February is coming to a close, and throughout the month we saw various instances of cybercrime. From data breaches in hospitals, to new sophisticated phishing methods, there has never been a better time to increase cybersecurity in your organization.
Hackers Attack NJ Hospitals: Update
Last month, we detailed an attack on the New Jersey based Centra State medical center. This attack forced Centra State to defer patients elsewhere as they handled the cyberthreat infiltrating their network, and recently the consequences of this attack have been released. Hackers managed to steal a litany of personal information on clients, including patient names, addresses, dates of birth, social security numbers, health insurance information, medical records, and patient account numbers. Additionally, information related to the level of care patients received was also stolen by the attackers. All this information can be traded and sold on the dark web for profit, exploiting patients who were only trying to seek medical care. Fortunately, it appears that no financial account, or card payment information was leaked, which would have caused an even greater headache for those affected.
Centra State has since announced that they will be offering free credit monitoring and identity theft protection to those who had their social security numbers stolen. While this is a step in the right direction, additional cybersecurity procedures should be set into place to prevent an attack like this from happening again.
50% of Phishing Attacks Targeted Credentials
A recent report detailed that 50% of phishing attacks in 2021, specifically targeting government employees, were an attempt steal log in credentials – a number up from 30% in 2020. Another concerning point to note is that Federal, State, and Local governments increased their reliance on unmanaged mobile devices at a rate of 55% from 2020 to 2021. These unmanaged devices can be a gateway for a hacker to gain access to a sensitive network and potentially cause immense harm. Nearly 50% of employees are also running out of date Android operating systems, however this is an improvement from the year prior, where it was up to 99%. With over 2 million Federal government employees, and 1 in 8 employees found to have been exposed to phishing threats, the odds a malicious actor gains access to private information is increasingly likely. Cybersecurity threats to the government can be incredibly impactful compared to attacks in the private sector, so all government organizations need to keep on pace with the evolution of cybercrime.
Phishing Attacks are Getting Increasingly Sophisticated
Cybercriminals are improving their tactics each day, and recently phishing attacks have been growing in sophistication. Hackers are now mimicking real people and updating fabricated social media profiles in attempt to trick victims into accidentally giving up their sensitive log in credentials. Phishing is the term used to describe sending fake emails with malicious links to unsuspecting users, often posing as a reputable source. Many of these links look identical to their real counterparts, only with subtle differences hidden within the text. Hackers will base their fake social accounts on real ones and have begun researching their victim’s real world professional and personal contacts to increase the believability of their emails. These cybercriminals have also been utilizing patience in order to further deceive the recipient, sending safe, relevant emails before the attack to build rapport and gain a sense of trustworthiness. All of this is just a means to further deceive individuals, as past attempts have become easier to spot. There are a few ways you can protect yourself or your business from these elaborate attacks, like using separate complex passwords for different accounts. Additionally, implementing multifactor authentication (MFA) can prevent a breach even if a link is clicked on.
Ransomware Seems to be Less Lucrative
to show that a majority of ransomware victims are refusing to pay hackers to decrypt their data. From late January of 2023, the amount of money cybercriminal groups extorted through ransomware is down 40% year-on-year. Chainalysis, the organization which published the report, examined cryptocurrency wallets known to be associated with ransomware groups, and says that in 2022 groups hoarded a total of 456.8 million dollars, where in 2021 these same groups amassed $766 million. In 2020, these wallets gained a similar $765 million. One potential explanation for this is that hackers could be slowing down, but it seems that they are currently more successful than ever with more than 10,000 strains of ransomware circulating the internet. It should be noted that, while tracking these wallets is an easy task for organizations like Chainalysis, it is impossible to say if they were tracking every wallet used by cybercriminal groups. In fact, some companies have even refused to report being targeted by these attacks. While this could represent a win in the fight against cybercrime, businesses should still be vigilant when protecting their private data.
Contact Us for Help
Each year, cybercrime and criminals will find new ways to attack your company and its data. Staying up to date with these trends can be the difference between a safe network, and a breached one. For any cyber security needs or predictions of the landscape in the future, make sure to Contact SWK today.