Critical Lessons from the MCNA Cyberattack: A Tale of Nine Million Breached RecordsThe recent cyberattack on Managed Care of North America (MCNA), one of the largest dental insurers in the U.S., has served as a stark reminder of the ongoing cybersecurity challenges we face. The breach, perpetrated by the LockBit ransomware group, affected nearly nine million people across the country, revealing both the audacity of modern cybercriminals and the vulnerabilities within even large, seemingly secure organizations.
The extent of the data breach was significant, with the attackers managing to extract about 700 gigabytes of data, including sensitive personal and health information. The breach was conducted by the introduction of malicious code into MCNA’s network system. This comprehensive data set, encompassing everything from names and contact information to social security numbers and specific dental visit details, was published when a $10 million ransom demand was not met.
This incident underscored the interconnectedness of modern data systems; MCNA had to send out breach notifications on behalf of more than 100 organizations, illustrating the far-reaching consequences of a single cyberattack.
Expat US Citizen Pleads Guilty to Multi-Million Dollar BEC FraudUS citizen Michael Knighten, 58, residing in Brazil, pleaded guilty to a wire fraud scheme causing companies to lose over $3 million. Knighten, under an alias, sent fraudulent emails to companies, including Houston-based Bennu Oil and Gas, directing changes in payment information on vendor invoices. As a result, payments were redirected to Knighten’s accounts. Knighten further misused a relative’s identity to facilitate the fraud. Bennu Oil and Gas uncovered the fraud after a wire transfer of $651,125 to a Portuguese bank account but still sustained a loss of $224,000. As the US Attorney Alamdar S. Hamdani warned, business email compromise scams pose a serious threat to companies and individuals. Knighten, in custody, awaits sentencing on August 31, facing up to 20 years in prison and a maximum fine of $250,000.
Securing the City of Augusta: Battling Ransomware with Encryption and IntegrityThe ransomware attack on Augusta, Georgia, was confirmed to be the responsibility of a group known as BlackByte. The group, which operates out of Russia and is known for targeting corporate victims worldwide, began its activities in July 2021. BlackByte uses double extortion to force their victims into payment: not only do they encrypt the data and demand a ransom for the decryption key, but they also threaten to publish or sell the stolen data if the ransom is not paid.
On May 21, the city of Augusta began experiencing technical difficulties due to unauthorized access to its system. The city is currently investigating the incident to determine its full impact and to restore functionality to its systems as soon as possible. BlackByte has claimed that they have stolen a large amount of sensitive data from Augusta’s computers and posted a 10GB sample of this data as proof of their breach. This sample was reported to contain payroll information, contact details, personally identifiable information (PII), physical addresses, contracts, and city budget allocation data.
The ransom demanded for deleting the stolen information is reported to be $400,000. BlackByte has also offered to resell the data to interested third parties for $300,000.It’s worth noting that Augusta is not alone in facing such attacks. Other U.S. cities, including Oakland, California, have also been victims of ransomware attacks, leading to significant disruptions in their systems and services.
Strengthening Military Data Security: Lessons from Recent U.S. Marine Corps Breach
The U.S. Marine Corps is conducting an investigation into a data breach that occurred on May 12th, which affected approximately 39,000 personnel including Marines, sailors, and civilians working within the Department of Defense. The breach was discovered when an unencrypted email was sent from Combat Logistics Regiment 17, located at Camp Pendleton, to administrators of the Defense Travel System.
According to a notification letter sent on May 19th by J. S. McCalmont, the Commanding Officer of Combat Logistics Regiment 17, the unencrypted email sent on May 9th contained various personal information of the affected personnel. This information included their full names, the last four digits of their Social Security numbers, and their contact details such as phone numbers, email addresses, residential addresses, and mailing addresses. Additionally, the breach also exposed the account and routing numbers of the affected personnel’s checking and savings accounts.
Secure individual identities with SSL.com’s advanced Client (Personal) Certificates. Enhance your system’s security with our identity solutions.
Automate Validation and Issuance of Email Signing and Encryption Certificates for Employees
Bulk enrollment is now available for Personal ID+Organization S/MIME Certificates (also known as IV+OV S/MIME), and NAESB Certificates through the SSL.com Bulk Order Tool. Bulk enrollment of Personal ID+Organization S/MIME and NAESB Certificates has the additional requirement of an Enterprise PKI (EPKI) Agreement. An EPKI Agreement allows a single authorized representative of an organization to order, validate, issue, and revoke a high volume of these two types of certificates for other members, thereby enabling a faster turnaround in securing an organization’s data and communication systems.
New Key Storage Requirements for Code Signing CertificatesStarting June 1, 2023, SSL.com’s Organization Validation (OV) and Individual Validation (IV) Code Signing Certificates will only be issued either on Federal Information Processing Standard 140-2 (FIPS 140-2) USB tokens or through our eSigner cloud code signing service. This change is in compliance with the Certificate Authority/Browser (CA/B) Forum’s new key storage requirements to increase security for code signing keys. The previous rule allowed OV and IV code signing certificates to be issued as downloadable files from the internet. Since the new requirements only allow the use of encrypted USB tokens or cloud-based FIPS compliant hardware appliances to store the certificate and private key, it is expected that instances of code signing keys being stolen and misused by malicious actors will be greatly reduced. Click this link to learn more about the SSL.com eSigner cloud code signing solution.