SSL.com

Cybersecurity Roundup May 2023

Critical Lessons from the MCNA Cyberattack: A Tale of Nine Million Breached Records

The recent cyberattack on Managed Care of North America (MCNA), one of the largest dental insurers in the U.S., has served as a stark reminder of the ongoing cybersecurity challenges we face. The breach, perpetrated by the LockBit ransomware group, affected nearly nine million people across the country, revealing both the audacity of modern cybercriminals and the vulnerabilities within even large, seemingly secure organizations.

The extent of the data breach was significant, with the attackers managing to extract about 700 gigabytes of data, including sensitive personal and health information. The breach was conducted by the introduction of malicious code into MCNA’s network system. This comprehensive data set, encompassing everything from names and contact information to social security numbers and specific dental visit details, was published when a $10 million ransom demand was not met.

This incident underscored the interconnectedness of modern data systems; MCNA had to send out breach notifications on behalf of more than 100 organizations, illustrating the far-reaching consequences of a single cyberattack.

SSL.com Response: From our perspective, this breach highlights several critical issues. Firstly, the fact that the attackers were in MCNA’s systems for over a week before being detected underscores the importance of robust monitoring and detection systems. Secondly, the breadth of information compromised in the breach shows how much data can be at risk in a single attack, emphasizing the need for strong data protection measures at all times.  In the MCNA breach, a malicious code was introduced into the company’s network. SSL.com offers products that could detect and prevent such threats. The IT security of a company as big as MNCA would be well to digitally sign each version of code before attempting to implement code updates to their network and systems. This way they can be sure that code files they are sharing with one another have not been tampered with by a malicious actor. Additionally, a supplementary tool to code signing can be very beneficial in combating cases where hackers are able to infect a code being developed. At SSL.com, we have our eSigner Cloud Code Signing service which comes with Malware Scanning – a cutting-edge tool that can detect any malicious code and prevent it from being signed and published, thus protecting the company’s critical infrastructure. 
 
Equip your organization with the right tools for robust cybersecurity. Explore SSL.com’s eSigner Cloud Signing Service to ensure the integrity of your code. 



Expat US Citizen Pleads Guilty to Multi-Million Dollar BEC Fraud 

US citizen Michael Knighten, 58, residing in Brazil, pleaded guilty to a wire fraud scheme causing companies to lose over $3 million. Knighten, under an alias, sent fraudulent emails to companies, including Houston-based Bennu Oil and Gas, directing changes in payment information on vendor invoices. As a result, payments were redirected to Knighten’s accounts. Knighten further misused a relative’s identity to facilitate the fraud. Bennu Oil and Gas uncovered the fraud after a wire transfer of $651,125 to a Portuguese bank account but still sustained a loss of $224,000. As the US Attorney Alamdar S. Hamdani warned, business email compromise scams pose a serious threat to companies and individuals. Knighten, in custody, awaits sentencing on August 31, facing up to 20 years in prison and a maximum fine of $250,000.

 
SSL.com Response: This case underscores the escalating threat of Business Email Compromise (BEC) scams, specifically highlighting the dangers of the fake invoice scheme. In this type of scam, fraudsters, like the individual in this case, send fraudulent emails to businesses, pretending to be their vendors and requesting changes to payment information on invoices. This led to significant financial losses for several companies, with payments being diverted to bank accounts not belonging to the actual vendors.SSL.com emphasizes the importance of secure email communications in mitigating such BEC attacks, as awareness of these tactics is crucial to their prevention. Our Secure Email Certificates, which comply with S/MIME standards, guarantee the authenticity and integrity of communication. If a scammer sends phishing emails, posing as a boss, colleague, or client, and asks for a money transfer, data files, etc., the absence of a digital signature verifying the identity of the sender can serve as an immediate red flag. An S/MIME certificate assures an email recipient that the sender is indeed who they claim to be.  
 
Guard against Business Email Compromise scams with SSL.com’s Secure Email Signing and Encryption Certificates. Assure the authenticity and integrity of your communications.   

 
 

Securing the City of Augusta: Battling Ransomware with Encryption and Integrity 

The ransomware attack on Augusta, Georgia, was confirmed to be the responsibility of a group known as BlackByte. The group, which operates out of Russia and is known for targeting corporate victims worldwide, began its activities in July 2021. BlackByte uses double extortion to force their victims into payment: not only do they encrypt the data and demand a ransom for the decryption key, but they also threaten to publish or sell the stolen data if the ransom is not paid.

