According to PurpleSec LLC, cybercrime rose by 600 percent during the Covid-19 pandemic. Phishing email schemes trick people into revealing sensitive information that can lead to the theft of funds or data or infiltration into an information technology (IT) system. During the pandemic, cybercriminals impersonated representatives of the Center for Disease Control and Prevention (CDC) or World Health Organization (WHO) in phishing schemes.
The other types of malicious software or malware are viruses, ransomware, trojans, worms, spyware, adware, file-less malware, and hybrid attacks. About 230,000 new malware are created every day, with 92 percent sent via email. This rate is still expected to increase. At any given time per week, malware affects more than 18 million websites.
Viruses often infect computers with no other objects but to wreak havoc. Usually, this is to attack a certain organization. Ransomware steals data, encrypts these, and holds these for ransom. Victims must pay the amount the hackers demand, usually in hard-to-trace cryptocurrency such as bitcoin, to get back their data. By 2021, the estimate is that ransomware attacks will cost $6 trillion per year. The Guardian cites data from the 2021 SonicWall Cyber Threat Report stating that there has been a 62 percent global increase in ransomware since 2019. In North America, the increase has been 158 percent.
Recent Major Attacks
According to the Associated Press, on May 7, a cyberattack on the Colonial Pipeline resulted in the shutdown of the system that delivers 45 percent of the gasoline for the East Coast, causing gas shortages in several states. To prevent further escalation of the gasoline crisis, Colonial paid the ransom of about $4.4 million ransom. The Federal Bureau of Investigation (FBI) was later able to retrieve part of it.
On May 14, the state health services of Ireland shut down its entire IT systems when a significant overnight ransomware attack disrupted services widely. Some hospitals canceled medical appointments and closed outpatient visits. The Rotunda, a maternity hospital in Dublin, canceled all outpatient visits and only accepted women who were more than 35 weeks pregnant.
At Cork university hospital, operations of the oncology department were paralyzed. Tusla, a child and family agency, stated that its IT systems were not working, including the portal for child protection referrals. The Conti crime gang that attacked the hospital eventually decrypted but is demanding payment with the threat of publicly publishing the stolen personal data.
On May 30, JBS USA, the world’s largest company in meat-processing and supplier of a fifth of all beef in the U.S., was attacked by ransomware, affecting some servers of its North American and Australian IT systems. The suspension of all affected systems resulted in the stoppage of operations in beef-processing factories in the U.S., affecting consumer supplies. JBS paid the hackers $11 million in bitcoins to prevent further attacks.
NPR reports that on July 2, at least 200 U.S. companies had their networks frozen by a ransomware attack on their software supplier, Kaseya. The hackers used Kaseya’s network-management package to send the ransomware through cloud-service providers, infiltrating systems as they update automatically. The attack can potentially reach more businesses because Kaseya services small to large businesses around the globe.
Security Measures
Institutions like hospitals cannot afford life-threatening breaches in their systems. If their systems are currently not up to par, they must immediately implement cybersecurity solutions like ServiceNow healthcare.
Associated Press reports that on July 20, the U.S. Department of Homeland Security announced that operators of pipelines that are federally designated as critical are now required to implement specific cybersecurity measures to prevent cyberattacks. They must also review their cybersecurity architecture design and have contingency plans in place for possible breaches.
In 2020, the Cybersecurity Maturity Model Certification (CMMC) was released by the U.S. Department of Defense (DoD). This is a unified cybersecurity assessment model and certification program that DoD contractors must undergo as a requirement to be awarded contracts. The certification has five levels, from basic to advanced security practices. There is a CMMC Accreditation Body (CMMC AB) with experts who will supervise the training and credentialing of CMMC Third Party Assessment Organizations (C3PAOs). The latter will do the CMMC audits on contractors and certify their CMMC compliance level.
Cybercriminals know that many small and medium-scale companies are not prioritizing cybersecurity in their budgets. This is why they target these companies. If your company belongs to this sector, prove the hackers wrong and invest in the best possible cybersecurity program you can get because you cannot afford not to do so.
