CYBER SECURITY NEWS – WEEK OF NOVEMBER 06, 2023
Major Mexican airport confirms experts are working to address cyberattack
- The Querétaro Intercontinental Airport — about three hours from Mexico City — confirmed reports that it had been attacked by hackers, posting a notice on social media sites that it had called in experts to help address the issue.
- “We reported that we had a cyberattack incident and are working with experts to address this situation. AIQ systems are operating normally. The safety of our passengers and operations remains our top priority,” the airport said, according to a translation of the notice, posted Tuesday.
- Over the last decade, Querétaro Intercontinental has become one of the busiest airports in Mexico, serving more than 1.1 million passengers in 2022 and becoming a hub for cargo flights within Mexico and to the U.S. and Europe.
- The airport’s operational security wasn’t compromised, and the response team had contained and isolated the attack, the officials said, claiming that any information stolen was “in the public domain.”
Okta employee data breached in third-party healthcare attack
- An incident at Rightway Healthcare resulted in a breach of sensitive health information of almost 5,000 Okta employees. It’s the latest in a series of security woes for the IAM provider.
- Nearly 5,000 current and former employees at Okta had their sensitive health information exposed by a cyberattack at Rightway Healthcare, a third-party vendor for the identity and access management provider, according to data breach notices filed Wednesday in California and Maine.
- The third-party breach did not impact Okta services, which remain secure, and “no Okta customer data is impacted by this incident,” the company said in a statement.
American Airlines pilot union hit with ransomware
- The American Airlines pilot union is working to restore its systems following a ransomware attack, the latest in a rash of cyber incidents affecting the aviation industry.
- The union, which represents more than 15,000 of the airline’s pilots, posted a notice on its website explaining it first discovered the cyberattack on October 30.
- The unnamed cybersecurity firm hired to conduct an investigation confirmed that the union was hit with ransomware and said some systems were encrypted.
- The organization’s IT team is working with outside experts to restore their systems and noted that efforts “are progressing,” allowing them to soon bring some services back online.
Massive MOVEit hack: 630K+ US defense officials’ emails breached
- The organization targeted in the incident is Westat, a data firm utilized by the Office of Personnel Management (OPM) for survey administration.
- The MOVEit data breach has caused havoc across all prominent industries and organizations. This large-scale cyberattack in May 2023 (from May 28th to May 30th, 2023) has claimed countless victims.
- The attackers exploited a vulnerability in a managed file transfer software called MOVEit Transfer developed by Ipswitch INC. Many organizations have become targets of this breach including government agencies, airlines, educational and financial institutions and healthcare providers, and lost sensitive data such as credit card numbers, PII, and SSNs (social security numbers).
- Bloomberg reports that the US Department of Justice is amongst the government agencies targeted in the MOVEit Transfer vulnerability exploitation spree. Reportedly, the email addresses of 632,000 employees from the agencies were accessed.
Singapore public health services hit by DDoS attacks
- Hackers disrupted internet connectivity in public healthcare institutions in Singapore this week with distributed denial-of-service (DDoS) attacks, a health technology agency that oversees the institutions said.
- Synapxe, which manages operations of 46 public healthcare institutions in Singapore and around 1,400 community partners such as nursing homes and general practitioners, said there’s no evidence that public healthcare or patient data, as well as internal networks, have been compromised.
- Disruptions to internet connectivity affecting all public healthcare clusters in Singapore started on Wednesday and lasted for about seven hours.
- During that time, services like websites, emails, and productivity tools for staff were inaccessible. DDoS attacks flood websites with junk internet traffic to prevent legitimate users from accessing them.
California community college Río Hondo dealing with cybersecurity incident
- Río Hondo College in Southern California is dealing with a cybersecurity incident that limited campus functions for days before most services were returned.
- The school, which serves more than 31,000 students in the Los Angeles metro region, did not say when the issues began but wrote in an October 23 Facebook post that access to its website and other school-run tools had been restored.
- The next day, the school added that its IT team had resolved an issue that limited the college’s ability to disburse financial aid. Financial aid disbursements were sent out on October 26.
- At the time, the school did not identify the disruptions as related to cyberattacks but on Tuesday the LockBit ransomware gang added the school to its list of victims, giving officials until November 20 to pay an undisclosed ransom.