Welcome to Cyber Security Today, the Week In Review edition for Friday January 8th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. With me to discuss one of the week’s top stories is Dinah Davis, vice-president of research and development at Arctic Wolf. But first a quick look at the week’s headlines:
A cybercriminal has posted data of10,000 American Express credit card holders on a hacker forum for free. The BleepingComputer news site says it’s looked at the haul and says the data includes full American Express account (credit card) numbers and customers’ personally identifiable information including name, full address, phone numbers, date of birth, gender. However, it didn’t include credit card expiration dates, passwords, or overly sensitive financial data, reducing the odds the credit card numbers could be misused. American Express said it is aware of the report. While Amex cardholders aren’t liable for fraudulent charges on their accounts they should watch for suspicious activity and phishing emails.
The fallout from the Solar Winds Orion hack continues. Four American cybersecurity and intelligence agencies say the group behind the infection of Orion most likely is Russian. A cybersecurity vendor warned that organizations that deploy Orion from a cloud provider like Amazon AWS or Microsoft Azure could have their application programming interfaces put at risk. And some Solar Winds shareholders filed a class-action lawsuit against executives alleging they were misled about the security of the company. The allegations have not been proven in court.
A website called IT Governance which tallies publicly-issued reports on data breaches, found that in December alone there were a record 134 security incidents across the world. Among those organizations that released numbers, those breaches accounted for over 148 million records of data exposed. That’s another monthly high. A record is one piece of information for a person, so a name, address, phone number and email address counts for four records. The total number of publicly-acknowledged records exposed in all of 2020 came to more than 20 billion.
Finally, cyberattacks on hospitals and healthcare institutions continue to rise. According to a report from security vendor Check Point Software, in the last two months of 2020 attacks increased 45 per cent. That’s more than double the increase in cyberattacks across all industries worldwide. The biggest attack type against healthcare was ransomware. Canada saw the biggest increase, with a 250 per cent hike in attacks, followed by Germany with a 220 per cent increase.
And that’s the issue I wanted to discuss with Dinah Davis. To get a deeper dive into the report of increased ransomware attacks, particularly against hospitals and medical research institutions, I asked her what’s going on?
“The number of attacks in that vertical is just increasing dramatically,” Davis said. “In October the FBI warned that the attacks were going to increase. And we in fact, did see a 71 per cent increase in ransomware attacks in the U. S. healthcare sector.
“I think there’s a few reasons why the healthcare sector is getting attacked. One, they’re very preoccupied with COVID, so they need their hospitals running. So the attackers feel there’s a higher likelihood that they will pay out the ransom to get back to working. Another point is that hospitals are often running on older systems that hard to upgrade, so they have a lot of vulnerabilities. And historically hospitals, you know, haven’t got the most funding for IT staff and they’re a little bit more slow to update. So they’re pretty much prime targets because of those three big issues.”
In response what IT departments in any sector — including healthcare — should be doing is first honing cybersecurity, she said: Ensuring cybersecurity basics are being practiced, including security awareness training for employees. The security team has to monitor the network round the clock, she added, so if something happens the response will be swift. Remember also that ransomware attacks usually start with infections like trojans. And, Davis said, “patch, patch, patch, patch.”
Build a relationship with companies that negotiate with ransomware hackers, she also said. “Have somebody that you could pick up the phone [quickly] and talk to them because they are really good at either reducing the ransom or getting you out of it entirely. That’s they do for a living.
“One more thing would be to run a mock [incident response] scenario with your company leadership and go through what would happen so that people have a little bit of muscle memory when it comes to a breach or ransomware.”
For the full discussion play the podcast by clicking the arrow on the player near the top of this text.