The DOT Report: Enzo Biochem to Pay $4.5 Million, CISA Issues Warning About Jenkins Vulnerability

The DOT Report covers some of the biggest headlines in the cybersecurity space each and every month, diving into the various cybersecurity tools, processes, and philosophies on display in these very real incidents. These stories give us a chance to evaluate and analyze the capabilities of different cybersecurity measures and see how they’re put into play.

Understanding cybersecurity best practices and operating philosophies is one thing, but putting them into practice and actually executing something like a disaster recovery plan, is an entirely different ballgame. Let's see what we can learn from the cybersecurity headlines this month.

To stay in the loop on everything cybersecurity, subscribe to the DOT Security blog where we cover the latest technologies, best practices, and news stories!

Enzo Biochem to Pay $4.5 Million in Fines

Enzo Biochem, a biotechnology company headquartered in New York, has agreed to a $4.5 million settlement with the states of New York, New Jersey, and Connecticut due to a severe data breach that occurred in April 2023.

This breach compromised the personal and medical information of approximately 2.4 million patients across the three states, with New York alone accounting for nearly 1.5 million of the affected individuals.

The breach was caused by a ransomware attack that exploited significant security weaknesses in Enzo Biochem's systems. The attackers accessed the company's network using two employee login credentials that had administrator privileges. These credentials were shared among five employees, and one had not been updated for over a decade.

The lack of basic cybersecurity measures, such as multi-factor authentication and effective network monitoring for suspicious activity, further exposed the company to the attack. The ransomware attack led to the installation of malicious software on Enzo's systems, which went undetected for several days due to this lack of monitoring.

As such, the attackers were able to steal files containing sensitive patient data, including names, addresses, dates of birth, Social Security numbers, and medical information. All-in-all, the stolen data amounted to about 1.4 terabytes.

In response to the breach, the attorney generals of New York, New Jersey, and Connecticut took legal action against Enzo Biochem. They argued that the company failed to implement necessary cybersecurity measures despite being aware of the risks.

In fact, a prior Health Insurance Portability and Accountability Act (HIPAA) risk assessment conducted in 2021 had already identified these risks and recommended corrective actions, but Enzo Biochem had not acted on these recommendations.

As part of the settlement, Enzo Biochem not only agreed to pay $4.5 million—$2.8 million of which will go to New York—but also committed to enhancing its cybersecurity protocols.

These improvements include implementing a comprehensive information security program, using strong and regularly updated passwords, adopting multi-factor authentication for all user accounts, encrypting all personal data, conducting annual risk assessments, and establishing a robust incident response plan.

This settlement highlights the critical importance of data security in the healthcare sector, as underscored by New York Attorney General Letitia James, who emphasized that healthcare companies must prioritize data security to protect patients from the risks of fraud and identity theft.

CISA Issues Warnings About Jenkins Vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) recently issued an urgent warning about multiple critical vulnerabilities discovered in Jenkins, an open-source automation server used extensively in software development, particularly for continuous integration and continuous delivery pipelines.

These vulnerabilities, if exploited, could allow attackers to execute arbitrary code, elevate their privileges, and potentially take full control of Jenkins servers. Given Jenkins' central role in automating various stages of the software development lifecycle, the exploitation of these vulnerabilities could lead to significant security breaches within affected organizations.

The flaws affect Jenkins core software as well as several plugins that are integral to its operation. These plugins extend Jenkins' capabilities, and vulnerabilities within them can compromise the entire system.

CISA's advisory is part of its ongoing efforts to raise awareness about the security of critical software infrastructure. In this case, the agency emphasized the immediate need for organizations using Jenkins to apply the available patches or security updates provided by the Jenkins community.

The Jenkins project has a history of being targeted by attackers due to its widespread adoption and the critical nature of its role in software development. This makes it a high-value target for cybercriminals, who want to exploit these vulnerabilities to inject malicious code, access internal networks, and compromise the integrity of the software being developed and deployed.

Organizations using Jenkins are advised to not only apply patches but also review their overall security practices. This includes implementing additional layers of security.

CISA’s warning also acts as a general reminder for how important it is to be considering security along every single step of the development journey.

Hackers Behind $14 Million Heist Arrested in Italy

Italian law enforcement recently arrested two hackers linked to the theft of $14 million in cryptocurrency from Holograph, a blockchain technology company. The suspects, identified as a Serbian national and a Ukrainian national, had been living in Italy since the heist, where they attracted attention due to their extravagant spending and luxurious lifestyle.

The heist took place in July 2023 and involved the exploitation of a vulnerability in Holograph's blockchain bridge, which allows for the transfer of assets between different blockchain networks. This exploit enabled the hackers to siphon off a large amount of cryptocurrency undetected.

The funds were initially moved to various cryptocurrency wallets to obscure their origin, but investigators were able to trace the transactions back to the suspects.

During their arrest, authorities seized numerous luxury items, including expensive cars, watches, and large sums of cash, linking the suspects to the stolen funds. This case illustrates the increasing sophistication of cyber-attacks in the cryptocurrency industry, where even companies with advanced security measures can become targets of highly coordinated and technical heists.

The successful apprehension of the suspects was made possible by international cooperation among law enforcement agencies, highlighting the importance of global collaboration in tackling cybercrime, which often crosses national borders.

How Cybercriminals are Exploiting Popular Software Searches

Cybercriminals are increasingly exploiting vulnerabilities in widely-used software, particularly in software libraries like Apache Commons FileUpload, a popular Java library. The vulnerability, identified as CVE-2024-1234, affects the deserialization of data, allowing attackers to execute remote code on the victim's system.

This flaw is particularly dangerous because it can be exploited through various applications that rely on this library for file uploads.

The exploitation process involves sending a specially crafted request to the server that uses the vulnerable library. Once the server processes this request, the attacker gains the ability to execute arbitrary code, which can lead to a complete takeover of the affected server leaving the network completely exposed.

The vulnerability is considered critical due to its wide-ranging impact, as many enterprise applications depend on Apache Commons FileUpload. The security community, including CISA, has urged organizations to update their software to the latest patched versions and to implement additional security measures, such as input validation and network segmentation, to mitigate the risks.

This incident underscores the ongoing challenges in securing software supply chains, where a single vulnerable component can expose numerous systems to significant risks. Organizations are advised to maintain a proactive approach in monitoring and patching their software dependencies to prevent such exploits.

Wrapping Up on Cybersecurity News from August 24’

The stories we covered this month demonstrate just how important it is to prioritize consumer privacy and compliance, why you need proactive security measures that can detect new and evolving threats, the ongoing fight against cybercrime on an international level, and just how quickly new threats can emerge.

By staying on top of the largest news stories in the cybersecurity space, you won’t just be informed, you’ll have a better understanding of the individual components of a comprehensive cybersecurity strategy and how they work together to keep you, your data, and most importantly, your people safe.

Subscribe to the DOT Security blog to get regular updates on the latest technologies, best practices, philosophies, and of course, headlines in the cybersecurity space!