Hacker Tracker | May In Review

Monthly Cybersecurity Update

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

1. Dish Network likely paid ransom after recent ransomware attack | 5.19.23

• Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February based on the wording used in data breach notification letters sent to impacted employees.
• Even if law enforcement was able to intercept the server hosting the data, there would be no way of knowing that a copy of the data was not also stored elsewhere by the threat actors without paying a ransom.
• No customer data was affected in the incident
• However, Dish discovered that confidential records and sensitive information belonging to current and former employees (and their families) had been exposed during the breach.
• View the Source

2. MCNA Dental data breach impacts 8.9 million people after ransomware attack | 5.29.23

• Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data were compromised.
• MCNA Dental is one of the largest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the U.S.
• Hackers stole information including full names, addresses, DOBs, phone numbers, emails, Social Security numbers, driver’s license number, government-issued ID numbers, health insurance (plan information, insurance company, member numbers, Medicaid-Medicare ID numbers), care for teeth or braces (visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment), and bills and insurance claims.
• MCNA says it has taken all the appropriate steps to remediate the situation and enhance the security of its systems to prevent similar incidents from occurring in the future. It has also contacted law enforcement authorities to help prevent the misuse of the stolen information.
• View the Source

3. Toyota finds more misconfigured servers leaking customer info | 5.31.23

• Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners’ personal information for over seven years.
• The database exposed was leaking information including addresses, names, phone numbers, email addresses, customer IDs, vehicle registration numbers, and VINs.
• Toyota says that it has implemented a system that monitors cloud configurations and database settings on all its environments regularly to prevent these types of leaks in the future.
• View the Source

Lessons Learned From This Month’s Hacks

#1– As we’ve shared before, paying a ransom does not guarantee cybercriminals will do anything they say they’ll do–it also rarely solves all your problems. In the case of Dish Network, it did not guarantee the complete deletion of stolen data by cybercriminals. We’ve talked about whether it is okay to pay ransom if you have cybersecurity insurance on our blog. The short answer is to always check with authorities and your IT person before paying a ransom or making contact with cybercriminals during an attack. Many times, victims who pay ransoms are more highly subjected to further extortion weeks later, at higher risk of their data being sold to criminal actors or having their data further leaked online. As Dish Network learned, it is not wise to pay the ransom demanded in most cases.

#2– Well known ransomware gang, LockBit, claimed responsibility for the ransomware attack on MCNA. This attack follows a long, multiple-year string of attacks targeting healthcare organizations. We’ve covered cybersecurity vulnerabilities for the healthcare industry, including preventative tips for healthcare organizations to avoid these common attacks on their industry. Training employees on data security, conducting regular and routine risk assessments, always using MFA, enabling data encryption, engaging in regular auditing & monitoring, and closely monitoring third-party access are all preventative ways to protect your organization. 

The MCNA attack also highlighted the importance of training employees to recognize phishing attacks. The ransomware attack on MCNA used phishing emails to leak data by tricking email recipients into revealing sensitive information like login credentials. In many cases, remember you can easily prevent a phishing attack with the SLAM method.

#3- Car hacking has been on the rise over the last year, with the Toyota attack showing a continuation of targeting the automotive industry as a whole. The Toyota breach is a grave reminder to be wary of anywhere you provide your information–including your car dealership when you make an automobile purchase. Any organization with personal identifying data, such as names and financial information, has always been a top target of cybercriminals–for obvious reasons.

Reach out if you have questions here.