Hackers Target Los Angeles School District With Ransomware

Advertisement

Russia’s full-scale invasion of Ukraine hasn’t gone to Vladimir Putin’s plan: Its troops have suffered devastating losses, failed to capture key Ukrainian cities, and been pushed back toward Russia. However, domestically, the Kremlin has succeeded in further suppressing its citizens—including blocking independent news media and other access to impartial information. Now, a new tool lets people in Russia access websites the Kremlin has blocked, giving them access to news that’s not dictated by the state’s propaganda machine.

The Biden administration is reportedly readying itself to take action against TikTok, following years of suggestions that the Chinese-owned app is a threat to national security. This week we looked at the problem with TikTok: that lawmakers can’t decide on what threat, if any, the app really poses.

Elsewhere, Apple revealed the new iPhone 14. Alongside this, it announced that iOS 16 will be available for people to download from September 12. This means Apple’s new passkey technology, which eliminates the need for passwords, will be available to millions of people. Here’s everything you need to know about Apple’s passkeys.

But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

With more than 400,000 students ranging from kindergarten to 12th grade, the Los Angeles Unified School District is one of the largest school districts in the US. On September 6, the district became the latest to be targeted by ransomware. In a statement published online, the district’s administrators said it had detected “unusual activity” within its networks, saying it had been targeted by ransomware; despite the attack, students have been able to attend school.

Advertisement

The attack prompted a large response from officials, with the FBI and Department of Homeland Security assisting local law enforcement. Students and staff have lost access to their email systems, local reports say. It is also unclear, according to reports

Advertisement
, whether students’ information, including disciplinary records and assessments, was accessed by the attackers. The school district says that students and employees must reset their passwords to their school accounts while physically attending school district sites. “The District has staggered password reset access to minimize congestion from simultaneous users accessing the website,” officials said in a statement.

The Vice Society ransomware group has claimed responsibility for the attack. Following the incident, the Cybersecurity and Infrastructure Security Agency (CISA) and other partners published a warning about Vice Society, saying it has been “disproportionately targeting the education sector.” The Los Angeles attack is the latest against educational institutions: According to a report by security firm Sophos based on a survey of 499 respondents, 56 percent of lower education and 64 percent of higher education organizations were hit by ransomware in the past year, a “considerable increase” from the previous year.

Back in July, the government websites of Albania were knocked offline. Last month, security company Mandiant researchers revealed that Iranian hackers, working on behalf of Tehran, were likely to be behind the attacks, which took out public services for hours. “These are disruptive attacks, which affect the lives of everyday Albanians who live within the NATO alliance,” John Hultquist, Mandiant’s vice president of intelligence, told WIRED when it published its findings.

This week, the government of Albanian took the unprecedented step to cut diplomatic ties with Iran, accusing it of launching the cyberattack. The country also ordered Iranian embassy staff to leave the country. “The deep investigation put at our disposal undeniable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran which had involved four groups for the attack on Albania,” prime minister Edi Rama said in a statement. (Microsoft conducted the investigation for the Albanian government.)

While Iran denies the attack, the US National Security Council also said it concluded Iran was behind the attack. In a further response, the US Department of the Treasury’s Office of Foreign Assets Control sanctioned Iran’s Ministry of Intelligence and Security and minister for intelligence. “Iran’s cyberattack against Albania disregards norms of responsible peacetime State behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public,” said Brian Nelson, the undersecretary of the Treasury for Terrorism and Financial Intelligence.

At the end of February, the Conti ransomware gang pledged its support for Vladimir Putin’s war in Ukraine. Almost immediately after, a security researcher who had infiltrated the cybercrime group leaked thousands of its chat messages, revealing Conti’s secrets. The move contributed to the downfall of the group. This week, Google’s Threat Analysis Group (TAG) revealed it is seeing an “increasing number” of financially motivated cybercriminals targeting Ukraine, including “former members of the Conti cybercrime group.” The former Conti members are part of a group tracked as UAC-0098, which has been acting as an initial access broker. Its phishing operations have included impersonating Ukraine’s national cyber police. Google’s researchers say UAC-0098’s hacking shows “blurring lines between financially motivated and government-backed groups in Eastern Europe.”

At the start of this week, alarming claims started circulating online: A group on the Breach Forums message board claimed to have 2 billion data records from a billion TikTok users. The group, AgainstTheWest, said it was considering selling the data or releasing it to the public, and also claimed to have data from messaging service WeChat. It posted two samples of the alleged TikTok data and some details of the claimed database. However, the claims that TikTok was hacked, despite being widely reported, don’t appear to be the case. Initial analysis of the data seems to indicate the information was all public, and any data potentially came from a database owned by a third party. A TikTok spokesperson said the data was “all publicly accessible” and its systems had not been compromised. The owner of Breach Forums ultimately suspended AgainstTheWest for “lying” or not investigating its own “outrageous claims.”

In the four years since Europe introduced its GDPR regulation, enforcement has been slow. Some GDPR complaints, particularly against Big Tech, have taken years to resolve, frustrating civil society groups, data regulators, and privacy activists. However, GDPR’s enforcement is slowly rolling into action. This week, the Irish Data Protection Commission, one of Europe’s lead regulators, hit Meta’s Instagram with a $402 million fine for allegedly not properly protecting children’s data. According to the regulator, which is yet to publish its full decision, the fine relates to children being able to open business accounts on Instagram, which then published their phone number or email address on their profile. Meta, which plans to appeal the fine, changed the settings after the Irish investigation was opened.

Advertisement