SUNY Erie was the victim of a cyberattack early in the morning on July 22, 2020. As a result, some of their servers and website have been taken offline. Trying to access the website redirects you to their Facebook page in fact. In total, at least 50 computer systems were taken down. The police and another law enforcement agency has been investigating what happened. We would surmise the unnamed agency is the FBI.
Apparently, the malware has been lying dormant for some time the college said. They also believe student data was not compromised.
So far, no ransom has been requested.
Last month we reported Michigan State University suffered from a Ransomware attack as well. Some have estimated this breach will cost the university $3 million. Names and MSU identification numbers were exposed along with social security numbers.
The threats are growing to your business. Yesterday we reported Garmin’s services were taken offline due to ransomware. There is no safe haven and no organization is immune.
Evolving threats you need to be aware of are as follows:
Russia hacking U.S. energy companies:
From December 2018 until at least May of this year, the GRU hacker group known as APT28 or Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May and obtained by WIRED. According to the FBI, the GRU hackers primarily attempted to break into victims’ mail servers, Microsoft Office 365 and email accounts, and VPN servers. The targets included "a wide range of US-based organizations, state and federal government agencies, and educational institutions," the FBI notification states. And technical breadcrumbs included in that notice reveal that APT28 hackers have targeted the US energy sector, too, apparently as part of the same effort.
The Iranian cyber war:
"The Iranians have a deep and complex cyber capability, to be sure. Know that we have certainly considered that risk,” Secretary of State Mike Pompeo said on Fox News.
Ransomware becoming Extortionware
A surge in spending on backup solutions allowed companies to become more prepared for the inevitable click from an employee which caused malware to be installed that encrypts all the files on the network.
Extortionware, however, means the hacker takes the data they have access to because they have broken into your network and starts releasing it to the public.
New York-based Grubman Shire Meiselas & Sacks who had its computer systems hacked and 756 gigabytes of private documents and correspondence stolen, was extorted for $21 million.
Extortionware getting an affiliate program
Extortionware now uses multithreaded technology to encrypt – making it efficient and it looks for all mapped drives to make them useless. The victim’s data is published automatically, according to the settings the hacker chooses. The affiliate receives 70% of the ransom. This site has advertised some of its more successful large hacks which range between around $700,000 to $1.5 million. So the hacker can make over $1 million from a large victim.
Russians now exploiting Business E-mail Compromise as an attack vector
The major concern about this group is they are very active, they ask for a lot of money, $100,000 to $1 million and they have few if any grammatical errors in their correspondence. Researchers say the group is likely based in Russia and as such, it marks a turning point for Russian hackers who used to focus on high-tech scams like ransomware and Extortionware. This change is a major problem for U.S. and other western corporations as this group seems to be highly professional and expanding.
The sad truth is, cybersecurity is more than a technology problem. Having the best firewall doesn’t mean you won’t be a target. Have a great BCDR (business continuity disaster recovery) solution doesn’t mean you won’t be a victim either.
Blackbaud is a well-regarded cloud company serving the cloud needs of nonprofits, faith communities, schools and more. The company, worth more than $2.5 billion was a recent victim of a ransomware hack. They were able to mitigate the attack meaning they stopped it from spreading and shutting down their network completely. Still, they paid the ransom because they were extorted. There was a threat of releasing stolen data online.
Most of these attacks come through email and are a result of a user clicking when they shouldn’t.
Phishing simulation is a fantastic way to help users learn what not to click.
The idea is to send an email that looks like what a hacker would send but when a user clicks and then enters information, they are alerted that they were scammed and told what to look for to avoid being hacked again.
This, coupled with live, interactive training over video has been shown to dramatically cut down on clicks and data entered.
We have used our PHISH360 solution and our own live training to dramatically reduce risk for organizations.
In summary, we highly recommend you use our free to try phishing simulation solution (or another reputable vendor), ask about our live cybersecurity training and finally have us perform a cybersecurity assessment.
A hack can cost a company millions or put them out of business if their customers defect or they are unable to pay the ransom.
The best defense against being put in a lose-lose situation is to prevent a hacker from getting in to begin with. Ask the experts at Apex Technology Services about how we can help your organization stay secure.