In the news
The city administration of Oakland, California has declared a state of emergency due to various issues that they are facing after they have been hit by a ransomware attack on February 8. These issues include the city being ill-prepared for a cyber-attack, having old and aging infrastructure, limited resources, and outdated IT systems. Several of the city's non-essential services were shut down to prevent the spread of the ransomware attack, but the city administration has assured that core services like 911 dispatch and fire emergency resources are still working. The ransomware group behind the attack on the city's systems is currently unknown, and the city is likely investigating the matter.
Easy targets for ransomware attacks
Local governments, as well as the healthcare and manufacturing industries, are frequently targeted by hackers, as they are often seen as weaker targets than banks. While banks are required to have strong cybersecurity measures in place, other organizations are falling behind, with no compliance standards to hold them accountable.
It's important not to underestimate the threat of ransomware attacks, which have not decreased and are, in fact, worse than ever. What's more, many companies are not releasing information about these attacks for months, leaving businesses vulnerable and uninformed. It's concerning to see how much cybersecurity has evolved in recent years, with companies becoming slower to detect breaches and cyberattacks.
Companies not updating servers
It's not just ransomware that businesses need to worry about, with millions of companies being breached every day due to business email compromises and a lack of knowledge about securing their Microsoft Exchange, M365 accounts, and other systems. Hypervisors such as VMware allow for multiple servers to be hosted on a single piece of hardware, making them an attractive target for cybercriminals. If they can breach the host machine, they can gain access to all the servers on the virtual server host and encrypt the entire company's infrastructure. Unfortunately, many companies are not properly maintaining their hypervisors, which can lead to thousands of businesses being ransomware victims. This is because hypervisors like VMware can be set up and run without much ongoing attention, which leads businesses to believe they don't need someone to maintain them. As a result, many companies are not updating to the latest versions, leaving them vulnerable to attacks.
Rackspace is a prime example of a hosting company that failed to update its servers, resulting in a ransomware attack and fallout for its customers.
This underscores the need for businesses to conduct third-party risk assessments and hire a third party to verify that their security measures are being properly implemented.
Businesses must not assume that their cloud or IT service providers are taking care of their security needs. It is essential to take proactive measures to ensure the protection of their systems and reduce the risk of cyber-attacks.
The healthcare sector is a prime target
Healthcare organizations have become prime targets for cybercriminals, with ransomware attacks on the rise. The KillNet and Clop ransomware groups are specifically targeting the healthcare sector, and the US federal government has urged these organizations to take necessary steps to protect their systems. Despite repeated warnings, many healthcare organizations are still not doing enough to protect themselves. The North Korean-sponsored Maui and Holy Ghost ransomware groups are also targeting healthcare organizations in South Korea and the US as a means of generating revenue for the North Korean government. The Kilnet, Royal, and Black Cat ransomware groups have also been aggressively targeting the US healthcare sector. These groups use various tactics and techniques to compromise healthcare organizations, including infecting files that look like medical documents and requesting medical appointments to get victims to open malicious files. The Clop ransomware group recently claimed responsibility for a mass hack of 130 organizations, including the Franklin Tennessee-based Community Health Systems. Healthcare organizations need to take these threats seriously and implement appropriate cybersecurity measures to protect their sensitive information and prevent devastating attacks.
The current situation demands that hospitals and healthcare organizations take proactive measures to ensure their security, as merely complying with regulations is not enough. Passing a HIPAA audit or having someone evaluate your network does not guarantee immunity against ransomware attacks. It is crucial to distinguish between compliance and security and remember that compliance alone does not guarantee protection against cybersecurity risks. Even if you have met all the compliance requirements, there is still a possibility of experiencing a ransomware attack or business
Cryptocurrency-related phishing emails
An article from this week reported that one out of many cryptocurrency users from the Czech Republic in the U.S. was affected by both ransomware and Clipper malware. The article highlighted the issue of individuals receiving cryptocurrency-related phishing emails that, if clicked, can infect their computers with malware. In today's work-from-home environment, this is a common occurrence, particularly if employees use their work computers for personal tasks. Such phishing emails often contain malicious attachments that can wreak havoc on the computer system, resulting in disabling of various Windows functions, including Microsoft Word, Outlook, email, and browsers.
This type of malware usually encrypts documents, pictures, PDFs, and other commonly used files that people tend to open. However, in this case, the malware goes a step further and wreaks havoc on the system, much like the old-fashioned malware that was prevalent before the advent of ransomware. It disables the "Run" command and changes the desktop to display only the ransom note. This type of attack hijacks the entire computer, rendering it useless, and files are also compromised. Unless you negotiate with the ransomware actors and pay the ransom, you will have no other option but to wipe out the infected system.
This incident is yet another example of how ransomware actors are continually changing their tactics to stay ahead and make money. It is essential to stay vigilant and take necessary precautions to safeguard your computer systems, particularly if you are handling sensitive data or assets such as cryptocurrencies.
Do not pay the ransom
During a speech at a Homeland Security Symposium, FBI Director Christopher Ray advised business owners not to give in to ransom demands made by cyber attackers who threaten to lock up their systems. Ray emphasized that paying the ransom will not make the demands stop and could make the situation worse. However, the real issue is not paying the ransom, but rather not having a secure environment in the first place that makes it possible for attackers to exploit vulnerabilities.
Businesses should focus on prevention and cybersecurity measures such as testing backups and incident response plans to ensure cyber resilience. While there is always a level of risk involved, the goal is to reduce that risk and have a plan in place to minimize damage in the event of an attack. Rather than just dealing with the symptoms of a cyber-attack, businesses should focus on prevention to avoid ever having to face the decision of paying a ransom. The goal is to reduce the risk but also build in cyber resilience or an incident response plan or a business continuity plan.
This week, we learned about a ransomware attack on the Regal Medical Group in Southern California that occurred in December 2022, with more than three million people being affected. Xavier University in Louisiana also faced multiple cyber-attacks, with personal information stolen from both students and employees. They are currently in the process of notifying those affected and may face a class action lawsuit. A10 Networks, a hardware builder, also announced this week that they were hacked in late January, with customers including Microsoft, Samsung, Twitter, and GE Healthcare. This highlights the concern of supply chain attacks, where backdoors or bugs could be put into the hardware sold to these companies, resulting in their own breaches. These attacks can lead to major problems for individuals, including scams, identity theft, and credit card fraud.
Cybercriminals are not concerned about the content that is associated with your IP address or computer. Once they receive confirmation that someone has clicked on their link, they will attempt to gain access to your system and determine if they can profit from it. They may steal your data and sell it to other cyber criminals on the dark web, or use tactics like business email compromise, phishing, and ransomware.
In conclusion, the increasing prevalence of cyber-hacking and related criminal activities underscores the importance of raising public awareness. It is crucial that individuals and organizations take steps to protect themselves against cyber threats and maintain strong cybersecurity practices to mitigate potential risks. The more we understand the dangers of cybercrime, the better equipped we are to prevent it.