On February 25, 2022 the US Cybersecurity & Infrastructure Security Agency (“CISA”), a part of the US Department of Homeland Security, issued a warning to businesses that they need to be prepared to defend against cyberattacks originating from Russia. Expected attacks included denial of service and destructive malware attacks. CISA encouraged businesses to take steps to detect attacks, and to make sure they are able to respond to attacks. This means businesses need to test backup procedures, which includes running disaster recovery tests and drills, evaluate insurance coverages, and make sure manual systems are available if needed.
While attacks are expected to stem from the Russia / Ukraine conflict, all businesses should be prepared to respond to cyber-attacks, irrespective of the relationship with Russia and the Ukraine. Adversaries may find it desirable to disrupt business operations to maximize the impact of political and economic damage during this conflict and continuing after.
Initially cyberattacks were expected to focus on the Ukrainian government and critical infrastructure in that country, as well as businesses operating in the Ukraine. Those attacks are expected to spread to US and NATO government systems and businesses. On February 25, 2022 the chipmaker Nvidia announced it was investigating a potential cyber attack and the company had parts of its business offline for two days. On February 28, 2022 banks and financial institutions were warned of additional risk of attack directed toward that industry specifically. Also on February 28, 2022 Toyota announced it would be shutting down all fourteen factories in Japan because its supplier, Kojima Industries Crop, believed Kojima had a cyberattack which required it to shut down its servers to prevent the problem from spreading.
Steps that businesses can take to better prepare for cyberattacks include:
Increase awareness of latest occurrences of cybercrimes and evaluate increased risks and impacts of similar attacks.
Use best practices that include updating all software, implementing multi-factor authentication, and backing up all data.
Run disaster recovery drills, including testing manual replacement systems, and bringing up the systems directly from existing backups in a cold restart.
Educate employees. Phishing attacks account for over 85% of all cybercrimes, and all employees are at risk of succumbing to that type of attack.
Plan for a worst-case scenario. Consider expanded ways to protect critical assets. This could include disconnecting certain parts of a business network to ensure safety of those assets.
Ensure cloud provider contracts have all protective services enabled.
For smaller businesses, considering disconnecting from the cloud on nights or weekends if the office is closed.
Evaluate insurance coverages for cyberattacks.
CISA offers a free Cyber Hygiene Service to federal, state, local, tribal and territorial governments, and to public and private sector critical infrastructure organizations. This link will take you to the CISA website. https://www.cisa.gov/cyber-hygiene-services
What are some of the recent Cyberattacks?
To help companies address the CISA suggestion for increased awareness of recent cybercrimes and trends, the largest cybercrimes of 2021 will be listed, along with the type of impact and the ransom cost, if known. 2021 was a very active year for cybercrimes. The most common types of cybercrimes are 1) malware, which includes ransomware, spyware and viruses, and 2) phishing attacks.
Cyber security experts will tell us that there are two types of businesses:
"Those that have been hacked.
or
Those that don’t know they have been hacked."
According to Privacy Affairs, the 15 largest cybercrimes in 2021 were:
Colonial Pipeline
May 2021.
Disrupted fuel supplies in 12 states in the eastern US.
$4.4 million in bitcoin ransom was paid.
Acer
May 2021,
Computer giant in Taiwan.
$50 million dollar ransom demand.
JBS Foods
May 2021.
Temporary closure of operations in Canada, Australia and US.
$11 million ransom demand.
KIA Motors
February 2021.
Widespread system and IT outage.
$20 million ransom demand.
CNA Insurance
March 2021.
Hacked CNA’s network and encrypted 15,000 devices, compromised personal data of 75,000 employees.
$40 million ransom.
Brenntag
May 2021.
German chemical distribution company had 150 GB of data stolen.
Ransom demand was $7.5 million, paid $4.4 million.
Quanta
April 2021.
Leaked blueprints of Apple products stolen from Quanta.
No information on payment.
AXA
May 2021.
Cyber insurance company was victimized with operations in the Philippines, Hong Kong, Malaysia and Thailand impacted.
No information on payment.
CD Projekt
February 2021.
Hackers accessed gaming source code.
Ransom was not paid because the company was able to restore lost data from backups.
National Basketball Association
April 2021.
Stole 500 GB of confidential data, including contracts and financial information.
Unknown if the ransom was paid.
Ireland’s Health Service Executive
May 2021.
Health services were disrupted, outpatient appointments and services were cancelled. Patients had to use paper records.
Ransom demand of $20 million was not paid but services were disrupted, and hackers leaked some data.
ExaGrid
May 2021.
Hackers stole documents and source code, contracts, and customer and employee data.
$2.6 million ransom was paid.
Buffalo Public Schools
March 2021.
School system was shut down for one week. Records for 34,000 students were at risk.
No word of ransom payment.
University of the Highlands and Islands
March 2021.
All research labs and colleges were closed.
No further details were released, and the payment of a ransom is unknown.
Microsoft Exchange Server
March 2021.
9 government agencies and 60,000 private companies were disrupted.
No further details were released, and the payment of a ransom is unknown.
The next steps
It is important that every business go through its disaster recovery testing now. Manual systems should be created as a backup and then those manual systems should be tested. A recovery of systems and data from existing backups should also be tested.
IT best practices should be reviewed. Remind employees of the risk and consider retraining employees to emphasize their individual responsibility to protect themselves, the customers and the company. Ensure all software is updated to the most recent version and a process for doing updates is in place. Consider having everyone change their passwords and re-evaluate the access individuals have to sensitive data.
Insurance protections need to be reviewed. Ransom payments are increasing and dealing with hacker groups requires a unique skill set that can be expensive. Protection of personal data – employees, clients, or vendors – has to be considered and the cost of providing identity protection for hacked individuals needs to be covered by the insurance.
These are challenging times, and cyber security is an important consideration today.
Articles outlining more specific cybersecurity approaches may be accessed here:
Our webinar addressing cyber security can be accessed below or here: Cyber Security Webinar