Security Breach – 30 April 2020

Security Breach – 30 April 2020

Hackers use stolen credentials to attack hospitals and medical facilities with ransomwaHackers use stolen credentials to attack hospitals and medical facilities with ransomware

Since the onset of the COVID-19 pandemic, hospitals, and medical facilities have dealt with a deluge of cyberattacks, and ransomware has been especially pernicious. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), hackers infiltrated many of these organizations using stolen credentials obtained from a known vulnerability in their Pulse Secure VPN servers.

This threat was first identified in October 2019, with the CISA and the US Federal Bureau of Investigation both issuing subsequent alerts in January and April of 2020. Unfortunately, even after repairing the vulnerability, the agencies have seen examples of cybercriminals using compromised credentials to access company networks.

Recent Breaches

Australia – Cognizant – IT Service provider

Exploit: Ransomware

Risk to Small Business: Severe: Maze ransomware, a prominent form of the damaging malware, has encrypted Cognizant’s internal systems and caused disruptions for the company’s clients.

Maze ransomware can be especially damaging because it exfiltrate company data before encrypting networks, doubling the damage of an attack by requiring companies to both restore network services while grappling with the impact of a data breach.

The company, which has offices around the world, including in Australia, will now have to navigate productivity declines, data security concerns, and recovery costs as it grapples with a COVID-19-related downturn

Risk to Exploited Individuals: At this time, no personal information was compromised in the breach. However, Maze ransomware is known for its ability to exfiltrate company data. As a result, anyone affiliated with the company should diligently monitor their accounts and communications for signs of fraud.

Customers Impacted: Unknown

United Kingdom – Robert Dyas – Hardware store

Exploit: Malware attack

Risk to Small Business: Severe: Payment card skimming malware was injected into the company’s online store and remained active for 23 days. The company, which provides DIY and home improvement products, hosts an online store as a critical component of its business while COVID-19 social distancing guidelines are in place. Before the breach was reported, the company was enjoying a significant boost in online sales, and this incident could encourage shoppers to take their business elsewhere. In addition to consumer backlash, the company will face regulatory scrutiny that could result in financial penalties.

Risk to Exploited Individuals: Extreme: This breach applies to shoppers who used the online store between March 7, 2020, and March 30, 2020. The payment card skimming malware captured customers’ personal and financial data, including their names, addresses, payment card numbers, expiration dates, and CVV numbers. Those impacted should immediately notify their financial services providers. In addition, they should enroll in credit and identity monitoring services to ensure that this highly sensitive information isn’t misused in other ways.

Customers Impacted: 20,000

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown

Follow us on LinkedIn:

Related Articles:
Thousands of Zoom Credentials Available on Dark Web
Ransomware attacks are causing more downtime than ever before


Log a Job: