By Robert McMillan, Joseph De Avila and Jacob Bunge
Cyberattacks on critical infrastructure including transportation
systems in New York and Massachusetts demonstrated the intensifying
threat that hackers pose to U.S. business and providers of
essential services.
An attack this week on JBS SA, the world's biggest meat company
by sales, temporarily upended U.S. food supplies after it caused
JBS's plants to temporarily shut down. White House officials said
the hacking was likely carried out by a group based in Russia. JBS
said it restarted most of its plants on Wednesday.
On Wednesday, a ransomware attack disrupted ferry services in
Massachusetts. New York's Metropolitan Transportation Authority
also revealed Wednesday that it had been hacked in April, although
the attack didn't disrupt operations, including the city's subway
system.
In May, the operator of an essential pipeline bringing gasoline
to parts of the East Coast paid about $4.4 million to regain
control of its operations and restore service.
San Diego-based Scripps Health said Tuesday that it is still
recovering from a cyberattack it discovered on May 1 that disrupted
its patient portal, electronic medical records, radiology and other
systems and canceled or delayed appointments at its hospitals and
clinics.
Emboldened by recent successes, hackers have shifted their focus
away from data-rich companies such as retailers, financial
institutions and insurance companies to providers of key public
needs such as hospitals, transportation and food. The trend is part
of a global criminal pivot from stealing data to hobbling
operations via ransomware, where companies are hit with demands for
million-dollar payments to regain control of their operating
systems.
President Biden said Wednesday he would look closely at whether
to retaliate against Russia for the attacks. The president plans to
bring up the problem of ransomware during a summit with Russian
President Vladimir Putin in Geneva planned for June 16, the White
House said. Russian officials didn't immediately respond to a
request for comment.
Security professionals whose business is helping companies and
organizations protect and manage against these attacks have warned
that it is only likely to get worse.
"Pharmaceuticals, hospitals, healthcare, public companies,
organizations that don't have the talent and skills to defend
themselves -- they're getting sucker punched," Kevin Mandia, chief
executive of cybersecurity firm FireEye Inc., said Wednesday during
a Wall Street Journal cybersecurity conference.
Department of Homeland Security officials issued fresh warnings
Wednesday about the importance of guarding against ransomware.
"The threat of ransomware continues to be severe. Ransomware can
affect any organization in any sector of the economy," said Eric
Goldstein, executive assistant director for cybersecurity at the
Cybersecurity and Infrastructure Security Agency, a part of DHS.
"All organizations should urgently review our available resources
and implement best practices to protect their networks from these
types of threats."
The potential for profit from ransomware coupled with an
explosion in remote working during the Covid-19 pandemic provided
both the incentive and the means for a ransomware boom, said Adam
Meyers, vice president of intelligence with the cybersecurity firm
CrowdStrike Inc.
Companies that previously considered themselves to be unlikely
targets of data breaches have increasingly found themselves in the
crosshairs of ransomware.
Before 2018, hackers considered data-rich companies such as
financial services companies, retailers and insurance companies to
be prime targets, but they have shifted their focus due to the
financial incentive from ransomware payments. Previously, they
would seek to make money using data for identity theft, but
ransomware provided an opportunity for industrial-scale hacking and
payouts that could be made quickly in hard-to-trace cryptocurrency
such as bitcoin, security professionals say.
When ransomware disabled operations at aluminum and energy giant
Norsk Hydro AS in 2019, it was a wake-up call for the cybersecurity
industry, said David Navetta, a partner with the law firm Cooley
LLP's cybersecurity practice.
"They're hitting everybody," he said. "Any company that relies
on their information technology to provide a good or a service is a
target. We've seen manufacturers; we've seen chemical companies;
we've seen nontraditional targets being hit more frequently than
four or five years ago," he said.
The Massachusetts attack disrupted bookings at the Steamship
Authority, the largest ferry operator linking passengers and
freight from the mainland to the islands of Martha's Vineyard and
Nantucket. Boats were able to continue sailing to the two islands,
where the populations swell during the summer, but the ferry
operator said customers were unable to book or change their vehicle
reservations either online or by phone.
Hackers launched a cyberattack in April on New York's MTA and
accessed three of 18 computer systems used by the transit agency,
although the breach had no impact on riders, employees or
contractors, MTA officials said. The MTA hack was first reported by
the New York Times.
DHS's CISA, the National Security Agency and the Federal Bureau
of Investigation notified the MTA of the breach in late April, MTA
officials said. The transit agency was able to patch up the
vulnerabilities the next day, MTA officials said.
A forensic audit turned up no evidence that any accounts were
compromised, MTA officials said. No employee information was
accessed, and no data was lost in the breach, they said. The
hackers also didn't make any financial demands, MTA officials said.
The transit agency required password changes for about 3,700
employees and contractors as a precautionary measure, they
said.
Scripps warned Tuesday that information on about more than
147,200 patients was exposed, possibly including clinical data and
driver's license and Social Security numbers. Last fall, ransomware
groups knocked dozens of hospitals offline during a widespread
campaign, and a September hack cost United Health Services Inc. $67
million.
--James Rundle, Tarini Parti and Paul Berger contributed to this
article.
Write to Robert McMillan at Robert.Mcmillan@wsj.com, Joseph De
Avila at joseph.deavila@wsj.com and Jacob Bunge at
jacob.bunge@wsj.com
(END) Dow Jones Newswires
June 02, 2021 18:39 ET (22:39 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
JBS (QX) (USOTC:JBSAY)
Historical Stock Chart
From Dec 2024 to Jan 2025
JBS (QX) (USOTC:JBSAY)
Historical Stock Chart
From Jan 2024 to Jan 2025