Tech Friday with Dave Hatter - October 30th 2020 - SPONSORED BY INTRUST IT


  • Cybersecurity statistics you need to know:
    • More people are working remotely in less secure environments, making them and the organizations they work for easy targets
    • CrowdStrike recently reported their customers’ networks have seen more intrusion attempts within the first half of 2020 than in all of 2019
    • CrowdStrike's threat-hunting team detected and blocked roughly 41,000 potential intrusions. In 2019, the same team investigated 35,000 intrusions over 12 months. This is a 154% increase in cyberattacks
    • Bitdefender's Mid-Year Threat Landscape Report 2020 claimed a 715% year-on-year increase in attacks
    • Barracuda reported a 667% increase in attacks during the pandemic
    • Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020 according to Coalition, one of North America's the largest cyber insurance providers
    • According to a recent report from the US House Committee on Small Business, "Small Business Cybersecurity: Federal Resources and Coordination", 60% of small and medium businesses close their doors six months after experiencing a cyber attack!
    • The average cost of a data breach is now nearly $200,000 because any business that stores or processes customer information has regulatory and contractual responsibilities to keep that data secure and breach investigations are expensive
    • 60% of all targeted attacks in 2019 hit small and medium sized organizations
    • Smaller companies typically have far fewer resources than larger organizations. The owner handles cybersecurity personally over 80% of the time. As a result, only 31% of small firms take active measures against cyberattacks
    • It's estimated that cybercrime will cost companies worldwide $6 trillion annual by 2020, up from $3 trillion in 2015
    • At the end of 2016, a business was hit with ransomware every 40 seconds, it's estimated to be every 11 seconds by 2021
    • Take steps to protect yourself, your family and your organization
    • Read the US House report here:https://smallbusiness.house.gov/news/documentsingle.aspx?DocumentID=166
  • Wave of ransomware underway attacks on US hospitals:
    • Federal agencies including the FBI, CISA and HHS issued a joint warning that they had "credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers"
    • Their alert said the attacks produce "data theft and disruption of healthcare services"
    • The group behind the attacks is demanding ransoms exceeding $10 million per site
    • The first known death related to ransomware occurred in a German hospital this year. The ransomware caused a critically ill patient to be routed a different hospital and sadly the patient did not survive
    • A total of 59 US healthcare sites have been hit with ransomware so far in 2020 which has disrupted patient care at up to 510 facilities so far
    • Independent security experts report that at least five US hospitals have been hit this week and hundreds more could be in the cross hairs
    • "We are experiencing the most significant cyber security threat we’ve ever seen in the United States" said Charles Carmakal, CTO of Mandiant Mandiant
    • The attacks use Ryuk implanted through bot net called Trickbot
    • Microsoft began attempts to curtail Trickbot in October and the US Cyber Command has also reportedly taken action against Trickbot
    • A ransomware attack disabled all 250 US facilities of Universal Health Services in September of 2020. Staff was forced to rely on paper and pencil to keep records
    • There is evidence on the dark web that these criminals discussed plans to infect more than 400 hospitals and other medical facilities
    • Mandiant’s Carmakal identified the criminal gang as UNC1878. He said "it is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers"
    • Carmakal called the Russian speaking eastern European gang "one of the most brazen, heartless, and disruptive threat actors I’ve observed over my career."
    • So far, no one has proven ties between the Russian government and these criminals
    • Alex Holden, CEO of Hold Security said "no doubt that the Russian government is aware of this operation — of terrorism, really"
    • Unfortunately, dozens of different criminal groups use Ryuk and the creators get a cut of the profit
    • Dmitri Alperovitch, co-founder and former CTO of Crowdstrike, said there are "certainly a lot of connections between Russian cyber criminals and the state"
    • Three of the sites hit belong to the St. Lawrence County Health System in New York, another was the Sky Lakes Medical Center in Oregon
    • Sky Lakes acknowledged the ransomware attack saying it had no evidence that patient information was compromised. It said emergency and urgent care "remain available"
    • Newer ransomware variants also exfiltrate data from their targets before encrypting it to use it for extortion
  • Big tech knows essentially everything about you: