Friday Five: 6/28 Edition
A $600,000 ransomware payment, statistics on the cybersecurity talent shortage, and more - catch up on the week's news with this roundup!
1. US 'launched cyber-attack on Iran weapons systems' by BBC
On June 20, the U.S. launched a cyberattack on the Islamic Revolutionary Guard Corps’ (IRGC) weapons systems because the IGRC hit a U.S. drone and presumably attacked U.S. tankers in the Gulf of Oman. This cyberattack targeted computer systems that controlled Iran’s missile and rocket launchers. Then, on June 22, the U.S. Department of Homeland Security stated that Iran was planning a cyberattack against the U.S.; Iran wants to target U.S. industries and government agencies, and has even has been attempting to hack U.S. naval ship systems. According to the BBC, Iran uses cyberattack techniques, such as spear fishing, password spraying, and credential stuffing.
2. Eurofins ransomware attack affected UK police work by Zeljka Zorz
In early June, Eurofins, a scientific testing services company, fell victim to a ransomware attack that affected some of its IT systems and likely hurt the company financially. In particular, the attack impacted the IT system for Eurofins Forensics Services, a main provider of forensics services for the UK police force. In response to the attack, the UK police force suspended its work with Eurofins on June 3 and requested that Eurofins return casework that had not been started yet. Eurofins had conducted half, if not more, of the police force’s computer forensics work. The National Police Chief’s Council (NPCC) did not want the ransomware attack to affect the criminal justice system, so it decided to send priority work to other suppliers. Currently, employees from the National Crime Agency (NCA), National Cyber Security Centre, and the NPCC are working to protect evidence and analyze the affected computers.
3. Second Florida city pays giant ransom to ransomware gang in a week by Catalin Cimpanu
Lake City, a small city in Florida paid $600,000 in ransom to hackers who had corrupted their computer systems. All of Lake City's departments were hacked into, except the fire and police department, which were working on a separate system than the rest of the city. Despite disconnecting the infected systems ten minutes after the initial attack, it was too late and the government was barred from accessing important documents and information for two weeks. Some people blamed the outdated computer systems that made it easier to hack into; others believe it is just a part of an ongoing trend considering governments are almost three times less likely to pay a ransom than any other target. A week after the attack, the hackers demanded 42 Bitcoin, equivalent to about half a million dollars, which the city paid after feeling they had no option. This attack is the latest in a string of local government-level victims, including Jackson County, Georgia, Baltimore, Maryland, and Lynn, Mass.
4. Cybersecurity Talent Shortage Intensifies Despite Training Efforts by Edward Gately
The drought in cybersecurity talent continues as a new report from Burning Glass, an analytics software company, states that cybersecurity jobs take 20% longer to fill than other IT jobs. Despite an enticing market that's poised to grow over the coming years, it's becoming more and more difficult to find properly trained personnel. "One important tactic would be to focus more on building talent rather than buying it," Matthew Sigelman, CEO of Burning Glass said this week. On the other hand, development in automation within the industry has also surged with a 255% increase in demand for those possessing automation skills. The insufficient number of cybersecurity professionals means that security teams are left understaffed which is a threat in itself. Despite developments being made from an automation perspective, there is still a need for human presence to constantly be on alert in case of an attack.
5. Pressure builds to secure health care data by Maggie Miller
As talk about drafting a national data privacy law intensifies amid growing pressure on Capitol Hill to take a stronger stance on protecting personal data, the concept of better protecteing healthcare data has taken center stage. The growing list of healthcare data breaches has lead to multiple hearings being held in congress aiming to address the concerning trend. Energy and Commerce Committee chairman, Frank Pallone Jr., is adamant that new legislation cover any protections not addressed by HIPAA. The newest threat in healthcare security comes in the form of online and handheld apps that track and use your data in a variety of ways. As people turn towards their smart devices to help assist in maintaining their health, some lawmakers have questioned the level of security that protects your sensitive data within these apps. Other devices, like Fitbit, are included in a list of services that will need to have stronger regulations if they are going to store personal medical data. Expect to see updates soon on legislation being pushed through D.C. to address the grey space between cybersecurity and the healthcare industry.