Shooting fish in a barrel is an expression that is very popular in the US, for obvious reasons.

The expression is generally used when describing a task as easy. This certainly applies to the current status of cybercrime, criminals are finding it easy to penetrate systems and go about their business, which is often undetected.

Data is becoming the most important aspect within most companies; yet, data security is very low on the priority list of many companies.

Marriot in trouble again.

We all thought that Marriot’s problems were over when the infamous data breach blew over. However, this was not the case.

The article points out that the massive data breach disclosed by Marriott in November 2018 has cost the world’s biggest hotel chain only $3 million so far, as insurance covered most of the costs associated with the hack.

In its 2018 earnings report, Marriott said it recognized $25 million of insurance proceeds related to the incident with an additional $3 million in net expenses. Marriott’s net income rose by 23% year-on-year in Q4 to $497 million. Earnings before interest, taxes, depreciation, and amortization (EBITDA) totaled $864 million.

In the 2018 fourth quarter, the company incurred $28 million of expenses and recognized $25 million of insurance proceeds related to the data security incident, the company said in a press release. The $3 million of net expenses are reflected in either the Reimbursed expenses or Merger-related costs and charges lines of the Statements of Income, which have been excluded from adjusted net income, adjusted EPS and adjusted EBITDA.

Necessary integration.

CEO Arne M. Sorenson said the integration of Starwood (whose acquisition was key to the embarrassing breach) is nearly complete, and that customers are receiving meaningful benefits as a result of the new Marriot Bonvoy loyalty brand.

The article adds that it remains to be seen what other costs Marriott will incur, including reputational damage, as a result of the breach. The incident, four years in the making, was presumably caused by an APT, where adversaries typically conduct sophisticated hacks while remaining undiscovered for long periods of time.

Higher authorities.

It seems as if cybersecurity, and data breaches, are becoming concerning to authorities that are tasked with state security.

The article pointed out that on March 6, the FBI contacted Citrix to advise they had reason to believe that international cybercriminals gained access to the internal Citrix network.

Citrix took action to contain this incident. The company commenced a forensic investigation, engaged a leading cybersecurity firm to assist, took actions to secure its internal network, and continued to cooperate with the FBI investigation.

The company reported that it is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and the company is committed to communicating appropriately when it has, what it believes is credible and actionable information.

Unknown access.

The article points out that while its investigation is ongoing, based on what the company knows to date, it appears that the hackers may have accessed and downloaded business documents.

The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.

The article adds that, while not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.

Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.

Hefty paychecks.

An article I recently read on the net pointed out that officials in Jackson County, Georgia, paid $400 000 to cyber-criminals to get rid of a ransomware infection and regain access to their IT systems.

The ransomware hit the county’s internal network last week, on Friday, March 1, 11Alive reported on Wednesday.

The infection forced most of the local government’s IT systems offline, with the exception of its website and 911 emergency system.

“Everything we have is down,” Sheriff Janis Mangum told StateScoop in an interview. “We are doing our bookings the way we used to do it before computers. We’re operating by paper in terms of reports and arrest bookings. We’ve continued to function. It’s just more difficult.”

The article adds that Jackson County officials notified the FBI and hired a cyber-security consultant. The consultant negotiated with the ransomware operators, and earlier this week the Georgia county paid $400 000 to hackers to get a decryption key and re-gain access to their ransomed files.

Decrypting on the way.

The article points out that County officials are in the process of decrypting affected computers and servers, Jackson County Manager Kevin Poe told Online Athens in an interview yesterday.

“We had to make a determination on whether to pay,” Poe said. “We could have literally been down months and months and spent as much or more money trying to get our system rebuilt.”

Poe identified the ransomware that infected the county’s network as “Ryunk” –which is most likely Ryuk, a well-known ransomware strain that is currently undecryptable.

The article added that the Ryuk gang is believed to be operating out of Eastern Europe and for the past year has focused on targeting local government, healthcare, and large enterprise networks. They intentionally go after big targets as part of a tactic known as “big game hunting.”

Ryuk ransomware is usually deployed on networks following infections with Emotet or Trickbot malware. However, Jackson County officials have not yet confirmed how hackers breached their network.

The article pointed out that Jackson County won’t be the victim who paid the largest ever ransom demand, though. This honor goes to South Korean web hosting firm Internet Nayana, which paid 1.3 billion won ($1.14 million) worth of bitcoins to a hacker following a ransomware attack in June 2017.

Jackson County Manager Kevin Poe also has a case when saying that the county would have spent more rebuilding its network than paying the hackers. Government officials in Atlanta, Georgia have ended up paying millions to rebuild their IT network following a similar ransomware attack in March 2018, a cost which ballooned from the initially estimated $2.6 million to around $17 million.

Significant breaches.

Various zdnet.com articles pointed out that significant data breaches that occurred in 2018 included:

UK government website crypto jacking. Over 4,000 websites, including the UK government, US, and Australian services, all experienced the same security issue at once due to a vulnerable third-party plugin used for website accessibility. Countless website visitors became victims of crypto jacking, in which their CPU power was used without consent to mine for cryptocurrency.

Ticketmaster. The third-party code on Ticketmaster’s web domain was compromised, leading to the implant of credit card skimming malware on the domain. Up to 40,000 UK and international customers are believed to have been affected, with information including names, addresses, email addresses, telephone numbers, payment details, and Ticketmaster login details involved in the breach. Researchers later connected the cyber attack to the Magecart campaign.

