Major Cyber Attack at OMV Vendor, Louisianans Should Act Urgently to Protect Their Identities

June 15, 2023

BATON ROUGE, La. – Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses and organizations to be affected by the unprecedented MOVEit data breach.

MOVEit is an industry-leading third party data transfer service used to send large files. It is widely used across the country and around the world, and reports are rapidly emerging of newly discovered exposures of sensitive data in this major international cyber attack.

There is no indication at this time that cyber attackers who breached MOVEit have sold, used, shared or released the OMV data obtained from the MOVEit attack. The cyber attackers have not contacted state government. But all Louisianans should take immediate steps to safeguard their identity.

OMV believes that all Louisianans with a state-issued driver’s license, ID, or car registration have likely had the following data exposed to the cyber attackers:

  • Name
  • Address
  • Social Security Number
  • Birthdate
  • Height
  • Eye Color
  • Driver’s License Number
  • Vehicle Registration Information
  • Handicap Placard Information

Gov. John Bel Edwards met with the Unified Command Group at 11 a.m. Thursday to be briefed on the incident, where he instructed the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), Office of Motor Vehicles (OMV), Louisiana State Police (LSP), and the Office of Technology Services (OTS) to act to inform Louisianans of the breach and their best next steps as soon as possible.

We recommend all Louisianans take the following steps immediately:

  1. Prevent Unauthorized New Account Openings or Loans and Monitor Your Credit

Individuals can freeze and unfreeze their credit for free, which stops others from opening new accounts and borrowing money in your name. Freezing your credit does not prevent the use of any existing credit cards or bank accounts. Freezing your credit may be done quickly online or by contacting the three major credit bureaus by phone:

Experian
1-888-397-3742
www.experian.com/freeze
Equifax
1-800-685-1111
www.equifax.com/personal/credit-report-services/credit-freeze/
TransUnion
(888) 909-8872
www.transunion.com/credit-freeze 

Please also request and review your credit report from these agencies to look for suspicious activity.

  1. Change All Passwords

As an additional precaution, consider changing all passwords for online accounts (examples: banking, social media, and healthcare portals) in the event your personal data was used to access these accounts. Utilize multi-factor authentication when able. Learn more about password protection at www.CISA.gov.

  1. Protect Your Tax Refund and Returns with the Internal Revenue Service

To prevent someone else from filing returns or receiving your federal tax refund, request an “Identity Protection Pin” from the Internal Revenue Service by signing up at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin or calling the IRS at 1-800-829-1040. 

  1. Check your Social Security Benefits

All individuals who are eligible, applied for, and/or are receiving social security benefits (including disability), please consider registering for a ssa.gov account at https://www.ssa.gov/myaccount/ to stop others from stealing your benefits. If you suspect Social Security fraud, call the Office of Inspector General hotline at 1-800-269-0271, Social Security Administration at 1-800-772-1213 or file a complaint online at oig.ssa.gov.

  1. Report Suspected Identity Theft

If you suspect any abnormal activity involving your data, including financial information, contact the Federal Trade Commission at 1-877-FTC-HELP or visit www.ReportFraud.FTC.gov immediately.

The State of Louisiana will be issuing additional information in the coming days. Additional tips on protecting your data and identity can be found at nextsteps.la.gov and www.IdentityTheft.gov.

GOHSEP Director Casey Tingle will hold a press conference 6/16/23 at 10:30 a.m. to take media questions.

10:30 a.m. – Press Conference
GOHSEP Press Room
7667 Independence Blvd.
Baton Rouge, LA 70806

CISA Urges Increased Vigilance One Year After Russia’s Invasion of Ukraine

CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia’s 2022 invasion of Ukraine. CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat.

In response to the heightened geopolitical tensions resulting from Russia’s full-scale invasion of Ukraine, CISA maintains public cybersecurity resources, including Shields Up—a one-stop webpage that provides resources to increase organizational vigilance and keep the public informed about current cybersecurity threats. CISA recommends that all organizations review and consider implementing the below guidance:

Cybersecurity for Small Business Webinar – Hosted by LABEOC & Partners

October is Cybersecurity Awareness Month!

