As ransomware continues to plague organizations, attackers find other creative ways to breach your systems.
These attacks are both a warning and insight into malicious trends. The question – will the bar for minimum compliance be raised? And, will it put a stop to certain types of cyber crime?
Free, But At What Cost?
Many organizations rely on freeware or obsolete technology to prevent cyber crime.
Budget restrictions. Upgrade costs. Misplaced priorities. Too often, these excuses for “savings” are more than offset by the increased security costs and risks. Centreon and Accellion users just suffered attacks that highlight these dangers.
Russian state hackers recently breached several French IT providers still using an open-source version of the Centreon IT monitoring software. Centreon quickly noted that none of their current customers were affected – all victims were using out-of-date software.
When Accellion announced the end for their 20-year-old file transfer appliance in November 2020, many customers did not switch to the more secure Kiteworks platform.
Unfortunately, many subsequently suffered major breaches in security, including:
- Washington State Government – 1.4 million unemployment claimant records breached
- Australian Securities and Investments Commission – loss of credit license information
- Reserve Bank of New Zealand – exposed commercial and consumer information
- QIMR Berghofer Medial Research (Australia) – clinical trial data breach
- Singtel (Singapore Telecom company) – possible customer data breach
Cyber Crime Detection Avoidance
Even though firewalls and antivirus detection remain key compliance requirements, attackers know to avoid detection.
Data obfuscation fools firewalls by disguising malware as image files with fake headers, adding data to actual images, or embedding code within the image using steganography.
The TrickBot attackers implemented the lightweight NIM programming language for their BazarBackdoor malware because NIM generates binary files difficult for antivirus to decipher.
Malware continues to evolve to bypass standard detection that would have been adequate a few years ago. We must now add additional layers of security and monitoring to catch the next generation of attacks.
OT and Skimming Attacks
Though most defense tactics focus on network and IT devices, any electronic endpoint is vulnerable.
The water supply treatment for Oldsmar, Fl. suffered an operations technology (OT) attack that attempted to add 100X the normal amount of lye, which is used to control acidity in the water.
For years, researchers published proof-of-concept for similar attacks. These remained theoretical until attackers breached the Oldsmar facility.
This should serve as a warning to all utilities to regularly update passwords, isolate vulnerable OT, and maintain the highest possible standards of security.
Endpoint payment terminals are vulnerable to physical attacks that are difficult to remotely detect. Recently, a retailer discovered a new, light-weight Bluetooth credit card skimmer that had been installed on credit card readers for several weeks.
The skimmer disabled chips and forced users to swipe their cards. It was so thin that employees conducting regular sanitation wipe-downs did not notice them.
Skimmers may require security training throughout the organization to increase awareness of these attacks.
Meanwhile, healthcare organizations continue to suffer breaches that expose them to HIPAA violations.
A few examples of this are:
- Capital Medial Center, WA: unknown quantity of patient PII and medical information
- Charles J. Hilton & Associates: 36k patient data exposed from University of Pittsburgh Med.
- LSU Health New Orleans: unknown amount of PII exposed
- Nebraska Medicine: 219k patient data exposed, forced emergency services downtime
- Rehoboth McKinley Christian Health Care Systems, NM: unknown amount of patient PII
- Standley Systems: scanning outsource vendor leaks > 1k PII from clients
The Department of Health and Human Services (HHS) recently reported that most providers fail to sufficiently assess and manage risk in the organizations.
It cited a failure to implement effective visibility tools to detect lateral network movement and failure to block phishing emails as key issues contributing to ransomware effectiveness.
You can take many steps to protect yourself and your organization against evolving attacks.
For example, you can survey systems for obsolete hardware and software, actively monitor networks, and isolate OT and obsolete devices.
If the current ransomware trends continue to expose healthcare organizations, the HSS and other regulatory bodies will step up enforcement and strengthen regulations to improve patient information security.
If your organization wants to stay ahead of attackers and regulatory headaches, call Ideal Integrations at 412-349-6680, or fill out the form below and we’ll help you assess and manage both your risks and vulnerabilities.