Under Armour, a seller of fitness apparel, revealed that the firm’s MyFitnessPal mobile app had been hacked, leading to the compromise of 150 million accounts. Usernames, email addresses, and hashed passwords were stolen, and while financial data was not affected, users were required to immediately change their passwords.

Aadhaar, India’s national ID database, contains the information of at least 1.1 billion Indian citizens. A data leak which originated from a state-owned utility company allowed anyone to download information belonging to all Aadhaar holders, including their private data and financial details.

The Facebook Cambridge Analytica scandal was one of the largest this year with severe consequences that are still being felt by the companies and regulators alike. In total, information belonging to up to 87 million users was improperly shared by a developer with Cambridge Analytica for the purpose of voter profiling. It has been suggested that this may have been used to spread propaganda and help elect US President Trump.

British Airways leaked data belonging to hundreds of thousands of customers who used a credit card to make reward bookings between April and July. The compromised information included names, billing addresses, email addresses, and payment information including card numbers, expiry dates, and CVV security codes. The leak was uncovered following the Ticketmaster breach. It is believed the hack was the work of Magecart, which has also claimed victims including Newegg, Feedify, and broadcaster ABS-CBN.

Rail Europe, a company which sells tickets for trips around the bloc, suffered a three-month-long data breach caused by credit-card skimming malware. Credit card numbers, expiration dates, and CVV card verification codes were all stolen during the covert campaign, and while the company did not reveal exactly how many customers were involved, Rail Europe accounted for five million customers last year.

Dixons Carphone uncovered a data breach which at first appeared small, despite going undetected for roughly a month. The company thought that 1.2 million customers had been affected but this number was later revised to 10 million. Personal and payment card information was stolen.

Ticketfly pulled its website offline on the basis that the event seller believed there had been a cyber attack — a premise which turned out to be correct. The company said that information had been leaked which belonged to roughly 27 million customer accounts and included names, email addresses, physical addresses, and phone numbers. A hacker believed to be responsible attempted to blackmail Ticketfly a single Bitcoin to keep the data from spreading.

The worst affected.

Perhaps the worst affected industry when it comes to data breaches is the medical industry.

Healthcare was the leading industry for cyber attacks and data breaches last year, making up 41 percent of cyber incidents tracked by specialty insurer Beazley.

The article points out that the financial services industry was in a distant second place, making up 20 percent of data breaches and cyber attacks, followed by education with 10 percent and professional services with 7 percent, based on data collected by Beazley Breach Response (BBR) team from more than 3,300 cyber incidents.

Beazley found that most common cause of a healthcare data breach was unintended disclosure by an employee, accounting for 31 percent of cyber incidents in the sector, although incidents of hack or malware attacks increased by 10 percentage points compared to 2017 to 30% of the total.

The article adds that healthcare was the second hardest-hit sector by business email compromise (BEC) among Beazley insureds after financial services, accounting for 22 percent of all cases. Financial institutions were the top industry, making up 27 percent of BEC attacks, followed by healthcare, education at 12 percent, professional services at 11 percent, manufacturing at 7 percent, retail at 5 percent, hospitality also at 5 percent, real estate at 3 percent, and other at 8 percent.

Compromised email accounts can be used for reconnaissance, spam attacks, fraudulent wire transfers, the launch point for other attacks within the network, and theft of sensitive data in the compromised inbox.

Overall, BEC incidents soared 133 percent between 2017 and 2018, according to Beazley.

Nat Cross, Beazley’s global head of healthcare, told hitinfrastructure.com that healthcare providers are particularly vulnerable to attack by ruthless cybercriminals intent on getting their hands on sensitive data.

“This comes at a high price for the healthcare sector for which patient care including protecting personal information is absolutely critical,” Cross added.

Healthcare bore the brunt of ransomware attacks in 2018, constituting 34 percent of attacks. There was a tie for second place, with financial institutions and professional services, each bearing 12 percent of ransomware attacks.

Additional targets.

Other industries targeted by ransomware attacks include retail (8 percent), education (7 percent), manufacturing (6 percent), government (6 percent), real estate (4 percent), hospitality (3 percent), and other (8 percent).

Ransomware attackers are going after small and medium-sized enterprises (SMEs), which are often ill-prepared for an attack. In fact, 71 percent of ransomware attacks tracked by Beazley victimized SMEs.

The highest ransom demand reported to Beazley last year was $8.5 million, $935,000 was the highest ransom Beazley paid in 2018, and $116,324 was the average ransom demand and/or payment in 2018.

To combat ransomware, Beazley recommended that organizations: train employees on how to recognize and avoid phishing attacks, segment backups to prevent the ransomware from spreading, close remote desktop protocol (RDP) ports, require multifactor authentication for any remote connection to the network or application, and enable automatic patching of operating systems and web browsers.

Recent variants of banking Trojans are capable of stealing credentials besides financial ones, are being used to deploy other types of malware, including ransomware, and can exfiltrate emails from Outlook.

“The threat posed by cyber criminals continues to grow in complexity as they devise new techniques to breach IT security and trick unsuspecting employees into allowing them access to systems,” Katherine Keefe, global head of BBR Services at Beazley told hitinfrastructure.com.

“Healthcare providers are disproportionately affected by certain forms of a data breach because of the volume of sensitive data they hold,” she added.

“Unfortunately, we see these threats globally across all sectors and we strongly believe that education about the risks and preparedness are as important as IT security measures for protecting individuals and assets from cyber attacks,” Keefe concluded.

“Do you still think cybersecurity is an afterthought? My suggestion is that you contact GTconsult today…our A Team has various options that can protect your company,” said GTconsult CEO and Co-Founder Bradley Geldenhuys.