Hacker Tracker | May in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

#1- Ransomware attack and COVID woes force this 150-year-old college to shut down | 5.10.22

  • Lincoln College in Illinois will shut down permanently this week after financial woes caused by the pandemic were magnified by a ransomware attack last December. 
  • The final blow came on December 19 when the college was hit by ransomware, which affected its IT systems for recruitment, retention and fundraising.
  • The ransomware attack thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections.
  • During the attack, all systems required for recruitment, retention, and fundraising efforts were inoperable. 
  • View the Source

#2- These ransomware attackers sent their ransom note to the victim’s printer | 5.13.22

  • A hacking group that conducts cyber-espionage campaigns and ransomware attacks is targeting organizations in Europe and the United States. 
  • Attacks include exploiting the ProxyShell vulnerabilities to deploy Fast Reverse Proxy client (FRPC) and enable remote access to vulnerable systems, along with the use of infrastructure that matches patterns associated with the threat group. 
  • This attack, which did not produce financial gain, was a strange tactic, according to researchers. 
  • View the Source

#3- FBI: Hackers used malicious PHP code to grab credit card data | 5.17.22

  • The FBI is warning that someone is scraping credit card data from the checkout pages of US businesses’ websites. 
  • Unidentified attackers accessed credit card data and created a backdoor into the victim’s systems, says law enforcement agency.
  • The attackers began targeting US businesses in September 2020 by inserting malicious PHP code into the customized online checkout pages.
  • The actors create a basic backdoor using a debugging function that allows the system to download two webshells onto the US firm’s web server, giving the attackers backdoors for further exploitation. 
  • View the Source

Lessons Learned

#1- From the ransomware attack on Lincoln College, we learn the real life ramifications of ransomware. It really can mean the end of companies and institutions. In many cases, it is more than just “paying up”; it’s the difference between surviving or shutting down. 

#2- From the printer attacks, we learn the vital importance of regular updates. Despite a patch being available, cyber criminals were able to carefully target individual printers that had not yet taken advantage of the patch by updating their device. Part of the advantage of working with a managed service provider is that we have a team of people that manage the availability of updates for devices and softwares our clients use. This means you’ll never miss an opportunity to take advantage of an update that might eliminate a vulnerability for cybercriminals. 

#3- From the third attack, we understand the risk of online payment and sharing sensitive data online. Remember, whenever possible avoid sharing sensitive data (including payment information) with websites unless you can verify they are secure.