Read a sampling of IT-related articles that even hint at cybersecurity, and you’ll see some recurring themes. “Cybersecurity is a hot topic!” “Cybersecurity is the biggest concern in today’s digital world!” “Cybersecurity is the top priority of businesses and organizations!”
In response to this deluge, most of us just blow it off then go searching online for new cat photos or checking out the latest video from whichever influencer is hot this month.
Unfortunately, cybersecurity is an area of great concern, and it affects governments, businesses, and consumers alike. Nothing drives home this point with more finality than a roundup of recent cybersecurity attacks, data breaches, and other security-related issues. And bear in mind, the year isn’t even over yet. So, who knows what other incidents 2021’s waning months have in store for us?
But for the time being, let’s review some prominent cybersecurity issues that have taken place over much of this year. We start with a big one.
The Colonial Pipeline Ransomware Incident
Crime doesn’t pay, but apparently, cybercrime victims do
In May 2020, a ransomware attack hit Colonial Pipeline, forcing the company to shut down the gasoline supply to a good portion of the US Eastern Seaboard, triggering shortages and price spikes throughout the Southeast. The CEO authorized a ransom payment of $4.4 million, though the FBI eventually traced and seized a large portion of the cryptocurrency ransom.
Hackers associated with the DarkSide ransomware gang pulled off the attack. The criminals gained access to the Colonial Pipeline network by hacking a virtual private network (VPN) account that allowed Colonial employees to access the company’s computer network remotely. The account’s password was eventually discovered in a batch of leaked passwords residing on the dark web.
To make matters worse, the VPN account (which no longer works, obviously) did employ multi-factor authentication, so all the hackers needed was a compromised username and matching password.
One week after the break-in, an employee working in Colonial’s control room noticed a ransom note appearing on the computer. The message demanded the cryptocurrency ransom, or it would release almost 100GB of Colonial Pipeline’s data and threatened to release it unless the corporation met their demands.
The Twitch Data Dump
This gives a whole new meaning to “having an eye-twitch”.
On October 6th, an anonymous hacker leaked a 125GB cache of data from the Amazon-owned streaming service Twitch to 4chan as a torrent. The data included the creators' personal information and payout, internal company documents, company source code, and red teaming tools.
In their blog, Twitch explained that the incident occurred due to a server configuration change that an unauthorized third party could exploit. The blog went on to say that the dumped data didn’t include log-in credentials, passwords, or financial information.
Twitch claimed the hack was an error in the Amazon Web Services (AWS) server configuration, giving the hacker access via a malicious third-party app. However, an AWS spokesperson said that the AWS operated as intended, and the service wasn't to blame for this breach.
The $40 Million CNA Ransom
File this one under “irony.”
One of the United States' largest insurance companies, CNA Financial, reportedly paid a $40 million ransom to restore system access in the wake of a cyber-attack. A "sophisticated cyber-attack" that caused "network disruption and impacted certain CAN systems" occurred on March 21st. A “sophisticated cyber-attack” that caused “network disruption and impacted certain CAN systems” occurred on March 21st. The intruders stole confidential data and locked employees out of the company’s system.
CNA, incidentally, sells a suite of cyber-insurance offerings and risk-control resources. The hackers, allegedly affiliated with the Russian-backed Evil Corp cyber syndicate, employed a new version of the Phoenix CryptoLocker malware. The malware encrypted the data on more than 15,000 CNA’s network machines and affected the computers of remote-working users tied to the company’s virtual private network (VPN).
CNA posted a security update on May 12th, saying it did “not believe that the systems of record, claims systems, or underwriting systems, where the majority of policyholder data, including policy terms and coverage limits is stored, were impacted.”
The breach occurred between March 5th and March 21st, after which a threat actor accessed CNA's systems multiple times. As a result, the intruder managed to acquire and copy information from over 75,000 customers before initiating the actual ransomware attack.
The Kaseya Ransomware Apocalypse
Not the kind of Fourth of July fireworks people want to see.
On July 4th, the REvil ransomware gang hit Kaseya, a software provider for over 40,000 customers worldwide. The attack temporarily closed as many as 1,500 businesses worldwide, affected local government institutions, closed nine schools in New Zealand, and shut down hundreds of Swedish co-op supermarkets.
REvil conducted the cyber-attack through software that the Miami-based IT company markets to large managed server providers. Managed server providers, also called MSPs, aid government agencies and small-to-medium businesses with outsourced IT tasks. Consequently, the malware attack affected the MSP customers, which accounts for so many companies becoming impacted.
The gang of cybercriminals initially asked for $70 million for a “universal decryptor” to unlock the many files frozen in that single attack. However, by mid-July, the hackers appeared to go to ground, with their dark website, “Happy Blog,” going down, including their ransom payment page.
