Welcome to the latest cybersecurity wrap up. There was lots of news this week around data breaches.
But first, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive following the release of fixes for zero-day vulnerabilities in Microsoft Exchange.
The agency's Emergency Directive 21-02, "Mitigate Microsoft Exchange On-Premises Product Vulnerabilities," was issued on March 3. This came after a warning from Microsoft about four zero-day vulnerabilities in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
The warnings were issued after Microsoft picked up on exploits by a suspected state-sponsored advanced persistent threat (APT) group from China called Hafnium. The news comes as security firms report escalating numbers of related campaigns led by sophisticated adversaries against a range of high-value targets, especially in the US.
Now, back to all the data breaches.
In last four or five days, we learned more about breaches at security services provider Qualys, Singapore Airlines, Oxfam Australia and the transport system for the Australian state of New South Wales. In the case of Qualsys and New South Wales, the breaches were related to the secure file-sharing system, Accellion FTA.
Accellion suffered a large cyber attack in December. According to this article in Gizmodo published last month, the company “recently discovered that a threat actor had been exploiting zero-day vulnerabilities in its legacy file-transfer service application (called “FTA” for short) – a file-sharing and storage product used by approximately 300 clients. Despite subsequent patches, there has been a steady stream of FTA-related data breaches involving banks, universities, large companies, government agencies, and more.” Currently it appears that the CLoP ransomware gang is likely behind the Accellion attacks.
Finally, last October the city of Mumbai, India suffered a massive power outage. This week, it was declared to be an act of sabotage. An official in the state of Maharashtra has placed the blame squarely on China, but the Chinese embassy in India is denying the country had any role. This comes after a February 28th story in the New York Times that cited a study by Recorded Future which indicated that Chinese malware had been “flowing into the control systems” that manage India’s electricity supply at the time of the outage.
The discovery raises the question about whether last year’s outage is a result – and perhaps even a message from Beijing – after a deadly “border battle” last summer between Chinese and Indian troops.
That’s a wrap for this week in cybersecurity. Hope everyone has a safe and relaxing weekend!
Top Global Security News
ZDNet (March 4, 2021) CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now
"The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive following the release of fixes for zero-day vulnerabilities in Microsoft Exchange. The US agency's Emergency Directive 21-02, 'Mitigate Microsoft Exchange On-Premises Product Vulnerabilities,' was issued on March 3.
This week, Microsoft warned that four zero-day vulnerabilities in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 are being actively exploited by a suspected state-sponsored advanced persistent threat (APT) group from China called Hafnium."
ComputerWeekly (March 4, 2021) Qualys caught up in Accellion FTA breach
"The scope of the Accellion FTA breach has now widened to include cloud-based security services supplier Qualys, which has had some of its customer data published to a dark web leak site operated by the Cl0p ransomware gang, as reported by our sister title LeMagIT.
Qualys CISO Ben Carr confirmed the incident in a disclosure blog, saying that the firm had used the legacy file transfer technology in a segregated environment for customer support-related file transfers, and it was at no point connected to its production customer data environment, the Qualys Cloud Platform.
On Christmas Eve, it received an integrity alert, at which point it fully isolated the impacted server and provided alternatives for support-related file transfer.
'Qualys and Accellion conducted a detailed investigation and identified unauthorised access to files hosted on the Accellion FTA server,' said Carr. 'Based on this investigation, we immediately notified the limited number of customers impacted by this unauthorised access.'"
ZDNet (March 4, 2021) Singapore Airlines frequent flyer members hit in third-party data security breach
"Data belonging to 580,000 Singapore Airlines' frequent flyer members have been compromised in a cybersecurity attack that originally hit air transport communications and IT vendor, SITA. The incident marks the second time in a week that an airline has reported a data breach, which appears also to be the result of the attack targeting SITA.
While not a customer of SITA, Singapore Airlines (SIA) had shared a 'restricted' set of data as a member of the Star Alliance group, the airline said in a statement late-Thursday. This was necessary to facilitate verification of membership tier status and provide customers of other member airlines the relevant benefits while they travelled."
The Daily Swig/Portswigger (March 2, 2021) Oxfam Australia confirms data breach after supporters’ details ‘unlawfully accessed’
"Oxfam Australia has confirmed that it has suffered a data breach after a database containing supporters’ information was 'unlawfully accessed'.
In a statement, the charity said that an external party gained access to the database on January 20, 2021.
Oxfam Australia said it became aware of the breach seven days later and engaged 'industry-leading forensic IT experts' to conduct an investigation.
The database included information about supporters who may have signed a petition, taken part in a campaign, or made donations or purchases through shops, Oxfam Australia said."
The Print (March 1, 2021) ‘It was sabotage’ — Maharashtra energy minister says cyberattack caused Mumbai power outage
"New Delhi: The massive power outage that brought much of Mumbai to a standstill for hours last October was caused by a cyberattack, said Maharashtra Energy Minister Nitin Raut Monday, who called it an act of 'sabotage'. Raut said the state government, the Maharashtra Electricity Regulatory Commission (MERC) and the Central Electricity Authority had set up separate committees to probe the cause of the outage and their reports have been received.
'We had then complained to the cyber cell and their report is awaited. But the preliminary information I have, there definitely was a cyber attack and it was a sabotage,' he said, according to news agency PTI.
A 28 February New York Times report stated that the outage could be a 'part of a broad Chinese cybercampaign against India’s power grid'. Citing a study by a US cyber security firm, NYT said a stream of Chinese malware had been 'flowing into the control systems' that manage India’s electricity supply. The Chinese embassy in India put out a statement denying China had any role in the cyber attacks."
Bleeping Computer (March 1, 2021) NWS Transport agency extorted by ransomware gang after Accellion attack
"The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files.
Transport for NSW is New South Wales' transport system in charge of the buses, ferries, regional air operators, and cargo transportation.
Last week, Transport for NSW disclosed that their agency suffered a data breach after their secure file-sharing system, Accellion FTA, was attacked and hackers stole data."
Other Industry News
Is the GDPR already outdated and in need of replacement? - Lexology
Medical Data of 500,000 French Residents Leaked Online - nfosecurity-magazine.com
Cryptocurrency Fraudster Steals $16m - Infosecurity Magazine (infosecurity-magazine.com)
Why Global Power Grids Are Still Vulnerable to Cyber Attacks - Bloomberg
Navajo Nation Hospital Still Recovering From Ransomware Attack (gizmodo.com)
Payroll/HR Giant PrismHR Hit by Ransomware? — Krebs on Security
NSA Shares Zero Trust Security Model Guide, Recommendations (healthitsecurity.com)
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.