Is the next epidemic online?

In this week's Cyber Weekly:

1. Clean up on aisle 4...
2. No relaxing at Holiday Inn
3. School District cyberattack could have been avoided?
4. This company attacked for the second time this year
5. Fact of the week

Thanks to all 5298 subscribers. It really takes a community to fight against cyberattacks. By sharing this article, we can reach more people and help others from becoming a statistic. Share on your favorite social media platform at the top right corner of this page.

1. 500 Coop Supermarkets Down After Huge Cyberattack

Out of 800 stores, Sweden’s Coop Supermarket chain had to shut 500 of its stores after a cyber attack. Last Friday, point of sale and self-service checkouts stopped working. This attack wasn’t directed toward the supermarket chain. Similar to previous Cyber Weekly’s, this attack was intended for a large software supplier the company uses. The attack actually affected 200 businesses worldwide.

A spokeswoman for Coop Sweden told the BBC: "We first noticed problems in a small number of stores on Friday evening around 6:30pm so we closed those stores early. Then overnight we realized it was much bigger and we took the decision not to open most of our stores this morning so that our teams could work out how to fix it.” (BBC)

‍

My thoughts: Another third-party cyberattack proving that we are as strong as our weakest vendor. Every attack on a company actually affects dozens and in some cases hundreds of other companies – as per this story. If the online attack impacts a large number of companies and companies don’t invest in the proper cyber resilience strategy, we are looking at an epidemic of cyberattacks in the near future. Many like myself argue it has already started. Are you working with a 3rd party? Checklist for vendor due diligence here. Schedule a call with me here for a free 30-minute consultation.

‍

2. One of the Largest Hotel Chains Confirms Cyberattack

Last week, the Intercontinental Hotels Group (IHG) confirmed they were the victim of a cyberattack. The company manages some of the most popular hotel chains like Holiday Inn, Crowne Plaza and Regent hotels. Their booking channels and other applications were not working and customers took notice.

One customer tweeted, “What is going on with your system? For at least 19hrs. Phones and apps not working- afraid to book anything. No customer service at all”

Another customer Tweeted, “@HolidayInn is my reservation gone? Or is there a problem with the system? I need help.”

It was not confirmed if data was stolen, but operations seem to have taken a hit. In addition, this isn’t the first cyber breach the hotel chain experiences. Back in 2017, 1200 of their franchised hotels in the US were affected. (BBC)

‍

My thoughts: This is a great example of how a cyber attack affected customers. It’s always impossible to hide a cyberattack when customers are struggling. You will hear from them. It will be talked about. In this specific case, I think GDPR among other data privacy laws could play a role if it is determined that they in fact had a data breach. Some may ask, “If they had the proper measures, how could they get breached twice?” This story also leads me to question if a company who was breached is more likely to get breached again. What are your thoughts?

‍

3. Could the School District Attack Last Week been Avoided?

The Los Angeles Unified School District (LAUSD) is still working toward getting its systems, students and staff running smoothly. With over 600,000 students, the district has their work cut out for them. After a week, only 53,000 students have access to new passwords. The second largest school district in the USA were “warned” about the cyber breach in advance.

“It’s not the first time LAUSD systems have been exposed to ransomware — and not the first warning the district has received about ransomware. The same systems narrowly avoided being hit with another similar attack in February 2021 after a system compromise, as confirmed by Hold Security CEO Alex Holden.

Holden told The Verge that his company discovered a device on LAUSD’s systems that had been compromised by the TrickBot banking Trojan, which is able to steal financial credentials from a target system and can also be used to install more damaging malware such as ransomware.

LAUSD was notified through a third party, Holden says, and presumed to have taken action.” (TheVerge)

‍

My thoughts: Did the district take action? Did they take action and still get compromised? Did they not take action? The story specifically states. “unauthorized access to student data triggering a response from federal, state, and local partners.” With the California Consumer Privacy Act (CCPA), I wonder if the district will get penalized. We don’t know the details, but it seems like this should have never happened.

‍

4. QNAP Hit Again

At the beginning of the year, thousands of customers using QNAP storage lost their data when QNAP was hit with a ransomware attack. The ransomware group responsible, DeadBolt, hit the company again last week with a data-destroying ransomware.(arstechnica)

My thoughts: Many people were affected by this at the beginning of the year. It was talked about on Twitter. It also brings up the question I had before – Are organizations who are victims of cyber attacks more likely to get attacked again?

5. Fact of the week:

Cyberattacks against healthcare organizations cause more than 20% to experience increased mortality rates, suggests new research by Proofpoint’s Ponemon Institute. (infosecuritymagazine)

‍