There is no shortage of cybersecurity news lately. Thousands of business-focused cyberattacks occur daily, and a ransomware attack happens on average every 11 seconds. Also alarming is that 43% of all attacks affect small and medium-sized businesses. And these numbers continue to get more dire with every new article or report that appears.
It’s safe to say there is no way for businesses to avoid these issues outright. And it’s nearly impossible to examine every attack that is made public. However, it’s still worthwhile exploring some of the latest hacks and attacks impacting the business world to understand the scope of these issues and how important it is for your business to have a plan in place to deal with them when, not if, they occur.
American Airlines Gone Phishing
American Airlines is dealing with a data breach due to a phishing scam targeting many employees and team members. American has indicated that the attack occurred via employee emails and that only a few individuals fell for the scam. But this has led to the perpetrators gaining “unauthorized access to a limited number of team member mailboxes.” The breach has compromised the personal information of employees and customers, but the airline is saying that no data has been misused as of yet. Although with the incident being so recent, it’s probably only a matter of time before is the data has been misused for fraudulent purposes.
American Airlines is claiming that they are adding safeguards and other practices to prevent more issues like this from happening again, but that is an expected public ace-saving statement. Even with better planning and employee education on the possibility and threat of phishing scams, there is no way to prevent a breach outright.
Ransomware Incident Forces CEO to Resign
Can Fin Homes Ltd., one of the leading players in the housing finance sector in India over the last several decades, recently reported a ransomware attack. The announcement resulted in its share prices tumbling and its website being shut down. And not long after the incident went public, the company’s CEO resigned. There is no official word of why the CEO stepped down, but a data breach followed by a sharp decline in stock prices provides reason enough.
Can Fin Homes has said there is no direct impact on the operations of business activities resulting from the attack, but an offline website and change of guard is a sign of something. This incident shows how quickly ransomware incidents can reshape the dynamic of a business – even a longstanding one.
Crypto Hackers Make Off with Millions
The cryptocurrency space is volatile on a good day, and businesses in this sector tend to understand that. But recent hacks and other cybersecurity issues at several major players in the crypto space demonstrate how much of a target it has truly become.
One of these hacks resulted in the attackers stealing nearly $160 million. Crypto market maker Wintermute was the victim here, and its founder announced over Twitter that the finance side of the company was hacked. The Tweets said that “If you have a MM agreement with Wintermute, your funds are safe,” but also stated that there would be disruptions for a few days and that some 90 assets had been hacked. The company or its executive did not say when or how the hack occurred, so additional details are scared.
This is far from an isolated incident, and several other crypto businesses have been targeted recent – all leading to large sums being stolen. Nearly $200 million was stolen via hack from cross-chain messaging protocol Nomad and another $100 million from the blockchain bridge provider Harmony. And all of this comes on the heels of statistics showing that the total money lost from hacks attacking decentralized finance projects (DeFi) reached $1.3 billion in 2021.
Healthcare Industry a Constant Target
Healthcare providers and other business in the industry continue to find themselves in the crosshairs of ongoing and evolving cyberattacks. These incidents highlight once again that threat actors have no discretion or care for who or what they target.
OakBend Medical Center in Texas was recently hit with a ransomware attack that halted communication systems and resulted in more than a million stolen records. Patient records include all the personal information needed to commit future fraud, including names, SSNs, and dates of birth of the patients. OakBend contacted the FBI and other resources to help navigate the issue, but those affected by the breach are in the danger zone for identity theft and other issues.
Another healthcare industry ransomware attack occurred earlier in the summer, with Medical Associates of Lehigh Valley as the victim. A statement from the group to its patients said that “following a thorough analysis, the investigation determined that information contained in the affected files may have included patient-protected health information (PHI).” This attack seems to be more in the 5-figure realm of potential victims, but still demonstrates that hackers are ready to go after even smaller businesses in the healthcare sector.
Bookings at Holiday Inn Drop after Attack
An example of how quickly and dramatically a business can be affected by a cyberattack is another recent ransomware incident affecting hotel chain Holiday Inn. The attack severely impacted the chain’s ability to make online reservations, which is critical for bookings with the modern digital-savvy customer. The hack prevented customers from booking rooms at Holiday Inn and many other hotel chains under the same ownership group, both directly from hotel websites and through popular third-party travel sites.
The aftermath of the incident resulted in a drastic decline in total bookings, affecting the bottom line of hotels across the country. Hotel owners are reporting less than 50% occupancy, which is far less than normal for this time of year. Since most Holiday Inn locations are franchises, small business owners are taking the brunt of the impact from the attack. If full booking capabilities aren’t returned to normal soon, franchise owners could have lasting issues.
LibertyID provides full service, fully managed identity fraud restoration to its subscribers. With a 100% success rate in resolving all 31+ forms of identity fraud. LibertyID Business Solutions provides Business fraud remediation, full pre-breach preparation with custom WISP protocols, post breach regulatory response, customer, and employee identity fraud restoration management, advanced employee training and third-party vendor management tools.