Blog

Our latest Cyberattack Roundup features more unfortunate school districts, hospitals, and high-profile cases involving Capital One, Amazon, and the LA Superior Court. These foreboding stories make it clear that the methods a hacker can use to critically compromise an organization are varied: server-side request forgery (SSRF) attacks, ransomware, phishing campaigns, and more.

1. High school students in a Pennsylvania school district went to extreme lengths to win a water-gun fight by hacking their way into data containing personal information like home addresses, phone numbers, and test scores.
2. In another instance of student hack attacks, a student in one Maryland district stole data pertaining to more than 1,300 students of another nearby district from an online college services software. Sources say the student used their own code for the attack and later shared the stolen info with other students.
3. Cyberattackers breached sensitive data of roughly 130,000 patients of a hospital in Montana, including health insurance information, medical histories, and social security numbers. Hospitals are a ripe target for cybercriminals because of the wealth of identifying data to be gained from medical records, information that can be sold in criminal markets.
4. And speaking of hospitals, health providers and officials reported 29 data breaches in September alone to the federal government. The list of people affected stretches to 1.5 million, more than twice the number of people who had personal information exposed in August this year.
5. Cyberattacks on hospitals may have serious consequences even outside of exposed medical data. Researchers correlated data breaches in hospitals to an increase in 30-day mortality rates, finding that hospitals that suffered breaches had longer wait times for patients needing an electrocardiogram. It’s speculated the slowdown in operations is caused by the increased security measures hospitals usually implement after a breach.
6. Hackers held yet another school district’s networks for ransom, striking this time in San Bernardino, California. With their systems hijacked, classes had to operate without Wi-Fi, emails, and other tech. Fortunately, the school district had taken measures to protect students’ personal data which went unaffected by the attack.
7. A Texas man was found guilty of running an extensive phishing campaign against the Los Angeles Superior Court and sentenced to more than 12 years in prison. The scheme, said to have caused “substantial disruption to the administration of the LASC,” involved mining email addresses from court employees, and using them to send millions of links to webpages masquerading as properties of legitimate companies like American Express and Wells Fargo.  These websites were then used to steal account info from hundreds of unwary visitors.
8. Amazon’s cloud service was linked to the massive Capital One breach reported in July that affected 106 million people and now U.S. Senators are calling for the Federal Trade Commission to investigate whether Amazon has accountability for the attack. The hacker, a Seattle woman and former AWS employee, used an SSRF attack to take advantage of a security vulnerability that Senators Wyden and Warren say Amazon already knew about.

With all the tricks cybercriminals have up their sleeves, the need for businesses to implement solutions is higher than ever. Fortunately, with CyberReef Solutions Secure Bandwidth Manager, businesses can control their bandwidth usage and increase their network security.