The air is getting crisper here in the US, but the cybersecurity landscape continues to remain hot! In other words, nothing really seems to change for our extremely active marketplace. With that said, here’s the latest roundup of the most significant news in the last month.
Let’s begin with an October 22 report from Microsoft tracking ransomware attacks on the healthcare sector. In the report, Microsoft says that 389 U.S. healthcare institutions were hit by ransomware this fiscal year and that healthcare organizations lose up to $900,000 per day from this type of incident.
An early October cyberattack hit one of the largest water treatment companies in the United States, American Water. The ransomware attack was allegedly carried out by a Russian state-sponsored hacker group known as Sandworm. Given the circumstances, the incident could have been much worse, with the main impact seeming to only be the unavailability of American Water’s billing system. However, the fact it occurred at all raises concern because it's only the latest in a string of attacks on US critical infrastructure.
Electronics giant Casio recently announced it is the victim of a ransomware attack. The incident caused significant disruptions to its systems, and it is believed the attackers got away with sensitive company data and personal information of employees and business partners. As far as we’re aware, Casio is still working on restoring its systems.
Despite the troubling news, there is progress in the fight against cybercrime. In fact, October was another successful month for law enforcement. Numerous operations across the globe led to the arrests of nearly 100 people suspected of cybercriminal activity in Russia; there was an important bust of four individuals believed to be connected with the LockBit ransomware group; and police in Brazil arrested a man allegedly responsible for two significant cybersecurity events, including the massive August data breach at National Public Data (NPD) which impacted millions of Americans (though unfortunately the attack was so damaging NPD is now seeking bankruptcy protection.)
Finally, portions of the rules under the NIS2 Directive are now being implemented. The new Directive is viewed as a “Significant step in enhancing the cybersecurity of critical entities and networks across the European Union.” It’s certainly good to see this positive activity taking place! However, only a small number of EU states have fully complied so there is still a long way to go.
That’s a wrap for October! Grab a cup o’ joe and stay for a while!!
The largest supplier of drinking water and wastewater services in the U.S. is hacked
Public utility giant American Water Works Company Inc. - which provides drinking water and wastewater services to more than 14 million people in the US - said hackers breached its computer networks and systems on October 3. The 8-K form submitted to the U.S. Securities and Exchange Commission, states the company first became aware of ‘unauthorized activity’ that same day. The impact of the hack wasn’t severe, but it did force the shutdown of several internal systems, including its customer portal and billing functions. Other attacks on U.S. critical infrastructure have had more of an impact, such as the January attack at a Texas water facility that caused a tank to overflow and the 2021 Colonial Pipeline attack was considered to be extremely significant, causing fuel shortages in parts of the southeast US. As this insightful article in TechTarget explains, the incident at American Water Works highlights increasing concerns about “the vulnerability of critical infrastructure to digital threats.”
The State of Healthcare Cybersecurity: Enough to Make You to Feel Ill
An October 22 report from Microsoft says Iranian-led ransomware attacks on the health care sector are rising and putting lives at risk. According to the report, “US Healthcare at risk: Strengthening resiliency against ransomware attacks” there has been a 300% increase in ransomware attacks on the health sector since 2015. In addition, ransomware attacks at U.S. healthcare institutions have caused network shutdowns, offline systems, rescheduled appointments and delays in critical procedures. The report also found that cyber-attacks on healthcare organizations add up financially – some can lose up to $900,000 per day. As if on cue, earlier this month Boston Children’s Health Physicians (BCHP) reported a data breach following a third-party cyber-attack. Though this was a different group, with the BianLian ransomware group being behind the attack, a group which reportedly has strong connections to Russia. The BCHP breach compromised sensitive information, including names, Social Security numbers, and medical records of patients and employees.
Casio Now Dealing with a Ransomware Attack: The Recovery is Not Going Well
For the second year in a row, electronics giant and technology icon Casio is grappling with a cybersecurity incident. The latest one occurred on October 5, causing significant disruptions to Casio’s systems, and there is speculation sensitive data was stolen. According to an October 17 article in TechCrunch, Casio said there was “no prospect of recovery” from the incident. The timing is unfortunate, as it was just a year ago the company experienced a significant data breach. That incident, blamed on human error, affected 91,921 users in Japan and 35,049 customers from 148 countries and regions.
Now the good news! Hackers are Getting Arrested Left and Right.
October was an active month for catching cyber criminals. One of the most significant police busts took place in early October, which resulted in the arrest of four individuals believed to be connected with the infamous LockBit ransomware group. A coalition of law enforcement from 12 countries, including the UK, US, France and Spain, led to the arrests of a developer, a bulletproof hosting service administrator, and two others connected to LockBit activity. The joint effort involved police officers from a prior task force aimed at taking down LockBit, Operation Cronos. Initially formed in April 2022, Operation Cronos finally got a big break and was able to disrupt LockBit’s infrastructure this past February. That was a significant step since LockBit is viewed as a heavy hitter in the world of cybercrime. This World Economic Forum article published shortly thereafter the February takedown explains in good detail just how dangerous a group LockBit was at its height.
