Any business owner who doubts the need to invest in cybersecurity is unlikely to maintain those doubts after exploring today’s headlines. The world of cybersecurity resembles an arms race—companies strengthen their IT defenses while threat actors continually develop new ways to break through them. As a result, breaches keep happening, even to large private sector corporations with information security departments dedicated to preventing them.
Let’s have a look at some of the top cyber attack news stories that have been reported in recent months.
Cyberattack on Ecuadorian Bank
In mid-October, cybercriminals launched a sophisticated attack on Banco Pichincha, Ecuador’s largest privately owned bank. The attack disrupted the bank’s network of ATMs and online banking portals, temporarily taking them offline. To contain the threat and prevent further harm, the bank voluntarily shut down parts of its network.
Founded in 1906, Banco Pichincha has more than 1.8 million customers (representing about 10% of the country’s population) and over 200 branches across Ecuador. It controls $4.5 billion in assets as well as $4 billion in deposits. An attack of this nature has serious consequences for the local economy.
Although Banco Pichincha has not disclosed the precise nature of the cyberattack, experts speculate that ransomware, possibly launched with the Cobalt Strike security tool, caused the breach. This tool has become increasingly popular among cybercriminals in recent years.
Cobalt Strike, which debuted in 2012, is not malware—it helps augment penetration tests by emulating unauthorized network activity. Unfortunately, threat actors eventually realized they could exploit it to launch real-life cyberattacks.
Incidentally, this isn’t even the first ransomware attack Banco Pichincha faced this year. In February, attackers targeted both the bank and the nation’s Ministry of Finance with a ransomware assault. They launched the attack using the PHP-based Ronggolawe ransomware, also known as AwesomeWare.
Fertility Clinic Breach
The financial sector isn’t the only target of ransomware. Healthcare facilities are also favorite marks for hackers, for several reasons: these organizations often have outdated cybersecurity defenses (due to budgetary restrictions), and they customarily collect a large variety of data that can be useful for identity theft.
In August 2021, ReproSource, a fertility clinic headquartered in Marlborough, MA, became yet another company in the healthcare field to fall victim to cybercriminals. A ransomware attack hit ReproSource and exposed the personally identifiable information of 350,000 patients.
The attack began on August 8, but ReproSource did not detect it until August 10, when they successfully contained it. However, the damage had already occurred.
Hackers managed to leak a variety of patient data, including dates of birth, email addresses, phone numbers, and billing info. Some patients had additional info leaked, such as driver’s license and Social Security numbers. More troubling still, the breach also exposed the patients’ private health information: test reports, diagnosis codes, and other data that no one wants to have circulating out there on the dark web.
Quest Diagnostics, which owns ReproSource, reported the attack to the SEC as required by law. ReproSource also sent out breach notification letters to affected patients.
LockBit Strikes Again
August 2021 spelled trouble for Irish-based IT consultant company Accenture as well. Accenture, a Fortune 500 company that generates over $50 billion in revenues each year, was victimized by the LockBit ransomware gang in a breach that led to the capture of a reported six terabytes of data. The gang demanded a ransom of $50 million in exchange for not leaking the data online.
The LockBit ransomware group arrived on the scene in September 2019. They are notorious for leasing their ransomware to other threat actors and taking a cut of the money obtained through the use of the malware. This is a model known as Ransomware-as-a-Service (RaaS), which allows hacking groups without advanced tech knowledge to simply rent the tools they need for a successful breach. Cybersecurity experts believe that RaaS will become increasingly common across the cyber landscape in the near future.
Reportedly, Accenture was able to isolate the servers affected by the attack and fully restore its system with help from backups.
The Colonial Pipeline Incident
In what is probably the biggest cybersecurity story of 2021, Colonial Pipeline temporarily shut down its 5,500-mile network in response to a ransomware attack that began on May 6. The threat actors, linked to the Russian-based DarkSide cybercrime gang, stole about 100 gigabytes of company data prior to deploying malware that effectively locked up the company’s IT systems.
The shutdown of what is the largest refined oil pipeline in the United States made its effects felt immediately in the nation’s supply chain. The U.S. East Coast suffered a serious fuel shortage. The incident came to the attention of the Department of Energy (DOE), which threw its considerable resources into the effort to remediate the attack. Colonial paid the demanded ransom ($4.4 million in bitcoin) and resumed normal operations on May 12. Law enforcement officials were able to recover the majority of the ransom money.
The DarkSide malware represents another example of Ransomware-as-a-Service, further proving that this cyber threat demands serious attention. Ransomware will be a major factor in data breach cyber attacks over the next few years. According to CNET, ransomware payments added up to about $590 million in the first half of 2021. And ransomware doesn’t just target massive multinational corporations—attackers can strike any organization, large or small.
What can be done to fend off this threat? IT security researchers advise setting up backups, but that’s not enough. It’s important to maintain defenses that can prevent ransomware attacks from infiltrating your systems in the first place. As the LockBit episode shows, hackers can leak your sensitive data online and damage your company even if you’re able to restore your IT system.
You need strong cybersecurity to keep ransomware from infecting your systems. Ciphertex® is the partner you can rely on in your fight against cybercriminals. Our portable NAS servers, encrypted portable single drives, and customizable software give you the tools you need to keep your data safe. For more information, call Ciphertex® at 818-773-8989.