The session is open to small and medium-sized businesses that are interested in an introduction to cybersecurity concepts. If you own a small business, don’t miss this webinar about what you can do to ramp up your cybersecurity efforts.

Register here

Speaker Bio

Mr. Tannehill is the manager of the Trust & Safety team at Lumen Technologies. He is very passionate about cybersecurity.

As a retired US Air Force veteran, he works full time as an Information Security (InfoSec) leader with 24 years of progressive experience. His education includes an Associate’s degree in Information Systems Technology from the Community College of the Air Force. Mr. Tannehill has numerous IT industry standard certifications including CCNA, Project+, GSEC, CEH, as well as, CISSP (which remains in good standing).

Special thanks to our sponsors for creating this event as part of Cybersecurity Awareness Month.

NIMSAT InstituteLouisiana Business Emergency Operations CenterLouisiana Procurement Technical Assistance Center

View Flyer – Small Business Cyber 10.24.22 (2)

The LABEOC is a #CybersecurityAwarenessMonth 2021 Champion!

We’re doing our part and committed to #BeCyberSmart – are you? staysafeonline.org/cybersecurity-awareness-month/champions/

A Simple First Step to Better Cybersecurity

It seems like every day we hear something in the news about cyber security, hacking, scams, or some other scary digital life term.  What is a small to medium sized business owner to do?  How do I protect what I have built or plan to build without spending lots of money hiring an IT professional or IT company to protect my assets?

I like to think of the ancient Chinese philosopher Lao Tzu’s quote, “The Journey of a thousand miles begins with the first step.”  For your business’s cyber security, it begins with a simple first step.  Change your system or computer’s default login and password.  Two friends that work in the IT industry told me a company can reduce it’s chances of cyber-attack by more than 50% if they just changed their admin passwords on their systems.   The majority of small to medium sized businesses default system administrator passwords has not been changed from:

LOGIN: admin

PASSWORD: password

or some variation of this combination.  I know it’s hard to remember all of these logins.  There’s the social media account password and the email system password, and string of other logins that a person has to remember.  This simple step can start your journey.

Consider this analogy, you wouldn’t leave the key in the door to your business when you left at night would you?  Would you leave the keys to your work truck/car in the ignition, unlocked overnight would you?  So if you would take the simple steps to safeguard physical things your business uses every day, why not take the same steps to protect the digital aspects of your business?

So if you are ready to begin this journey here are some recommendations:

  1. Change the default password on your system (admin/password)
  2. Use passwords that are 12 characters or more
  3. Separate your business passwords from your personal passwords
  4. When available, turn on two-factor authentication
  5. It’s ok to physically write your password down for reference

If you will take any of these steps, you have begun your journey to digitally safeguarding your business.

What is Doxing?

We have all heard the term doxing before, but what does it really mean? Why is it important to me?

Doxing refers to the internet-based practice of gathering an individual’s personally identifiable information (PII)—or an organization’s sensitive information— from open source or compromised material and publishing it online for malicious purposes.

Although doxing can be carried out by anyone with the ability to query and combine publicly available information, it is often attributed to nefarious actors, hacktivists, and extremists. Doxers compile sensitive information from compromises of personal and professional accounts and a wide range of publicly available data sources to craft invasive profiles of targets, which are then published online with the intent to harm, harass, or intimidate victims (CISA, 2021).

Organizations may be targets of doxing due to their stance on a particular issue, involvement in a certain industry, related organization policies, or grievances. Doxing attacks targeting senior leaders of an organization, often serve as “reputation attacks” and could lead to activities seeking to embarrass, harass, or undermine confidence. Incidents of doxing that target individuals often serve to harass, intimidate, or inflict financial damages, and can potentially escalate to physical violence (CISA, 2021).

Most businesses compile databases that contain personal information, whether suppliers, customers, or employees. Almost everyone, individuals and businesses has a presence on social media. Any of these databases can be breached and personal information gathered for use in doxing.

