InfoSec

This is the web version of dot.LA’s daily newsletter. Sign up to get the latest news on Southern California’s tech, startup and venture capital scene.

The LockBit ransomware group claimed responsibility for an attack on the Housing Authority of the City of Los Angeles, or HACLA. According to LockBit’s website – accessed by TechCrunch via the dark web – the group claims to have stolen 15 terabytes of data from the city agency, which provides affordable housing for more than 19,000 families across Los Angeles.

HACLA declined to go into details but confirmed that a “cyber event” happened on or around December 31 of last year, disrupting some of the agency’s systems. Repairs to the system, returning it to full functionality, along with an investigation into the specifics of the attack are currently underway. The HACLA website remains operational.

Why should I care?

The hack potentially includes personal information about families and individuals seeking housing assistance, as well as payroll data and other information from the agency’s personnel files. Not to mention, the increase in these kinds of attacks has been allowed to continue, in large part, due to an overall lack of concern from the general public. Surveys continue to suggest that everyday consumers remain largely willing to exchange their personal data with companies in exchange for appealing services.

How do these ransomware attacks work?

Groups like Vice Society run what’s known as a “double extortion” model. Initially, systems are attacked and encrypted, and the targets are charged for a decryption key. Additionally, the groups may also threaten to publish stolen data onto the dark web for other hackers and bad actors to access, unless an additional second ransom is paid. In 2022 alone, according to security firm Emsisoft, 27 school districts – including 1,735 individual schools – were hit with these kinds of ransomware attacks.

Groups like LockBit frequently employ automated attacks that spread virally through computer systems. Vice Society, on the other hand, focuses on so-called “human-operated ransomware attacks.” These attacks actively infiltrate a specific organization’s on-premises or cloud IT infrastructure – often using stolen or compromised credentials – and unlike their automated counterparts, they can adapt to specific weaknesses in the targeted network. This makes smaller targets with less sophisticated security infrastructures – like small businesses, public agencies, and school districts – particularly attractive.

How often do these attacks happen?

Overall, 2022 saw a 28% global increase in cybersecurity attacks over the previous year, and authorities have started to take notice. In November, the US Department of Justice charged a dual Russian-Canadian citizen, Mikhail Vasiliev, with allegedly participating in LockBit-powered malware attacks. The criminal complaint against Vasiliev identifies the group as “one of the most destructive ransomware variants in the world.” A number of local companies are also responding to the threats with innovative software solutions, including the medical device security platform Medcrypt, identity and access management developers SecureAuth, and LA-based intelligence and cybersecurity firm Resecurity.

LockBit in particular has been prolific over the past few years, with a number of disruptive attacks on a diverse array of targets. In October 2021, IT and consulting giant Accenture confirmed a ransomware attack during which over 6 terabytes of data was stolen by a group demanding $50 million for its return; the incident was later traced back to LockBit operators. In May, members of the group disrupted operations at a Tijuana-based production plant owned by tech manufacturer Foxconn.

In October, Advanced – an IT service provider that works with the UK’s National Health Service – confirmed that it had been attacked by data-stealing hackers, though the company did not indicate whether or not patient data was compromised. Advanced claimed that the malware used during the attack was LockBit 3.0, but the group has not specifically claimed responsibility on its site.

Why do these attacks keep happening?

The increase in these kinds of attacks has been allowed to continue, in large part, due to an overall lack of concern from the general public. Surveys continue to suggest that everyday consumers remain largely willing to exchange their personal data with companies in exchange for appealing services.

A 2020 Statista study found that 46% of consumers are happy to share their data under basically any circumstances, while 38% were okay with it in exchange for a boost in personal convenience or well-being. A similar 2022 survey from the Global Data and Marketing Alliance (GDMA) made similar findings, identifying 48% of US consumers as “data pragmatists,” who are willing to share their information provided there’s some kind of tangible benefit.

How can these attacks be stopped?

There are strong indications that public outcry could potentially limit these kinds of attacks more generally. LockBit issued a rare apology this week following an attack on Canada’s largest pediatric hospital, The Hospital for Sick Children in Toronto, and shifted blame for the incident on a partner organization. The group also provided the hospital with a decryption key, on the house.

In addition, attitudes could potentially shift among the public should cybersecurity stories continue to pop up this frequently in the mainstream news, or if companies and private organizations start taking more aggressive steps to lock down and secure their networks. This was, after all, the second major cybersecurity incident involving a Los Angeles city agency in the last few months. Back in September, a Russia-based ransomware group known as “Vice Society” targeted the LA Unified School District. When district officials refused to pay the requested ransom, hackers ultimately published hundreds of gigabytes of personal data regarding staff, faculty, and students, including passport details, Social Security numbers, and even medical and psychological assessments. - Lon Harris