January 2023 Cyber Event Roundup

Massive T-Mobile Cybersecurity Breach Results in 37 million Customers’ Data Stolen

‍

T-Mobile has once again fallen victim to a massive new cybersecurity breach, discovered on Jan. 5. The company has a history of hacks from recent years, for which it was fined hundreds of millions of dollars.

‍

Using weak API security, the attack caused the exposure of the personal data of more than 37 million customer accounts, which was apparently first accessed on or around Nov. 25. The stolen records include addresses, phone numbers and dates of birth.

‍

Kovrr Insights: Cost of a Similar Incident

‍

To get an understanding of the impact of such incidents, Kovrr’s cyber incidents database, which contains both threat intelligence and financial data on a vast collection of cyber incidents, includes details on many large-scale breaches.

‍

For example, in October 2022, REvil Ransomware attacked a private health insurance provider, compromising about 9.7 million customer records held by the company. Only the response cost of the attack exceeded 16 million USD.

‍

Massive Ransomware Attack on Atlantic General Hospital Causes Network Disruption

‍

Atlantic General Hospital in Maryland suffered from outages and network disruptions after ransomware attack, as it reported on Jan 30. The interruptions caused a limited disruption in the routine of the hospital, which had to operate under downtime procedures.

‍

Certain services that are fully supported by the hospital network, such as the hospital out-patient walk-in lab, pulmonary function testing and outpatient imaging, had to be temporarily shut down while dealing with the attack.

‍

Kovrr Insights: Cyber Trends

‍

In recent years, we can see the amount of ransomware attacks on the healthcare industry increase significantly, second only to the number of attacks on government-related services. As shown by Kovrr's cyber incident database, there was a 25.3% increase in the number of ransomware attacks on healthcare services between from 2021 to 2022.

‍

LockBit Ransomware Attack Partially Disables Ion Group Services for a Week

‍

On the last day of January, LockBit ransomware group attacked financial software company Ion Group. The attack, Shutting down part of the company's network, left banks in US and Europe processing trades manually. LockBit warned stolen data will be released if the ransom isn’t paid. After eight days Ion paid the ransom, and gradually resumed its services.

‍

Kovrr Insights: Average Cost of a Similar Incident

‍

According to Kovrr’s Cyber Incidents Database, the average ransom paid in 2020-2022 by companies with revenue larger than 50 Million USD, is 750,000 USD. It would be reasonable to assume that Ion paid a ransom of around that amount.