1. Ryuk Ransomware Behind Durham, North Carolina Cyberattack by Lawrence Abrams

Ryuk, the ransomware that hit the city of New Orleans back in December, has moved on to a new U.S. target: the city of Durham, North Carolina. The cyberattack began in classic Ryuk fashion with a malicious link in an email and spread across the network servers through file shares to individual computers. To prevent further spread, Durham shut down its network and “temporarily disabled all access into the DCI network for the Durham Police Department, The Durham Sherriff’s Office and their communications center.” Although 911 call are still being answered, the city’s 911 call center is shut down and the fire department has lost phone service. Fortunately, there are currently no signs that data has been stolen. Still, officials are warning users to be on the lookout for future phishing emails disguised as alerts from the city of Durham. If there was a ransom payment request, the amount has not yet been released. Ryuk is known to request ransoms that range from $10,000 on very small networks to millions of dollars on larger networks.

Read more

2. University of Kentucky Defeats Month-Long Cyber-Attack by Sarah Coble

The University of Kentucky is dealing with a system-wide shutdown after fighting off a month-long cyberattack. Cryptocurrency mining malware was installed on the university’s network back in February which caused daily interruptions to everyday functions and triggered temporary failures of their computer systems. It appears the attack originated outside of the United States and that the hackers were most likely attempting to hijack the “vast processing capabilities” of the university’s network to mine cryptocurrency. The attack has mostly impacted operations of UK Healthcare, which operates UK Albert B. Chandler Hospital and Good Samaritan Hospital in Lexington, Kentucky, but there is no evidence that any patient or student data has been compromised. Working with an independent computer forensic firm, the school conducted a major three-hour reboot of its IT systems, something that's believed to have finally removed the lingering malware threat. In a statement sent out to the entire campus on Monday morning, university spokesperson Jay Blanton said: “Now that the network has been restored and more aggressive security measures have been implemented, we can communicate with full transparency without risk of sacrificing the security of our systems.”

Read more

3. U.S. Government Commission Rolls Out Doomsday Plan for Cyberwar by Christopher Bing

In a report on Wednesday, a U.S. government-funded bipartisan group outlined a cyberwar doomsday plan that suggested actions the government can take to address the growing amount of cybersecurity challenges facing the country. The group, named Cyberspace Solarium Commission, included a set of proposals in the report, including creating a new position of “National Cyber Director” at the White House, a stronger military cyber reserve force, and a separate State Department bureau for cyber issues. In addition to the proposal, the CSC also offered advice to Congress on how to go about creating new departments and/or reorganizing existing government sectors. The report advised Congress to pass a series of bills to shape the structure of the government and create initiatives that could bring private sector partners closer to the U.S. government in order to assist with cybersecurity efforts. Cyberattacks on small municipalities to large governments, in addition to other infrastructure providers, has been a growing trend and has led to system-wide shutdowns and a large deal of damage and disruption. The commission emphasized that the U.S. government must prioritize keeping their economy online, ensuring the normal and healthy flow of goods and services nationally. While the group realizes there is no sure way to eliminate malicious cyber activity, the goal for the government should be to mitigate the consequences and reduce the level of activity.

Read more

4. Clearview AI Data Breach Exposes Facial Recognition Firm’s Client List by Byron Mühlberg

The recent data breach of U.S. facial recognition firm, Clearview AI, brings up the question of whether the benefits of facial recognition technology, such as the improvement in law enforcement effectiveness, outweighs the potential costs on individual freedom. The breach, which is believed to the be the largest in the company’s history, began after a hacker gained unauthorized access to Clearview AI’s entire client list. The leaked information included the names of organizations who work with the controversial firm, the number of user accounts each client had opened, and the number of searches each client conducted. Most of the clients were revealed to be law enforcement agencies based in the U.S., such as the FBI and the Department of Homeland Security, state and local enforcement agencies, and other corporate entities. Clearview AI has assured clients that it has taken care of the vulnerability that led to the breach and that the hacker was unable to obtain their search histories. Many industry specialists believe Clearview AI is downplaying the extent of the incident as the company’s short statement to its clients failed to include specific regarding the extend of the breach nor its wider implications. Many privacy advocates have raised their concerns of the potential implications of a breach as the company has over three billion photos stored on their central database.

Read more

5. Whisper, an Anonymous Secret-Sharing App, Failed to Keep Messages or Profiles Private by Charlie Osborne

The secret-sharing app Whisper, which allows users to post anonymous messages, inadvertently exposed data that allowed user content and profiles to be available for anyone online to view. Independent researchers Matthew Porter and Dan Ehrlich discovered the company’s open database with no credentials or password protection in place. It contained approximately 900 million records from 2012 to present day. Whisper and federal law enforcement agencies were notified of the open database on Monday, and the company quickly restricted access and plugged the authentication security gap. The records that were left exposed included nicknames, ages, ethnicities, genders, hometowns, group memberships, and post location coordinates. The company released a statement that the information within the database was only intended to be public for users within the application and was “not designed to be queried directly.”

Read more