Weekly Cybersecurity Recap March 3
Table of Contents
- By Steven
- Mar 03, 2023
This week was a bad week for the U.S. government and also featured serious attacks to major Canadian retailer Indigo as well as software company Activision and the Los Angeles Unified School District. Hackers are hitting every section of society, and both private and public sector organizations are at a real risk of data loss due to these regular attacks. Some of the hackers were members of ransomware gangs, working in coordinated groups, while others were members of smaller or unknown organizations. Cyber threats are only increasing in intensity and frequency, and it's more important than ever for organizations and individuals to protect themselves.
Activision, one of the largest game-development companies in the U.S., was recently hacked, and some of its employee data were exposed in the breach. Hackers were able to get into employee accounts through a phishing attack on December 4, 2022. After the initial attack, the hackers installed malicious files on the Activision network, accessed several employee accounts as well as the internal Slack channel, and gathered basic data about company employees. Activision failed to notify its employees because it wasn't legally obligated to since more serious employee information was not stolen. This attack is a big deal, and it shows that even major software companies are at risk.
Los Angeles Unified School District
The Los Angeles Unified School District is a massive cluster of schools in the Los Angeles, California, area and covers more than 1,000 separate schools. The district was recently attacked by a ransomware gang, revealing mental health information for more than 2,000 separate students. About 60 current students were exposed, and the rest were old students going back more than a decade. The mental health files included very personal information and a significant amount of health information for the individuals. This is one of the worst attacks that we've reported on this week in terms of the sheer amount of personal and health data released, and it shows how much more work is required to secure public school districts from serious attacks.
U.S. Department of Defense
It's been a bad week for the U.S. government, and the Department of Defense had some of its unclassified documents exposed to the internet for anyone to access. In this case, the breach was caused by U.S Department of Defense employees rather than any specific attacker. One of the department's Azure servers was improperly configured, so no password was required for access to its files. That left information about U.S. Special Operations, SF-86 background questionnaires, and millions of emails open to the public. Anyone with the I.P. address of the server could access its information. It was quickly removed from the internet, but only after Anurag Sen, a security researcher, noticed the issue and reported it to TechCrunch, who released the information to the Department of Defense.
Even data held by the U.S. Marshal's office isn't safe from cyber terrorists. Hackers were able to hack into a server loaded with information for U.S. Marshal's activities. Among the data stolen were details about cases as well as the details of potential suspects in open or closed cases. The server was first breached on Feb 22, 2023, and it was quickly taken down, but a significant amount of information may have been compromised before it was.
Indigo books are one of the largest book and boardgame retailers in Canada. The company recently suffered from a ransomware attack, potentially exposing thousands of its employees. The attack occurred on February 8 and led to data from thousands of company files being copied, leaked, and encrypted. The company never released a specific list of employee data that was lost in the attack, but it's expected to be significant, and employees should carefully watch their accounts for potential issues.