At a glance.
- Two US mental health facilities experience data breaches.
- Ransomware attack has its effect on a trucking company's bottom line.
- Bots intercepting one-time passwords.
- Cyberattack hits NUI Galway.
Two US mental healthcare facilities report data exposure incidents.
Two mental health facilities (one in Pennsylvania, the other in Washington State) have disclosed data breaches, Infosecurity Magazine reports. Horizon House, of Philadelphia, says that a ransomware attack between March 2nd and 5th of this year compromised the data of 27,823 individuals. The information may have included "names, addresses, Social Security numbers, driver’s license numbers, state identification card numbers, dates of birth, financial account information, medical claim information, medical record numbers, patient account numbers, medical diagnoses, medical treatment information, and health insurance information." Those affected have been notified.
Across the country, the Samaritan Center of Puget Sound suffered data loss from a physical burglary: hoods broke into its Seattle office and stole a computer, a server, and other electronic equipment from the locked facility. The data on the server were encrypted, but the organization is concerned that they might nonetheless be brute-forced. "Data stored on the stolen server included the names, appointment dates, diagnoses, copies of charting content, addresses, phone numbers, copies of deposited checks, training videos, insurance information, Social Security numbers, and copies of billing statements of clients who accessed services before July 19."
Ransomware at trucking firm exposes employee data.
A Form 8K Forward Air filed with the US Securities and Exchange Commission disclosed the effects of a ransomware incident the company sustained last December. "As previously disclosed, on December 15, 2020, Forward Air Corporation (the “Company”) detected a ransomware incident impacting its operational and information technology systems. The Company’s internal security teams, supplemented by leading cyber defense firms, took active steps to assess, contain and remediate this incident." BleepingComputer says the incident was the work of the Evil Corp. cyber gang (which also operates under such other names as "Hades"). Employee data are believed to have been compromised. The 8K went on to state that the attack had an effect on both revenue and costs. "While the Company’s systems recovery efforts are completed and the Company’s operations are fully functional, the incident did result in a loss of revenue as well as incremental costs for the month of December which will adversely impact the Company’s fourth quarter 2020 results."
Chris Clements, VP of Solutions Architecture at Cerberus Sentinel wrote to observe how ordinary, how everyday, the targets of ransomware have become:
"This incident once again proves that you don’t need to be an organization with top secret data or intellectual property to be a target of a cyberattack. Ransomware has allowed cybercriminals to become much more opportunistic with their attacks, targeting any organization they are able to break into. I think much of the problem is that organizations not only think they won’t be a target, but also fail to account for just how long business can be interrupted by a cyberattack. Cybersecurity insurance, even when it does pay out, can’t repair damaged relationships with customers or vendors if you can’t deliver service. Nor can limited time credit monitoring fully protect employees or customers from being targets of fraud or identity theft if their personal information is stolen. This is especially true if the company compromised proactively announces free credit monitoring for victims for a specific period of time. In essence, they have provided cybercriminals with the exact time necessary they need to wait before attempting to leverage personal information stolen. After all, it’s unlikely that any of the victims will change their personal information like SSN in the meantime. It’s largely just as valuable to criminals and fraudsters now as it will be 12 months from now."
Bot-based password interception.
One-time passwords are receiving the attention of cybercriminals, who seek by intercepting such passwords to gain immediate access to accounts. KrebsOnSecurity has an account of the bot-enabled scam. As is often the case with bot-based services, technology enables the criminals to operate at scale.
We heard from several experts in the security industry on this activity. Brian Uffelman, VP and security evangelist at PerimeterX, sees it as another instance of a criminal trend in the direction of credential theft:
"Cybercriminals are finding every means possible to leverage weaknesses in human behavior for financial gain. Stolen credentials, like OTPs, can be used for credential stuffing and ATO attacks, which can steal value, whether that is in the form of gift cards, credit card numbers, loyalty points, or false purchases. ATO attacks are a major threat to any business and all of this just creates more fuel to feed the ATO attack fire.
"It is much simpler and lucrative to walk in through the front door of a digital business with valid, stolen credentials than to look for holes in an organization’s cybersecurity defenses.
"PerimeterX research found that between 75-85% of all login attempts in the second half of 2020 were account takeover attempts. Organizations need to be aware of signs that they’ve been attacked. These can include surges in help desk calls, spikes in password resets and inhuman user behaviors, such as thousands of login attempts on an account in a short time period and then take the appropriate action to block these attacks. And on the flip-side, consumers need to ensure they are using varied and robust passwords across different websites and applications and lock down their credit reports as well.”
Nicolas Malbranche, Senior Product Manager at Axiad, points out that this particular form of fraud, like most of the others, depends for its success on social engineering:
"At the core of this issue is phishing - showing yet again how phishing threats are on the rise. Even if your organization is up to date with the latest malware software, it’s impossible to protect your employees from every potential business email compromise like this. That's why it's important to prioritize security training for all your employees and teach them best practices on how to spot and report phishing. Without employee education, issues like this will continue to impact businesses."
Cyberattack at NUI Galway.
The Irish university is the latest academic institution to sustain a cyberattack. NUI Galway hasn't released many details, but they indicate that they successfully defended themselves and don't believe any student data were compromised. Nonetheless, "as a precautionary measure, the University has disabled access between the campus network and the wider internet, impacting all users, including students and staff." The incident is under investigation, and the university hopes to restore normal services soon.
Danny Lopez, CEO at Glasswall Solutions, wrote to point out that universities have become frequent victims of cyberattack:
"Reports of universities being the victim of cyber attacks have become increasingly common over the last 18-months. It’s concerning considering the extensive damage that can be caused in terms of lost data – for both students and staff – and access to vital educational services. Whilst NUI Galway has no evidence that data has been compromised at this early stage, the cyber attack will inevitably have a huge impact on productivity. Just as the new university term begins, students and staff have lost access to their campus network, which will undoubtedly affect teaching and access to study resources.
"Educational institutions should adopt a ‘defence-in-depth’ approach to cybersecurity, as advised by the NCSC. This means using multiple layers of defence with several mitigations, which creates more opportunities to detect malware and prevent it from doing widespread harm to the institution.
"But even when all procedures and policies are well-executed, there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities. Often this is as simple as inserting malware using documents and files shared in their hundreds everyday in an educational environment. It's vital these organisations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing all users to do their vital work.”