Hacker Tracker | March

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity. Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

Hackers Stole and Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms | 2.3.20

  • Hackers demanded two 100 Bitcoin (BTC) (over $933,000) ransoms from each firm: one to restore access to the data, one to delete their copy instead of selling it.
  • The hackers published the data on two websites that were shared with the author of this article, but will not be released to protect the firms involved. If they do not pay, the hackers publish a small part of the stolen data as proof and keep releasing increasingly sensitive parts of it over time. When a firm pays, the group removes its name from the website.
  • View the Source

Ransomware Attack on Hospital Shows New Risk for Muni-Bond Issuers | 2.5.20

    • A ransomware attack on Pleasant Valley Hospital in West Virginia was partly responsible for the hospital’s breach of its covenant agreement
    • The virus entered the hospital’s system via emails sent 10 months before the cyber criminals asked the hospital for money. The information the criminals held for ransom did not contain patient data or confidential data.
    • Because of the attack, the hospital was forced to spend about $1 million on new computer equipment and infrastructure improvements, which caused the hospital’s debt service coverage for the fiscal year to fall 78%, below the 120% the loan agreement requires.
    • View the Source

Puerto Rico govt loses $2.6M in Phishing Scam | 2.12.20

    • The government agency transferred $2.6M on Jan. 17 after receiving an email that alleged a change to a banking account tied to remittance payments. The source ended up being a phishing scam. 
    • An internal investigation is under way to determine whether someone was negligent or did not follow standard procedure.
    • View the Source

Over 120 Million US Consumers Exposed in Privacy Snafu | 2.24.20

    • Security researchers have discovered a publicly exposed cloud database containing personal data and behavioral profiles on 120 million Americans.
    • Exposed data included: data extracted from Chipotle employees’ mobile phones for tracking, a spreadsheet containing the home addresses of 700,000 Kate Spade customers and 3.5 million loyalty card accounts for beverage retailer Bevmo, including physical address tied to each account.
    • The result was a database of 120 million Americans including full name, gender, address and “type” of consumer. It’s unclear how long it was exposed for.
    • View the Source

Lessons Learned From This Month’s Hacks

Time and time again, the root cause of recent catastrophic events comes down to employees clicking on phishing emails. You can bet these companies have anti-virus software and other basic measures, but in the end, your employees can put you out of business with one click. 

Consider an approach where you advocate that everyone in your organization is a part of your IT security team. Receptionist to CEO, everyone plays a part in defending their organization’s IT security. If they’re a part of it, they need routine training and phish testing. 

Reach out to us if you’d like to discuss this more. To contact PK Tech, click here.

About PK Tech