Cyber Intelligence Weekly (September 4, 2022): Our Take on Three Things You Need to Know
Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!
To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe
Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let me know!
Before we get started on this week’s CIW, I’d like to highlight our Cybersecurity Tabletop Exercise practice. We’ve all heard the old adage: it is not a matter of if, but when. As you prepare for when that cyber incident does occur, there's a way to ensure that you and your entire organization are well prepared with a professionally led tabletop exercise. Tabletop exercises are a proactive approach to cybersecurity that is not only a best practice, but also a necessity in today’s business climate. You'll build muscle memory to be more prepared to successfully face cyber incidents head-on. Please let us know if you’d like to perform professionally facilitated a tabletop exercise with our experts!
Away we go!
1. Chinese Database with Facial Recognition and License Plate Data Leaked
A recent report from TechCrunch reveals a potentially massive personal data set of Chinese nationals that has been leaked earlier this year. TechCrunch was contacted by security researcher Anurag Sen, who uncovered the exposed database on an Alibaba-hosted server in China. The database included hundreds of millions of personal records and was rapidly growing by the day. The database was supposedly fully exposed, not password protected, and could be accessed by anyone.
The database in question belongs to Xinai Electronics, a tech company based in Hangzhou. The company’s systems use facial recognition and are often used for things like building access, monitoring employee attendance and performance, as well as license plate recognition for automated parking garage systems. Essentially, the data they hold is highly sensitive from a privacy perspective.
While this sort of privacy breach in China may not seem surprising, the sheer scale of the data exposed should be a large cause for concern from a human rights perspective.
2. Nelnet Servicing Breach Exposes Data of 2.5M Student Loan Accounts
A recent report from Bleeping Computer outlines a data breach that may have exposed the data of about 2.5 million student loan borrowers serviced by Edfinancial Services as well as the Oklahoma Student Loan Authority (OSLA). The threat actors supposedly accessed their systems sometime in June and were present on those systems throughout the rest of the month and into July.
A sample notification letter outlining the details of the breach has been sent to the Maine Attorney General’s Office and can be found online. Per the notification letter, such personal information that was included in the breach includes name, address, email address, phone number, and Social Security Number.
Per a statement to the media, Nelnet official stated that their cybersecurity team discovered a vulnerability that they believe led to this incident and they took immediate action to secure systems and block the suspicious activity. A forensic investigation is on-going at this time.
3. Italian Oil Giant, Eni, Hit by Hackers
Per a recent report from Bloomberg, Italian oil giant, Eni, was hit recently by hackers. Per the Bloomberg article, Eni confirms that hackers gained unauthorized access to the company’s network and the company is working with authorities on the matter. According to the Bloomberg article, they cite that the Eni may have been hit by a ransomware attack.
This comes on the heels of a security incident at Italy’s energy agency, Gestore dei Servizi Energetici SpA (GSE), earlier in the week. The BlackCat ransomware group took credit for the attack on GSE, claiming to have stolen more than 700 GB of data from the agency. These recent attacks have Italian officials very concerned, so much so that the National Cyber Security Agency recommended on Friday to “raise the levels of protection of digital infrastructure of energy operators, constantly updating them in line with the most recent threat information.”
These types of attacks further the need to bolster cyber defenses at critical infrastructure agencies and organizations to help ensure that these types of disruptive attacks do not occur at scale.
Thanks for reading!
About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about