2015 was a record year for cybersecurity hacks with 3,930 data breach incidents reported. If the number of records compromised so far this year is any indication, 2016 is on pace to be another record-breaking year. The first quarter of 2016 saw a 6% increase in the number of records compromised over the same time period in 2015 and some new trends. The top dozen breaches of Q1 2016 include:
New Trends Emerge
In addition to a rise in records exposed, there are four key trends associated with first quarter 2016 breaches:
- Increased number of ransomware incidents, with many targeting hospitals
- Health records are a hot commodity
- Cybersecurity companies continue to be targets
- Phishing for W-2s during tax season
These reported breaches varied in size and style but each one cost the affected organizations time, resources and in some cases, cold, hard cash.
Ransoms on the Rise and Target Hospitals
Security professionals predicted 2016 would be the year of extortion attacks and so far, it appears their fears are valid. Ransomware was originally a problem for individuals, but hackers now must believe business and institutional targets are more lucrative. One high-profile ransomware attack occurred in early February at Hollywood Presbyterian Medical Center. Cyber criminals seized the hospital’s data system demanding a ransom of 40 bitcoins — equivalent to about $17,000.
Even large health systems are vulnerable. In late March, ransomware infected the computer systems of MedStar Health, debilitating the operations of 10 hospitals and 250 urgent care facilities. The incident forced the organization to turn away patients and delay treatments. The attackers demanded 45 bitcoins to release the data. And this wasn’t limited to the U.S. Two German hospitals had a similar experience in early 2016. Extortion attacks against healthcare systems are detrimental because they impact more than the organization’s bottom line and disrupt operations. They also put patient safety at risk.
A February 2016 report from Intel Security included this comment: “During the past few weeks, we have received information about a new campaign of targeted ransomware attacks. Instead of the normal modus operandi (phishing attacks or drive-by downloads that lead to automatic execution of ransomware), the attackers gained persistent access to the victim’s network through vulnerability exploitation and spread their access to any connected systems that they could. On each system several tools were used to find, encrypt, and delete the original files as well as any backups. After the encryption of the files, a ransom note appears demanding a payment in Bitcoins to retrieve the files.”
Health Records the New Hot Commodity
The hospital attacks were not focused on health records, but no one would be surprised if after the ransomware issues are resolved that patient data was also compromised. Electronic health records are a new hot commodity. So far this year, health service companies have reported 52 breaches compromising nearly 3.5 million records according to the U.S. Department of Health and Human Services. One major breach occurred at 21st Century Oncology in Florida. When an unauthorized third party gained access to the company’s database, over 2 million health records were compromised.
(To see the healthcare breaches in Q1, click here.)
No One is Safe
Even those in the cybersecurity field protecting others aren’t safe. We saw a previous trend continue in late March when Verizon Enterprise Solutions discovered a flaw in its security system. At that point its customer data was already available for sale on the Internet. Another cybersecurity firm, OpSec Security, also experienced a data breach this quarter when hackers gained access to employees’ W-2 forms. Last year, a number of cybersecurity software providers experienced breaches or announced significant vulnerabilities. Kaspersky Lab, BitDefender, LastPass, Fortinet, Juniper, and Hacking Team, among others. This shouldn’t surprise anyone. Hackers are looking for ways to cover their tracks and avoid detection. Insight into the practices of cybersecurity defense software and users can help meet these objectives.
Tax Season, Hack Season
This quarter also saw a proliferation of W-2 data theft from phishing tactics at more than 40 companies. Hackers impersonating top executives were able to steal private employee information at organizations like Snapchat, GCI and Seagate in order to file fraudulent tax returns. According to the FBI, these types of business email scams have increased 270% since January 2015 and it’s not only private organizations that are being targeted, but public ones as well. In early January, a phishing scheme was used to steal the Hudson City School District’s employee W-2 data to file fraudulent tax returns. This is a continuation of a 2015 trend when W-2 information from 330,000 taxpayers was fraudulently obtained directly from the U.S. Internal Revenue Service. In 2016, the IRS was again hacked resulting in the compromise of another 101,000 taxpayer records. Despite this repeat attack on the IRS, 2016 is also seeing a large spike in direct attacks on companies.
(To see W-2 breaches in Q1, click here.)
(To see the higher education breaches in Q1, click here.)
Predictions Coming True
With a record-breaking year for breaches in 2015, several security experts offered predictions on how the cyber landscape would change in 2016. Many suggested a rise in extortion and phishing attacks were likely. Just three months into the new year, the predictions look to be on target. We also know that the disclosed breaches under-report reality. Many private companies are under no obligation to disclose breaches if no personal consumer information is exposed. For example, you don’t see many disclosures about corporate espionage resulting in intellectual property theft, but we know it’s happening.
There has been a lot of discussion about the increased acumen of hackers and the growing challenge of protecting ever-expanding technology attack surfaces. Cybersecurity blue teams need to remain vigilant about enhancing their defenses, but they also need additional help in early detection as the current trends indicate. IKANOW recently published a white paper on the Knowns and Unknowns of information security today. If you would like to learn more about how information security analytics can help reduce the time to breach detection and response, click the button below.
By Scott Raspa