As you can see doxing can be and is dangerous.  How do you better protect yourself from doxing:

  • Limit what you share on social media.
  • Maximize the privacy and security settings on social media sites.
  • Remain vigilant of phishing attacks.
  • Make sure that all operating system software (i.e. windows) is updated.
  • Delete any apps that you do not use. This reduces the ability for hackers to get in through a rarely used door.

If you become a victim of doxing, take these steps

  1. Contact law enforcement, local first, then move up the chain to the FBIs Internet Crime Complaint Center (IC3).
  2. Determine what information was leaked and how it was compromised.
  3. Delete the information from the source of the leak.
  4. Monitor signs of identity theft through financial institutions, unsolicited password changes, etc.

Works Cited

CISA. (2021, August). MITIGATING THE IMPACTS OF DOXING ON CRITICAL INFRASTRUCTURE. Retrieved from http://www.cisa.gov: https://www.cisa.gov/publication/mitigating-impacts-doxing-critical-infrastructure

 

 

What is Phishing?

Louisiana is the “Sportsman Paradise”.  Here we love to hunt and love to fish.  Ask any Louisiana angler about it and they can talk for hours on baits, rods and reels, and the best spots (but not their best spot).  But what do we know about phishing or spear phishing?  And no this is not the “cajunized” spelling of one of our favorite pastimes, these are real threats to companies and individuals alike.

We have all experienced phishing is one form or another.  The most detestable is the robo-calls the we have all received at one point or another.  A mass automatic contact trying to get some unsuspecting individual to answer the phone and buy their bogus car warranty.  The other more nefarious form is in the mass emails that go out every day, trying to get you to reset your Facebook or Instagram password.  The links in these emails are 99.99% fraudulent.  It is easy to tell with just a little bit of work, even for the unenlightened iPhone user.  Click the “company” that sent that email, and it will turn blue (like a contact).  Click it again and it will show you the email address that it came from.  No it’s not the Nigerian Prince of the 1990s fame, but probably a distant relative.  If you are unsure in this phishing attack, go to the app or the website the email is claiming to be from, and change your password there.  There is never any harm in doing a password change, other than having to go through all of your devices, in fact it will probably do some good (like taking a multi-vitamin).  Knowledge is power, don’t be a phish.

Spear phishing is similar to regular phishing, in that it is an unsolicited email, but this time it is not part of a mass email campaign, it is “targeted” to an individual.  With all of the data breaches that have happened over the last 5 years, it would be naïve to think that you are not on some nefarious actor’s radar.  This is especially true as people “move up” the corporate ladder.  Once it becomes public knowledge (Twitter, Facebook, LinkedIn…) then they also move up on the radar of people that want gain access to them and the systems they use.  Now I’m not advocating against making announcements I’ve done it myself), but what I am saying is that as your responsibility at work increases, so too does the awareness of spear phishing attacks.

In the vein of “Truth in lending”, I’m not an IT professional, nor have I received any IT certifications.  These are just my uncommon sense recommendations to everyday computer users.

  1. Never click a link in an email. Go to the app/website to do your business / change your password / update your account settings etc…
  2. Stop signing up for everyone’s email lists. If there is a sale at the company that you regularly shop online, you will know about it.
  3. If the “deal” in the email is too good to be true, it probably is and the lost time (and money) trying to recover from a phish is not worth the savings.
  4. Saving passwords in web browsers makes life simple, recovering from being a phish is hard. Make your choices wisely.
  5. If you don’t know the person that sent the email, just delete it.
  6. Really manage your “friend” requests. Having a lot of “followers” just increases your odds of being the “phish”
  7. “Cool things you never knew about….” or similar slide shows are the entrance to rabbit holes that can lead to you being a phish.
  8. Never take a survey related to the slide shows above. They are phishing traps (usually).

I have developed these rules after watching things happen in my own house, emails accounts get hacked, Instagram accounts stolen, etc.  These rules won’t prevent you from being a phish, but if you know what bait they are phishing with, then you can avoid the possibility of being a phish.

