To quote the poet T.S. Eliot, “April is the cruelest month.” A number of organizations that fell victim to a broad variety of April cyberattacks would undoubtedly agree.
From university students to parking administrators to police in the nation’s capital, nobody was beyond the reach of cybercrime. Add in some careless actions by people who should know better and you have the makings for a cruel April indeed.
April’s Biggest Cyber Attacks
The Meter Expires on Big City Parking Apps
Even under the best of circumstances, dealing with parking is nobody’s favorite part of city living. Residents of several major American cities experienced a whole new level of street parking misery in April, as a breach of third-party software company ParkMobile exposed personal information stored on more than a dozen cities’ parking apps to unknown hackers.
While the cities have assured residents that their credit card and payment information remain secure, the attack is thought to have exposed data including phone numbers, email addresses, and license plate numbers. What’s more, after the cyber thieves failed to find a buyer for that data, they apparently posted it online for free, exposing all impacted records to any other bad actor who wants them.
Although the damage is not as severe as it could have been if financial data were compromised, parking app users in New York City, Houston, Philadelphia, Minneapolis, Milwaukee, and a number of other urban centers are being advised to change their passwords as a security precaution. For all the convenience of being able to manage parking from your mobile phone, this incident is evidence that there are some parking predicaments worse than not having enough quarters to feed the meter.
Records Exposed: Personal data, including driver’s license information
Type of Attack: Third-party software exploit
Industry: Small businesses, municipalities, public services
Date of Attack: Mid-April 2021
Location: Multiple U.S. urban centers
Key Takeaway:
Hacks unwittingly facilitated by third-party vendors are now a common occurrence. Businesses and municipalities that entrust sensitive data to third parties must employ a thorough vetting process to make sure their valuable information stays where it belongs.
Hackers Cancel Classes at a UK University
An April 14 ransomware attack on the University of Hertfordshire in England shut down much of the school’s IT infrastructure and forced it to cancel all classes the following two days. Services taken offline included Zoom, Microsoft Teams, and other cloud-based communication software, making it essentially impossible for the school to conduct online classes. With UK schools not slated to return to in-person instruction until mid-May, this interruption significantly impacted educational efforts.
The exact nature of the University of Hertfordshire attack has not been divulged, but it fits the pattern of a recent swell in ransomware attacks on colleges and universities around the world. Experts note that, while schools may not be as tempting a financial target as other kinds of businesses, they house deep troves of personal data on thousands of students, faculty, and staff. Couple that with cybersecurity measures that are typically less sophisticated than those of their industrial counterparts and you have the recipe for an ongoing security crisis that shows no sign of abating any time soon.
Records Exposed: Personal data
Type of Attack: Likely remote access hijack, ransomware
Industry: Higher education
Date of Attack: April 14, 2021
Location: Hertfordshire, UK
Key Takeaway:
Not only are organizations with deep pockets targeted by cybercriminals. Schools, universities, and other educational institutions need to be aware of the lure their data holds on hackers and work to protect it fast.
Ransomware Gang Threatens to Inform on Informants
Speculation about the notorious Babuk cybercrime organization’s pending demise currently runs rampant, even as the gang celebrates what is possibly its most ambitious heist to date.
Multiple cybersecurity outlets ran stories last month about a supposed shift in the gang’s modus operandi, as it trades in the time-consuming practice of encrypting stolen data for a more straightforward theft-and-blackmail approach.
That was followed in short order by the April 27 news that Babuk had successfully breached the Washington, D.C. Metropolitan Police Department’s computer system. The gang posted some stolen documents online along with taunts aimed at the department and a threat to release more sensitive information if their ransom demands were not met, possibly including the closely guarded identities of police informants.
The drama only got stranger a few days later, when Babuk briefly posted a message announcing their retirement from cybercrime. Authorities don’t know how far to trust that information (because, well, cybercriminals), but it would not be out of keeping with the gang’s self-cultivated image as a Robin Hood-esque collective that only picks on targets that “deserve it.”
Records Exposed: Sensitive law enforcement data
Type of Attack: Data theft, blackmail
Industry: Law enforcement
Date of Attack: April 27, 2021
Location: Washington, D.C., likely originating in Russia
Key Takeaway:
The motivations behind cyberattacks are as variable as their targets. While the majority of attacks may be motivated by financial gain, political ideologies can also play a major role, as “activist” hackers typically zero in on them exclusively. Organizations involved in controversial or politically volatile situations need to be extra cautious with their cybersecurity measures, especially those that deal in sensitive and potentially dangerous information.
Health Consultants Inadvertently Trade Security for Speed
Sometimes the road to cybersecurity hell is paved with good intentions. That seems to be the case in a late April incident in which a third-party vendor put the personal information of thousands of Pennsylvania residents at risk while attempting to improve public safety. T
he Pennsylvania Department of Health tapped Insight Global, a Georgia-based IT services contractor, to assist with COVID-19 contact tracing efforts, a fairly standard arrangement for state health departments that lack resources to handle all COVID activities unassisted.
The trouble in this case arose when a group of Insight Global employees took it upon themselves to expedite their work by setting up Google accounts in order to more quickly share their findings internally. That action went against all protocols for both Insight Global and the Pennsylvania Department of Health, as the Google accounts were not secure and thus easily vulnerable to attacks. While it appears that Insight administrators were able to shut down the exchange before any data was stolen, a health department spokesperson acknowledged that the error put at risk the private information of around 72,000 Pennsylvanians, including “phone numbers, emails, genders, ages, sexual orientations, and COVID-19 diagnoses and exposure status.”
Records Exposed: Medical and personal data
Type of Attack: None known, but strong vulnerability
Industry: Public health
Date of Attack: April 21, 2021
Location: Pennsylvania
Key Takeaway:
No one here intended to put information at risk. As a matter of fact, the negligent employees believed they were doing their part to keep the people of Pennsylvania safer. Ultimately, though, taking shortcuts in the name of speed can rapidly backfire when it comes to security. Employees need reminding that cybersecurity protocols take precedent over speedy resolutions.
Is Your Organization Protected from Cyberattacks?
From pure malice to black-market altruism to well-meaning carelessness, the sheer range of cyberattacks seen in April only underlines the many ways sensitive data can be exposed online. Organizations eager to keep their information well protected need to be prepared for all sorts of cyberthreats and risk, even internal ones.
We can help. Learn about how Arctic Wolf security operations solutions reduce both the likelihood and the impact of a cyberattack to keep organizations like yours better protected.
Additional Resources
- Join the conversation with Arctic Wolf on Facebook, Twitter, LinkedIn, and YouTube
- Visit arcticwolf.com to learn more about our security operations solutions
- If you’re ready to get started, request a demo or get a quote today
