Exploit: Ransomware Attack
BillTrust: B2B Billing Service Provider
A ransomware attack crippled BillTrust’s customer-facing systems, forcing them to bring all infrastructure offline to stop the malware’s spread. The company discovered the attack on October 17th, and it’s taken nearly a week just to begin recovery efforts. Fortunately, Billtrust maintained backups that were unaffected by the attack, which made it possible to avoid paying the ransom demand. Nevertheless, the lost revenue, reputational damage, and recovery expenses will definitely chip away at the company’s bottom line.
Exploit: Phishing Attack
Kalispell Regional Healthcare: Family Healthcare Provider
Several employees fell for a phishing campaign that compromised their login credentials and patients’ personally identifiable information. Hackers accessed the data between May 24, 2019 and August 28, 2019. As a result, the company will bear the cost of identity and credit monitoring services for all victims, and they will face intense regulatory scrutiny. Brand reputation is also jeopardized, as the hospital was formerly recognized as a highly-ranked healthcare provider for their cybersecurity practices.
Exploit: Spear Phishing Attack
Ocala City: Local Municipality
A spear phishing attack convinced an Ocala City employee to transfer $640,000 to a fraudulent bank account. The account still had $110,000 left when the city identified the scam, but cybercriminals still walked away with over $500,000. To trick the employee, cybercriminals sent an email purportedly from one of the city’s construction contractors and requested payment to a bank account that did not belong to the contractor. While the email and bank account were fraudulent, the invoice was legitimate, which made this incident especially difficult to detect.