Welcome back to GlobalSign’s weekly news round-up. Here’s the latest in all things cybersecurity.
This week, Bangkok Airways revealed that its data has been breached following a recently revealed cyber attack. The Thai airline announced on August 23rd it discovered it was the victim of a ransomware attack. The company refused to pay a ransom to the hackers, resulting in customer data being exposed. In a recent security notice, Bangkok Airways apologized to customers, calling it a “malicious incident.”
A report from security testing site Comparitech says that ransomware may have cost U.S. schools over $6 billion last year. Perhaps this is no surprise given the many attacks that hackers launched, taking advantage of completely overwhelmed school systems during the first wave of the pandemic. Comparitech analyzed the 77 attacks reported by educational institutions nationwide in 2020 and calculated the cost to these victims from estimated downtime and recovery time. The research team was able to work out average downtime was seven days, and recovery time took about 55 days in about half of all incidents.
A warning from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI has been widely reported this week. The agencies are deeply concerned about the risk of ransomware attacks during the upcoming Labor Day holiday here in the U.S. On Monday, September 6, 2021, the United States will celebrate Labor Day, the federal holiday to honor and recognize the workers’ movement. As with all holidays, companies will not be fully staffed. As a result, it’s likely there will be plenty of understaffed IT teams on agencies and organizations, and CISA is concerned that bad actors will take advantage of this.
While the CISA and the FBI clarify that they don’t have any specific intelligence on an upcoming cyber attack during the Labor Day holiday, it is considered a very high possibility based on the standard actor tactics and procedures followed during other holidays and weekends this year, most notably the REvil ransomware attack on Kaseya during the July 4th holiday - the single largest ransomware attack to attack to date. Let’s hope everyone heeds CISA’s warnings and takes the necessary precautions.
Speaking of the FBI, it issued a warning last weekend (August 25th) about Hive ransomware. The warning came after last month’s attack on Marietta, Ohio-based Memorial Health System, which was so significant that not only did the organization have to shut down its IT network, patients had to be diverted to other hospitals.
Given all this activity, including said federal warnings, the U.S. government is in the early phases of crafting legislation requiring companies to report some cyber incidents to them. Per an article in Cyberscoop, “Battle lines” are being drawn in Congress over legislation that would require companies to report some cyber incidents to the federal government. One of the hotly-debated questions: whether companies have 24 or 72 hours to report an incident -- and who would be on the hook outside of critical infrastructure owners and operators, if anyone.
That’s all for this week. Have a fun, cyber-secure weekend!
Top Global Security News
Cyberscoop (September 1, 2021) Breach notification window, accountability are focus of coming fight on cyber legislation in Congress
"Battle lines are drawn in Congress over legislation that would require companies to report some cyber incidents to the federal government, with industry groups lining up to support a House of Representatives bill poised to create fewer challenges for business leaders than a similar proposal in the Senate.
The debate involves questions about how quickly companies would have to report attacks, what kinds of specific intrusions would trigger notification and whether failure to comply with the rules would lead to financial penalties. The idea of breach notification legislation gained momentum following last year’s discovery of the SolarWinds hack that compromised nine federal agencies and some 100 companies, as well as the Colonial Pipeline ransomware attack in May.
At issue are such questions as whether companies have 24 or 72 hours to report an incident, along with who would be on the hook outside of critical infrastructure owners and operators, if anyone."
TechNadu (September 1, 2021) CISA Warns About the Ransomware Risk During the Upcoming Labor Day Holiday
"On Monday, September 6, 2021, the United States will celebrate Labor Day, the federal holiday to honor and recognize the workers’ movement and the laborers’ contribution to the country’s greatness. As with all holidays, everything will be working on emergency personnel, which means having understaffed IT teams on agencies and organizations. Ransomware actors see this as an excellent opportunity to launch attacks, and as CISA’s (Cybersecurity and Infrastructure Security Agency) latest alert underlines the fact and warns about the risks.
While the CISA and the FBI clarify that they don’t have any specific intelligence on an upcoming cyberattack during the Labor Day holiday, it is considered a very high possibility based on the standard actor tactics and procedures followed during other holidays and weekends the past couple of months. This is further worsened by the fact that Labor Day is on a Monday, and also during a period when a respectable number of people chose to get their holiday."
Becker's Health IT (September 1, 2021) FBI warns of Hive ransomware after Memorial Health attack in Ohio
"The FBI issued a warning about Hive ransomware after an attack was linked to an Aug. 15 ransomware demand on Marietta, Ohio-based Memorial Health System that shut down its IT network. The system diverted patients as a result of the attack. Six things to know:
1. Hive ransomware was first observed in June, according to an Aug. 25 FBI news release. After Hive has been deployed on a network, it exfiltrates data and encrypts the files held on the network, according to the FBI.
2. The hackers leave a ransom note on the computer on every infected directory on the victim's network. The note has instructions on how to purchase the decryption software and threatens to leak the stolen data on the dark web site HiveLeaks, the FBI stated.
3. The ransomware group has been linked to the attack on Memorial. The health system was forced to shut down its IT system during the attack and had to divert ambulances and patients to other hospitals during a weeklong outage."
SiliconUK (August 31, 2021) Bangkok Airways LockBit Ransomware Attack | Silicon UK Tech News
"Bangkok Airways has revealed it has been the victim of a cyberattack, and passenger data has been exposed after it reportedly refused to pay a ransom.
Last Thursday the Thai airline announced that on 23 August, it “discovered that the company had been a victim of cybersecurity attack which resulted in unauthorised and unlawful access to its information system.”
Bangkok Airways is not the only airline to suffer a data breach. British Airways endured stiff financial penalties after its systems were hacked in 2018, that resulted in the data of 420,000 customers and staff being harvested by attackers as it was entered."
Infosecurity (August 31, 2021) Ransomware May Have Cost US Schools Over $6bn in 2020
"Scores of ransomware attacks on US schools and colleges last year may have cost them over $6bn, according to a new report published today.
Security testing site Comparitech analyzed the 77 attacks reported by educational institutions nationwide in 2020 and calculated the cost to these victims from estimated downtime and recovery time.
Ransom costs are difficult to gauge given most schools kept their payments secret. However, the research team was able to work out average downtime (seven days) and recovery time (55.4 days) from roughly half of all incidents."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.