Hacks, Attacks and Breaches: 1/29/2020 – 2/4/2020
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update. The Logically team provides top cyber security stories every week to keep you up-to-date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Exploit: Phishing scam
California Healthcare Network: Hospital and urgent care center operator
Risk to Small Business: Employees fell for a phishing scam that compromised patients’ protected health information (PHI). The company first discovered the breach on June 19, 2019, when it secured accounts by resetting login credentials. However, an additional investigation revealed that patient data was compromised in the breach. The California Healthcare Network is notifying patients of the incident and updating the email security standards, but the real test is certainly still ahead. Healthcare data breaches are the most expensive of any sector, and the company will undoubtedly endure intense regulatory scrutiny because of the sensitive nature of the breach.
How it Could Affect Your Business: Most data breaches begin with a successful phishing scam. Every organization has a responsibility to train its employees in defensive best practices, which is a relative bargain compared to the high cost of a data breach. In doing so, organizations transform a known vulnerability into an asset to their defensive posture.
Bird Construction: Commercial and institutional building construction company
Risk to Small Business: A December ransomware attack has encrypted critical company data. In a statement, Bird Construction noted that the organization continues to function without interruption. However, after the company refused to pay a ransom, cybercriminals began releasing the stolen data online, creating a more expansive and expensive data loss event. The company relies on hundreds of millions of dollars in government contracts, and sensitive government and military information may be included in the breach. The recovery process is bound to be incredibly expensive, and it could have long-term implications for their business model.
How it Could Affect Your Business: Ransomware attacks are a growing threat for every organization, and cybercriminals appear to be upping the ante. Rather than moving on when companies refuse to pay up, many have begun releasing company data online, increasing the cost and scope of the attack. Therefore, every organization to reassess its defensive posture to account for this burgeoning threat.
Exploit: Intentional data exposure
Rogers Communications: Telecommunications company
Risk to Small Business: Security researchers found sensitive data from Rogers Communications posted on two public GitHub accounts. The information included application source code, internal usernames, passwords, and the company’s private keys. The data was dumped on the website by a former employee. Although the company claims that the information is outdated and couldn’t lead to a data breach, other specialists note that it could provide cybercriminals with insights into the company’s IT infrastructure. At the very least, it’s a black mark on the company’s data privacy reputation, but that’s unlikely to be the only consequence the company faces.
How it Could Affect Your Business: Employee email accounts are often the gateway for all types of data loss events. Securing this easy avenue into your company's critical IT can go a long way towards preventing a data breach. Since email credentials are some of the most frequently sought out by cybercriminals, an extra security layer, like two-factor authentication, can ensure that accounts remain secure even if usernames or passwords are compromised.