Cyber incidents, possibly by Anonymous, accompany US unrest. Data breach at Amtrak. More port scanning found. COVID-19 lessons.
Minnesota's chief information officer Tarek Tomes said yesterday that the state's Security Operations Center "is defending against distributed denial-of-service (DDOS) cyber-attacks aimed at overloading state information systems and networks to tip them offline," the Twin Cities Pioneer Press reports. He added that the state had succeeded in preventing disruption of operations.
There have been many claims that the attacks represent an online Anonymous operation in sympathy designed to punish Minnesota for the death of George Floyd in police custody, a death that's provoked widespread protest and rioting. Many of the reports in social media claim that Anonymous is releasing email addresses and passwords from the Minneapolis Police Department. But that seems, researcher Troy Hunt says, to be almost surely false. The email addresses and passwords displayed as evidence seem to come from older breaches, and from such online resources as Have I Been Pwned. Civil unrest will certainly continue, however, to manifest itself in cyberspace, through hacking, disinformation, doxing, and denial-of-service.
Amtrak, the US National Railroad Passenger Corporation, has disclosed a data breach that affects Amtrak Guest Rewards Accounts. BleepingComputer reports that Amtrak believes "no financial data, credit card info, or Social Security numbers" were compromised, and the railroad says that the incident was quickly contained.
Last week eBay was found port scanning computers of users visiting their site. BleepingComputer looked at other prominent sites and determined that eBay isn't alone: Citibank, TD Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect, TIAA-CREF, Sky, GumTree, and WePay are port scanning, too.
Gloss