Companies are Spending A LOT to Fix the Aftermath of Cyber Attacks

In this week's cyber news, we explore how companies are still trying to issues months after they were victims of cyber attacks.

‍

Red Cross Exploited in Cyber Attack through Unpatched Critical Vulnerability

The International Committee of the Red Cross’s systems were hacked way back on November 9, 2021. They just released the details of what happened. They detected the anomaly once they installed their endpoint detection and response (EDR) agents. According to their press release, the average time to identify a data breach is 212 days. They detected the infiltration within 70 days.

‍

“This vulnerability allows malicious cyber actors to place web shells and conduct post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This in turn allowed them to access the data, despite this data being encrypted.”

‍

Unfortunately, over 515,000 peoples’ information have been compromised. The names, locations and contact information of people across the world have been exposed. The people affected include missing people and their families and other families relying on Red Cross Services.

‍

For the full story, visit the Red Cross website here.

‍

My thoughts: Cyber criminals do not care how well-intended your organization is. They are ruthless. Don’t underestimate them.

‍

Expeditors International Had to Shut Most of Its Operations Worldwide

On February 20, 2022, Expeditors International, he logistics and freight company based in Seattle was targeted in a cyberattack affecting most of its operations. With $5.4billion in annual sales, over 350 locations and over 18,000 employees, the impact in huge.

‍

After two weeks, here is their update:

‍

“The company’s workforce is now handling shipments and providing services across most products and expanding recovery across its locations. The company is incurring significant expenses to incorporate business continuity systems and to investigate, remediate and recover from this cyberattack,” Expeditors (NASDAQ: EXPD) said in the filing.

‍

Not only are its operations affected as well as many of their employees, but their accounting system was affected as well.

‍

“At this early stage, the company is unable to estimate the ultimate direct and indirect financial impacts of this cyber-attack,” the SEC filing stated. (FreightWaves) (BleepingComputer) (InvestorExpeditors)

‍

Thought: This massive attack is foreshadowing what 2022 is going to look like. Let’s focus on business continuity and keep our businesses safe.

Sault Ste. Marie Police, Still Working on Aftermath of Ransomware Attack 6 Months After It Happens

The Sault Ste Marie Police became aware of a ransomware attack on their systems on August 26, 2021. It is now 6 months later and the station is not 100% in the clear of the attack. Police officers were still able to work and their ability to respond to emergencies have not been compromised. However, some stats have been missing.

‍

“Information packages that are routinely supplied to Police Services Board members and members of the local media prior to monthly police board meetings have been noticeably absent. In particular, monthly crime statistics, which have informed a number of SooToday articles highlighting property crime and other criminal activity in Sault Ste. Marie, are not available.” (SooToday) (SaultPolice) (SooToday)

‍

My thoughts: SIX months and still working on the aftermath of the attack. This is unfortunate and we reached out to them if they still need help.

Toyota Stops Production Because of a Supplier

Toyota suspended the operation of 28 production lines in 14 plants in Japan after one their suppliers suffered a cyberattack. Their supplier, Kojima Industries, supplies a vital part in their cars. Toyota’s subsidiaries will also halt production.

‍

“Japanese reporters have asked Prime Minister Fumio Kishida if this could be linked to Japan’s sanctions on Moscow. Kishida said at the time that there was no confirmation of a Russian connection...

‍

This situation introduced unprecedented challenges to Toyota in particularly, due to its long-established “just in time” (JIT) lean manufacturing approach which historically provided ultimate efficiency but didn’t offer any margin for versatility.” (BleepingComputer)

‍

My thoughts: What would you do in Toyota’s place? I would look for alternative suppliers so the car parts are always available. You never know who is going to get attacked – and it could be a company you reply on. I also find it interested that their JIT lean approach really backfired in this instance. I wonder if they are going to change their manufacturing model.

‍

The Government of Canada Alerts IT Professionals And Managers…But here’s Tangible Advice

“An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

‍

On 23 February 2022 the Canadian Centre for Cyber Security (Cyber Centre) became aware of a new disruptive malware, named HermeticWiper, targeting Ukrainian organizations.

‍

HermeticWiper abuses a benign driver to corrupt the Master Boot Record (MBR) of every physical drive and each drive partition to make the victim system inoperable after machine shutdown. HermeticWiper also modifies several registry keys to disable system crash dumps.” (CanadianCentreForCyberSecurity)

‍

My thoughts: They put you on alert but didn’t provide a solution. Our partner, SentinelOne, offers some actionable advice here.

‍

“Here is a summary:

In line with CISA’s recent advisory, SentinelOne urges organizations to adopt a heightened security posture and to take proactive measures including:

• Ensure that all networks and endpoints are protected by an advanced security solution that can prevent, detect, and respond to known and novel attacks, as well as rollback devices in the event of an attack.
• Make sure your SOC and IT teams are up-to-date with the latest threat intelligence around cyber attacks on the Ukraine.
• Monitor government advisories such as CISA’s alerts and Shields Up bulletin.
• Designate a crisis-response team with updated points of contact for a cybersecurity incident.
• Verify you have cyber insurance, understand your coverage, and know how to activate incident response services.
• Run a fire-drill to ensure that everyone understands roles and responsibilities, and what action needs to be taken and when.
• Plan for a worst-case scenario and ensure a business continuity plan is in place.”

‍

__________________________________

Access The Untold Stories of IT Professionals.

Assurance IT launched IT Spotlight - an email series putting the spotlight on IT professionals. Get the inside scoop on their careers, their predictions in the industry and more. Once a week, every week, find out what other IT professionals are up to. Learn more here.

‍