Are you prepared for the next cyber attack? Recent incidents involving major companies show that cyber threats are not only persistent but evolving. As cybercriminals refine their tactics and continue using tools like ransomware and social engineering, the need for robust security measures has never been more critical.

With this in mind, let's delve into the most recent and damaging cyber attacks and what lessons we can learn from them. We'll explore how companies are increasingly targeted, the role of incident response, and why investing in preventative measures is not just advisable but essential. Let's get into it.

Recent Attacks - The State of Cyber Attacks Today

Cybersecurity is a constant game of cat and mouse, with cybercriminals always hunting for the next weak spot, and experts trying to find and patch it before they do. To grasp what's happening in this ever-changing field, we need to look closely at recent attacks – they show us how attackers think and what we can do to stay one step ahead.

MGM Attack

In September, prominent casino chain MGM Resorts suffered a significant cyberattack, which began with a deceptive phone call and led to the shutdown of many of its systems. This attack affected everything from hotel room keys to slot machines and forced the resort chain into manual operations, resulting in long guest wait times. It took approximately ten days for MGM to resume normal operations, though intermittent issues persisted.

Weeks later, it was revealed that the hackers accessed the personal information of some MGM customers, including sensitive data like Social Security numbers. The attack was attributed to a group called Scattered Spider, skilled in social engineering and "vishing" (voice phishing). They reportedly used a convincing phone call to access MGM's systems, obtaining credentials by impersonating an employee. They found this employee through LinkedIn.

The group, believed to consist of young adults based in Europe and possibly the U.S., targeted MGM using ransomware developed by ALPHV (BlackCat). They first tried to hack MGM's slot machines but later resorted to data theft and encryption, demanding a crypto ransom. Ransomware attacks are a major threat to organizations today, accounting for nearly 20% of all cyber crimes last year^[1].

And to make an alarming situation even worse, the attack on MGM wasn't isolated. Caesars Entertainment also experienced a similar breach around the same time, and it cost them an eye-watering $15 million.

Key lessons from the MGM cyberattack:

1. Employee Vigilance: Emphasize training in recognizing and responding to social engineering, particularly voice phishing, to safeguard against security breaches.
2. Resilient Security and Communication: Develop a comprehensive cybersecurity infrastructure with provisions for human error, and ensure prompt, transparent communication during breaches.
3. Proactive Security Maintenance: Regularly update and audit security protocols to address evolving cyber threats, recognizing the high financial stakes of cyberattacks.

CDW Attack

CDW, a major technology services firm was hit with a cyberattack by the LockBit ransomware gang, who claim to have stolen sensitive data. The attack is still under investigation, but we know some key details.

Despite generating over $23 billion in revenue in 2022, CDW faces a significant threat from this attack, primarily targeting non-customer-facing servers of its subsidiary, Sirius Federal. These servers were separate from CDW's main network, and the company’s security protocols managed to detect and contain the suspicious activity.

However, LockBit has made data (supposedly stolen) from CDW available on the dark web. This data reportedly includes sensitive information like employee badges, audit details, and commission data. CDW has launched a comprehensive investigation and notified the appropriate authorities.

In a bold move, LockBit demanded a $80 million ransom, one of the highest publicly known, but CDW reportedly offered only $1.1 million.

From this attack, we can learn:

1. Internal Segregation is Key: Isolating critical internal systems from the main network can limit the damage of a breach.
2. Transparency and Rapid Response: Prompt investigation and communication are crucial in managing the fallout of a cyberattack.
3. Rising Stakes in Ransomware: The increasing severity and sophistication of ransom demands highlight the escalating risk and impact of ransomware in the digital landscape.

Blackbaud

Blackbaud, a fundraising software company, has agreed to pay $49.5 million to settle claims from 49 U.S. states and Washington, D.C. following a 2020 data breach. This breach exposed sensitive data from 13,000 nonprofits, including health information, Social Security numbers, and financial details of donors and clients.

Despite initially downplaying the breach, Blackbaud acknowledged that over a million files were exposed. They paid the hacker a ransom for data deletion. As part of the settlement, Blackbaud will enhance its data security and notification practices and undergo external compliance assessments for seven years. Indiana receives the largest portion of the settlement at $3.6 million. Blackbaud also settled SEC charges for misleading investors about the breach, paying a $3 million fine without admitting wrongdoing.

How to Avoid Falling Victim to Increasingly Frequent and Severe Cyber Attacks

The recent cyberattacks on companies like CDW and MGM Resorts are stark reminders of the high costs and severe consequences of data breaches. These incidents show that no organization is immune to the threat of cyberattacks. And the fallout of the Blackbaud ransomware attack shows that your response to an attack, including what you do and who you tell, is just as critical as being protected in the first place.

But what are the most critical ways companies can mitigate these threats today?

End User Security Training

One key lesson from these breaches is the importance of end-user security training. For instance, the MGM attack involved a hacker impersonating an IT helpdesk employee, a classic social engineering tactic. Training employees to recognize and report such tactics can significantly reduce the risk of a breach.

System Updates and Multifactor Authentication

Keeping systems updated with the latest security software is crucial. Blackbaud's breach involved malware, highlighting the need for strong email security services and multifactor authentication. These measures can help prevent unauthorized access to sensitive data.

^[1] https://aag-it.com/the-latest-ransomware-statistics/#:~:text=The%20volume%20of%20ransomware%20attacks,all%20cyber%20crimes%20in%202022.