 |
 |
 |
 |
 |
 |
 |
DHS Secretary: Small Businesses Hard-Hit by Ransomware – and the Government is taking notice
Alejandro Mayorkas Says Attacks Increased 300% in Past Year
About 50% to 70% of all ransomware attacks in the U.S. are targeting small and medium-sized businesses, costing the victims an estimated total of $350 million in the last year, Secretary of Homeland Security Alejandro Mayorkas said Wednesday in a speech to the U.S. Chamber of Commerce.
“The losses from ransomware are staggering. And the pace at which those losses are being realized is equally staggering,” Mayorkas said, noting this is why DHS has made battling ransomware a priority.
The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cybercriminals, a senior department official told Reuters.
Internal guidance sent on Thursday to U.S. attorney’s offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.
“It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department
Mayorkas pointed out that in the past year, ransomware attacks against smaller businesses have increased 300%.
Battling Ransomware
The Justice Department’s decision to push ransomware into this special process illustrates how the issue is being prioritized, U.S. officials said.
“We’ve used this model around terrorism before but never with ransomware,” said Carlin. The process has typically been reserved for a short list of topics, including national security cases, legal experts said.
In practice, it means that investigators in U.S. attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington.
The guidance also asks the offices to look at and include other investigations focused on the larger cybercrime ecosystem.
According to the guidance, the list of investigations that now require central notification include cases involving: counter anti-virus services, illicit online forums or marketplaces, cryptocurrency exchanges, bulletproof hosting services, botnets and online money laundering services.
A botnet is a group of compromised internet-connected devices that can be manipulated to cause digital havoc. Hackers build, buy and rent out botnets in order to conduct cyber crimes ranging from advertising fraud to large cyberattacks.
“We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes,” said Carlin.
Mark Califano, a former U.S. attorney and cybercrime expert, said the “heightened reporting could allow DOJ to more effectively deploy resources” and to “identify common exploits” used by cybercriminals.
Helping Small Businesses
Because small businesses are the backbone of the U.S. economy, they are a prime target for ransomware gangs, the DHS secretary noted.
He told the Chamber of Commerce audience: “We stand at the ready to provide education, to provide vital information to assist you in navigating through what you perceive to be a threat, to assist you in perhaps building the defenses.”
Mayorkas stressed: “It is important that every small business understands that this should be a priority. The term ‘existential’ was used in describing the threat, and it very well can be an existential threat to one’s business.”
Sources:
https://www.bankinfosecurity.com/small-businesses-absorbing-majority-ransomware-attacks-a-16529
https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/
Dark Web ID’s Top Threats This Week
United States – DailyQuiz
https://therecord.media/8-3-million-plaintext-passwords-exposed-in-dailyquiz-data-breach/
Exploit: Hacking
DailyQuiz: Entertainment App
Risk to Business: 1.655= Severe
The personal details of 13 million DailyQuiz users have been leaked online after a hacker breached the app developer’s database. Millions of user passwords were stored in that database unsafely in a plain text format and were subsequently stolen. Researchers recently discovered that the DailyQuiz database was up for sale in dark web data markets.
Individual Risk: 2.711= Moderate
Users should be aware that their passwords have been compromised and change any accounts that share that password as well as updating their DailyQuiz accounts.
Customers Impacted: 13 million
How It Could Affect Your Business: Weak password storage is symptomatic of low cybersecurity safety standards and shows clients that you don’t take their data privacy seriously.
IntegraMSP to the Rescue: Are your clients protected from common risks? Make sure they’re covered with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>
United States – Rehoboth McKinley Christian Health Care Services (RMCHCS)
Exploit: Hacking
Rehoboth McKinley Christian Health Care Services (RMCHCS): Health Non-Profit
Risk to Business: 1.833= Severe
Rehoboth McKinley Christian Health Care Services (RMCHCS) has reported a data breach reported caused by improper access to data impacting around 200,000 patients and employees. RMCHCS operates a 60-bed acute care hospital and four clinics providing emergency care, cancer care, and hospice and pediatric services in Arizona and New Mexico. The company did not say how the data was improperly accessed.
Risk to Business: 1.833= Severe
RMCHCS states that the breached material includes names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport and (for Native Americans) tribal ID numbers. Healthcare-specific details of patient care were also involved, but it’s not consistent across accounts. Healthcare data potentially impacted may include medical record numbers, dates of service and healthcare provider names; prescription, treatment, and diagnosis information; and billing and claims information, including financial account information.
Customers Impacted: 200,000
How it Could Affect Your Business Data theft is always a problem, but theft of medical data is a disaster for healthcare orgs that will have to pay major fines for security failures.
IntegraMSP to the Rescue: Which data breach risks should you be most concerned about? Find that information and more useful data to inform security decisions in The Global Year in Breach 2021. READ IT NOW>>
United States – Bose
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/
Exploit: Ransomware
Bose: Audio Equipment Maker
Risk to Business: 2.812= Moderate
Audio manufacturing titan Bose disclosed a data breach following a ransomware attack that hit the company’s systems in early March. In a regulatory filing, the company explained that a small amount of employee data had been potentially exposed as had several unnamed spreadsheets. No customer or other proprietary data was reported as compromised but the investigation is still ongoing.
Risk to Business: 2.812= Moderate
According to the company, a very small amount of employee personally identifying data and payroll data was compromised. Current and former employees should be alert to spear phishing and identity theft.
Customers Impacted: Unknown
How it Could Affect Your Business Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
IntegraMSP to the Rescue: Secure your data and systems against today’s nastiest threat with Ransomware 101, our most popular eBook, to guide you through how to secure your clients effectively. READ IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.