On May 21, the city of Augusta began experiencing technical difficulties due to unauthorized access to its system. The city is currently investigating the incident to determine its full impact and to restore functionality to its systems as soon as possible. BlackByte has claimed that they have stolen a large amount of sensitive data from Augusta’s computers and posted a 10GB sample of this data as proof of their breach. This sample was reported to contain payroll information, contact details, personally identifiable information (PII), physical addresses, contracts, and city budget allocation data.

The ransom demanded for deleting the stolen information is reported to be $400,000. BlackByte has also offered to resell the data to interested third parties for $300,000.It’s worth noting that Augusta is not alone in facing such attacks. Other U.S. cities, including Oakland, California, have also been victims of ransomware attacks, leading to significant disruptions in their systems and services.  
 
SSL.com Response: Ransomware attacks, like the one on Augusta, pose a grave risk to organizations and their stakeholders. There’s an urgent need to rethink and strengthen cybersecurity strategies. It’s imperative that sensitive data is encrypted to render it useless to attackers. Regular system backups and updates, along with employee education on cyber threats, are also crucial. Our Client Authentication Certificates protect sensitive sites, applications, and critical infrastructures by restricting access only to authorized entities. This feature can be pivotal in mitigating threats posed by unauthorized access and potential data breaches. .  
 
Secure your critical infrastructure with SSL.com’s Client Authentication Certificates. Restrict access to authorized entities and fortify your defense against unauthorized access. Learn more today.
 
 
 
 

Strengthening Military Data Security: Lessons from Recent U.S. Marine Corps Breach

The U.S. Marine Corps is conducting an investigation into a data breach that occurred on May 12th, which affected approximately 39,000 personnel including Marines, sailors, and civilians working within the Department of Defense. The breach was discovered when an unencrypted email was sent from Combat Logistics Regiment 17, located at Camp Pendleton, to administrators of the Defense Travel System. 

According to a notification letter sent on May 19th by J. S. McCalmont, the Commanding Officer of Combat Logistics Regiment 17, the unencrypted email sent on May 9th contained various personal information of the affected personnel. This information included their full names, the last four digits of their Social Security numbers, and their contact details such as phone numbers, email addresses, residential addresses, and mailing addresses. Additionally, the breach also exposed the account and routing numbers of the affected personnel’s checking and savings accounts. 

 

SSL.com Response: The recent data breach affecting the U.S. Marine Corps underscores the importance of secure data transmission. As a global leader in secure internet solutions, SSL.com can offer crucial countermeasures. For instance, by implementing secure email (S/MIME) certificates, sensitive emails can be encrypted and digitally signed, ensuring data is only accessible to intended recipients. Emails signed with an S/MIME certificate assure that the email sender is who they claim to be. Additionally, transmitted data can be authenticated, maintaining its integrity and proving it hasn’t been tampered with in transit. Moreover, SSL.com’s enterprise-grade PKI platform can be a valuable asset for managing and automating the lifecycle of these certificates, ensuring constant protection. Also, the company’s expertise in providing advanced identity solutions like client (personal) certificates can help secure individual identities in the system. Training is equally essential, and SSL.com provides resources to increase awareness about cybersecurity threats and the importance of secure communication, significantly reducing the risk of such breaches.

Secure individual identities with SSL.com’s advanced Client (Personal) Certificates. Enhance your system’s security with our identity solutions.


SSL.com Announcements


Automate Validation and Issuance of Email Signing and Encryption Certificates for Employees 

Bulk enrollment is now available for Personal ID+Organization S/MIME Certificates (also known as IV+OV S/MIME), and NAESB Certificates through the SSL.com Bulk Order Tool. Bulk enrollment of Personal ID+Organization S/MIME and NAESB Certificates has the additional requirement of an Enterprise PKI (EPKI)  Agreement. An EPKI Agreement allows a single authorized representative of an organization to order, validate, issue, and revoke a high volume of these two types of certificates for other members, thereby enabling a faster turnaround in securing an organization’s data and communication systems.     

New Key Storage Requirements for Code Signing Certificates

Starting June 1, 2023, SSL.com’s Organization Validation (OV) and Individual Validation (IV) Code Signing Certificates will only be issued either on Federal Information Processing Standard 140-2 (FIPS 140-2) USB tokens or through our eSigner cloud code signing service. This change is in compliance with the Certificate Authority/Browser (CA/B) Forum’s new key storage requirements to increase security for code signing keys. The previous rule allowed OV and IV code signing certificates to be issued as downloadable files from the internet. Since the new requirements only allow the use of encrypted USB tokens or cloud-based FIPS compliant hardware appliances to store the certificate and private key, it is expected that instances of code signing keys being stolen and misused by malicious actors will be greatly reduced. Click this link to learn more about the SSL.com eSigner cloud code signing solution. 
Exit mobile version