No Market Segment is Safe from Hackers

12287599457?profile=RESIZE_400xWhen I review the cybersecurity e-newsletters, the unsolicited vendors, and PR pitches offering solutions and commentary related to breaches, it is clear that the bad actors do not care which industries they affect.  Their goals are to disrupt, and if they can get some ransom money in the process or make it difficult for organizations to function normally, especially if they are friendly to their political foes, they are more than happy to do it for fun and profit.[1]

Here are some companies from varying industries targeted by recent cyberattacks.

Viking Line: The shipping company, like many across Europe, was the target of a DDoS attack that crippled websites and had IT teams working triple-time to get systems back online. This is just another hit to supply chain companies, which are susceptible, and the ramifications of attacks reach far and wide, affecting businesses far down the chain.  The Cyber Express provided more details in a 20 October 2023 news post, adding:  "A recent news report quoting a research conducted by law firm HFW said that the shipping industry is an 'easy target' for cyber criminals.  The same report claimed that there has been an increase in ransomware attacks and a whopping 350% hike in ransom demands on these companies in the past year.  'Our findings show that while maritime cyber security has improved, the industry remains an easy target. Shipping organizations are being subject to more cyberattacks than ever before, and the cost of attacks and demand for ransom payments have skyrocketed. And as the use of technology continues to increase across all aspects of shipping–from ship networks to offshore installations and shoreside control centers so does the potential for cybersecurity breaches,' reported Heavylift PFI, quoting Tom Walters, partner at the Hollman Fenwick Willan law firm."

City of Philadelphia: Municipalities are favorite targets of hackers looking to take down systems and make it challenging on cities and the people they serve through a myriad of services and programs.  The City of Brotherly Love discovered an incident on 24 May 2023 after noting suspicious activity on city email accounts, but the City reported the breach days ago.

A Notice of Privacy Incident issued on 20 October 2023 stated: "On 24 May 2023, the City initially became aware of suspicious activity in its email environment.  We launched an investigation, with the assistance of third-party cybersecurity specialists, to determine the nature and scope of the event.  The investigation is ongoing.  However, to date, the investigation determined that between May 26, 2023, and July 28, 2023, an unauthorized actor may have gained access to certain City email accounts and certain information contained therein.  Also, on August 22, 2023, we became aware that the at-issue email accounts include email accounts that may contain protected health information."

The City revealed that the types of information exposed for impacted individuals include a combination of:

  • Demographic information, such as name, address, date of birth, Social Security number, and other contact information;
  • Medical information, such as diagnosis and additional treatment-related information;
  • Limited financial information, such as claims information.

"In an abundance of caution, we are conducting a comprehensive, programmatic, and manual review of the potentially impacted email accounts to determine whether personal information or protected health information was potentially affected," the notice says.  "If so, the City will work to confirm the identities and contact information for potentially impacted individuals and provide notice via written letter."

Jake 58 Casino:  The New York State Gaming Commission reported its systems were the victim of a cybersecurity attack that forced the Jake 58 Casino in Suffolk County to shutter for several days.  The incident occurred on 17 October 2023 and is still under investigation, though the commission says no PII was compromised.

Health Alliance Hospital and Margaretville Hospital:  The hospitals had to send patients to other medical facilities after a cyberattack on October 21-22, 2023.  The healthcare facilities remained open and accepted some walk-in patients, who were treated and released.  Ambulance services were also disrupted but returned to normal operations by the evening of Saturday, 21 October 2023.

The HIPAA Journal filed this report on 25 October 2023, detailing the incident:  "Westchester Medical Center Health Network (WMCHealth) said the New York State Department of Health and Ulster and Delaware County officials were notified about the attack and it has been working with law enforcement, including the FBI, and has engaged a third-party cybersecurity firm to assist with the investigation. The priority was ensuring patient safety, so ambulances were diverted.  The hospitals remained open throughout and continued to accept walk-in patients, who were assessed, treated, and released or transferred to alternative WMCHealth facilities.

The attack investigation is ongoing, and it has not yet been determined if any patient data was compromised.  Should that be the case, notifications will be issued immediately."

Any industry can be affected by cybersecurity attacks, but some industries are more at risk than others. Here are some of the most targeted industries.

  • Financial Services: Financial institutions hold a lot of sensitive data, such as customer names, addresses, and Social Security numbers, making them a prime target for cybercriminals, who can use this data to commit identity theft or fraud.
  • Healthcare: Healthcare organizations also hold sensitive data, such as patient medical records. This data is valuable to cybercriminals, who can sell it on the black market or use it to extort money from victims.
  • Retail: Retailers store much customer data, such as credit card numbers and shipping addresses. Cybercriminals can use this data to commit fraud or identity theft.
  • Technology: Technology companies are often targeted by cybercriminals because they develop and sell products and services that are used by millions of people. Cybercriminals can exploit vulnerabilities in these products and services to gain access to users' devices and data.
  • Government: Government agencies hold sensitive data, such as national security secrets and citizen information. This data is valuable to cybercriminals, who can use it to spy on governments or blackmail individuals.
  • Manufacturing: Manufacturing companies often use complex industrial control systems (ICS) to operate their machinery. Cybercriminals can target these ICS systems to disrupt production or cause physical damage.
  • Education: Educational institutions store many student data, such as grades, financial aid information, and Social Security numbers. This data can be used by criminals to commit identity theft or fraud.
  • Energy and Utilities: Energy and utilities companies provide essential services to millions of people. Cybercriminals can target these companies to disrupt their services or cause physical damage.
  • All industry and government sectors are under attack.  It is up to all cyber security professionals to plan against such attacks and to be able to recover quickly.

What can you do to protect your organization better today?

  • All data in transmission and at rest should be encrypted.
  • Proper data backup and off-site storage policies should be adopted and followed.
  • Implement 2-factor authentication company-wide.
  • For USA readers, join and become active in your local Infragard chapter; there is no charge for membership. infragard.org
  • Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
  • Institute cyber threat and phishing training for all employees, with testing and updating.
  • Recommend/require cyber security software, services, and devices to be used by all at-home working employees and consultants.
  • Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
  • Ensure that all software updates and patches are installed immediately.
  • Enroll your company/organization in RedXray for daily cyber threat notifications directed at your domains. RedXray service is $500 a month and provides threat intelligence on ten (10) cyber threat categories, including Keyloggers, with having to connect to your network.  And deliver a daily cyber threat score.
  • Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.

 

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5993554863383553632

 

[1] https://www.secureworld.io/industry-news/no-industry-immune-to-hacks

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!