Cyber Intelligence Weekly

Cyber Intelligence Weekly (March 12, 2023): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let me know!

Before we get started on this week’s CIW, I’d like to highlight a great upcoming webinar put on by Echelon’s Women in Cyber Employee Resource Group, Women in Cybersecurity: Paving the Path for Future Leaders. For all aspiring women leaders in cyber, and anyone else who’d like to attend and hear this great conversation and learn how you can be a great ally to support women in cyber, we’d love for you to attend! Register here.

Women in Cybersecurity

Away we go!

1. SEC Fines Blackbaud $3 Million for Misleading Disclosures About Ransomware Attack

With the SEC proposed rules on cybersecurity risk management and incident disclosure by public companies looming large, many public companies are scrambling to put cybersecurity risk management and incident reporting procedures into play.

While those rules are being finalized, the SEC is certainly not resting on their laurels. The SEC recently announced that they are charging the popular donor management software maker, Blackbaud for misleading disclosures about a ransomware attack that affected charitable donors.

According to the SEC's ruling, Blackbaud reported on July 16, 2020, that the threat actor had not obtained donor bank account information or social security numbers. Yet, days after making these claims, the company's technical and customer service staff discovered that the attacker had in fact gained access to and exfiltrated this private data. Due to the company's lack of disclosure controls and procedures, these employees failed to relay this information to senior management who were in charge of its public disclosure. Blackbaud then neglected to include this crucial information about the attack's scope in a quarterly report it submitted to the SEC in August 2020 and mischaracterized the possibility of an attacker getting such sensitive donor data as hypothetical.

The SEC noted that Blackbaud violated Sections 17(a)(2) and (3) of the Securities Act and Section 13(a) of the Exchange Act and Rules 12b-20, 13a-13, and 13a-15(a).

David Hirsch, Chief of the SEC Enforcement Division’s Crypto Assets and Cyber Unit, had the following to say in a prepared statement, “As the order finds, Blackbaud failed to disclose the full impact of a ransomware attack despite its personnel learning that its earlier public statements about the attack were erroneous. Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so.

2. Minneapolis Public Schools Held Hostage by Medusa Ransomware Gang

Last week, on its Tor data leak website, Medusa claimed Minneapolis Public Schools (MPS) as a victim and threatened to reveal all the information it purportedly obtained from the public school system by March 17, 2023 if it did not comply with their ransom demand of $1,000,000 dollars.

In an unusual turn of events, the gang used a unique approach to demonstrate its extensive access to MPS' networks by publishing a screenshare video on the Vimeo hosting site. Some of the data stolen appears to include extremely sensitive, per multiple reports.

Minneapolis Public Schools Held Hostage by Medusa Ransomware Gang

This ransomware gang performed the relatively new double extortion technique that not only encrypts sensitive files at the target site, but also threatens to make the stolen data public or even sell the data, unless the ransom demands are met. Per the MPS website, they don not plan on paying the ransom demands.

3. U.S. Marshals Service Hit with Ransomware Attack and Data Breach

The U.S. Marshals Service (USMS), a federal law enforcement agency in the United States, was recently hit by attackers who were able to deploy ransomware as well as reveal sensitive data. The USMS is a bureau within the U.S. Department of Justice, operating under the direction of the attorney general, but serves as the enforcement arm of the United States federal courts.

Most famously, they help to operate the federal witness protection program, which if this data was breached, would reveal the hidden identities and locations of law enforcement collaborators across the country. Per a report from TechCrunch, the system that was affected was a stand-alone single system, and no witness protection data was at risk.

U.S. Marshals Service Hit with Ransomware Attack and Data Breach

USMS spokesperson Drew Wade told TechCrunch, “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.