Latest news with #RandyRose
Axios
29-07-2025
- Axios
Ransomware spree looms after SharePoint breach
Ransomware gangs are on the hunt for organizations that have yet to patch their vulnerable Microsoft SharePoint servers. Why it matters: Those could include organizations across the government and sectors including education, health care, transportation, technology and finance, security experts told Axios. State of play: As of Wednesday, more than 400 systems had been actively compromised via the SharePoint zero-day vulnerability, according to researchers at Eye Security. Several federal government agencies — including at the departments of Energy, Homeland Security, and Health and Human Services — have been hacked, likely by groups linked to the Chinese government. Malicious hackers have attempted to break into more than 90 state and local government offices, according to Randy Rose, vice president of security operations and intelligence at the Center for Internet Security, which runs the Multi-State Information Sharing and Analysis Center. Last week, researchers warned that the attackers were also stealing machine keys once they broke in — which would allow them to return even after a vulnerable SharePoint server was patched. Threat level: The new Warlock ransomware gang is actively targeting vulnerable SharePoint servers, Microsoft warned last week. Since emerging in June, the Warlock gang has claimed responsibility for attacking 19 victims across the government, finance, manufacturing, technology and consumer goods sectors, according to security firm Halcyon. The group is believed to be a descendent of the Black Basta gang, which was known for hacking more than 500 organizations globally, per U.S. authorities. Zoom out: Ransomware is the most pressing long-tail cyber threat for organizations to be concerned about, Rafe Pilling, director of threat intelligence at Sophos' Counter Threat Unit, told Axios. So far, Sophos hasn't seen any active ransomware attacks tied to the SharePoint vulnerability, but Pilling said it's only a matter of time. "No doubt, there will be people that don't patch, and we will continue to see this pop up as an entry point down the line," Pilling said. The big picture: Ransomware gangs routinely adopt newly discovered zero-day vulnerabilities to gain access to corporate networks. In 2021, ProxyShell — a trio of critical vulnerabilities in Microsoft Exchange Server — was discovered by security researchers and patched by Microsoft. But before many organizations updated their systems, the flaws were exploited first by espionage-focused hackers and then by opportunistic ransomware gangs. Within weeks, several groups had used the vulnerabilities to breach at least a thousand organizations. The incident demonstrated how quickly ransomware operators can weaponize publicly disclosed vulnerabilities. While the initial wave subsided after widespread patching, there have still been attacks reported years later. Reality check: Pilling said that the SharePoint attacks will likely be less detrimental than ProxyShell and similar incidents but that companies are still at risk if they haven't patched. Between the lines: These types of complex, multistage hacks are becoming the norm, Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told Axios. The SharePoint hacks are the result of attackers stringing together two vulnerabilities that, on their own, "weren't that big of a deal, " Steinhauer said. "Attackers know that they're not as prioritized and that we're all already trying to patch so many vulnerabilities that we have to prioritize," he said. "They're gaming the system." What to watch: Ransomware gangs are likely to try targeting vulnerable, unpatched SharePoint servers for months to come.
New York Post
12-05-2025
- New York Post
Long Island school districts breached by cyber hackers — thousands of students' records exposed in alarming trend
More than 20 school districts across Long Island were hit by cyber hackers leaving more than 10,000 students' records and personal info vulnerable to criminals, state education records revealed. The widespread data breaches and digital intrusions — 28 Long Island incidents were self-reported to the state last year — have cybersecurity experts sounding the alarm about schools nationwide increasingly becoming targets for identity thieves, ransomware gangs and data extortionists. Districts with lower operating budgets are even more at risk, according to experts. More than 20 school districts in Long Island were hit with cyberattacks last year, according to state education records. Gorodenkoff – 'Schools have an incredibly rich amount of data,' Randy Rose, vice president of security operations at the Center for Internet Security told Newsday. 'People think it's just grades — but it's personal information, sometimes financial information. 'There's data associated with kids that are in need. Data on kids that are in afterschool programs.' Some of the intrusions on Long Island were minor — a student who was caught snooping on a classmate's grades — but others were much more concerning. Third-party breaches compromised the personal records of more than 6,000 students in Great Neck, another 1,000 Smithtown, as well as nearly 2,400 in Brentwood and Hewlett-Woodmere combined, according to state education records. Hackers even infiltrated software systems used by schools across the US, including major safety and security platform Raptor Technologies, which impacted at least seven Long Island districts, education records show. The attacks left more than 10,000 students' records and personal info vulnerable to criminals. CarlosBarquero – Michael Nizich, an adjunct associate professor of computer science at the New York Institute of Technology, said the level of regularly updated cybersecurity prevention necessary to adequately protect school districts is 'just not going to be feasible' economically. 'I think what you're seeing is that these school districts are now becoming targets because of the value of data that criminals are starting to find,' Nizich told Newsday. But it's not always the firewall that fails. Oftentimes breaches boil down to human error, as cybersecurity investments only go so far without proper training. Start and end your day informed with our newsletters Morning Report and Evening Update: Your source for today's top stories Thanks for signing up! Enter your email address Please provide a valid email address. By clicking above you agree to the Terms of Use and Privacy Policy. Never miss a story. Check out more newsletters About 45% of the time, hackers weren't exploiting technical flaws, but instead human behavior, according to an investigation by Newsday — pointing to phishing emails, fake login pages and malware disguised as digital ads. And the real-world impacts on districts can be devastating, as cyber incidents can derail afterschool initiatives, delay lunch programs, disrupt statewide testing — even freeze entire school operations, Rose explained. For students, the possible 'real life consequences' can be even more dire — derailing credit scores and impacting their ability to apply for loans and credit cards. 'When it comes time to go to college or get their first bank account, credit card, they're unable to,' Rose told Newsday. The new state budget just added record funding into public education, including an additional $270 million for Long Island, although each individual district will decide how the money gets spent.
