Elevated Threats and Retaliatory Attacks

Following the killing of Iranian general Qasem Soleimani by U.S. drones on Jan. 2, tensions have run high. Even before the Soleimani killing, officials already considered Iran a major cyberattack threat. The international incident heightened fears that Iran would retaliate by hacking the American infrastructure and institutions.

On Jan. 6, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an official memo that warned about malicious online attacks originating from Iran.

A couple of days after the Homeland Security warning, the city of Las Vegas got hit with an attempted hack. Las Vegas “narrowly avoided” a significant security incident, as city IT staff immediately took servers and services offline. Although city officials did not offer details on the source of the attack, security experts instantly suspected Iran.

Just two days later, Utah state officials announced that they beat back an Iran cyberattack. It started when the Utah Division of Technology Services noticed high levels of “surveillance traffic” originating from Iran. The hackers appeared to be scanning networks and poling around for security vulnerabilities.

Finally, cybercriminals defaced the website of the Texas Department of Agriculture with a “pro-Iran” image. After the incident, the website displayed a picture of Gen. Soleimani, with text that read, “hacked by Iranian hacker.” No data got exposed or lost in the attack, according to department officials, although a similar attack rocked the Federal Depository Library Program. Texas Gov. Greg Abbott reported a spike in Iran-based cyberattacks, claiming the state gets hit 10,000 times per minute. Meanwhile, North Dakota chief information officer Shawn Riley claimed the state’s government experiences 15 million cyberattacks per month.

In this week’s data breach news report, we cover cyberattacks on Michigan schools, Minnesota hospitals and New York airports.

DATA BREACH NEWS REPORT (Jan. 1-21, 2020)

UPI: Lawsuit Accuses Ring, Amazon of Failing to Secure Cameras

After news reports surfaced about hackers accessing home security cameras, an Alabama man sued Ring and its parent company, Amazon. The lawsuit accused the companies of failing to secure their products from hackers. John Baker Orange filed the suit in California federal court after hackers used his Ring camera to interact with his children. Ring attempted to shift the blame to its customers, claiming their weak passwords allowed the cybercriminals to gain access. However, Ring also neglected to include security measures such as multi-factor authentication.

Bleeping Computer: Entercom Radio Network Hit by Second Cyber Attack

Some Entercom Radio stations had to run pre-recorded programs after the communications giant suffered another data breach. A September ransomware attack caused “significant financial losses” to Entercom, which boasts a monthly audience of 170 million listeners. However, this attack was not as broad in scope, possibly because Entercom invested in additional cyber security measures after the September attack.

Latest Hacking News: Accounting Firm Moss Adams Discloses Data Breach

A compromised email account caused a data breach at Moss Adams, one of the largest wealth management firms in the country. The breach potentially exposed the names and Social Security numbers of Moss Adams customers, and possibly employees as well. Moss Adams will offer one year of free credit monitoring and identity restoration services to any affected individuals.

Information Security Magazine: Chicago Healthcare Provider Reports Data Breach

Sinai Health System in Chicago suffered a breach last October, potentially exposing the personal health information of over 12,000 patients. Hackers gained access to two employee email accounts through a successful phishing campaign. Following the attack, employees received additional security awareness training, although it was too late by that time. The company also reset passwords and reviewed their existing security policies and procedures.

Detroit Free Press: Richmond School District Shuts Down in Ransomware Cyberattack

Students at Richmond Community Schools in Michigan received a few extra days off for the holidays after a ransomware attack. The attack “paralyzed” district servers, which forced the cancellation of classes. Systems affected by the attack included phones, email, copiers, classroom technology, and even the central heating. School officials do not believe that any personal data got accessed by hackers.

In a related story, Wallace State Community College in Alabama also postponed the start of the spring semester following a holiday cyberattack. Student and employee data did not get breached in the attack.

ZDNet: Company Shuts Down Because of Ransomware Just Before the Holidays

It was not a very merry Christmas for employees of The Heritage Company, a telemarketing firm headquartered in Sherwood, Arkansas. With an October ransomware attack still affecting operations, Heritage fired 300 employees right before Christmas. Heritage paid a ransom to get its data back, but the data recovery efforts were unsuccessful. Most Heritage employees did not even realize that the company was battling a ransomware attack.

CISO Magazine: Data Breach Affects Around 50,000 Patients at Minnesota Hospital

Minnesota health care provider Alomere Health recently suffered a breach that affected 49,351 people. Hackers accessed two employee email accounts in late October and early November. The scheme exposed PII that included names, dates of birth, home addresses, health insurance information and medical record numbers. Alomere offered free credit monitoring and identity protection services to affected patients.

Government Technology: Cyberattack on Pennsylvania County Tallies $600K Cost

Costs related to a cyberattack levied last summer against Luzerne County in Pennsylvania are now over $600,000. Costs include overtime to county employees and additional fees to outside security consultants. Fortunately, the majority of the costs will get covered by Luzerne County’s cyber insurance policy. Luzerne County is still working to restore information lost from the county assessment database. The county did not pay a ransom to the hackers.

Sacramento Bee: Christmas Ransomware Attack Hit New York Airport Servers

Albany County Airport Authority experienced a Sodinokibi ransomware attack on Christmas Day. A breach of the airport’s computer management provider, Schenectady-based Logical Net, caused the virus to spread to airport authority servers. Administrative files got encrypted in the attack, but the hackers werre not able to acccess any personal data. The airport authority’s insurance carrier authorized a bitcoin ransom payment, and the attack ultimately did not affect operations. However, Albany County Airport Authority terminated its contract with Logical Net.

ABC6-TV News: Columbus Metropolitan Library Investigating Data Breach

Nearly 100 employees of the Ohio library system fell victims to a costly data breach. Hackers stole the names and personal information of Columbus Metropolitan Library employees, and then used that information to open fraudulent bank accounts. The library system filed a police report when employees started coming forward. The cybercriminals filtered funds from payday loans and debit cards directly into the illegal accounts.

Government Technology: Another Local Government in Metro Atlanta Suffers Cyberattack

On Christmas Eve, hackers targeted the computer system of Dunwoody, Georgia. Dunwoody IT staff worked with security contractors to mitigate the damage by shutting down servers and disconnecting computers. Hackers demanded a bitcoin ransom, but the city refused to pay. Instead, it took a couple of days of writing paper tickets and using radio communications to get things running smoothly again.  City officials estimated that the Dunwoody cyberattack would cost roughly $80,000.

Government institutions in Georgia are a regular feature in the CNS data breach news report. The most well-known attack against Georgia institutions happened in March 2018, when hackers hit the city of Atlanta. In 2019, the state experienced attacks against the Georgia Administrative Office of the Courts, the Lawrenceville Police Department and the Georgia Department of Public Safety, among other institutions.

My Mother Lode: Adventist Health Identifies Data Breach

After a data breach at an Adventist Health hospital in Simi Valley, Adventist Health Sonora started notifications to its patients. Hackers compromised an employee email account through a successful phishing campaign. The account contained information about patients in other areas, including over 2,600 patients in the Sonora area. Potentially exposed data encompassed names, dates of birth, medical record numbers, insurance information and more.

Check back next month for an updated data breach news report. Meanwhile, if you’re concerned about the online security of your Sacramento business, call Capital Network Solutions at (916) 366-6566. We can prevent you from becoming the next headline by protecting your system, data, email, devices and more.