Friday Five: 6/26 Edition
Files from hundreds of police departments are leaked, FBI issues a security warning to K12 schools, and more - catch up on all the week's news with the Friday Five.
1. Oracle’s BlueKai Spilled ‘Billions of Records’ of Web-Tracking Data by Jesse Damiani
TechCrunch recently reported that an adtech division at Oracle that tracks approximately 1% of all web traffic, BlueKai, exposed billions of records of people all over the globe due to an unsecured server. BlueKai was added to Oracle’s marketing cloud in 2014 to enable “marketers to act on data across both known customers and new audiences and precisely target customers with a personalized message across all channels”. The technology is able to infer a wide range of information about users by tracking what websites people visit and which emails they open through cookies and other proprietary technology. The collected data is combined to form a “unique fingerprint” of a user’s device, which can then be linked to other devices. After being notified by security researchers of servers that were sitting unsecured without a password, Oracle conducted an investigation that found that two companies did not properly configure their services. The company is taking additional measures to “avoid a reoccurrence of this issue” but there is unfortunately no way to know if the compromised data was accessed by malicious actors.
2. ‘BlueLeaks’ Exposes Files from Hundreds of Police Departments by Brian Krebs
In the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data, a 270 GB collection dubbed “BlueLeaks” was leaked to the public. The collection stems from a security breach at a Texas web design and hosting company and contains hundreds of thousands of potentially sensitive files from police departments across the United States. The data was collected over a span of 10 years from over 200 police departments, fusion centers and other law enforcement training and support resources. In a post on Twitter, DDoSecrets said that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more”. The National Fusion Center Association (NFCA) confirmed the validity of the data and found that some of the files contained highly sensitive information such as ACH routing numbers, international bank account numbers, and other financial and personally identifiable information. According to the NFCA, threat actors could exploit the data exposed in this breach to target fusion centers and associated agencies and their personnel in cyberattacks and campaigns.
3. Twitter Says Business Users’ Data Leaked in Security Fiasco by Jay Jay
Twitter users who use the service for business should double check to see if their billing information used on ads.twitter.com or analytics.twitter.com, their billing information has been used - it could be at risk. The social media giant recently revealed that users’ billing information was erroneously stored in the browser’s cache, potentially leaving the information accessible to those using shared computers. Information that was possibly leaked includes business users’ email addresses, phone numbers, and the last four digits of their credit card numbers. Fortunately, this breach was a minor one as the amount of affected users is a small fraction of Twitter users, and an attacker would need physical access to a user’s device in order to steal information. On top of that they'd only be able to steal it from one user at a time. As soon as Twitter became aware of the incident, it resolved the issue and informed any clients who may have been impacted of the situation. The company has now disabled storing data locally by updating its headers to include no-store and no-cache.
4. Leaked Docs Reveal FBI Fears over Ransomware Threat to Election Networks by Claudia Glover
In the major “BlueLeaks” data breach mentioned above, a leaked document revealed that the FBI remains deeply concerned that ransomware delivered through managed service providers (MSPs) to US government networks could threaten the integrity of this year’s elections. The document warned that even if it was not a threat actor’s intention, attacks delivered through MSPs to US and state government networks could disrupt the availability of data on interconnected election servers. The report reveals that this fear is born from previous experience, even citing multiple examples, including a Sodinokibi ransomware attack in Oregon that caused the shutdown of 45 servers and 50 desktops and crippled short-term back-ups. The US election networks are no stranger to these targeted attacks, and it is likely that there will be many hacking attempts in the upcoming election – politically charged or not.
5. FBI Warns K-12 Schools of Ransomware Attack via RDP by Catalin Cimpanu
As many K-12 institutions transition to distance learning in the upcoming year, they are also becoming an opportunistic target for cyber actors. The US Federal Bureau of Investigation sent out a security alert to K12 schools about the likelihood of an increase in ransomware attacks that abuse RDP connections to break into school systems. Because schools are likely to open up their infrastructure for remote staff connections, the creation of Remote Desktop Protocol (RDP) accounts on internal school systems is likely to occur. In the past, ransomware gangs have exploited vulnerabilities in RDP using brute-force attacks and then deploying file encrypting ransomware. K-12 schools are especially susceptible to these attacks as they usually do not have the resources that companies do to, such as a professional security team that protects their remote access infrastructure and endpoints. The FBI alert included a list of recommendations to help K-12 schools and their IT staff protect their systems.