The Last 30 Days in Cybersecurity: Notable Breaches, Outages & Ransom Demands
Ransomware Attack on Indigo
In early February, Canadian retailer Chapters/Indigo revealed that it was experiencing a cyberattack which led to its website going offline for about a month. The attack also led to other operational pitfalls like not being able to take digital in-store payments, process gift card purchases as well as accept refunds.
Weeks later, Indigo revealed that they experienced a ransomware attack by LockBit software that led to the personal information of current and former employees being stolen. The stolen information included employee names, birth dates, home addresses, social insurance numbers and bank account numbers, and warned that this information could eventually end up on the dark web.
Indigo revealed that they did not pay the demanded ransom – which is an increasing trend among organizations today. While Indigo said that they haven’t uncovered evidence of customer information being breached, the entire event is still concerning, especially for employees who could have such sensitive information appear on the dark web at any moment.
Microsoft Patch Vulnerability
In late March, Microsoft issued an advisory about a critical security vulnerability which affected Windows users who use the native Outlook program to access their email. Those who access their Outlook via a browser aren’t impacted by this.
What’s troubling is that this vulnerability would allow cyber criminals to steal credentials from Microsoft Outlook users by just sending an email to a target user – without the need for them to open it. It poses a dire threat to all organizations, as cyber criminals can repeatedly execute this attack and commandeer user accounts while the user is completely unaware.
This is an example of why updating your Microsoft Office tools, including Outlook, is just as important as updating your operating systems to stay safe online.
Yum Brands Discloses Major Customer Cyber Attack
Yum Brands, the parent company of popular global food chains like Pizza Hut and KFC recently disclosed that it experienced a major cyberattack which forced it to close 300 restaurants in the UK in January.
Since then, they’ve revealed that they encountered a ransomware attack, and similar to Indigo, the personal information of employees was stolen which includes names, driver’s license numbers, social security/insurance numbers and other types of personal identifiers.
This is unfortunately another consequence of today’s cyberattacks that puts employees in a vulnerable spot, as the data that their employer holds about them is sensitive. What’s even more concerning is that there are limited laws and regulations to protect employees once these attacks occur – as most laws and regulations have focused on consumer data integrity standards and compensation.
Data is Critically Important
These two recent examples highlight that data is exceptionally valuable to attackers – cyber criminals obtaining employee data allows them to orchestrate widespread phishing, social engineering and fraud scams that can cause very real harm to your people. Besides the damage to your employees, these attacks can cause problems related to employee engagement and morality, and seriously damage your employer brand. Ensuring that your employees’ data is protected, encrypted and treated as stringently as your customers’ is key. Had Yum and Indigo done that, they could have potentially avoided their employees’ data from being stolen in addition to the reputational and operational damages that ensued.
The Latest Cybercrime Trends
Travel Scams are on the Rise
With global travel bouncing back after it came to a halt during the COVID-19 pandemic, cybercriminals have jumped on the opportunity to get their hands on the pent-up demand of business travelers and vacation seekers.
With the increased digitization of services and demand for travel, scammers can set up fake accommodation and booking sites. They also target travelers in busy ports and hubs like train stations, or on public Wi-Fi networks to steal sensitive credentials, physical devices and even their passports.
If you are travelling for work, always ensure that you check in with your IT or cyber security team before you leave to ensure that your devices and information remains secure. They’ll want to make sure that thieves cannot access valuable data if it gets into the hands of a criminal and they’ll ensure you can access your data via a reliable 3rd party backup should you lose your devices.
Ransomware. Ransomware. Ransomware.
In last month’s Jack’s Hacks edition, I wrote that despite some reports stating that ransomware is on the decline, early 2023 data was suggesting that it wasn’t. And another new report by NCC Group has validated this, stating that global ransomware attacks increased a staggering 91% in the month of March.
Cl0p, a Russian linked entity specializing in double extortion seems to be leading the way in ransomware attacks, with the commonly known LockBit group in second place – the same group responsible for Indigo and Yum Brands’ attacks.
It appears that the reasoning behind Cl0p’s rise to the top involved them exploiting a zero-day vulnerability in January that was only communicated to its authenticated users — without a patch available until February. In that time the group was able to take advantage of the vulnerability to target 1000s of its clients via ransomware attacks.
AI Can Make Smarter Malware
Criminals are using various AI solutions to build and execute better attacks on businesses of all sizes and individuals through effective phishing and social engineering attacks.
But another way they are using AI to further cyber-attacks and scams is by building better malware. There isn’t definitive evidence that AI created malware exists at this point, but most cyber security experts agree that it is certainly being used to make the malware harder to defeat and more effective. For example, leading security firm CyberArk used AI to build malware that could independently alter itself to evade detection, which shows that this is indeed possible.
While AI tools can be a game changer to advance human needs, the new technology and innovation does present a very real risk that they will be used by criminals to attack people and organizations. To combat this changing landscape people and businesses will need to more vigilant when using technology and invest in real-time monitoring to keep themselves safe.
Jack’s Top Monthly Hacks
For years, cloud company providers have been telling businesses to jump into the cloud environment as it was secure and safe. And while there is certainly some security, it is far from being sufficient to protect us from modern threats.
While ransomware cannot run in a cloud environment, it can unfortunately run on the computers that synchronize data to them. But considering today’s cyber security environment, ransomware is just one type of threat that businesses need to worry about, as cyber criminals steal this data to orchestrate other types of attacks that can lead to account takeovers, data theft and/or cyber extortion, to name a few.
Lastly, backups that run in the cloud are what I like to call “fancy version control”, which is great when we mess up a document – but they fall significantly short when one must conduct larger data recovery initiatives. That’s why your organization needs to go beyond the cloud and implement advanced security measures that will help you:
- Catch, scan and contain bad emails that can lead to phishing or the installation of malware.
- A truly separate backup that is immutable, meaning that ransomware cannot change your backup.
- 24/7 monitoring by security experts who can take action immediately to keep you safe like our cyber security solutions.
While home smart speaker devices can make your life easier, it’s very important that you practice good cyber security awareness when using them, as they host a wealth of personal data with your daily queries.
That’s why I always recommend the following tips if you’re using Alexa, Google, Echo or other similar home devices:
- Avoid installing unfamiliar apps on your smart speaker and make sure the ones that you do install are secure. In today’s world, anyone can create a smart assistant app, so it’s important that you ensure its legitimacy before you install it, so that it doesn’t acquire your sensitive data and misuse it.
- Be careful what sensitive information you share with your smart speaker, such as passwords to bank accounts or your home network, and even your home address. This could unlock access to valuable information for cybercriminals.
- Run a separate network for anything related to your home Internet of Things (IoT) devices like smart speakers, cameras, refrigerator, TVs etc. This network should be fully disconnected from the one that your computers and smart phones use. This keeps potentially sensitive information away from smart devices that could be more easily compromised.