Friday Five: 12/20 Edition
Ransomware hits New Orleans, a web hosting firm hit with a $10M GDPR fine, and a 15 million person breach - catch up on the week's news with the Friday Five.
1. New Orleans Government Shut Down by Massive Cyber Attack by David Millward
In what's become a growing trend, yet another US city became the target of a ransomware attack over the weekend. Over the last year, ransomware attacks have been reported by authorities in Texas, North Carolina, California, Maine and Florida. New Orleans officials detected ransomware and phishing attempts as a flood of suspicious emails hit city employees’ emails on Friday morning. By 11 a.m., all computers were forced offline – employees were instructed to power down computers, unplug devices and disconnect from WiFi as a cautionary measure. There is currently no indication that passwords were compromised, or any data was stolen. Employees are now using pen and paper to operate, and police/emergency services are relying on radio network to keep operating. Luckily, the city of New Orleans is a resilient and resourceful one, as they have previously dealt with worse incidents. Just last month, the state of Louisiana was targeted by cybercriminals. As a result, the state was forced to shut down the its office of motor vehicles for several weeks.
2. Web Hosting Firm Slapped with $10 Million GDPR Fine by Kevin Townsend
German telecom provider 1&1 Telecom GmbH has been assigned a hefty fine of $10 million for not taking sufficient technical and organizational measures to protect customer information. The investigation began after a complaint was filed in 2018 about a customer’s mobile number being given out to his or her former life partner by the company’s telephone customer service portal. The former partner only needed to provide the complainants name and birthdate to gain access to the sensitive information. The German data protection regulator, the Federal Commissioner for Data Protection and Freedom of Information (BfDI), has determined that this two-factor authentication process was insufficient “access control”. Although the fine is in the lower range of possible fines due to 1&1 Telecom’s cooperation, it still remains a major GDPR fine against a European company. 1&1 Telecom GmBH is developing a new, higher-tech authentication process and is planning to fight the BfDI’s decision. The company is arguing that because there was no uniform market standard for higher security requirements, the fine is disproportionate.
3. LifeLabs Data Breach Exposes Personal Info of 15 Million Customers by Lawrence Abrams
An unauthorized user has gained access to sensitive patient information held by Canadian clinical laboratory services provider, LifeLabs. The stolen information is reportedly from 2016 and includes the names, addresses, emails, logins, passwords, date of birth, and health card numbers of 15 million Canadian customers. Of those customers, about 85,000 also had their lab results exposed. LifeLabs publicly apologized for the incident and has worked with third-party cybersecurity experts to secure their systems and purchase stolen data back from hackers. Because it is common for hackers to sell stolen data on underground hacker forums, LifeLabs is offering a free one year subscription of dark web monitoring and identity theft protection. Customers who believe they're affected by the breach are also advised to change their password for other sites if it is the same as the one used for LifeLabs.
4. Cyberspies Target Hundreds of Industrial Firms in South Korea, Other Countries by Eduard Kovacs
A cyberespionage group is using malware that helps hackers steal passwords and documents and is are targeting industrial companies in South Korea and other Asian/European countries using spear phishing emails. The phishing emails deliver the malware inside a .zip archive file disguised as a harmless .PDF document. Once it’s activated, it maps all network adapters, disables Windows Firewall, collects files, harvests browser and email passwords, and uploads all of it to an FTP server. Cyber X, the industrial cybersecurity firm who revealed the string of attacks, has dubbed the ongoing campaign Gangnam Industrial Style. The company has yet to determine where the attacks are coming from and language is spoken by the attackers because the group is using free hosting services for their command and control server, making attribution difficult. Although the attackers’ motivation is unclear, the credentials and documents they are targeting could allow them to steal trade secrets and intellectual property, perform reconnaissance, and launch ransomware attacks.
5. Ransomware ‘Crisis’ in US Schools: More Than 1,000 Hit So Far in 2019 by Kelly Jackson Higgins
As 2019 begins to wrap up, statistics around ransomware attacks continue to surface and the results are especially staggering for schools in the United States. In the last year, at least 72 school districts – 1,040 schools – have been hit with ransomware attacks. Of the victimized school districts, 11 of them have been attacked just since late October. Seven of those schools have not made a public statement, but one disclosed that they did pay a ransom (the amount was not disclosed), and three others stated that they do not plan on paying the attackers. US schools have landed themselves in the number two spot, right behind municipalities and in front of healthcare organizations, when it comes to ransomware attacks. Unfortunately, these three sectors have become common targets due to their low tolerance for any downtime and their heavy reliance on technology. Attackers translate these factors into a higher probability of ransom payment. Because these types of organizations are public entities, they often lack security resources and funding to build out strong security infrastructures, so attackers find it relatively easy to infect the vulnerable systems.