So even though the company didn’t pay the ransom, and they eventually restored things to normal, there is little doubt that this was one of the most significant attacks of its kind.
The JBS Meat Processing Attack
REvil strikes again.
In June, JBS, the world’s largest supplier of meats, poultry, pork, and prepared foods, paid an $11 million bitcoin ransom to hackers who launched a ransomware attack the previous month.
The REvil ransomware group hit servers supporting JBS’s North American and Australian facilities, and exfiltrated more than 45 GB of data to a file sharing site known as Mega. As a result, meat and pork slaughterhouses in Australia, Canada, and the United States were disabled for several days, briefly throwing meat price projections into question.
Fortunately, system backups restored the JBS systems, and things were up and running quickly. However, JBS paid the ransom as a deal to prevent any future attacks.
The T-Mobile Data Breach
You can’t just send this one to voicemail.
In the middle of August 2021, the T-Mobile phone network revealed that it had suffered a very sophisticated cyber-attack that affected the personal data of over 7.8 million customers, including 53 million records belonging to prospective and former customers. The stolen data included customers’ full names, birth dates, Social Security numbers, and ID information. The theft also compromised the phone numbers and account PINs of about 850,000 active T-Mobile prepaid customers.
This incident wasn’t T-Mobile’s only brush with hackers. Earlier this year, scammers launched a successful SIM swap attack on T-Mobile customers by employing social engineering tactics to port the victims’ phone numbers to a SIM controlled by the criminals.
As a result, the hackers could receive the victims' calls and messages and calls, letting them easily bypass SMS-based multi-factor authentication (MFA), stealing user credentials, and taking over the victims' online service accounts. The damage gets even worse, as the criminals, armed with the above information and permissions, can then log into the victims' bank accounts and steal funds, change account passwords, and even lock the victims out of their accounts.
Indiana COVID Hack
The pandemic finds new ways of making life miserable.
In early July, a rogue cyber-attack company improperly acquired the personal information of almost 750,000 Indiana residents. This data, which included names, addresses, gender, ethnicity and race, e-mail addresses, and birth dates, but no Social Security numbers or medical information, had been initially shared with the Indiana State Department of Health as part of an online COVID tracing survey.
The company that took the information is part of a group of businesses that intentionally seek out software vulnerabilities and contacts the affected parties to drum up business. The company’s experts traced the breach to a software configuration problem that was eventually corrected.
The Fake Apple Customer Service Incident
Going through a lot of work for naked pictures.
In mid-August, a Los Angeles County man pled guilty to four felony counts, admitting that he impersonated a member of Apple’s customer support via e-mails and tricked unsuspecting customers into giving him their Apple IDs and passwords.
Using this information, he broke into thousands of Apple iCloud accounts, acquiring over 600,000 private videos and photos, looking for pictures of naked young women to steal and swap with co-conspirators.
This breach was a classic example of using social engineering to trick people into giving him their information, which shows that even if you have the best anti-virus software and use two-factor encryptions, the human element is still a huge vulnerability.
The Town of Peterborough, New Hampshire
Live free or get scammed.
In mid-August, the town of Peterborough, New Hampshire got bilked out of $2.3 million of taxpayers’ money thanks to a BEC (business e-mail compromise) attack. The town’s financial officials received two official-looking emails instructing them to send scheduled payments earmarked for the local school system and a construction firm to a new bank account destination, a different account than normally used.
The criminals used the city’s public financial information to make up legit-looking e-mails. The Commissioner of the State Department of Information Technology noted that the entire theft could have been averted with just a single phone call to confirm the change. However, he also touched upon how easy it is to implicitly trust an email, since that’s the medium so often used for today’s transactions.
The incident showed that, although ransomware and data theft are huge issues that garner most of the media’s attention, BEC attacks still exist. It also showed how human error and trust can be exploited by cybercriminals who don’t even need to resort to malware or decryption programs.
Cyber-Security and Consultants
Experienced outside advice can help mitigate cyber threats.
The above list is just a fraction of the cyber-attacks that have been perpetrated this year, and there will be more. In the face of such widespread criminal attacks, what chance does a small to medium-sized business have when a single well-placed hacker attack could potentially bring it down for good?
Fortunately, resources are available, including consultants who can guide small businesses into an intelligent, effective cyber-security strategy. Look at the above examples again; at least one attack happened because of simple human error; it could have been avoided. Resources such as Remote Cloud Consulting can help your business avoid most security pitfalls.
Sure, there’s no such thing as an absolute, foolproof defense, but at least a professional, knowledgeable consultant can help stack the odds in your favor.