CISA HOSTS VIRTUAL INDUSTRY DAY AUGUST 5

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) will host a virtual Industry Day on August 05, 2021 from 10:00AM to 4:00PM EST.

CISA is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.  The threats we face—digital and physical, man-made, technological, and natural—are more complex, and the threat actors more diverse, than at any point in our history. CISA is at the heart of mobilizing a collective defense as we lead the Nation’s efforts to understand and manage risk to our critical infrastructure.  Our partners in this mission span the public and private sectors. Programs and services we provide are driven by our comprehensive understanding of the risk environment and the corresponding needs identified by our stakeholders. We seek to help organizations better manage risk and increase resilience using all available resources, whether provided by the Federal Government, commercial vendors, or their own capabilities.

In its ongoing efforts to engage closely with industry, CISA’s Industry Day will provide insight into CISA’s current and future challenges, as well as, provide presentations regarding:

  • Software vulnerability collaboration
  • Next Generation Network Priority Services
  • Risk architecture and cyber risk reduction
  • Supply Chain
  • Public/private partnership efforts on 5G Security and Resilience
  • Building Long-Term Analytic Capability
  • Machine Learning and Large-Scale Analytics
  • Zero-Trust Architecture (ZTA)
  • Digital Twin

WHO SHOULD ATTEND:

Large and small companies interested in contracting and opportunities to collaborate/partner with CISA to accomplish its mission.

DISCLAIMER:

This notice shall not be construed as a request for proposals, request for quotes, or follow-up acquisition of any type. CISA will not assume liability for costs incurred by attendees or for preparations, travel expenses or marketing efforts; therefore, vendors’ expenses in response to this notice are not considered an allowable direct charge to the Government.

REGISTRATION:

CISA’s Industry Day may be accessed via the link below.

https://share.dhs.gov/fy21cisaindustryday/ 

QUESTIONS:

Questions regarding Industry Day may be submitted to CISA Vendor Engagement at: cisavendorengagement@cisa.dhs.gov

CISA ISSUES EMERGENCY DIRECTIVE REQUIRING FEDERAL AGENCIES TO MITIGATE WINDOWS PRINT SPOOLER SERVICE VULNERABILITY

CISA Encourages All Organizations to Take Steps to Protect their Networks

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 21-04 today to mitigate a Microsoft Windows print spooler service vulnerability CVE-2021-34527 being actively exploited. Federal civilian agencies are required to immediately disable the print spooler service on Microsoft Active Directory Domain Controllers, apply the Microsoft July 2021 cumulative updates, and make additional configuration changes to all Microsoft Windows servers and workstations within one week.

Exploitation of the vulnerability allows an attacker to remotely execute code with system level privileges, enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization.

The emergency directive is in response to validated active exploitations. CISA is concerned that exploitation of this vulnerability may lead to full system compromise of affected agency networks if left unmitigated.

“Since this exploitation was identified, CISA has been engaged with Microsoft and federal civilian agencies to assess potential risk to federal agencies and critical infrastructure,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “CISA’s mission is to protect the nation against cybersecurity threats, and this directive reflects our determination to require emergency action for exploitations that pose an unacceptable risk to the federal civilian enterprise. We will continue to actively monitor exploitation of this vulnerability and provide additional guidance, as appropriate.”

Although only directed to federal agencies, CISA encourages public and private sector organizations to review our directive and consider similar steps to mitigate this vulnerability and avoid being exploited by malicious cyber actors.

Read the full Emergency Directive (ED) 21-04.

DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators

Release Date:

July 20, 2021

Transportation Security Administration issues second Security Directive

WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions.

“The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security. Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”

The Department’s Cybersecurity and Infrastructure Security Agency (CISA) advised TSA on cybersecurity threats to the pipeline industry, as well as technical countermeasures to prevent those threats, during the development of this second Security Directive.  This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review.

