Ransomware attacks against U.S. organizations in 2024 disrupted healthcare systems, supply chains, and government services, and led to tens of millions of dollars in ransom payments. Here are 10 of the most prominent attacks against U.S. organizations for the year 2024:​

LoanDepot​

On Jan. 8, California-based mortgage lender LoanDepot disclosed an attack in an 8K filing with the U.S. Securities and Exchange Commission (SEC). The company said attackers were in its systems from Jan. 3 through Jan. 5 and engaged in malicious activity that included "access to certain Company systems and the encryption of data."

Veolia​

On Jan. 19, Veolia North America disclosed it was investigating a ransomware attack that occurred one week prior and disrupted certain software applications and systems in the company's network. The Boston-based water, waste and energy recycling management company forced its back-end systems offline, which disrupted customer billing and payment services.

Change Healthcare​

One of the year's most significant attacks, if not the most significant, occurred against UnitedHealth Group's Change Healthcare on Feb. 21. The healthcare technology company, which provides payment and reimbursement services, suffered a massive data breach, prolonged disruptions and substantial recovery costs.

Ascension​

Ascension is another healthcare organization that suffered a significant ransomware attack this year. On May 8, the St. Louis-based healthcare system disclosed that ransomware disrupted its electronic health record (EHR), some phone systems, patient portals and other important systems patients use to order tests, procedures and medications. Patient portals and EHR systems remained down for a little more than one month.

Cleveland city government​

On June 10, Cleveland's city government disclosed it was forced to shut down city hall following a disruptive ransomware attack. City hall remained closed for 11 days while the staff worked to restore systems. The attack affected residents' ability to submit payments, permits and building or house applications.

CDK Global​

CDK Global experienced a damaging ransomware attack on June 18. The automotive technology provider, which currently serves 15,000 dealerships, forced most of its systems offline to contain the threat. Subsequently, the ransomware attack caused significant disruptions for downstream customers.

McLaren Health Care​

A ransomware attack on Aug. 5 significantly disrupted services at Michigan-based McLaren Health Care. The healthcare organization was forced to reschedule nonemergency and elective procedures, but the attack also affected primary and specialty care clinics as well as cancer care. Patients were asked to bring in a list of medications, printed physicians orders and a list of known allergies as the electronic medical records remained down due to the attack. McLaren operates 13 hospitals in Michigan with 28,000 employees and more than 113,000 network providers.

Port of Seattle​

On Aug. 24, the Port of Seattle in Washington began experiencing outages related to a ransomware attack. The Port of Seattle is a public agency that also oversees the Seattle-Tacoma International Airport. While the port's website was down, the airport suffered the brunt of disruptions as bag checking, check-in services, flight information displays and phone systems went down due to the attack. Some services remained down two weeks after ransomware encrypted the agency's systems.

Blue Yonder​

On Nov. 22, Arizona-based Blue Yonder disclosed it suffered a ransomware attack one day prior. The attack disrupted the supply chain management company's managed services hosted environment and led to massive fallout for downstream customers including Starbucks, Sainsbury's and Morrisons Supermarkets. Morrisons was forced to rebuild a new warehouse management system for fresh foods and produce while Sainsbury's suffered service disruptions.

Krispy Kreme​

Ransomware disrupted online ordering services for Krispy Kreme on Nov. 29. The doughnut giant disclosed the attack in an 8k filing with the SEC on Dec. 11. Krispy Kreme said it was notified of suspicious activity on its information and technology systems on Nov. 29 and subsequently initiated
an investigation, contained the threat and began remediation. In addition to online ordering, deliveries to retail and restaurant partners were also disrupted.


These are not all - just 10 of the biggest. There are many, many more! If I just wanted to report
one of these each day, I would have no trouble in doing so - and I'm just making reference to
entities within the USA!!!

Well, looking at the bright side of things, the future looks good for persons interested in pursuing
a career in Cybersecurity. Someone's gotta guard the hen house, cause the foxes sure ain't goin
away!!!

One of my students once asked, 'Why don’t we just delete all hackers from the internet?' It was a funny yet teachable moment about the complexity of cybersecurity.

What’s the most surprising or memorable question a student has asked you?

Has A+ always been two exams? I first achieved A+ certification in 1998 and my exam codes were 220-002 and 220-003. I find it odd that that doesn't follow the *1 and *2 pattern that we're used to now and it makes me wonder if the original A+ was a single exam--maybe 220-001. (FWIW, it's apparently required two exams since 1996 at the latest.)

Anyone know for sure?

Serverless architectures are growing, but are they making APIs more vulnerable to attacks due to the lack of traditional security controls?

Not all cybersecurity roles require coding, but it can be a valuable skill. Should certifications like Pentest+ or SecurityX include more emphasis on programming, or is it a niche skill?

Many things can prevent our students from completing their goals, including:
• Fear: Fear of failure can paralyze them, while fear of success can lead to self-sabotage.
• Lack of clarity: They might not know what they want to achieve or why they're doing it.
• Procrastination: Putting off their goal or waiting to take action.
• Lack of support: They might not have the support they need to achieve their goals.
• Negative thoughts: Doubting their abilities. Negative emotions like fear of criticism.
• Not prioritizing it: Not prioritizing their goal in their schedule.
• Underestimating the difficulty: Not realizing how hard it will be to achieve their goal.
• Giving up too soon. Quitting. Giving up before they see results.
• Not anticipating problems: They might not plan or anticipate their challenges.
• Focusing on the reward: They might focus on getting a reward instead of putting in the effort.
As instructors, we must help students overcome these obstacles and complete their goals.

Hello CINners,

Does anyone know if there is a tool that can scan an entire email,
for potentially malicious content?


