At a glance.
- South Korea says North Korea behind recent hospital cyberattack.
- Hackers make a meal of Sysco data.
- The cost of a night at the opera.
South Korea says North Korea behind recent hospital cyberattack.
South Korean police announced yesterday that North Korean hackers were responsible for a 2021 cyberattack in which the personal medical records of 830,000 patients and employees at National University Hospital (SNUH) were exposed. Considered one of the largest known cyberattacks on civilian infrastructure in the country, the incident employed seven domestic and overseas computer servers. Two years after the attack, the Korean National Police Agency (KNPA) have determined that the IP addresses of the attack’s sources, as well as the attackers’ intrusion tactics and vocabulary indicate that the hackers were based in North Korea. NK News notes that local media have pinned the attack on the Kimsuky threat group, though the KNPA’s press release does not identify which operation was behind the hack. In the announcement, the KNPA also warned that hackers might be targeting other sectors and urged organizations to heighten their security efforts. However, the fact that it took police two years to announce the investigation’s results has some experts questioning South Korean authorities’ efficiency when it comes to responding to cyberattacks.
Hackers make a meal of Sysco data.
Global food distribution company Sysco disclosed last week that it suffered a data breach earlier this year in which hackers made off with sensitive corporate, customer, and employee data, Bleeping Computer reports. The company distributed In an internal memo to employees on May 3rd stating that US and Canadian customer and supplier data, as well as personal US employee data, were compromised in the attack. The breach notification letter stated, "On March 5, 2023, Sysco became aware of a cybersecurity event perpetrated by a threat actor believed to have begun on January 14, 2023, in which the threat actor gained access to our systems without authorization and claimed to have acquired certain data.” For employees, the compromised data include personal data provided to Sysco for payroll purposes, including name, social security number, and account numbers. Fortunately, Sysco says the incident did not disrupt business operations or customer services, and the threat has been completely contained.
The cost of a night at the opera.
Reuters reports that a cyberattack targeting the Metropolitan Opera, located in New York City, exposed the data of over 45,000 Met patrons across the US. The opera house, which is the largest classical music organization in North America, disclosed to state regulators that the leaked data include names, financial account information, tax identification numbers, Social Security numbers, payment card information, and driver’s license numbers. In a breach notification sent to impacted individuals, the Met stated, “Through an investigation conducted by third-party specialists, the Met learned that an unknown actor gained access to certain of their systems between September 30, 2022 and December 6, 2022 and accessed or took certain information from those systems.” As the Record recounts, in December the opera house announced that the incident had impacted its network systems, including its website, box office, and call center, and as a result ticket purchases and refunds, as well as employee payroll services, were disrupted for weeks. In March, the Snatch ransomware gang took credit for the breach. However, the Met has not confirmed if the incident was a ransomware attack.
Will LaSala, Field CTO at OneSpan, commented on the general pattern the incident at the Met exemplifies:
"These types of cyberattacks are happening more frequently than ever. We saw similar attacks against airports in October, which crippled flight travel in the US. These attacks are known as Distributed Denial of Service (DDoS) attacks. Hackers leverage computers that are connected to the internet and infected with malware to send massive amounts of requests, hoping to overwhelm and crash a victim’s site. This has been done for payment or even to impact the reputation of opposing political views. Unfortunately, as organizations become more digital, these types of attacks can become more invasive and can lead to other style attacks. The key to resolving these attacks is to ensure that any site infrastructure is geographically and logically redundant and can dynamically scale to increase, but not break. This is crucial as hackers look for such tipping points where it becomes too costly for organizations to handle spikes as large as some of these attacks.
"As these DDoS attacks focus on causing havoc with the victim’s site, additional attacks often spring up to cause further damage. Social engineering attacks look for these exact types of news stories so that they can use it to encourage a customer to act quickly and avoid the massive attacks that are happening - convincing users to hand over authentication and identity credentials. This calls for mechanisms that verify transactions and members of any organization, that offer guidance on what could happen in an emergency like this. This includes explicitly educating users that they will never be asked for authentication credentials for any reason, especially during a hacking event or when the company's site is unavailable. Technology can help make this easier as well, with new connected authentication and verification devices. These devices prevent the customer from being able to give away credentials by leveraging Fast ID Online (FIDO). They can also present the customer with details of the transaction directly on the secure screen of the device, ensuring transaction details come directly from the business and are not manipulated while the transaction is being transmitted back and forth. Advanced identity verification systems can also help businesses with detecting when synthetic identities are being used to conduct business. Combining such technologies and education before a crisis hits, will ultimately ensure the digital world is more secure."