In 2019, our state saw its share of cybercrime.
From ransomware to malicious code, I can document at least 9 North Carolina cybersecurity incidents that happened last year.
And here’s what’s sobering. This is probably the tip of the iceberg as CSO reports the following:
“FBI’s Internal Crime Complaint Center (IC3) reveals that just over 350,000 cybercrimes were reported to it in 2018, yet estimates only 15% of victims report their crimes to law enforcement.”
If the FBI thinks law enforcement only knows about 15% of cybercrime incidents, news outlets and businesses are likely in the dark, too.
For the cybercrimes that we know about, let’s learn from them:
1. The North Carolina State Bar becomes a ransomware victim.
As some of you might know, only a few months ago, the North Carolina State Bar told the public that ransomware had compromised its IT infrastructure.
What else happened?
2. Orange County succumbs to ransomware.
Orange County is located next to Durham, North Carolina, and encompasses both Chapel Hill and Hillsborough. So how did it land on our list of 2019 North Carolina cybersecurity incidents?
Back in March, word broke that Orange County was the victim of a ransomware attack. From libraries to the Register of Deeds, a number of government entities suffered from disrupted operations, according to the Herald-Sun.
But that’s not the biggest part of the story...
Here’s something crucial I should point out. The Herald-Sun reported that the county’s CIO revealed that “[t]he county has been hit by ransomware before — two or three times in the past six years.”
I’ve alluded to this before, but ransomware doesn’t have to be a huge risk. With the NIST Cybersecurity Framework and next-generation endpoint security, ransomware should be a rare event. If you’re a victim of a ransomware attack, this could signal that your cybersecurity practices are behind the times.
3. Ransomware hits Greenville, too.
Next up on our list of 2019 North Carolina cybersecurity incidents is the city of Greenville, North Carolina.
According to news source WITN, in April 2019, Greenville experienced a cyberattack—the culprit being RobbinHood ransomware. (If you’re not familiar with this type of ransomware, BleepingComputer explains that RobbinHood “will stop 181 Windows services,” including antivirus, before encrypting a computer and demanding payment in bitcoins.)
There is more to the story...
For whatever reason, Greenville wasn’t able to restore its IT infrastructure efficiently; a later report revealed the city was experiencing downtime “two weeks after it happened.”
We already know that most ransomware attacks shouldn’t occur in the first place. But when they do, there’s no reason to have two weeks of downtime with “no timeline as to when all the computers will get back up and running.”
According to the second report I cited, Greenville did have backup data available. So this could be an instance of insufficient backups. Or it might be a classic example of the difference between data backups and business continuity.
Business leaders, please go beyond safeguarding your data. In addition to backups, have a plan that ensures smooth business operations when the worst happens.
4. Mission Health suffers from The Silent Bad Actor.
According to a recent news report, The Silent Bad Actor problem is exactly what happened to Mission Health.
Mission Health is a healthcare organization with locations in Brevard, Asheville, and other North Carolina areas. And back in October, news outlet WLOS reported that “on the [Mission Health] store website…malicious code was in place from March 2016 till June of 2019.”
What should we learn?
I don’t have much else to report on this incident other than WLOS indicated that the purpose of the code appeared to be harvesting credit card information from ecommerce customers.
However, this doesn’t undermine the seriousness of this attack.
The Silent Bad Actor isn’t a hypothetical threat…it’s a real one. This wasn’t a short three-month attack. This was a cybercrime that lasted for three years. If Mission Health had detected this code earlier, perhaps the organization wouldn’t be on our list of 2019 North Carolina cybersecurity incidents.
5. Moe’s and McAlister’s Deli announce malicious code.
In our list of 2019 North Carolina cybersecurity incidents, I’m putting these two restaurants together. Krebs on Security reports that they have a single parent company.
In October, Moe’s and McAlister’s Deli announced that they had experienced malicious code targeting credit card information.
What else happened?
There was an identical statement that both organizations published on their websites, but now it looks to be removed. Below is a copy of what the companies released:
“It appears that unauthorized code designed to copy payment card data from cards used in person was installed in certain corporate and franchised restaurants at different times over the general period of April 29, 2019 to July 22, 2019. The unauthorized code was not present at all locations, and at most locations it was present for only a few weeks in July. The unauthorized code searched for track data read from the magnetic stripe of a payment card as it was being routed through a restaurant’s server.” [Emphasis mine]
Sensitive data in motion requires protection. In this case, the bad guy(s) found a way to steal credit card information while this data was in transit.