This is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline.  The May 2021 Security Directive requires critical pipeline owners and operators to (1) report confirmed and potential cybersecurity incidents to CISA; (2) designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week; (3) review current practices; and, (4) identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

Since 2001, TSA has worked closely with pipeline owners and operators, as well as its partners across the federal government, to enhance the physical security preparedness of U.S. hazardous liquid and natural gas pipeline systems.  TSA works closely with CISA, the nation’s lead agency for protecting critical infrastructure against cybersecurity threats, to execute this mission.

Senate confirms Jen Easterly as head of U.S. cyber agency

July 12, 2021

The Senate on Monday confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency, filling an eight-month leadership void at the top of an agency struggling to address widespread digital weaknesses inside the government and across the country.

Lawmakers unanimously installed Easterly, a former senior NSA and White House counterterrorism and cyber official, as the second person to officially lead CISA, a roughly 2,500-person DHS agency responsible for protecting federal networks and offering security advice to critical infrastructure operators, small businesses and local governments.

Easterly will face a complex suite of problems in her new post. CISA, formed in 2018 from DHS’ cyber wing, is struggling to fulfill its vast mission of defending the country’s physical and digital infrastructure. It has had trouble mustering enough personnel and resources to comprehensively monitor federal computer systems and conduct regular security inspections of vital infrastructure facilities, and recent legislation has given it new responsibilities. Meanwhile, high-profile cyberattacks — including the SolarWinds espionage campaign and the Colonial Pipeline, JBS and Kaseya ransomware attacks — have placed significant strain on the agency, prompting calls for major increases in its budget.

Lawmakers recently gave CISA with new authorities, including the ability to proactively hunt for intrusions on other agencies’ networks, and Congress is considering an even bigger expansion of its mission in a bill mandating that companies report cyberattacks to the government.

It will be up to Easterly to determine how to triage CISA’s resources between its various missions, implement new congressional mandates and reassure worried staffers. She will also need to oversee the agency’s ambitious transformation of its federal security efforts in the wake of the SolarWinds compromises. CISA has committed to improving its intrusion-detection systems by deploying more sensors inside other agencies’ networks and developing better analytical capabilities.

Easterly will also have to raise CISA’s public profile and reinforce its reputation as a trusted partner. Many companies are reluctant to share data with CISA after being hacked, fearing public exposure or regulatory headaches. The Colonial incident highlighted these problems — the pipeline operator called the FBI rather than CISA, took several days to share key data with CISA and kept the agency in the dark about basic aspects of the incident, such as the ransom payment that the company made to the hackers.

Digital security experts and former national security officials have said Easterly’s long record of military and intelligence work makes her the person to solve these problems.

At her confirmation hearing, she was introduced by a Republican congressman, Mike Gallagher of Wisconsin, who co-chairs the congressionally chartered Cyberspace Solarium Commission.

“Jen Easterly’s qualifications are well above and beyond those stipulated by the law,” said Gallagher, whose panel’s recommendations for improving CISA have largely been enacted. “Her background is incredible.”

At the NSA, Easterly worked in the elite hacking unit known as Tailored Access Operations, led the Army’s information warfare battalion and served as a cyber adviser to NATO forces in Afghanistan. In 2009, she was one of four officials tasked with establishing U.S. Cyber Command, the military unit that works closely with the NSA to disrupt adversaries’ computer networks. She later spent more than two years as the No. 2 official in the NSA’s counterterrorism division, followed by three years as a special assistant to the president and senior director for counterterrorism at the National Security Council under former President Barack Obama.

In her most recent role, as head of resilience for Morgan Stanley, Easterly witnessed firsthand how U.S. businesses have dealt with an increasing barrage of cyberattacks. The connections and experience that she developed working for the financial services giant may aid Easterly as she takes the helm of CISA.

Despite being an uncontroversial nominee, Easterly had a slightly bumpy path to confirmation.

Senate Democrats tried on June 23 to confirm Easterly by unanimous consent, but Sen. Rick Scott (R-Fla.) objected, fulfilling an earlier promise to place holds on all of Biden’s DHS nominees until the president visited the U.S.–Mexico border.

Scott released his hold after Vice President Kamala Harris visited the border on June 25.

Politico.com