Cyber Security Headlines: FAA system failure, Royal Mail cyber incident, police app leaks ops data

FAA system failure delays flights

The US Federal Aviation Administration posted an advisory warning that its United States Notice to Air Missions system “failed,” resulting in estimated flight delays and cancellations impacting hundreds of flights. The NOTAM sends notices of essential information for personnel handling flight operations that isn’t known far enough in advance to be sent by other methods.  As a result, the advisory said it ordered airlines to pause all domestic departures until 9am ET on January 11th in order to “validate the integrity of flight and safety information.” The FAA said its investigating the cause of the issue, the White House press secretary said “there is no evidence of a cyberattack at this point.” The FAA subsequently confirmed it lifted the ground band just before 9am, with flights gradually resuming. Mandiant VP John Hultquist said a cyberattack on the system seemed unlikely, saying the failure likely came from cascading failures across increasingly complex interdependent systems. 

(Reuters)

Royal Mail hit by “cyber incident” 

The UK’s leading mail delivery service said the incident caused a “severe service disruption” resulting in the carrier halting international shipping. Domestic UK delivery and collection service remains operational. Import operations also remain in service, although it cautioned the incident may cause delays. It said it launched an investigation in partnership with external experts. This marks the second major outage for Royal Mail in the last few months, following a 24 outage of its tracking service back in November. 

(Bleeping Computer)

Police app leaked operations data

Police use the app SweepWizard from ODIN Intelligence to coordinate raids across agencies. However a new report from Wired discovered that app leaked confidential details about hundreds of operations over multiple years. The publication received a tip that the app’s APU would retrieve confidential information when using a specific URL. This includes personally identifiable information about officers and over 5700 suspects, including addresses, contact information, and Social Security numbers in about 1000 instances. Security experts believe a configuration error caused the leaked data. When contacted by Wired, the Los Angelese Police Department said it suspended use of the app until it completes an investigation. ODIN Intelligence also took down its app from mobile app stores while it investigates the issue. 

(Wired)

Binance amidst flaws in stablecoin backing

The world’s largest crypto exchange disclosed errors in it’s stablecoin reserves, with analysts estimating at times it missed its collateral obligations by over $1 billion. This token, BUSD, is branded by Binance but issued and managed by a third-party, Paxos Trust. A Binance spokesperson framed the missed collateral as part of “operational delays,” but claimed “enhanced discrepancy checks” now ensure it backs the token 1:1. It’s unclear how long the token remained undercollateralized but Binance said it did not impact redemptions for users. Analyst data seen by Bloomberg found that the BUSD token often remain undercollateralized between 2020 and 2021. 

(Bloomberg)

And now a word from our sponsor, AppOmni 

Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. 
With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.

The Guardian confirms ransomware attack

The British newspaper confirmed the attack dating back to December, saying that threat actors accessed the personal data of UK-based staff. In a memo to staff, Guardian management said the “highly sophisticated” attack involved third-party access to its network, likely through phishing messages that resulted in installing malware. It does not believe attackers accessed personal information on US and Australian staff or any readers and subscribers. The paper delayed a return to office work in the UK until early February to allow IT staff to focus on network restoration, with some critical systems expected back up “within the next two weeks.” 

(The Guardian)

Cloud-based malware triples in 2022

This finding comes from a report from Netskope Threat Research. It found that over 400 unique cloud applications delivered malware in the year, three times the amount seen in 2021. It also noted that 30% of all cloud malware downloads originated from Microsoft’s OneDrive, followed by Weebly and GitHub. Netskope correlates the rise in cloud malware to the overall increase in regular cloud usage in organizations, with 25% of global users uploading data daily to OneDrive. The report found Australia saw the biggest growth in cloud malware compared to web-delivered malware, while the telecom sector saw the biggest increase. 

(Dark Reading)

California says digital IDs are coming 

As part of California’s budget proposal for 2023 and 2024, governor Gavin Newsom said that “in a matter of months” people will be able to “get your driver’s license on a digital wallet.” Newsom offered no other details than to say it would be “next level.” While Apple has led the charge for digital IDs, California is not on the company’s list of states committed to supporting storing digital IDs in Apple Wallet. Right now the feature is available on Apple Wallet in Colorado, Arizona, and Maryland, with nine other states in testing, including Connecticut, Georgia, Hawaii, Iowa, Kentucky, Mississippi, Ohio, Oklahoma, and Utah. 

(9to5Mac)

Did ransomware attacks decrease in 2022? 

It seems like we cover ransomware attacks with increasingly frequency here on Cyber Security Headlines. But the 2022 State of Ransomware Report from Delinea makes the argument that attacks decreased last year. It surveyed 300 US-based organizations, finding that 25% experienced ransomware attacks in the year, down from 64% in 2021. Organizations paying a ransom also decline, down from 82% to 68% in 2022. This seems to correlate to a decrease in budget for ransomware. 68% of those surveyed said they allocated a budget for ransomware protection in 2022, down from 93% a year before, while organizations with ransomware incident response plans decreased from 94% to 71%. 

(Security Magazine)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.