Each week Cyber Security Hub offers an Incident of the Week for consideration by the community. Initially, the incidents centered around misconfiguration, credential stuffing, password exposure, phishing, unauthorized access, malware, and ransomware.
As noted in 2021 Top Breaches Part I- Q1, 2021 saw the fallout from the Solarigate, the Microsoft Exchange, and critical infrastructure attacks.
Q2, 2021 saw the Colonial Pipeline breach, the JBS breach, fallout from the Microsoft Exchange breach, a massive Facebook data leak, another large health system breach, and more municipal breaches.
Here is how the Incident of the Week played out each week of Q2, 2021 here on the Cyber Security Hub:
APR
Facebook Data Leak Impacts 533 Million Users
- Facebook has no plans to notify individuals whose information was exposed because the company claims it does not know who was affected. Despite the patch in September 2019, 419 million records containing user IDs and phone numbers and subsequently the PII of more than 267 million were leaked.
Microsoft Exchange, The FBI & A Lack Of Patching
- The operative words now are "discovery" and "remediation." While the FBI's efforts are arguably necessary, organizations cannot rely on the agency for their safety. In addition to gaining remote control of the Exchange Servers, bad actors are also installing DearCry ransomware on compromised servers
University of California Schools Hit with Ransomware Attack
- The company released a patch for the 20-year-old product within 72 hours to the less than 50 customers that had been affected. In early February, Accellion stated it had notified all affected FTA customers by December 23, 2020. However, that was before the January exploit hit.
MAY
DC Police Department Hit with Ransomware; Hackers "Quit"
- The incident is reflective of evolution of ransomware attacks, from encrypting files and demanding ransom money for a decryption key to encrypting the file and threatening to publish the information if the ransom is not paid. Worse, Babuk's decryption software has a bug in that causes data loss.
Ransomware Attack Closes Colonial Pipeline
- U.S. critical infrastructure has become a popular cyberwarfare target. The weak underbelly has been aging tech and industrial control systems (ICSs) which may lack adequate physical and cyber security. The problem is not a new one, but the number of attacks continue to rise.
Scripps Health Malware Attack Could Cost Lives
- Scripps is not discussing the attack, nor is it providing any meantime to recovery (MTTR) estimate. The uncertainty and tight-lipped nature of the incident is not a surprise to anyone in the cyber security industry, but the incident illustrates the ripple effect of a cyberattack.
Irish Healthcare Data for Sale on the Dark Web
- The fear was that scammers unrelated to the Health Service Executive (HSE) attack would buy the data for their own nefarious use. HSE was facing regulatory fines as the result of GDPR and may face lawsuits from victims whose personal data was published online.
[inlinead-1]
JUNE
JBS Recovers Quickly from a Ransomware Attack
- Like the Colonial Pipeline attack, there was speculation about the impact of the incident on supply and product pricing. If the impact of the JBS attack did not last long, wholesale prices were expected to rise but retail prices were not. If the downtime lasted a matter of weeks, prices would spike.
McDonald's Cyber Attack Targets Data
- McDonald's reportedly said that the scope of the information leak was "small" and that it had hired outside consultants after it identified unauthorized access to one of the internal security systems. McDonalds credited its cybersecurity investments for allowing the company to identify and respond
DOJ Indicts Network Security Firm COO
- Singla has been charged with 17 counts of intentional damage to a protected computer and one count of obtaining information from a protected computer – specifically, patient data. The case is now being investigated by the U.S. Federal Bureau of Investigation (FBI).