Cyberattacks rising

COEUR d'ALENE — Passwords. Antivirus software. Firewalls. Staff training.

All are among the defenses used to protect against cyberattacks. Yet, as much as private business and government entities and medical centers try, they can and will be hacked. Data breaches happen.

Most recently, Kootenai Health and Rehabilitation Hospital of the Northwest in Post Falls reported that intruders found ways into its networks. And earlier this year, the city of Coeur d'Alene reported a malware attack.

Ken Wardinsky, chief information officer for North Idaho College, said an intruder accessed NIC’s network in October 2022 and in a short time, caused "havoc” before being stopped.

Wardinsky said it's impossible to prevent cyberattacks with 100% success. He said they are increasing and becoming more sophisticated, so the cost and resources necessary to combat them are rising.

He said the goal is to minimize their impact.

“I don't think you can ever fully prevent it,” he said.

He said NIC budgets about $500,000 for cybersecurity and is seeking more money to do battle.

“Montana State (University) got hit and they have a huge cybersecurity budget,” he said. 

Wardinsky said, that in most cases, a breach of a network is done through phishing attempts and exposed user identifications and passwords.

Phishing is defined as “the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers."

If people open such an email and click on a link, it can release a virus into the network.

Wardinsky said if a username is obtained, a password can sometimes be guessed as people tend to use the same ones.

"It's just a common, human thing,” he said. 

If a network is compromised, the first step is to contain the damage, shut down the network and try to preserve the system, Wardinsky said.

Then, the goal is to try and determine how the network was accessed.

“Forensics, basically,” Wardinsky said.

There is a chance to restore the system and bring it back online if a good backup is in place, he said.

Enhanced security measures, additional training and changed passwords would be part of the process to prevent it from happening again.

Most cyberattacks have specific targets — individuals, businesses and governments — and are done remotely.

“There are people behind the keyboard,” Wardinsky said.

More attacks

According to astra.com, nearly 4,000 new cyberattacks occur every day. It reported that the first half of 2022 alone saw 236.1 million ransomware attacks globally. In 2022 alone, the total damage caused by cyberattacks reached $8.4 trillion. 

Astra.com reported that cybercrime is estimated to cost businesses $10.5 trillion globally by 2025, while on average, small businesses spend less than $500 on cybersecurity.

It also reported that malware attacks, which involve the installation of malicious software on a victim’s device, see 560,000 new pieces of malware detected every day.  It reported that 3.4 billion phishing emails are sent daily; 91% of cyber attacks start with email scams. and nearly 85% of all emails are spam. 

"Stolen credentials are the most common factor that leads to data breaches," astra.com said. 

A recent analysis conducted by cybersecurity firm Surfshark revealed that the U.S. had 90.4 million leaked accounts in the first quarter of 2024, adding up to 3 billion leaked accounts in the past 20 years. 

The first quarter of 2024 witnessed a 185% increase in breach rates compared to the previous quarter, with 90.4 million accounts compromised, Surfshark reported. 

"This troubling data emphasizes the critical need for organizations to bolster their cyber defenses and for individuals to prioritize cybersecurity awareness," said Lina Survila, Surfshark spokeswoman.

Malware discover

Malware was found in the city of Coeur d'Alene's network in February. According to TechTarget, malware includes computer viruses, worms, Trojan horses, ransomware and spyware. 

"These malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions and monitor end-users' computer activity," TechTarget said.

Wardinsky said ransomware, which is a type of malware, works like a hostage situation.

“A bad actor gains access to your network,” he said.

Once in, the intruder will poke around the network, trying to access key data. If found, they can upload the data, encrypt the system they invaded and demand money to decrypt it and threaten to release the data on the black market.

Wardinsky said it’s a tough situation because the hackers still have the data and even if paid, may not provide the encryption code.

Breach a network

Jim Alves-Foss, director of the University of Idaho Center for Security and Dependable Systems, said there are many ways to breach a network.

He said the most common is a phishing attack. He said user credentials, names and passwords can be obtained if people aren’t careful online. Browser attacks, which target vulnerabilities in web browsers, are also used on targets.

Alves-Foss said both large and small municipalities are susceptible to cyberattacks, which can be carried out on several targets simultaneously.

“They can hack you anywhere, no matter where they live,” he said.

He said in ransomware cases, the cybercriminal usually demands payment in cryptocurrency, such as Bitcoin, which is difficult to track. And it's also generally sent overseas, so to track the hacker and try to get the money back, cooperation from authorities there would be needed.

Alves-Foss said that is unlikely.

In some towns and villages in other countries, the creation and distribution of malware is big business.

"It's a major part of their economy," he said.

State training

District Rep. Tony Wisniewski previously told The Press that businesses and others affected by cyberattacks should report the incidents so better defenses can be developed.  

"The demand for well-trained cybersecurity personnel is skyrocketing, and the state of Idaho is providing training in this field at several of the community colleges and universities," he wrote in an email to The Press.

This legislative session, the House Education Committee was given presentations on cybersecurity by the presidents of the four state community colleges.  

"Although all of the community colleges are beefing up their Career and Technical Education programs, some of them are offering specialized training in cybersecurity," Wisniewski wrote. 

One of Idaho National Lab’s core missions is to be a world leader in cybersecurity, and they work on some of the most modern supercomputers at their facility in southeast Idaho, he wrote.

The College of Eastern Idaho is collaborating with INL to train cybersecurity technicians, as well.

"Similarly, North Idaho College houses some of the computers for the University of Idaho’s cybersecurity program, so they share some of their training courses as well," Wisniewski wrote. "The state has been placing a great deal of emphasis and funding for all CTE programs, starting in the grade schools."

Local cyberattacks

The city of Coeur d’Alene recently sent 57 notifications to Idaho residents whose personal information was accessed in a ransomware attack in February.

The affected data included names, Social Security numbers and driver’s license and/or state identification card numbers, according to a March 12 letter to the Office of the Idaho Attorney General from attorney Matt Meade of the firm Eckert Seamans Cherin and Mellott in Pittsburgh.

“At this time, we are not aware of any misuse of your information,” according to a letter from the city, also dated March 12 and sent by Meade to the AG’s office. 

The city shut down its computer network Feb. 11 after malware was detected in its system. The city's website was offline, records were not accessible and phones were down for several days.

In a Feb. 12 press release, the city said it was working with nationally recognized third-party cybersecurity and data forensics consultants and following industry best practices while developing a strategic plan to address the issue. 

In the March 12 letter signed by City Clerk Renata McLeod, it stated: “Through our investigation, we learned that there was unauthorized access to the City’s network between February 4 and February 11, 2024, and that the cyber criminals removed certain files from our servers during the attack."

The Rehabilitation Hospital of the Northwest was alerted Feb. 1 to unusual activity in its information technology environment. In response, it promptly secured and isolated its IT systems, a press release said. 

It also began an investigation with assistance from a third-party cybersecurity firm and has been in communication with law enforcement, according to the release.

Through an ongoing investigation, it was determined an unauthorized party gained access to the hospital's IT network between the dates of Jan. 16 and Feb. 4.

"While in the hospital's IT network, the unauthorized party accessed and/or acquired files that contain information pertaining to certain patients, including names and one or more of the following: addresses, dates of birth, medical record numbers, health insurance plan member IDs, claims data, diagnosis and/or prescription information," a press release said. 

The hospital said it was mailing letters to patients whose information may have been involved in the incident. Patients whose Social Security and/or driver’s license numbers may have been involved are being offered complimentary credit monitoring and identity protection services. 

In early April, Kootenai Health reported that at the beginning of March, it discovered suspicious activity in its IT network.

"Our monitoring tools immediately quarantined the activity and we isolated all impacted systems to limit any potential impact," a press release said. "We also engaged a team of cybersecurity experts to investigate the incident and bring our systems online in a safe and secure manner. "

The release said there was no impact on operations. The hospital could not say if patient information was accessed.

"We have no evidence that any information has been misused," the release said. "A comprehensive review of the potentially affected data is ongoing and once complete, we will reach out to impacted individuals with more information."