Attacks

When Compromised Infrastructure Has Catastrophic Consequences

No industry is immune when it comes to cyberattacks. We have seen time and time again stealthy computer programs make their way onto network systems for financial institutions, retailers, school districts, hospitals, airlines, public offices and so on. While the headlines typically sound the same – organization x from sector y falls victim to a cyberattack – the fallout and overall impact is always different. And it’s sometimes catastrophic. Let’s take a look at three different scenarios, how the events unfolded and the unfortunate consequences.

School Shutdowns, Confusion & Unthinkable Risks

Let’s start with education as K-12 and higher education students have recently returned to classrooms. In 2019 alone, 49 school districts and colleges have been victims of ransomware strikes. Cyberattackers are increasingly targeting schools as these have raised the use of technology for educating our youth. At the surface, the benefits of tech in American classrooms have positive effects, except when each connection is also an opportunity to compromise a device and infiltrate the larger network.

On the eve before the first day of school, the Monroe-Woodbury Central School District of Orange County, NY, emailed parents stating they had experienced a “cyber security threat” that impacted the district’s operations. Network computers were infected by ransomware cutting off access to critical student and staff data and learning programs. It’s the fourth such incident in the NY-Conn-NJ tri-state area alone.

Almost 7,000 families were impacted by the incident. The specifics about this episode remain under investigation and there has been no confirmation that the ransomware was paid. The situation was remediated in less than 24 hours which has made many suspicious, as the kids were able to return to school the next day. One thing is true: There is no doubt that such incidents have the power to disrupt an entire city.

In another attack, New Mexico’s Roswell School District suffered a computer system compromise. As a result, attackers were able to cripple all communication. Everything from internet and phones to their grading systems went offline. The thought of having an entire county school system uncommunicated can have terrible consequences, leading to a truly chaotic environment.

Unfortunately, schools are at a great disadvantage when it comes to protecting their networks from bad actors. There is a global shortage of talent and cybersecurity budgets do not seem to ever be enough. To make matters worse, schools will remain an increasingly hot target, especially if they continue to pay the ransom to make the situation go away. Payouts will attract attention and motivate more attacks.

"No industry is immune when it comes to cyberattacks."

School Shutdowns, Confusion & Unthinkable Risks

There are many security concerns when it comes to connected medical devices, and it can charter into a life or death situation. A recent report stated there is 10-15 connected devices per each US hospital bed. With this degree of prevalence comes serious exposure.

The immediate worry is the patient. Many health care devices such as pacemakers and drug infusion pumps have wireless connectivity and remote monitoring features for ease of use. But these conveniences are also entry points for hackers. And when they gain control, an attacker has the potential to administer a fatal dose. Think about it. Would you want something inside your body that could be remote-controlled by a cybercriminal?

Another major threat is that these vulnerable medical devices are connected to the greater hospital network. This opens the door for a massive data heist or devastating ransomware attack. And we’ve seen it.

In May of 2017 WannaCry Ransomware struck more than 60 hospitals in the National Health Services in England and Scotland. Up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators and more – may have ultimately been affected. What was the fallout? Many hospitals were forced to cancel routine procedures and asked patients not to come in unless it was a true emergency. Chemotherapy patients were sent home because their records could not be accessed. Treatment plans were altered and patients suffered.

As modern technology becomes increasingly indispensable in health care, the vulnerabilities to cyber threats will continue to increase. We will see this trend continue with the introduction and massive consumption of 5G technologies in the years to come, putting the lives of millions of people at a great level of risk.

"Cyberattackers are increasingly targeting schools as these have raised the use of technology for educating our youth."

Bank Infrastructure Under Attack

The financial services industry is also a routine target for cyber criminals, perhaps more so than any other. SWIFT, one of the sector’s most critical infrastructure components, has been involved in several major attacks in recent years. The most notorious case was the Bangladesh Bank cyber heist where thirty-five fraudulent instructions were issued to transfer close to $1B USD. Ultimately five of the instructions totaling over $100M successfully went through.

Cyber criminals were able to corrupt the local environment and payment processes of financial institutions by obtaining valid operator credentials and initiating fraudulent transactions. The back office itself was compromised which in turn bypassed the business controls. All of this activity is carried out using command and control mechanisms in which criminals maintain permanent communication with the bank´s SWIFT infrastructure.

In April of 2019, SWIFT published a report that indicates that within the new adversarial modus operandi are the following discoveries: weeks or months of reconnaissance, execution of attacks at any time, and new combinations of target and beneficiary banks. Translation: expect future attacks. The report recommends that financial institutions prioritize early compromise detection tools that improve security.

The Need for Continuous Compromise Assessments

It’s obvious that when cybercriminals compromise networks across any sector, they can inflict serious damage. It is important to recognize that most organizations already own the information to determine their level of compromise. The issue is that many don’t know where to start. By tapping into existing network data sources it is absolutely possible and highly  recommended to perform continuous compromise assessments. This early and critical cyber intelligence enables action so the effects are timely contained.

UPDATE: For a recap on ransomware attacks on critical infrastructure in 2021, read more here.

Learn more about how to get started with Lumu, or open your Lumu Free account.

Recent Posts

  • Blog

Lumu & the MSP Community: 2024 in Review

Reading Time: 4 minsLumu has worked hand-in-hand with MSPs throughout a year that consolidated the…

4 days ago
  • Blog

Reflecting on 2024: Lumu’s Innovations in SecOps

Reading Time: 5 minsLumu’s 2024 SecOps advancements focus on automation and smarter threat detection, with…

6 days ago
  • Attacks

Lumu’s Detection & Response to a Real-World DNS Tunneling Attack

Reading Time: 7 minsThis is the story of a serious DNS tunneling attack on a…

1 week ago
  • Events

Cybersecurity Insights for MSPs: Lessons from IT Nation Connect 2024

Reading Time: 4 minsDiscover the top insights from Lumu’s pre-conference workshop at IT Nation Connect,…

4 weeks ago
  • Stories

Cybersecurity Trends 2025 and Beyond: Navigating AI-Driven Evasion Techniques and Autonomous Threats for Resilient Defense

Reading Time: 2 minsAs we move into 2025, AI-driven evasion and autonomous threats will redefine…

1 month ago
  • Trends

CISA Reveals How 12 Ransomware Gangs are Bypassing EDRs

Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…

2 months ago