Back to top

Hacks, Attacks and Breaches: 09/30/2020 to 10/06/2020

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States – Arthur J. Gallagher & Co. 

Exploit: Ransomware
Arthur J. Gallagher & Co.: Insurance Brokerage 

Risk to Small Business: Ransomware struck at insurance giant Arthur J. Gallagher last week, according to the company’s Untied States Securities and Exchange Commission filing. The report went on to note that a limited portion of its internal systems were impacted, and its operations were able to continue. Security researchers suspect that bad actors were able to exploit a known security flaw in the company’s servers to gain entry.

How it Could Affect Your Business: Nowadays, ransomware operators are not just seeking ways to steal data – they also want to disrupt operations to cause damage.

United States – Cache Creek Casino

Exploit: Ransomware
Cache Creek Casino: Resort

Risk to Small Business: Ransomware cleaned up at Cache Creek Casino in California, shutting down operations at the popular gambling destination just as it began recovering from a COVID-19 closure earlier this year. No reopening date has been set as the investigation and recovery continues. Other businesses including a golf club and shopping at the complex remain open. Cache Creek Casino is part of Cache Creek Casino Resort, one of Northern California’s largest casino-resort destinations, is owned and operated by the Yocha Dehe Wintun Nation.

How it Could Affect Your Business: More than 60% of businesses that experience a damaging cyberattack close – and it is even more dangerous now as businesses try to recover from COVID-19 closures.

United States – District of Columbia Bar Association

Exploit: Unsecured Database
District of Columbia Bar Association: Regulatory Body

Risk to Small Business: An unsecured Elasticsearch server appears to be at fault for a data breach involving the personal data of new lawyers applying to test before the bar at the District of Columbia Bar Association. A whistleblower complaint was first submitted to the association in August, but resolution was slow, and applicant data may have leaked for some time before it was fixed. The DC Bar claims that only one record was exposed, but researchers and applicants who discovered the breach dispute that claim.

How it Could Affect Your Business: Serious personal information deserves serious security. Any company that collects sensitive information about clients or applicants needs to do due diligence to determine that the information is properly secured.

United States – Clark County School District

Exploit: Ransomware
Clark County School District: Education System

Risk to Small Business: Cybercriminals have followed through on their threats to release the information that they had snatched about students after officials refused to pay the ransom demanded to release it. Students in the Clark County School District, Las Vegas, Nevada discovered over the weekend that their school records had been dumped on the Dark Web.

How it Could Affect Your Business: Failing to institute regular security awareness training including phishing resistance leaves organizations ripe for ransomware – and cybercriminals are more than willing to double down on ransom demands.