Security Brief: CICYBER Week of November 29, 2021
Week of Monday November 29, 2021 | Issue 54
Patrianna Napoleon, Counterintelligence and Cyber (CICYBER) Team
Cybersecurity: Secure and Protect
Date: December 1, 2021
Location: Los Angeles, California, US
Parties involved: Planned Parenthood Los Angeles (PPLA); Unidentified hacker
The event: PPLA disclosed an unidentified hacker used ransomware to access PPLA’s networks and took their systems offline. Ransomware allows hackers to steal and encrypt information on the targets’ systems, making the data inaccessible to demand a ransom. PPLA has yet to disclose how the attacker entered the systems to deploy ransomware on the network. PPLA sent a notification to patients whose data was compromised. The hacker stole files containing 400,000 patient medical records including diagnoses and prescriptions. If hackers have requested a ransom for the stolen data is unknown or is not publicly disclosed.
Analysis & Implications:
As the systems are offline, PPLA’s patients will likely experience a disruption in service as they likely cannot access the treatments and services offered by PPLA. If hackers share the information online, the patient’s data will likely be less credible. Hackers could likely manipulate and alter the data located in the stolen files, decreasing the reliability of the original data by creating alterations. Hackers could likely use the stolen information to access patient emails and social security accounts to commit cybercrimes like identity theft.
Attackers very likely targeted PPLA for financial gain as PPLA would likely pay the fee to access locked healthcare data from the ransomware attack. However, hackers will likely sell the stolen information to data thieves to fund future operations. The hackers could likely also use the financial gains to recruit other hackers with similar interests in stealing information.
Hackers will almost certainly target more healthcare centers like PPLA during the COVID-19 pandemic. Due to the pandemic, healthcare centers almost certainly admit more patients and gather a larger volume of personal information. Hackers will likely target healthcare centers as these will likely pay a ransom to recover the stolen data. Hackers will likely take advantage of system vulnerabilities, as health centers likely lack proper cybersecurity measures in systems due to maintenance costs and limited funds available to purchase data protection resources.
Date: December 1, 2021
Parties involved: Federal Bureau of Investigation (FBI); Nickolas Sharp, former Ubiquiti employee; Ubiquiti
The event: The FBI is investigating Nickolas Sharp, a former employee of Ubiquiti, an enterprise that sells wireless devices like routers and security cameras, who stole data to extort the company. He used a virtual private network (VPN) that provided his location when an internet outage occurred at his home, which led to his arrest. Sharp used his administrator credentials to steal confidential data from Ubiquiti’s servers. The data contained hundreds of files that included information on the company and its consumers. Nickolas Sharp imitated an anonymous hacker to extort the company, and he demanded a $2 million USD ransom from Ubiquiti to return the stolen files. The company lost over $4 billion USD after Nickolas Sharp published misleading articles about the company’s handling of the breach.
Analysis & implications:
Ubiquiti’s revenues will likely decline as consumers will likely seek to buy competitors’ goods. Consumers will likely favor other companies because of Ubiquiti's damaged reputation. Ubiquiti’s production of goods like security cameras will likely decline if consumers no longer purchase them for company operations. The decline in customers will likely cause a shift in the US wireless technology market as more domestic and foreign competitors will likely become more influential.
The likelihood of insider cyberattacks will likely increase as more employees have access to company data. Companies lacking proper data management and cyber security practices will likely be at risk of insider threats because employees are unprepared. Sharp’s attack could likely inspire other individuals to use his methodology to exploit other significant companies for notoriety or financial gain.
Authorities will likely come across challenges when identifying cybercrime activity like company extortion. Hackers likely have the ability to bypass detection measures by accessing and switching entries to multiple networks using VPNs. The use of VPNs will likely increase as they allow hackers to hide cybercrime activity and access the dark web to gain unauthorized access to the company systems to demand ransom.
Specialty reports are designed to inform clients of existing and emerging threats worldwide. To defeat terrorists and individuals intent on harming, it is critical to understand and investigate them. We collect and analyze intelligence on terrorists and extremists, their organizations, individuals who are threats, and their tactics and attacks to develop solutions to detect, deter, and defeat any act of terrorism or violence against our client. We also conduct investigations to identify persons of interest, threats, and determine the likelihood of a threat and how to stop them. To find out more about our products and services visit us at counterterrorismgroup.com.
________________________________________________________________________ The Counterterrorism Group (CTG)
 Planned Parenthood LA discloses data breach after ransomware attack, Bleeping Computer, December 2021, https://www.bleepingcomputer.com/news/security/planned-parenthood-la-discloses-data-breach-after-ransomware-attack/
 Former Ubiquiti dev charged for trying to extort his employer, Bleeping Computer, December 2021, https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/