Understanding the Dynamics of Recent Cybersecurity Breaches

Children's Hospital Targeted Without Mercy

LockBit, a ransomware gang, has claimed responsibility for an attack on Saint Anthony Hospital in Chicago, deviating from its previous policy of avoiding nonprofit organizations. The attackers demand an $800,000 ransom, setting a deadline for payment. The hospital, emphasizing patient care and data privacy, confirmed the attack and stated that patient information had been copied, though no medical or financial records were accessed. LockBit, previously showing restraint, seems to be allowing affiliates to target any organization. Despite being a nonprofit, the hospital was targeted, and efforts to educate LockBit about nonprofit laws proved futile. Cybersecurity expert Jake Moore highlights the evolving nature of ransomware attacks, emphasizing the importance of robust protection. (theregister.com)

My Thoughts: These hackers have no morals. We must never forget this. LockBit's justification, sending financial disclosures as if nonprofit status is irrelevant, reveals a malicious intent to exploit perceived weaknesses. From a technical standpoint, we are not given many details on how the breach occurred or what was compromised.

However, this breach exposes significant flaws in current cybersecurity measures, especially considering the infiltration of a healthcare institution dealing with sensitive patient information. It’s never pleasant to receive an alert indicating your data may be circulating on the dark web.

Urgent scrutiny of security protocols is imperative.  The inability to engage with the gang complicates efforts to fully understand their motivations.

Investments in advanced threat detection, regular security audits, and employee training on cybersecurity best practices are crucial.

Let’s discuss your cyber posture together. Book me in your calendar.

A $27 million reminder that ransomware doesn't discriminate based on corporate size...

Johnson Controls International discloses a September 2023 ransomware attack, costing the company $27 million. The attack, orchestrated by the Dark Angels ransomware gang, led to unauthorized access, data exfiltration, and a subsequent demand for a $51 million ransom. The cyber incident forced the shutdown of significant portions of Johnson Controls' IT infrastructure, affecting customer-facing systems. The company, in its quarterly report to the U.S. Securities and Exchange Commission (SEC), confirmed the data theft and outlined the $27 million expenses associated with responding to and remediating the cyberattack. Johnson Controls anticipates further costs as they determine the extent of data stolen and collaborate with cybersecurity experts for forensic analysis. (bleepingcomputer.com)

Despite the millions earmarked for cybersecurity, Johnson Controls found out the hard way that resilience is priceless.

My Thoughts: From a technical standpoint, let’s look at the details.

The cybersecurity incident consisted of unauthorized access, data exfiltration, and deployment of ransomware by a third party to a portion of the Company's internal IT infrastructure

27 TB of data were seemingly stolen. That could potentially contain sensitive personal data and of course a lot of intellectual property damaging the business for years to come.

Backups possibly deleted. (as per the hackers) This is your last line of defense in a situation like this.

This is an ugly attack and it's unknown how long the hackers were inside the corporate network preparing their attack.

The fact that Johnson Controls had to shut down significant IT infrastructure points to the disruptive nature of such incidents and highlights the vulnerabilities even tech-savvy conglomerates face. Despite being well-funded and technologically advanced, large corporations, like Johnson Controls, are still vulnerable. Be sure to properly prepare for a cyber disaster. Assurance IT’s PPR methodology is proven to help businesses of all sizes.

Revealing the true cost of playing fast and loose with customer data.

Blackbaud, a U.S.-based cloud software provider for nonprofits, settled with the Federal Trade Commission (FTC) over charges of poor security practices leading to a May 2020 ransomware attack and a subsequent data breach. The FTC's complaint highlighted Blackbaud's failure to monitor hacking attempts, implement necessary security controls, and enforce strong password policies. As part of the settlement, Blackbaud is mandated to enhance its security measures, delete unnecessary customer data, establish a data retention schedule, and promptly report any future breaches to the FTC. The company previously paid a ransom of 24 Bitcoin (around $250,000 at the time) to the ransomware gang, and the breach impacted over 13,000 customers globally. (bleepingcomputer.com)

A $27 million ransom, a $3 million SEC fine, and a $49.5 million settlement – a trio of negligence that comes with a hefty price tag...

My Thoughts: almost 4 years from the initial attack and still an ongoing issue. Yes, they have finally settled, but this demonstrates how these attacks will potentially impact businesses in the short term, but depending on the scale, it could impact business operations, reputation and profitability for years to come.

Blackbaud's negligence in securing sensitive data is not only a betrayal of trust but a stark example of corporate irresponsibility. The FTC's charges and subsequent settlement underscore the severity of the company's security lapses, from weak password policies to a lack of monitoring and control measures.

Is the CFO listening yet? Time to increase the cybersecurity budget maybe?

If you’re worried something like this will happen to your enterprise, book me in your calendar and we can discuss the best option for you.

A month of blind spots for Global Affairs Canada

Global Affairs Canada faces a significant security breach investigation, as internal emails reveal a month-long cyber-attack affecting internal networks, email systems, and personal data of government employees. The breach, detected due to malicious cyber activity, impacted at least two internal drives and prompted a shutdown of remote work capabilities. Authorities suspect unauthorized access to sensitive personal and possibly classified information. The breach, lasting from December 20, 2023, to January 24, 2024, raises concerns about the potential loss of secret information and the compromise of employees' personal data. The investigation involves Shared Services Canada and the Canadian Centre for Cyber Security, with the Privacy Commissioner monitoring the situation. (cbc.ca)

My Thoughts: The uncertainty surrounding the scope of the MONTH LONG, breach and potential compromise of classified information raises serious questions. We need to ask about the efficacy of their current cybersecurity measures including their incident response plan. Requesting some employees to stop working from home makes me think of 2 things.

1. The root cause may not yet be known,
2. They are being extra careful in the short term until things are deemed 100% safe to resume business as usual. I like that approach given hackers are known to hit more than once if and when they can.

‍