Hacker Tracker | November In Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

1. Panasonic confirms cyberattack and data breach | 11.11.21

  • Tech manufacturing giant Panasonic has confirmed that its network was accessed illegally this month during a cyberattack.
  • In a statement released on Friday, the Japanese company said it was attacked on November 11 and determined that “some data on a file server had been accessed during the intrusion.” 
  • In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.
  • View the Source

2. Colorado energy company loses 25 years of data after cyberattack while still rebuilding network | 11.7.21

  • Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost. 
  • The company said it began noticing issues on November 7, and the cyberattack eventually brought down most of its internal network services. 
  • The attack affected all of the company’s support systems, payment processing tools, billing platforms and other tools provided to customers. 
  • Hackers were targeting specific parts of the company’s internal network and corrupted saved documents, spreadsheets, and forms, indicating it may have been a ransomware incident. In addition, it affected the company’s phone and email systems.
  • View the Source

3. FBI: Cuba ransomware group hit 49 critical infrastructure organizations | 11.1.21

  • The group has attacked 49 entities in five critical infrastructure sectors and made at least $43.9 million in ransom payments.
  • The FBI said the group is targeting enterprises in the financial, government, healthcare, manufacturing, and information technology sectors while using the Hancitor malware to gain entry to Windows systems. 
  • Once a victim is compromised, the ransomware installs and executes a CobaltStrike beacon while two executable files are downloaded. The two files allow attackers to acquire passwords and “write to the compromised system’s temporary (TMP) file.”
  • View the Source

Lessons Learned From This Month’s Hacks

  1. From the attack on Panasonic, we are reminded of the importance of early detection and reporting. Panasonic was able to detect the attack early on and report it to their IT team and relevant authorities. Because of this, they were able to avoid a severe attack. We cannot always prevent every attack (even organizations with the best IT security infrastructure in place) but we can mitigate effects with early detection and reporting.
  2. From the attack on the Colorado energy company, we intimately understand the cost of downtime for companies that provide services vital to customer survival. Lessons learned: segregate networks so one hack doesn’t take down your entire company and keep your backups segregated. Based on what’s known today – there was a huge amount of cybersecurity negligence (in our opinion) & when you’re a captive customer with no other options, you need to regulate the crap out of these critical infrastructure sectors and hold the C-levels legally accountable.
  3. From the Cuba ransomware group, we learn about an emerging trend of attack via downloadable files. In this case, once a victim was compromised, the ransomware installed and executed two executable files to be downloaded. The downloaded files are what ultimately allowed attackers to acquire passwords and complete their attack. Old news flash: be wary of any attachment or download link if you are not able to confirm the intentions of the sender. Also, use a proper business-class Next-Gen firewall, Endpoint protection, and email security scanning solution. This sounds like another case of under-budgeted cybersecurity posture. We bet the budget went up after this — funny how there’s funds AFTER all these incidents. 

Reach out if you have questions here.