September confirmed some things we already knew about the current state of cybercrime: While undersecured corporate targets remain tempting targets for hackers, the situation is increasingly worse for data-rich organizations such as governments, schools, and healthcare facilities. All of those sectors had cause for concern as the month drew to a close.
September's Biggest Cyber Attacks
National Governments Suffer Breaches Around the Globe
September was a particularly bad month for government security teams, as national systems worldworld were plagued by cybercrime. Here are three of the most unnerving national security violations during the month.
French visa data gets exposed
Early in September, French authorities revealed that the country's visa application website was hacked
on August 10. The breach gave hackers access to a wide variety of personal data from visa applicants, including names, nationalities, passport numbers, and email addresses. While France's Ministry of Foreign Affairs and Ministry of the Interior were quick to assure the public that no one could use that data to obtain a fraudulent visa, that likely provided little comfort to applicants.
South African DOJ struck with ransomware
In South Africa, a ransomware attack took the nation's Department of Justice and Constitutional Development website and services offline
and shut down multiple in-person facilities. The September 6 attack by an unidentified assailant disrupted services and delayed payments from the department for more than a week in some cases. Government spokespersons denied that any data was stolen, or that any ransom was even demanded. Despite these assurances, that still didn't stop the DOJ from getting roasted online by citizens bemused by the Department's lax cybersecurity.
New Zealand postal service gets interrupted
The website for New Zealand's national postal system, along with other government services and several of the country's largest banks, were taken offline briefly in a DDoS attack on September 7. Most services were restored fairly quickly, but not before putting a scare into thousands of New Zealanders who rely on them.
No perpetrator has been identified so far, but journalists have noted that the attacks bear a resemblance to a DDoS campaign that crippled the national stock exchange last August.
Records Exposed: A variety of personal data and sensitive national cyber systems
Type of Attack: Ransomware, DDoS, likely email hack
Date of Attack: August to September, 2021
Location: France, South Africa, New Zealand
Key takeaway: As unsettling as the recent spate of cyber attacks on government organizations is, the even more disturbing fact is that we likely have not seen the worst of it yet. Departments of Justice, visa application centers, and national postal services all represent vital pieces of infrastructure that countries can ill-afford to have taken offline.
It bears repeating as many times as it takes to get the message across: Governments must step up and invest in real cybersecurity solutions that protect their citizens' information.
Ransomware Cancels Classes at Howard University
There are rumors that the breach originated with the school's email system. However, the perpetrator of the attack, the terms of the ransom, and whether Howard University intends to pay the ransom remain unclear. In the meantime, the school issued detailed instructions
to students on how to access email and wi-fi while also protecting personal and encrypted data.
Records Exposed: University-wide network and wi-fi systems
Type of Attack: Ransomware
Industry: Higher education
Date of Attack: Early September, 2021
Location: Washington, D.C.
Key takeaway: Universities remain a consistently popular target for cybercrime due to their rich stores of personal data and comparatively lax security standards. They also make for high-profile targets, since any disruption of classes by an external actor is guaranteed to cause a stir on social media and in the press. One silver lining of the Howard hack is that it seems to have instigated other schools into taking protective action. It can only be a good thing for students, educators, and administrators if that trend continues.
Ransomware Gang Turns Its Focus on Olympus
Japanese tech company Olympus, probably best known in the U.S. for its top-of-the-line cameras, was forced to shut down its online systems on three continents after a September 8 attack by the ransomware group known as BlackMatter
. According to a note delivered by the purported hackers, the attack was intended to encrypt Olympus networks in Africa, Europe, and the Middle East, forcing the business to shut down all data transfers to avoid affecting its third-party partners.
Olympus, which sold its camera-production operations in January and now focuses on optical equipment for medical and scientific use, reports that no private data was stolen or compromised. Cybersecurity experts noted that the BlackMatter group seemed to be shopping the dark web earlier this summer for access to compromised networks of large corporate businesses. If that report is accurate, it is likely that Olympus fell under that umbrella.
Records Exposed: Digital networks across multiple arms of the tech company
Type of Attack: Ransomware
Date of Attack: September 8, 2021
Location: African, European, and Middle Eastern operating sites
Key takeaway: Large companies seldom run their businesses out of a single base of operations. Multinational organizations need to take into account the additional time, effort, and expense that will come into play if a bad actor compromises data across multiple countries or even continents. For any company operating under that model, investing in a comprehensive, security solution across its entire network will pay dividends long term.
In-Person Healthcare Theft Could Have Online Consequences
In the healthcare sphere, September's notable victims included Southeast Health Center in Multnomah County, Oregon. This data breach is a rarity in today’s era, since the files exposed were not digital, but physical. More than 700 patients were notified last month that their personal and medical data may have been compromised in an August break-in
. With the center closed for construction, thieves broke into an area with access to a file cabinet storing applications for the state health plan.
Records Exposed: Medical files, potentially including Medicare and Social Security data, pay stubs, and citizenship information
Type of Attack: Physical theft
Date of Attack: Early August, 2021
Location: Multnomah County, Oregon
Key takeaway: While this particular incident obviously could not have been prevented with software-based methods, there is still an important takeaway for businesses on the fence about investing in cybersecurity measures. In an era of rampant online crime, it may seem safer to simply keep paper records that can't be hacked.
As this break-in demonstrates, however, physical records can be just as vulnerable as digital ones, and much more difficult to restore if they are stolen. For all the current concerns about cybersecurity, investing in online storage and backup system with top-level security protection remains the safest way to protect sensitive employee and customer data.
From big-name colleges to high-profile tech companies to small town health clinics to national governments, no one was immune to cybercrime this September. It's time for organizations at every level to stop relying on after-the-fact apologies and compensations and start taking a proactive, engaged approach to shutting down data breaches before they happen.