So what makes this a North Carolina cybersecurity incident? Well, both Moe’s and McAlister’s Deli had a tool to help you see if you should be concerned about your data. Charlotte and other North Carolina areas were named. Interestingly, these tools appear to be missing, too.
Bottom line: These restaurants illustrate why PCI DSS compliance matters. Is IT compliance easy? No. Is it better than having to announce that cybercriminals have access to your clients’ credit card data? Absolutely.
6. A community college joins other cybercrime victims.
The sixth organization on our list of North Carolina cybersecurity incidents is Richmond Community College (RCC), located off of Interstate 74.
The Richmond County Daily Journal explains that, in July, the community college fell victim to “part of a nationwide ransomware attack on higher education institutions.” The journal reveals that the ransomware radically affected RCC’s IT infrastructure—including the “entire network.”
What we can learn:
Based on the report, the infrastructure wasn’t restored quickly. The article, dated over two months after the incident, revealed that RCC was still dealing with the aftermath of the cyberattack.
Recovering your IT infrastructure should never take months. With image-based cloud backups, imaged-based (and protected) onsite backups, and solid IT practices, operations can resume within hours.
7. Charlotte’s neighbor city gets hacked.
Another organization on our list of North Carolina cybersecurity incidents? It’s none other than our neighbor city of Concord.
Based on information from an Independent Tribune report, one or more hackers hijacked Concord’s website and placed profanity on it. (You can read the report here.)
The news article was brief, but it did explain that Concord’s website was shut down and an apology was issued.
Big doesn’t mean secure. Concord isn’t an obscure town. In fact, according to WorldAtlas.com, it ranks as the eleventh-largest city (by population) in North Carolina. If you’re a large organization, don’t count on your size to protect your company. Only sound cybersecurity practices will win the war against cybercriminals.
8. Back-to-back cybercrimes hit Lincoln County.
Another North Carolina organization to fall prey to cybercrime in 2019 was Lincoln County, located less than an hour from Charlotte.
WCNC reported two ransomware attacks, which spanned less than two weeks apart. The news outlet said that the Lincoln County Sheriff’s Office was attacked first followed by an attack on Lincoln County Communications.
What should we learn?
The impact of this cybercrime was intense. WCNC quoted Sheriff Bill Beam as saying, “We’re going to be really busy probably over the next six months on a catch-up.”
At this point, let me explain something…
If you experience a cyberattack, don’t tell yourself, “Lightning never strikes the same place twice.”
Both Lincoln County and Orange County were targeted more than once. Your first cybersecurity scrape isn’t necessarily your last. You can’t rely on probabilities to protect your business from the bad guys.
9. The NCDOT reports a $30,000+ scam.
The North Carolina Department of Transportation may be a surprising guest on our list of 2019 North Carolina cybersecurity incidents.
However, in August, the NCDOT announced that its N.C. Global TransPark lost over $30,000. The reason? Based on the article, business email compromise was involved.
This story has a happy ending...
The NCDOT later reported that it along with other government organizations retrieved this sum.
This one was a win for the good guys. But please realize that not all cybercrimes end well.
Back in May, I published an article explaining how one of our clients lost thousands of dollars to a spear-phishing scheme. And here’s the sad epilogue: Our client did NOT get the stolen money back.
Please read this story to prevent the same from happening to you. You can find the article here.
What’s on the horizon for 2020 and beyond?
In light of these 2019 North Carolina cybersecurity incidents, what can I predict for 2020 and beyond?
Here’s the event that I’m confident is coming: It’s broader IT compliance.
This isn’t rocket science. We’re watching cybersecurity incident after cybersecurity incident happen. And pretty soon, branches of the national or local government are going to enact tighter cybersecurity measures in response.
We can already hear the rumblings of the approaching regulation.
“an escalating number of victims of data breaches in 2017 have [sic] led Attorney General Josh Stein and state Rep. Jason Saine to propose updates to the state’s existing data breach notification law.”
Now is the time for business owners to ready their organizations to meet the demands of regulators.
At Proactive IT, we aren’t waiting for this to become popular and mainstream among small businesses before we sound the alarm.
By that time, it would be too late.
We are telling our clients about it now.
Have questions about compliance? I’m always here to talk about what’s on your mind. Our phone number is 704-464-3075, or you can reach out here.
About Steve Kennen
As an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for small businesses, Steve spearheads initiatives that keep his clients secure and their business operations running smoothly. His core message is that the details matter.