30 Apr Security Breach – 30 April 2020
Hackers use stolen credentials to attack hospitals and medical facilities with ransomware
Since the onset of the COVID-19 pandemic, hospitals, and medical facilities have dealt with a deluge of cyberattacks, and ransomware has been especially pernicious. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), hackers infiltrated many of these organizations using stolen credentials obtained from a known vulnerability in their Pulse Secure VPN servers.
This threat was first identified in October 2019, with the CISA and the US Federal Bureau of Investigation both issuing subsequent alerts in January and April of 2020. Unfortunately, even after repairing the vulnerability, the agencies have seen examples of cybercriminals using compromised credentials to access company networks.
Australia – Cognizant – IT Service provider
Risk to Small Business: Severe: Maze ransomware, a prominent form of the damaging malware, has encrypted Cognizant’s internal systems and caused disruptions for the company’s clients.
Maze ransomware can be especially damaging because it exfiltrate company data before encrypting networks, doubling the damage of an attack by requiring companies to both restore network services while grappling with the impact of a data breach.
The company, which has offices around the world, including in Australia, will now have to navigate productivity declines, data security concerns, and recovery costs as it grapples with a COVID-19-related downturn
Risk to Exploited Individuals: At this time, no personal information was compromised in the breach. However, Maze ransomware is known for its ability to exfiltrate company data. As a result, anyone affiliated with the company should diligently monitor their accounts and communications for signs of fraud.
Customers Impacted: Unknown
United Kingdom – Robert Dyas – Hardware store
Exploit: Malware attack
Risk to Small Business: Severe: Payment card skimming malware was injected into the company’s online store and remained active for 23 days. The company, which provides DIY and home improvement products, hosts an online store as a critical component of its business while COVID-19 social distancing guidelines are in place. Before the breach was reported, the company was enjoying a significant boost in online sales, and this incident could encourage shoppers to take their business elsewhere. In addition to consumer backlash, the company will face regulatory scrutiny that could result in financial penalties.
Risk to Exploited Individuals: Extreme: This breach applies to shoppers who used the online store between March 7, 2020, and March 30, 2020. The payment card skimming malware captured customers’ personal and financial data, including their names, addresses, payment card numbers, expiration dates, and CVV numbers. Those impacted should immediately notify their financial services providers. In addition, they should enroll in credit and identity monitoring services to ensure that this highly sensitive information isn’t misused in other ways.
Customers Impacted: 20,000
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: