The Unfriendly Skies
Although fears of flying remain common, studies show that it is still the safest way to travel. However, that doesn’t mean the world’s largest airports are entirely secure. As it turns out, almost every major international airport holds significant cyber security risks.
According to a report from web security company ImmuniWeb, 97 of the world’s 100 largest airports are vulnerable to cyberattacks. The report claims the risks are “related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.”
Among the most common airport security vulnerabilities:
- 97% of the airport websites contain outdated web software
- 24% of the sites contain known and exploitable vulnerabilities
- 66% of the airports remain exposed on the Dark Web
- 72 out of those 325 exposures are of a critical or high risk indicating a severe breach
- 3% of the airports have unprotected public cloud with sensitive data
Only three international airports successfully passed all of ImmuniWeb’s tests: Amsterdam, Helsinki-Vantaa and Dublin.
Those cyber-secure airports sit thousands of miles away from Sacramento. However, we begin this week’s batch of data breach articles with an attack on a nearby Northern California school district.
DATA BREACH ARTICLES (Jan. 22-Feb. 11, 2020)
A Sodinokibi ransomware attack disrupted operations at Mountain View-Los Altos High School District. The incident shut down the phone system and encrypted files stored on the district’s server. In the aftermath, teachers and students could not access email accounts or essential data. School district staff also received reports of fraudulent activity on district credit cards. Meanwhile, Mountain View-Los Altos will work with a digital security company to restore systems and assess the damage.
The Sacramento Bee: Cyberattack Knocks Out Oregon County’s Computer System
On Jan. 22, malware shut down the computer and telephone systems of Tillamook County in Oregon. The attack affected systems, websites and phones for all county departments. Tillamook County employees implemented workarounds to continue conducting business through the disruptive recovery period. They also worked with law enforcement and an independent forensics company on the investigation.
Although IT staff and an outside computer firm retained or protected most sensitive data, they still needed an encryption key to restore essential systems. On Jan. 27, Tillamook County commissioners voted to negotiate with the hackers for an encryption key. Of course, negotiating with terrorists is a dicey proposition. Even if Tillamook County pays the ransom, the affected systems may never get restored.
It’s barely February, and we already have the first class-action lawsuit to cite the California Consumer Privacy Act (CCPA). Plaintiff Bernadette Barnes filed suit against Salesforce.com Inc. and children’s apparel company Hanna Andersson. She filed the lawsuit in the U.S. District Court for the Northern District of California, San Francisco Division. Barnes filed in response to Hanna Andersson’s Jan. 15 announcement about a breach that exposed customer payment card data. The suit claims that Salesforce’s e-commerce platform was infected with malware, which led to the data breach.
A cyberattack shut down staff and public access to computers at Volusia County Public Library (VCPL) in Daytona Beach, Florida. The attack started early on Jan. 9, encrypting devices while county IT staff worked to take VCPL computers offline. Library workers moved back to a paper-based system in the aftermath, although the VCPL server did not get affected by the attack. It was later revealed that the library computers were infected with the Ryuk ransomware virus.
Meanwhile, in Contra Costa County, a ransomware attack encrypted computers at 26 libraries during the first week of January. Library staff worked with law enforcement to gather information on the attack. Most services got restored within two weeks of the attack, although the county library website remained down longer.
Fast-casual restaurant chain Crack Shack recently informed customers about a 2019 data breach. Hackers installed malware on the Crack Shack server last August. The malware allowed hackers to access payment card information from the Encinitas Crack Shack location. Potentially exposed PII includes names, payment card numbers, verification codes and expiration dates.
The City of Detroit will offer complimentary credit monitoring to city employees victimized by a recent data breach. A Jan. 16 cyberattack compromised multiple employee email accounts, exposing information on city workers. Less than 300 customers of the Detroit Water and Sewerage Department were affected by the breach.
A targeted “international cyberattack” affected online payments for half a million customers of Greenville Water in South Carolina. Greenville Water serves nearly 500,000 residents in upstate South Carolina. The attack knocked out online and pay-by-phone systems of Greenville Water. However, it did not affect the safety or availability of the water maintained by its facilities.
A national data breach of THSuite, a company that provides POS systems to cannabis dispensaries, exposed the PII of more than 30,000 medical marijuana patients. One of the affected companies is Bloom Medicinals, which operates five dispensaries throughout Ohio. The breach exposed patient and sales data, as well as dispensary compliance reports. Compromised personal information includes names, dates of birth, phone numbers, email addresses, street addresses and more.
Updating our previous coverage of the Wawa data breach, the news only gets worse for the Pennsylvania-based convenience store chain. After a nine-month data breach exposed customer payment card data, millions of credit and debit cards stolen in the incident showed up on the Dark Web. Researchers found the payment card data for sale on Joker’s Stash, a Dark Web marketplace of stolen credentials. Meanwhile, class-action lawsuits related to the incident are still a long way from being resolved.
Medical transportation service Reva recently notified 1,000 patients about a phishing attack that compromised their PII. Reva discovered the suspicious activity last September and launched an investigation. The investigation found that compromised employee email accounts potentially exposed personal information that includes names, dates of service, passport numbers, a limited number of Social Security numbers and more. In response to the incident, Reva enabled multi-factor authentication on all company email accounts.
Employees at Belvedere City Hall showed up to work to find the entire computer system shut down by a cyberattack. The attack hit dozens of City Hall computers, leaving employees unable to access email or programs on the city network. City services were not affected in the attack, but Belvedere is still receiving help from the FBI.
Last June, Whittier-based PIH Health discovered a data breach affecting nearly 200,000 current and former patients. The company operates ten hospitals, urgent care centers and other facilities in Southern California. An investigation revealed that a “targeted phishing campaign” led to multiple compromised employee email accounts. PHI Health started notifying the 199,548 affected people on Jan. 10.
It looks like 2020 will prove a banner year for Ryuk ransomware attacks. On Jan. 23, the Tampa Bay Times became the latest company attacked with Ryuk ransomware. However, the newspaper did not receive a specific ransom request. Although it is not clear how the infection occurred, experts do not believe that the paper was specifically targeted. Meanwhile, no customer information got breached in the attack, and data backups helped restore most systems. Meanwhile, the Tampa Bay Times purchased the first data breach articles about the security incident.
Following a November malware incident, Texas-based Fondren Orthopedic Group will send data breach notifications to over 30,000 patients. The incident damaged medical records stored on the Fondren server, although no data was lost. Damaged records include patient names, contact information, diagnoses, treatment information and health insurance data.
On Monday, Jan. 27, a cyberattack partially disabled the computer systems of the City of Dubois in Pennsylvania. Critical data got encrypted by hackers, who asked for a ransom of 10 bitcoin, which is roughly $85,000. DuBois’ City Manager says that the city will not pay, although there is no indication how long recovery will take. The attack affected all City of DuBois servers, including those related to the police and water departments.
Las Vegas-based Golden Entertainment, which owns casinos in Nevada, Montana and Maryland, recently announced a data breach. Caused by a phishing incident, the breach affected customers, employees and vendors. Unauthorized access to employee email accounts occurred “multiple times” between May and October 2019. There is no evidence of misuse, but potentially exposed information includes names, Social Security numbers, passport numbers, drivers license numbers, dates of birth, usernames, passowrds, payment card numbers, expiration dates, CVV codes, routing numbers, health insurance information and more.
Access Health, the “health insurance marketplace” for the State of Connecticut, suffered a data breach that exposed the PII of 1,100 people. Notification letters offering identity protection services to affected patients went out the last week of January. Following the attack, Access Health CT elected to implement more cyber security features, including security awareness training and additional email security. A phishing scam opened the door for the attack, which exposed Social Security numbers and other personal information.
One week before finals, the computer system at ITI Technical College in Baton Rouge got shut down by a cyberattack. After ITI became the latest institution disrupted by ransomware, ITI students and teachers returned to pens and papers. Although email communications went down and data remained encrypted, classes continued for the vocational college’s 600-plus students. Technicians believe the ransomware originated in the Czech Republic, then entered the ITI network through a successful phishing attempt.
Evansville, Indiana-based law firm Woods and Woods recently announced that it got victimized by a ransomware attack. Fortunately, Woods and Woods had data backup protection in place, so the incident did not affect day-to-day business. After containing the attack, Woods and Woods will work with the FBI to investigate the incident.
At least one of the two cyberattacks that recently crippled Wisconsin city governments originated in Russia. Oshkosh City Manager says the FBI informed him that a known Russian hacking group infected the city network with ransomware. Meanwhile, the origins of a similar cyberattack that shut down the Racine internal networks is still unknown. Both Oshkosh and Racine announced they would not pay a ransom if the hackers demand one.
A compromised employee email account led to a data breach at San Diego-based Enrichment Systems, a nonprofit preschool education provider. Enrichment discovered the data breach last August, but is just now making it public. Compromised personal information includes names, home addresses, Social Security numbers, financial information and health insurance information.
That’s all for now, but check back next month for more data breach articles. Meanwhile, if you’re concerned about the online security of your Sacramento business, call Capital Network Solutions at (916) 366-6566. We can prevent you from becoming the next headline by protecting your system, data, email, devices and more.