It’s hard to believe that February is almost over, and as the year continues to fly by, hackers and cybercriminals have not slowed down their efforts. This past month we have seen a litany of stories involving data breaches, ransomware, server shutdowns, and more – highlighting the fact that a cyberattack can manifest in many forms and onto many victims. Here’s our recap of some of the most compelling cybersecurity events which happened in February of 2024.
‘Mother of all Breaches’ Expose 26 Billion Records
Security researchers have uncovered a massive data breach, coined the “Mother of All Breaches” (MOAB), involving a shocking 26 billion leaked data records, ranking it among the largest breaches to date. The 12-terabyte database, discovered on an open storage instance, is raising concerns among experts in the field. These concerns are mostly about the potential misuse of the stolen data for identity theft, phishing schemes, cyberattacks, and unauthorized access to personal accounts. The records within the database span users of major platforms like Tencent, Weibo, Twitter/X, Dropbox, LinkedIn, Adobe, Canva, Telegram, and even including data from U.S. government organizations. Cybersecurity advisor Jake Moore underscores the need for proactive measures, urging users impacted by the breach to change their passwords, stay vigilant against phishing emails, and enable two-factor authentication to counter the anticipated surge in such attacks. If you feel that your information might have been stolen, SWK Technologies offers Dark Web Monitoring services that will help your organization quickly uncover if you have leaked credentials and mitigate cyber-attacks that are specifically using your hijacked email addresses and passwords.
Parts of Atlanta Targeted by a “Financially Motivated” Cyberattack
Fulton County in Georgia has been targeted by a ransomware attack orchestrated by “financially motivated actors,” leading to weeks of disruption in key county services. The LockBit group has claimed responsibility for the attack, posting internal documents including a police report and a retirement statement, online to assert their involvement. Cybercriminal groups like LockBit often publicly disclose victims to coerce them into paying ransoms for data recovery. Fulton County officials are actively collaborating with law enforcement and cybersecurity experts to investigate the attack and validate the hackers’ claims. The ongoing ransomware incident has adversely affected District Attorney Fani Willis’s office, resulting in the loss of phone and internet access and disruptions to the court system website. County officials clarify that the attack is unrelated to the election process or other current events. Despite progress in recovery efforts, approximately two-thirds of county phone lines remain down, and electronic processing of property tax and water bill payments is still unavailable. On a positive note, phones and IT systems are gradually coming back online, and election offices are operational. LockBit is a highly active cybercrime group with Russian-speaking members and global affiliates, which underscores the disruptive potential of financially motivated entities in the realm of cybersecurity. The ransomware attack on Fulton County serves as a stark reminder to treat cybercrime as a national security issue.
Victims are Refusing to Pay Ransomware
Ransomware payments hit a record low in quarter 4 of 2023, plummeting to only 29%. This is a significant decrease from the 85% seen at the beginning of 2019, showcasing that less and less people are sending hackers ransom after having their data encrypted. This declining trend, which was first observed in the middle of 2021 with a 46% payment rate, is attributed to increased organizational preparedness, growing distrust of cybercriminal promises, and legal pressures as some governments have made paying a ransom against the law. In Q4 2023, the average ransom payment witnessed a 33% decline from the previous quarter, settling at $568,705, with a median payment of $200,000. Concurrently, the median size of victimized organizations diminished in Q4 ’23, marking a reversal from the trend initiated in Q2 ’22, where larger companies were targeted for substantial payouts. However, instituting ransom payment bans, or laws that make paying ransom illegal, may drive companies to avoid reporting incidents and resort to sketchy service providers, which could lead to the creation of a significant illegal market. As an alternative to bans, organizations should try reinforcing existing mechanisms and initiatives to combat ransomware. This encompasses fortifying reporting frameworks, establishing safe harbors for proactive reporting, imposing fines for non-disclosure, fostering collaboration with law enforcement, and implementing strategic measures to diminish the attractiveness of ransom payments. A great way to start reinforcing these strategies would be to implement Security Awareness Training for your employees, which empowers your people to spot the red flags of an email compromise or malicious domain, and ensure they have the knowledge and tools to protect your systems from hackers and scammers.
Cyberattack on Chicago Childrens Hospital
Lurie Children’s Hospital in Chicago is grappling with a network outage that has severely impacted various aspects of its operations, including phones, email, internet service, and medical equipment, all stemming from a significant “cybersecurity matter.” This issue caused disruptions not only in the main hospital but also in outpatient centers and primary care offices. Maurice Dawson, the director at the IIT Center for Cyber Security and Education, underscores the shift in modern security dynamics, emphasizing the potent impact of cyber-attacks. The hospital is actively addressing the cybersecurity matter by working with leading experts and law enforcement agencies, prompting the temporary shutdown of network systems as part of the response. Officials are working diligently to resolve the issue, acknowledging the concern and inconvenience experienced by patient families and community providers. However, the incident has led to the cancellation of some elective surgeries and procedures. The hospital set up a call center specifically to help deal with the aftermath of the attack.
Learn From the Experts
Cyber-attacks can happen at a moment’s notice to a company of any size, and waiting to bolster your digital defenses until after an attack hits your organization is too late. To stay on top of the constant cybersecurity developments that occur each month and learn from our team of experts, contact SWK today and protect your business from threats like these.