Arrest of 96 Alleged Payment & Cryptocurrency Criminals Results in Seizure of $16 Million
In Russia, on October 2 authorities there announced the arrests of nearly 100 people suspected of cybercriminal activity. Those arrested were allegedly involved with the anonymous payment system UAPS and the cryptocurrency exchange Cryptex. In all, Russian police conducted nearly 150 searches across the country, which ultimately netted 96 arrests and the seizure of more than 1.5 billion rubles (roughly $16 million). According to Russian news agency Interfax, Russian national Sergey Ivanov was detained during the operation. He is believed to be the administrator of both Cryptex and UAPS, and appears to have ties with a scheme involving laundering proceeds from ransomware payments and other fraudulent activities. Ivanov has also been charged by US authorities for his involvement with two additional cybercrime schemes, PinPays and PM2BTC. Ivanov has been a busy man, and now it looks like he’ll have some time on his hands in prison.
Infamous Hacker “USDoD” Gets Caught in Net of Brazilian Police – and Not Just for One Crime
Then on October 16, police in Brazil reeled in a big one! You could even say it was a “twofer”. That’s because they arrested a man allegedly responsible for not one, but two, major cybercrimes. The most recent being the massive at National Public Data (NPD) which impacted millions of Americans – and has forced NPD to declare bankruptcy. The second incident occurred in December 2022 when the man known as “USDoD” – and other monikers – hacked Infragard, the FBI-run portal utilized by American law enforcement. Well known in the cybercrime underground, the suspect has used alias’s beyond “USDoD” including EquationCorp.” A story in Cyberscoop says he is a 33-year old Brazilian national known as “Luan”. Interestingly, “Luan” was outed by Crowdstrike this past summer after a reporter was able to get hold of one its reports. Once details of the Crowdstrike report was published, the hacker was tracked down by Hackread.com, which published an August 23 article in which the hacker admits that “CrowdStrike was accurate in identifying” him. Fascinating stuff!
August data breach at National Public Data (NPD) which impacted millions of Americans – and has forced NPD to declare bankruptcy. The second incident occurred in December 2022 when the man known as “USDoD” – and other monikers –hacked Infragard, the FBI-run portal utilized by American law enforcement. Well known in the cybercrime underground, the suspect has used alias’s beyond “USDoD” including EquationCorp.” A story in Cyberscoop says he is a 33-year-old Brazilian national known as “Luan”. Interestingly, “Luan” was outed by Crowdstrike this past summer after a reporter was able to get hold of one its reports. Once details of the Crowdstrike report was published, the hacker was tracked down by Hackread.com, which published an August 23 article in which the hacker admits that “CrowdStrike was accurate in identifying” him. Fascinating stuff!
The EU’s NIS2 Directive is Being Implemented - The Bad News? Only Two States are Fully on Board
The European Commission’s Network and Information Systems Directive (NIS2) recently took an important step by adopting its first set of rules. In doing this, there should be an improvement of the cybersecurity of critical entities and networks across the European Union. The NIS2 Directive is viewed as a leading effort towards achieving the highest possible standards of cybersecurity across the entire EU. According to the Innovation News Network, these new steps “target essential categories of companies that provide vital digital services, such as cloud computing, data centers, online marketplaces, search engines, and social networking platforms.” The article adds that the NIS2 Directive “also provides a framework to determine when a cyber incident should be deemed ‘significant.’ Companies in these sectors must report such incidents to national authorities, enabling swift action to mitigate any potential harm.” As of October 18, all member states of the EU were supposed to comply, however, the participation among the states is to say the least, limited at this point with only two member states, Croatia and Italy, fully on board. Naturally, the Register has this covered.
But Wait, There’s More
Delta Launches $500M Lawsuit Against CrowdStrike – Dark Reading
Free, France’s second-largest telecoms company, confirms being hit by cyberattack – The Record
Cisco investigates alleged data breach after hackers offer stolen data for sale – Teiss
Chinese trader laundered more than $17M for Lazarus Group in 25 hacks – Coin Telegraph
Spate of ransomware attacks on German-speaking schools hits another in Switzerland – The Record
Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks – Secure World News
Lamborghini Carjackers Lured by $243M Cyberheist – Krebs on Security
Four companies settle SEC allegations over SolarWinds cyberattack disclosures, agree to pay nearly $7 million – Teiss
This is how Microsoft lures phishing scammers into sophisticated honeypot traps – Research Snipers
Marriott's Breach Saga Underscores Need for Cybersecurity Review – Secure World News
Myths holding women back from cybersecurity careers - HelpNetSecurity