Thanks CINners

We are Harper College…the college in your community.

The College was established by referendum in 1965 and opened September 1967. It is named for Dr. William Rainey Harper, a pioneer in the junior college movement in the United States and the first president of the University of Chicago. We are located in Palatine, IL.

Harper College is now one of the nation’s premier community colleges and one of the largest, serving approximately 29,000 students annually in Chicago’s northwest suburbs. The College’s academic programs prepare students for rewarding careers and for transfer to four-year universities. Harper offers associate degree and certification programs, advanced career programs, workforce training, professional development, continuing education classes, accelerated degree options for adults, and developmental education programs.

At Harper College, we are committed to fair and equitable compensation for all employees. In compliance with Illinois state law, we prioritize transparency in salary information. Our salary ranges reflect our dedication to attracting and retaining top talent while ensuring equitable pay practices. We encourage open discussions about compensation and invite you to reach out with any questions you may have regarding salary details. Harper College typically offers compensation up to the median market rate for this position. We aim to ensure our pay is competitive while aligning with both the role's requirements and the candidate's experience. To review all benefit information visit us at:

Qualifications​

Educational Requirements: Bachelor’s degree or equivalent professional experience is required. Priority will be given to those with current certification in CompTIA Data+ and DataSys+ or those who will have these certifications prior to the course start dates. A master’s degree or equivalent experience is preferred.
Experience Requirements:  Experience teaching adults and 2+ years’ experience in the field is required.

Job Description​

Part-time teaching positions are based on enrollment. Classes may be scheduled for evenings or weekends.

About the Team​

The Career and Technical Programs provide programs of study that involve a multiyear sequence of courses that integrate core academic knowledge with technical and occupational knowledge to provide students with a pathway to postsecondary education and careers.

Responsibilities​

Data Analysis Instructor. The qualified candidate must possess subject matter expertise in data analysis and have experience teaching adults. Includes curriculum and instruction to prepare students for the CompTIA Data+ and DataSys+ certification exams. Courses may be offered online, in person, or in a blended format. Instructional training includes following a course syllabus, meeting course objectives, lecture and lab instruction, and using Blackboard, assessments, and PowerPoint presentations as appropriate. The instructor will maintain and update the course curriculum as needed i.e., syllabus, textbooks, PowerPoint presentations, quizzes, etc. Must record student attendance, submit midterm and final grades as required per semester, and complete mandated training. A part of the Career and Technical Programs Division, Continuing Professional Education (CPE) offers short-term professional training leading to certification, digital badges, and industry-specific knowledge and skills.

Interested? Apply here: https://fa-eneh-saasfaprod1.fa.ocs..../?keyword=vocational+skills&mode=job-location

Chinese Hackers Accessed US Treasury Workstations in ‘Major’ Cybersecurity Incident​

Chinese hackers remotely accessed US Treasury Department workstations and unclassified documents
after compromising a cloud-based service operated by BeyondTrust, the department said Monday.


Happy 2025 to BeyondTrust

Security awareness training has traditionally focused on basic phishing defense and password hygiene, but are these topics still the most relevant?
Key Topics for 2025 to Combat Modern Threats

Hello CINners,

We know that some of the factors that can/will cause email to be sent
to the Spam or Junk folder are:
- Spam trigger words:
- Suspicious links or attachments:
- Poor sender reputation:
- Incorrect email authentication:
- High volume of emails:
- Unusual email formatting:
- Low engagement rate:

Do you know of any other factors that contribute to this behavior?


Thanks CINners

Happy 2025

Maintaining privacy and safeguarding security frequently require striking a careful balance. Is privacy unassailable in the digital age, or should we put security above everything else in a world where surveillance is growing?

I'm helping a client develop some training materials for the Tech+ course, so I took and passed the exam to see what the questions would be like.

I only had 60 questions, with no PBQs. It was the shortest CompTIA certification exam I've taken in 25 years. Mostly, it consisted of understanding the vocabulary terms and being able to pick information from an example. In my opinion, it was much easier than the previous IT Fundamentals+ certification that preceded it.

It provides the learning with very basic digital literacy but the exam is very surface-oriented. It does not go deep on any topic at all.

Although zero trust architecture is frequently hailed as the cybersecurity of the future, can most organizations actually implement it?

In your experience, which cybersecurity framework do you feel has the most practical relevance for organizations today—NIST or CIS?

Hello CINners,

I'd like to inquire about your email client of choice - Gmail, Yahoo, Outlook, whatever!!!!
Let me know what you use, and why, please!!!

By the way, is Hotmail the same app as Outlook????



Thanks CINners

Hello CINners,

What exactly is the target of a DNS attack? Is it the DNS server, or the
DNS client? Or, is it something else?


Thanks CINners

Hello CINners,

When I launch some PowerPoint slides using Microsoft PowerPoint, there are
multiple processes named "Microsoft Edge WebView2" that are launched
along with it. Why is this? What connection does this Microsoft Edge WebView2
thingy have with PowerPoint?

Thanks CINners

IT professionals need to match corporate goals with their technical expertise. How do you instruct students to consider business impact while dealing with IT problems such as security breaches or network optimization?

How do you simulate real-world cybersecurity threats in your classroom?

Hello CINners,

What tool, or technique(s), do you use to detect a compromised
user account? A tool, indigenous in the operating system,
would be nice, if one exist. I'm always looking to save a buck!!!

Thanks CINners

IT concepts can be abstract and difficult to remember. What techniques do you use to help students retain key concepts like subnetting, IP addressing, and security protocols?

1. How do you create a welcoming and inclusive learning environment for your IT students?
2. How do you ensure that everyone feels welcomed and supported?