archive for: nonprofit

Ransomware gang targets nonprofit providing clean water to world’s poorest

/in


Water for People, a nonprofit that aims to improve access to clean water for people whose health is threatened by a lack of it for drinking and sanitation, is the latest organization to have been hit by ransomware criminals.

The ransomware-as-a-service gang Medusa listed Water for People on its darknet site Thursday night, threatening to publish stolen information unless the nonprofit pays a $300,000 extortion fee.

A Water for People spokesperson told Recorded Future News: “The accessed data predates 2021, did not compromise our financial systems and no business operations were impacted. We’re working with top incident response firms, as well as our insurance company and hardening our systems with our security team to prevent future incidents.”

The attack follows the nonprofit receiving a $15 million grant from MacKenzie Scott, the billionaire ex-wife of Amazon founder Jeff Bezos. There is no evidence that Water for People was specifically targeted because of this donation.

The organization operates in nine different countries, from Guatemala and Honduras in Latin America, to Mozambique in Africa and to India, and aims to improve water access for more than 200 million people over the next eight years.

“While the recent cyber attack from Medusa Locker Ransomware has not impacted our important work fighting the global water crisis and equipping communities with lasting access to clean water and sanitation services, it does reflect that even non-profits like ours are in the cross-hairs of these threat actors. We attempted good-faith negotiations that led nowhere,” the spokesperson added.

It is not the first time the Medusa gang’s activities have impacted an organization associated with water provision, although the gang and its affiliates appear to work opportunistically, according to new analysis by Palo Alto Networks’ Unit 42.

Last year, an Italian company that provides drinking water to nearly half a million people was hit by the gang.

Back in 2021, U.S. law enforcement agencies said ransomware gangs in general had hit five water and wastewater treatment facilities in the country — not including three other widely reported cyberattacks on water utilities.

Despite…

Source…

HOT TOPIC TALK – Bridging the Cyber security talent gap with early education

/in



Security organisations form Nonprofit Cyber coalition

/in


A group of implementation-focused cyber nonprofits – including the likes of the Center for Internet Security, Crest International, and the Fido Alliance – have joined forces to create an umbrella coalition that will work to develop, share, deploy and increase awareness of security best practice, tools, standards and services.

Formed in the US, but globally relevant, the Nonprofit Cyber coalition is envisioned as a “collaboration of equals” and will initially focus on two priorities – building awareness of cyber nonprofits, and aligning the work of its 22 founding members, all of which must hold nonprofit status under US law or their home country equivalents.

The founding members are: the Anti-Phishing Working Group, the Center for Internet Security, the Center for Threat-Informed Defense, the Cloud Security Alliance, Consumer Reports, Crest International, the Cyber Defence Alliance, the CyberPeace Institute, the Cyber Readiness Institute, the Cyber Threat Alliance, the Cybercrime Support Network, the CyberGreen Institute, the Fido Alliance, the Forum of Incident Response and Security Teams, the Global Cyber Alliance, the National Cyber Forensics and Training Alliance, the National Cybersecurity Alliance, the Open Web Application Security Project, SAFECode, the Shadowserver Foundation, #ShareTheMicInCyber, and Sightline Security.

The group is also welcoming applications for new members, focusing only on those that work to implement security best practice and solutions at scale, and not lobbying, policy development or advocacy groups, nor industry bodies.

Philip Reitinger, CEO of the Global Cyber Alliance (GCA) and newly elected co-chair of the coalition, said: “A large number of nonprofits that focus on cyber security implementation are working within their own areas of action toward the joint goal of improving cyber security, but the lack of coordination and communication among them can lead to inefficiency and duplication of effort.

“Better communication and collaboration among these groups will enable programmatic and opportunistic action to improve cyber security.”

Tony Sager, Center for Internet Security vice-president and chief evangelist, and the…

Source…

68K affected by data theft, ‘sophisticated’ network hack of health nonprofit Advocates

/in


A number of breaches were reported in the healthcare sector, though not all are yet listed on the Department of Health and Human Services breach reporting tool.(Photo by Alex Wong/Getty Images)

Approximately 68,000 individuals who’ve received services from Advocates are being notified that their personal and protected health information was stolen during a four-day hack in September 2021. Advocates also provided notice to certain employees, whose data was exfiltrated during the hacking incident.

Advocates is a nonprofit organization based in Massachusetts that provides a range of services for individuals requiring support with addiction, autism, brain injury, mental health, addiction, and other health conditions.

First discovered on Oct. 1, the nonprofit was notified that its data had been exfiltrated from its digital environment by a threat actor. Advocates took action to secure the system and engaged with an outside cybersecurity firm to investigate the scope of the incident.

The investigation found that a hacker gained access to the network between Sept. 14 and Sept. 18, 2021 through a “sophisticated cyberattack” on its network. During that time, the attacker gained access to and copied data tied to both current and former individuals served by Advocates.

The stolen data included names, contacts, Social Security numbers, dates of birth, client identification numbers, health insurance information, diagnoses, and treatments.

Advocates is cooperating with the ongoing FBI investigation, while taking steps to bolster its security to prevent a recurrence. All impacted individuals will receive free credit monitoring and identity theft protection services.

St. Lucie County reports 4-year hack of drug screening lab

Over the course of four years, a misconfiguration error in the St. Lucie County’s Drug Screening Lab’s web portal allowed for certain data to be accessible by unauthorized parties. The breach is not yet listed on the HHS reporting tool, so it’s not yet known how many individuals have been affected.

“After an extensive forensic investigation and thorough review of the data impacted,” SLC discovered the unauthorized access to the portal data on Dec. 28. The exposure…

Source…