LifeLabs hack: Cyberattacks on companies, governments becoming more common
Credit to Author: Derrick Penner| Date: Thu, 19 Dec 2019 02:04:20 +0000
The cyberattack on medical diagnostic company LifeLabs targeting the private information of 15 million Canadians was far from unique, according to Simon Fraser University criminologist Richard Frank.
“A couple of years ago, (malware attacks) were very frequent against individuals,” Frank said. “Now, a lot more municipalities and larger organizations are falling victim.”
The City of Cranbrook was hit by a malware attack in 2018 that cost $120,000 to resolve and n Ontario, Stratford, Midland and Wasaga Beach also suffered cyberattacks. Wasaga Beach paid $34,000, but spent $250,000 to recover from the attack, according to new reports.
“It’s obviously harder to accomplish, but if they do accomplish it, it is a lot more rewarding for the attackers,” Frank, an assistant professor at SFU and director of the International Cybercrime Research Centre, said of the trend to go after companies and municipalities
In revealing the attack, LifeLabs CEO Charles Brown didn’t disclose details of the attack, which is still under investigation, just that the company’s regular security screening at the end of October detected an unauthorized access to its systems.
The company immediately acted to shut down the breach and isolate its servers, but information the attackers would have had access to included names, addresses, email, logins, passwords, dates of birth and health-card numbers for some 15 million patients, including most British Columbians.
In addition, test results for 85,000 Ontario residents, prior to 2016, were also compromised.
Frank said there are many ways for cybercriminals to attack organizations but two of the most common are through phishing emails that distribute malware that infect and encrypt an entity’s data or direct hacking through the client-access portal of a website.
Phishing attacks have become quite sophisticated, Frank said, with employees receiving an email that appears to come from a colleague with a request that appears reasonable, but downloads the malicious software.
Training programs that teach employees to recognize phishing have become common, Frank said, and “testing has shown training is effective, but not 100 per cent.”
In direct hacking, Frank said criminals use the public portal of a website to infect systems with malicious code in what is called an SQL injection.
The hackers insert documents giving themselves admin access to systems then “waltz right in and take what they want,” Frank said.
Attackers like to use the technological infrastructure in places such as Western Europe and North America, Frank said, but it is impossible to tell whether they are there or somewhere in Eastern Europe, Asia or other region.
“It’s vey complicated to trace back to who’s sitting at the keyboard,” Frank said.
Brown said his company “retrieved the data” by paying a ransom, on the advice and with the help of experts. The amount paid was not disclosed.
While Brown said LifeLabs is confident their clients’ data is now secure and there is a low risk of further harm to them, Frank said it is hard to believe criminals wouldn’t keep copies of the data or exploit it in the future.
Brown said the advice LifeLabs received is that the company was the target of the attack, not the information of individuals, and once criminals get what they want, “they move on.”
All that individual data would be useful in crafting “really nice phishing emails,” Frank said, which is something LifeLabs clients should be wary of now.
LifeLabs made the payment “likely with nothing more than a pinky promise (by the criminals) to get rid of the data,” said Brett Callow, a Vancouver-Island-based threat analyst for the anti-malware software firm Emsisoft.
Callow said it would be a mistake to assume the criminals haven’t copied the information, which could be useful to commit identity theft or to even extort LifeLabs a second time.
“The only way to stop these types of attacks is to make them unprofitable,” Callow said, which means not paying ransoms and focusing on better protecting computer systems.