In this week's Cyber Weekly:
Thanks to all 10,023 subscribers. It really takes a community to fight against cyberattacks. By sharing and commenting on these newsletters, we can reach more people and help others from becoming a statistic. Share your comments below or simply like the post.
Also, follow me on LinkedIn for daily tech discussions >> Luigi Tiano.
It’s one month since the ransomware attack on AirAsia affecting 5 million passengers and all the AirAsia employees. The breach took place on November 11 and 12. The information stolen included employee’s personal data, passenger booking information and even photos. The ransomware gang, Daixin, claimed responsibility for the hack and even demanded a ransom. The amount of the ransom is unknown. But the ransomware gang made a statement about the attack.
“The cybercriminal gang announced that they would not want to launch another attack on AirAsia due to how 'sloppy' its internal organization and management appeared. The Daixin Team also alleged that breaching AirAsia was too easy given how weak the airline's network security and protection was, and the cybercriminal group was disappointed at the lack of a challenge.” (simpleflying)
My thoughts: Ouch. The ransomware gang knew exactly what they were doing when they called AirAsia’s internal organization “sloppy.” That puts a huge target on the travel company. In my opinion, it also adds an additional layer to the ransomware attack. We are very aware of compromising data and extortion, but we haven’t seen shame. Interesting approach. I wonder if more ransomware gangs will try this tactic as part of their attacks.
Harry Rosen, an upscale menswear company that generated 300 million in revenue in 2020, confirmed they were hit by a ransomware attack. The ransomware group, BianLian listed the company as their latest victim on their website. They released 1GB of data as proof of the attack. It includes the information of Harry Rosen’s Gold+ clients. Here is what the CEO, Larry Rosen, said in a statement:
“We confirm that Harry Rosen was victim of a cyber attack that came to our attention on October 9th. Our network is now secure and we have been in regular communication with our customers and employees about the incident. We have also reported this to the police and to the federal privacy regulator and the privacy regulators in Alberta and Quebec.” (itworldcanada)
My thoughts: It’s great that Harry Rosen is in communication with their clients. They’re taking initiative to keep all parties involved as they investigate. Notice they are in contact with provincial / state governments, given new data privacy laws are in effect. We will inevitably see more of these report when these data breaches occur.
Eastern Health was breached in Fall of 2021. A network drive was compromised and in March of this year, they revealed that 200,000 files were taken from a network drive during the attack. Just over a year later, they are now revealing that 31,500 people were affected by the breach with the majority of them being patients. The compromised drive contained seeming Protected Healthcare Information (PHI) dating back to 1996 including medical diagnoses, procedure types, MCP numbers and more.
“Eastern Health has begun notifying people of the breach. This will be done in a phased approach, with the first letters being sent out this week and continuing into January. Anyone with questions is asked to contact them by using the number provided on the letter.” (vocm)
My thoughts: This story should alarm all of us on several fronts. Personally, it’s leaving me with more questions than answers. For example, is this the first time they are approaching the patients to let them know about the data breach? If so, why wait one year after the incident? What were the internal and external effort and costs to investigate this incident for over a year?
This situation had to involve a ton of legal experts in order to properly communicate the incident. This sounds like a messy situation. I am also curious as to what solutions they put in place to prevent this from happening again. Often these details are not shared, however transparency often helps restore some level of confidence.
The municipality of WestLake-Gladstone, Manitoba was on their Holiday vacation in 2019 when an intricate ransomware attack took place. A fake company set up a website, address, legitimate documentation and hired 18 employees. They were told to transfer money from “an account” to their own personal account. Each transaction was under $10,000 as to not raise suspicion from the banks. The employees were then instructed to convert the funds in bitcoin to send back to the fake company.
The “account” they hacked belonged to the municipality. And within a couple of days, the municipality lost $430,000.
Here's how they did it. The fake company sent out a phishing scam. An employee from the municipality unfortunately clicked on one of the emails which allowed the hackers to access their network.
The municipality actually noticed this activity, but never reported it because “nothing happened.” After a few weeks, during the holidays, that’s when the fake company attacked.
The company also strategically hired people who were unaware of the employee process. Reports say they could have been new citizens and didn’t know how things worked.
A representative said that they don’t think the municipality was specifically targeted, but they were unlucky enough to have an employee click on the malicious link. (cbc)
My thoughts: Saying that the hack was “unlucky” is pure ignorance. The municipality had two chances to avoid this situation. First, employee training could have prevented this situation. We know that more than 80% of cyber attacks can be avoided because they are cause by human error. Second, why didn’t the municipality look into when the fake company got into their system in the first place. They didn’t try to get them out of their system. It wasn’t “unlucky,” it was pure ignorance.
I started Assurance IT with my childhood friend Ernesto Pellegrino in 2011. Our mission is to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, Microsoft 365 backup, and Quebec's Law 25 training.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.