09 April 2021
The Regional Municipality of Durham in Ontario was the target of a cyber criminal group. The systems have been secured, but the extent of the data breach is still unknown.
We contacted the administration of the municipality after a ransomware gang announced the attack on their leak site hosted on the dark web. The Corporate Communications service confirmed that they “recently became aware of a cybersecurity incident related to software provided by a third-party service provider.” According to the statement we received, the incident did not impact the Region’s core IT systems.
The Regional Municipality says that they have contacted the relevant authorities. Their experts are investigating the matter to “determine the information that may be involved and the impact of this incident.” The Municipality states that the vulnerability has been patched and that their systems have been secured.
The ransomware gang published screenshots of confidential information on their site. The spokesperson for Durham did not confirm if these were authentic. They show spreadsheets with names and phone numbers and, more troubling, ambulance reports.
The group involved in this cyber attack was responsible for alleged data breaches involving universities in the United States in the last months. They have been very active in exploiting the Accelion FTA (File Transfer Application) vulnerability. This 20-year-old technology is used to share confidential documents in a secure manner. A vulnerability was discovered at the end of December 2020. Three other vulnerabilities were found in the first months of 2021. These vulnerabilities have been patched, but many organizations have not updated their services, leaving the door open for threat actors. The Regional Municipality of Durham did not answer our question regarding the use of Accelion FTA.