Any business owner who doubts the need to invest in cybersecurity is unlikely to maintain those doubts after exploring today’s headlines. The fact is that the world of cybersecurity is involved in something like an arms race—as companies shore up their IT defenses, threat actors continue to devise methods of cracking them. As a result, breaches keep happening, even to large private sector corporations with information security departments dedicated to preventing them.
Let’s have a look at some of the top cyber attack news stories that have been reported in recent months.
Cyberattack on Ecuadorian Bank
Banco Pichincha, the largest privately owned bank in Ecuador, was struck by a sophisticated cyberattack in mid October. The attack disrupted the bank’s network of ATMs and online banking portals, taking them temporarily offline. The bank was forced to voluntarily shut down parts of its network to contain the threat and prevent further harm.
Founded in 1906, Banco Pichincha has more than 1.8 million customers (representing about 10% of the country’s population) and over 200 branches across Ecuador. It controls $4.5 billion in assets as well as $4 billion in deposits. An attack of this nature has serious consequences for the local economy.
Although the precise nature of the cyberattack has not been disclosed to the public, it has been speculated that Banco Pichincha was victimized by ransomware, possibly launched with the aid of the Cobalt Strike security tool, which has become increasingly popular among cybercriminals in recent years.
Cobalt Strike, which debuted in 2012, is not malware—it was designed to augment penetration tests by emulating unauthorized network activity. Unfortunately, threat actors eventually figured out that they can use it to launch real-life cyberattacks.
Incidentally, this isn’t even the first time this year that Banco Pichincha was hit by ransomware. Back in February, the bank was targeted in a ransomware attack that also hit the nation’s Ministry of Finance. That assault was launched with help from the PHP-based Ronggolawe ransomware, otherwise known as AwesomeWare.
Fertility Clinic Breach
The financial sector isn’t the only target of ransomware. Healthcare facilities are also favorite marks for hackers, for several reasons: these organizations often have outdated cybersecurity defenses (due to budgetary restrictions), and they customarily collect a large variety of data that can be useful for identity theft.
In August 2021, ReproSource, a fertility clinic headquartered in Marlborough, MA, became yet another company in the healthcare field to fall victim to cybercriminals. ReproSource was victimized by a ransomware attack that exposed the personally identifiable information of 350,000 patients.
The attack began on August 8 and was not detected until August 10, at which time it was successfully contained. The damage was already done, however.
Hackers managed to leak a variety of patient data, including dates of birth, email addresses, phone numbers, and billing info. Some patients had additional info leaked, such as driver’s license and Social Security numbers. More troubling still, the breach also exposed the patients’ private health information: test reports, diagnosis codes, and other data that no one wants to have circulating out there on the dark web.
Quest Diagnostics, which owns ReproSource, reported the attack to the SEC as required by law. ReproSource also sent out breach notification letters to affected patients.
LockBit Strikes Again
August 2021 spelled trouble for Irish-based IT consultant company Accenture as well. Accenture, a Fortune 500 company that generates over $50 billion in revenues each year, was victimized by the LockBit ransomware gang in a breach that led to the capture of a reported six terabytes of data. The gang demanded a ransom of $50 million in exchange for not leaking the data online.
The LockBit ransomware group arrived on the scene in September 2019. They are notorious for leasing their ransomware to other threat actors and taking a cut of the money obtained through the use of the malware. This is a model known as Ransomware-as-a-Service (RaaS), which allows hacking groups without advanced tech knowledge to simply rent the tools they need for a successful breach. Cybersecurity experts believe that RaaS will become increasingly common across the cyber landscape in the near future.
Reportedly, Accenture was able to isolate the servers affected by the attack and fully restore its system with help from backups.
The Colonial Pipeline Incident
In what is probably the biggest cybersecurity story of 2021, the 5500-mile Colonial Pipeline was forced to temporarily shut down in response to a ransomware attack that commenced on May 6. The threat actors, linked to the Russian-based DarkSide cybercrime gang, stole about 100 gigabytes of company data prior to deploying malware that effectively locked up the company’s IT systems.
The shutdown of what is the largest refined oil pipeline in the United States made its effects felt immediately in the nation’s supply chain. The U.S. East Coast suffered a serious fuel shortage. The incident came to the attention of the Department of Energy (DOE), which threw its considerable resources into the effort to remediate the attack. Colonial paid the demanded ransom ($4.4 million in bitcoin) and resumed normal operations on May 12. Law enforcement officials were able to recover the majority of the ransom money.
The DarkSide malware is another example of Ransomware-as-a-Service, providing further evidence that this cyber threat should not be underestimated. Ransomware will be a major factor in data breach cyber attacks over the next few years. According to CNET, ransomware payments added up to about $590 million in the first half of 2021. And it isn’t just massive multi-country corporations that will be affected—any organization, large or small, can be victimized by this malware.
What can be done to fend off this threat? IT security researchers advise setting up backups, but that’s not enough. It’s important to maintain defenses that can prevent ransomware attacks from infiltrating your systems in the first place. As the LockBit episode shows, hackers can leak your sensitive data online and damage your company even if you’re able to restore your IT system.
You need strong cybersecurity to keep ransomware from infecting your systems. Ciphertex is the partner you can rely on in your fight against cybercriminals. Our portable NAS servers, encrypted portable single drives, and customizable software give you the tools you need to keep your data safe. For more information, call Ciphertex at 818-773-8989.