On June 3, 2021, American media company Cox Media Group (CMG) experienced a cyberattack in which the malicious threat actor encrypted the network servers and forced the systems to go offline.
In the initial investigation, the company did not mention the nature of the attack; however, in a notification letter released on October 8, CMG acknowledged the breach as a ransomware attack. The company also stated that it did not pay ransom to the threat actors.
Over 800 individuals were believed to have been impacted. Personal information exposed in the breach included names, addresses, Social Security numbers, financial account numbers, health insurance information, health insurance policy numbers, medical condition information, medical diagnosis information, and online user credentials. The attack also resulted in disruption of the streaming of its live TV and radio broadcasts streams. As a security measure, the company took down the systems to mitigate the further spread of the threat.
The Cox Media Group, one of the largest media conglomerates in the US, has formally acknowledged a ransomware attack that crippled and took down live feeds for several TV and radio stations earlier this year, in June. https://t.co/86xlGMAxN3
— Shahriyar Gourgi (@ShahriyarGourgi) October 9, 2021
Post attack, the company took measures to improve its security posture by adopting multi-factor authentication, enterprise-wide password reset, and implementation of endpoint detection solutions.
In its Ransomware Index Update Q2 2021, Cyber Security Works states that six vulnerabilities have become associated with seven ransomware strains; among them are the infamous Darkside, Conti, FiveHands, and the newly christened, Qlocker.
With this update, the total number of vulnerabilities associated with ransomware has increased to 266. It also noticed a 1.5% increase in the number of actively exploited vulnerabilities that are trending currently, reiterating that a risk-based approach for the remediation of vulnerabilities is the need of the hour.
One of the most compelling observations during the quarter was the exploitation of zero-day vulnerabilities even before vendors published their discovery or released patches.
We have witnessed dangerously disruptive ransomware attacks in 2021. The ransomware attacks on Colonial Pipeline, JBS USA Holdings, Kaseya, and Accenture — the most recent victim of LockBit — are proof that the lack of cyber hygiene is rampant. These attacks highlight the need for the continual assessment of vulnerabilities and the prioritization of remediation.