September confirmed some things we already knew about the current state of cybercrime: While undersecured corporate targets remain tempting targets for hackers, the situation is increasingly worse for data-rich organizations such as governments, schools, and healthcare facilities. All of those sectors had cause for concern as the month drew to a close.

September was a particularly bad month for government security teams, as national systems worldworld were plagued by cybercrime. Here are three of the most unnerving national security violations during the month. 

Early in September, French authorities revealed that the country’s visa application website was hacked on August 10. The breach gave hackers access to a wide variety of personal data from visa applicants, including names, nationalities, passport numbers, and email addresses. While France’s Ministry of Foreign Affairs and Ministry of the Interior were quick to assure the public that no one could use that data to obtain a fraudulent visa, that likely provided little comfort to applicants. 

In South Africa, a ransomware attack took the nation’s Department of Justice and Constitutional Development website and services offline and shut down multiple in-person facilities. The September 6 attack by an unidentified assailant disrupted services and delayed payments from the department for more than a week in some cases. Government spokespersons denied that any data was stolen, or that any ransom was even demanded. Despite these assurances, that still didn’t stop the DOJ from getting roasted online by citizens bemused by the Department’s lax cybersecurity. 

The website for New Zealand’s national postal system, along with other government services and several of the country’s largest banks, were taken offline briefly in a DDoS attack on September 7. Most services were restored fairly quickly, but not before putting a scare into thousands of New Zealanders who rely on them.

 

 

No perpetrator has been identified so far, but journalists have noted that the attacks bear a resemblance to a DDoS campaign that crippled the national stock exchange last August. 

 

Records Exposed: A variety of personal data and sensitive national cyber systems

 

Type of Attack: Ransomware, DDoS, likely email hack

 

Industry: Government

 

Date of Attack: August to September, 2021

 

Location: France, South Africa, New Zealand

 

Key takeaway: As unsettling as the recent spate of cyber attacks on government organizations is, the even more disturbing fact is that we likely have not seen the worst of it yet. Departments of Justice, visa application centers, and national postal services all represent vital pieces of infrastructure that countries can ill-afford to have taken offline.

 

It bears repeating as many times as it takes to get the message across: Governments must step up and invest in real cybersecurity solutions that protect their citizens’ information.

U.S. holidays have emerged in recent years as prime time for cyber attacks. This year’s Labor Day weekend was yet another case in point. Howard University in Washington, D.C. The nation’s oldest Historically Black University, fell victim to a ransomware attack in early September. The disruption shut down both in-person and online classes for several days while Howard struggled to restore access to its wi-fi network. When the school eventually reopened, it did so only gradually, and by degrees. 

 

 

There are rumors that the breach originated with the school’s email system. However, the perpetrator of the attack, the terms of the ransom, and whether Howard University intends to pay the ransom remain unclear. In the meantime, the school issued detailed instructions to students on how to access email and wi-fi while also protecting personal and encrypted data.

 

Records Exposed: University-wide network and wi-fi systems

 

Type of Attack: Ransomware

 

Industry: Higher education

 

Date of Attack: Early September, 2021

 

Location: Washington, D.C.

 

Key takeaway: Universities remain a consistently popular target for cybercrime due to their rich stores of personal data and comparatively lax security standards. They also make for high-profile targets, since any disruption of classes by an external actor is guaranteed to cause a stir on social media and in the press. One silver lining of the Howard hack is that it seems to have instigated other schools into taking protective action. It can only be a good thing for students, educators, and administrators if that trend continues.

Japanese tech company Olympus, probably best known in the U.S. for its top-of-the-line cameras, was forced to shut down its online systems on three continents after a September 8 attack by the ransomware group known as BlackMatter. According to a note delivered by the purported hackers, the attack was intended to encrypt Olympus networks in Africa, Europe, and the Middle East, forcing the business to shut down all data transfers to avoid affecting its third-party partners. 

 

Olympus, which sold its camera-production operations in January and now focuses on optical equipment for medical and scientific use, reports that no private data was stolen or compromised. Cybersecurity experts noted that the BlackMatter group seemed to be shopping the dark web earlier this summer for access to compromised networks of large corporate businesses. If that report is accurate, it is likely that Olympus fell under that umbrella.

 

Records Exposed: Digital networks across multiple arms of the tech company

 

Type of Attack: Ransomware

 

Industry: Technology

 

Date of Attack: September 8, 2021

 

Location: African, European, and Middle Eastern operating sites

 

Key takeaway: Large companies seldom run their businesses out of a single base of operations. Multinational organizations need to take into account the additional time, effort, and expense that will come into play if a bad actor compromises data across multiple countries or even continents. For any company operating under that model, investing in a comprehensive, security solution across its entire network will pay dividends long term.

In the healthcare sphere, September’s notable victims included Southeast Health Center in Multnomah County, Oregon. This data breach is a rarity in today’s era, since the files exposed were not digital, but physical. More than 700 patients were notified last month that their personal and medical data may have been compromised in an August break-in. With the center closed for construction, thieves broke into an area with access to a file cabinet storing applications for the state health plan. 

 

While there is currently no evidence that patient data was stolen or even accessed, the potential for exploitation has led Multnomah County to offer identity protection and credit monitoring services to all potentially impacted clients. That level of sensitive information, even in a physical format, could yield a solid payday online for an enterprising thief.

 

Records Exposed: Medical files, potentially including Medicare and Social Security data, pay stubs, and citizenship information

 

Type of Attack: Physical theft

 

Industry: Healthcare

 

Date of Attack: Early August, 2021

 

Location: Multnomah County, Oregon

 

Key takeaway: While this particular incident obviously could not have been prevented with software-based methods, there is still an important takeaway for businesses on the fence about investing in cybersecurity measures. In an era of rampant online crime, it may seem safer to simply keep paper records that can’t be hacked.

 

As this break-in demonstrates, however, physical records can be just as vulnerable as digital ones, and much more difficult to restore if they are stolen. For all the current concerns about cybersecurity, investing in online storage and backup system with  top-level security protection remains the safest way to protect sensitive employee and customer data.

 

From big-name colleges to high-profile tech companies to small town health clinics to national governments, no one was immune to cybercrime this September. It’s time for organizations at every level to stop relying on after-the-fact apologies and compensations and start taking a proactive, engaged approach to shutting down data breaches before they happen.

Additional Resources 

• Join the conversation with Arctic Wolf on Facebook, Twitter, LinkedIn, and YouTube 
• Visit arcticwolf.com to learn more about our security operations solutions 
• If you’re ready to get started, request a demo or get a quote today