Enterprise Cybersecurity Roundup [June 2021]
Cyberattacks are becoming increasingly intelligent and aggressive post-pandemic. Some of the largest infiltrations on U.S. infrastructure took place in Q2 when hackers temporarily shut down the Colonial Pipeline and JBS meat processing plants across the country. This month's roundup takes a look at the White House’s new Cybersecurity Executive Order and several of the large-scale attacks that led to its creation. In the weeks that have followed the Executive Order, data leaks against major automobile brands, Mercedes-Benz and Volkswagen, indicate there is much progress to be made in corporate cloud security.
JBS hack reminds IT departments not to cut corners with cybersecurity spending
The world’s largest meat processing company, JBS, was hacked and forced into a temporary shutdown on May 30, 2021. All nine plants in the United States temporarily halted operations, sending a shock wave internationally as sales channels and partners in Australia and Canada also slowed to a stop. The infiltration had far-reaching effects on both the broader market and local communities; a staggering 2,500 workers in Alberta had their shifts canceled in the aftermath of the attack.
Upon further FBI investigations, the culprit was discovered to be REvil, a Russian cyber-criminal group. The ransom-as-a-service (RAAS) business is known for developing ransomware and taking a percentage of the hostage company’s payment, often threatening to post stolen information on their “Happy Blog” if faced with resistance. The mode of infiltration was not entirely clear, but JBS paid the $11 million ransom for the safety of their customers and said that it was a “very difficult decision to make” for their company. This response was explicitly against FBI recommendations for ransomware infiltrations, and there has been no word on whether JBS successfully got their data back.
Although JBS controls over 20% of the harvesting industry in the U.S., complaints from former employees speculate that profits were often prioritized over cybersecurity improvements at the company. Proactive defense measures were rumored to have been placed on the “back burner” to cut costs. These allegations have been disputed by leadership at JBS, and the company maintains that the attack was an unrelated incident. Regardless, companies should consistently be looking to update their systems with improved cybersecurity standards and proactive defense measures to mitigate these types of threats. The best course of action a person or business can do to protect themselves against ransomware is to make sure they have offline or hosted backups of all valuable files.
For a full account of the JBS attack and the company’s response, please reference JBS’ Media Statement.
Colonial Pipeline hack forces the government’s hand in cybersecurity policy debate
When the Colonial Pipeline was hacked in April of 2021, the repercussions were felt nationwide. The pipeline temporarily shut down, and gas prices rose to $3 a gallon. Although the ransom was paid and the fuel lines were reopened, the safety and security of all federal networks were brought to the forefront of public concern.
This was not the only ransomware attack to target critical U.S. infrastructure— there was the SolarWinds attack, the water breach in Florida, and the Microsoft Exchange server hack. As a response to these and other attempts to infiltrate high-profile networks, the Biden-Harris administration released an Executive Order on May 12, 2021, to outline the government’s plans for new cybersecurity regulation. We cover the highlights of the Executive Order in our policy breakdown blog, but the changes can be summarized in the following points:
- Information sharing between the government and federally-contracted service providers will improve
- The security standards will raise for software sold to federal agencies
- A review board to address cybersecurity concerns such as ransomware and other forms of attacks will be established
- A ‘best practices’ playbook that can be used in cybersecurity crises will be written and shared with all government agencies
- The process of detecting and repairing cyber vulnerabilities in government systems will be enhanced
While the Executive Order takes a first step towards bolstering our nation’s cybersecurity with new regulations for federal networks, it fails to address some highly vulnerable players. 85% of the critical infrastructure at risk of ransomware attacks are privately owned. While private companies aren’t directly impacted by the Executive Order, it would be wise to keep an eye on new best practices and manufacturing standards as they evolve.
For more information, please read Biden-Harris's Executive Order on Improving the Nation’s Cybersecurity. Read more about the Colonial Pipeline hack and how your business can take preventive measures.
Mercedes-Benz and Volkswagen drive through a data leak
On June 11, 2021, Mercedes-Benz informed the public of a cloud storage data breach. It was thought that 1.6 million records were exposed, but according to the company’s media release, only around 1,000 customers had private data leaked. This sensitive data included social security numbers, driver’s licenses, and credit card information. The company was informed of the security breach by a third-party and soon confirmed that none of its network systems had been compromised. While Mercedes did not divulge the means by which the hackers were able to access the credentials, the company did offer to give free-credit monitoring and identity-theft protection to those who had their data exposed.
Mercedes was not the only car company to have sensitive data exposed on the cloud: Volkswagen of America informed the public that 3.3 million prospective and actual Audi customers had their information exposed. The information dated all the way back to 2014 and, according to investigations, remained unprotected between August 2019 and May 2021. The company will not say exactly how the malicious actors obtained the information, but they stated that the vulnerabilities have since been fixed.
For major brands like Mercedes-Benz and Volkswagen, data breaches of any scale can be potentially devastating. It’s integral to ensure that third-party cloud service platforms handling your sensitive client information and financial records are using the best cybersecurity practices available. At Minim, for example, we follow NIST guidelines on all hardening and policies. This includes third-party audits, source code scanning, rapid patching of known issues, and more.
More information on this cyberattack can be found in Mercedes-Benz's media release.