[BreachExchange] Hackers show no mercy—even for pot dispensaries

Audrey McNeil audrey at riskbasedsecurity.com
Mon Feb 13 17:58:50 EST 2017


http://www.networkworld.com/article/3169374/malware-
cybercrime/hackers-show-no-mercyeven-for-pot-dispensaries.html

Back when Apple was the plucky young upstart that dared to be different,
the Mac was the machine for creative types and there was a perception that
it wasn’t a target for hackers because of its cultural cool factor.

You would expect the same rules to apply to the legalized marijuana market,
but a major hack attack on a pot dispensary last month set that notion up
in smoke.

MJ Freeway, providers of popular medical marijuana tracking software,
suffered a point-of-sale system hack that left over 1,000 marijuana
dispensaries across 23 states unable to track their sales and inventories.
Because of the state regulations regarding the sale of marijuana, some
dispensaries were forced to close early or shut their doors completely. The
disruption lasted weeks and caused patients to suffer long delays with
obtaining access to their medicine.

Closer inspection reveals this was a well-coordinated cyber attack that was
intended to take the system down.

Picking targets

Probably the real reason Macs weren’t targeted so much in the past was a
combination of low user numbers and Apple’s smart approach to security.
Nowadays the firm’s devices are so popular with a wealthy customer base
that they’re increasingly becoming a target.

The cannabis industry has also been soaring in the last few years, and so
perhaps it should come as no surprise that it has become a target, too.

This recent attack on MJ Freeway was aimed at corrupting files and data,
rather than stealing them. The company insists no client data was stolen. A
spokesperson claims all medical cannabis patient and business data was
encrypted and that there’s no evidence it was compromised. The intention
apparently was to disrupt the system, but the motive is unclear.

How did the attack work?

The attack simultaneously targeted the live, production and backup servers
at MJ Freeway, leaving the company reeling and unable to restore service.
Despite having redundancies built in with multiple backups on multiple
servers with a variety of companies in different locations, the attackers
were able to hit everything in a short period of time.

This is partly because the company was unaware it was being attacked for
the first few hours. It’s vital to have a data recovery plan, but this
attack also highlights the importance of having strong real-time security
to uncover breaches so that you can take action before it’s too late. Once
cyber attackers gain access to your system, it’s relatively easy for them
to dig deeper and spread laterally.

Prospects for recovery

Customers that maintained a separate data backup have been able to get up
and running again with minimal disruption, but others have lost records
permanently. The traceability system, which tracks the chain of custody for
complete transparency from “seed-to-sale” was corrupted, and it seems much
of the data may be unrecoverable.

This is obviously a disaster for MJ Freeway. Despite working hard to
restore service, some customers have already jumped ship, which is the
inevitable consequence of any security incident like this.

The costs of data recovery and improving security, along with compensation
and reputational damage, could be high. The true cost of a data breach only
becomes clear over time.

Lessons to be learned

Many small and mid-sized businesses nowadays rely on cloud-based services
like this from third-party providers. By 2020, 78 percent of small
businesses will be fully adapted to the cloud, according to Intuit. There’s
a big lesson to be learned here: Always maintain your own regular backups.

All the MJ Freeway customers that had an uncorrupted backup that they
maintained themselves were able to restore service quickly. It was also
easier for them to switch providers with minimal disruption to their
clients.

Any business that’s going to put its trust and data in the hands of a third
party really must research that company thoroughly.

MJ Freeway has migrated its clients’ sites to a more secure environment,
but the real question is: Why did it take an attack like this for them to
improve their security? Whatever the cost of this breach ends up being for
MJ Freeway, you can be sure it would have been a lot cheaper to implement
proper security in the first place.

But that’s always easier said than done.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170213/ae412502/attachment.html>


More information about the BreachExchange mailing list