Unthinkable! Hackers Loot Charity's Funds Right Before Christmas Season | Tripwire

Unthinkable! Hackers Loot Charity's Funds Right Before Christmas Season

Posted on November 9, 2017
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Hackers have done the unthinkable by making off with a charity's funds right before the start of the 2017 Christmas season. The Utah Association for Intellectual Disabilities (UAID) first noticed something was wrong when it had not received any new email applications for help since 22 October. Typically, the charity gets numerous applications in preparation for the Christmas season. It's when UAID buys and distributes gifts for between 1,200 and 1,400 adults who are intellectually disabled, who often don't have family, and who live in assisted living facilities. Suspicious of the lack of activity, UAID decided to look into the matter. Laura Henderson, who serves as vice president of the charity, says she realized the full extent of the hack shortly thereafter. As she told Good4Utah:
"As we investigating the email issue, I opened the bank statements and started seeing things that just weren't right."
index-8.jpg
According to their bank records, unauthorized individuals had used multiple apps and services to transfer or steal $5,000 from the charity. They also took over its PayPal account, opened new accounts, and seized control of its website and email. Even when Henderson and her staff attempted to reset the passwords for those compromised services, the hackers regained control in no time. UAID co-founder Katherine Scott can't believe someone would take from a charity that provides for individuals who mostly don't receive anything else at Christmas. In her mind, the worst part is the seizure of the charity's email. Without access, she can't determine who needs assistance this year:
"That's one of the things that's making us real sad this year is we don't know who needs help."
It's unclear how the hackers first struck UAID or what security measures the charity had in place at the time of attack. Overall, charities can do more to ensure the resilience of their services. A 2016 survey of non-profit organizations conducted by US accounting firm CohnReznick found that nearly half of respondents had not performed a security risk assessment in the past year. Two-thirds also said they had no plans to increase their spending on digital security. Ken Montenegro, IT director at advocacy group Asian Americans Advancing Justice, tells Financial Times that's not a good thing:
"That puts us in a precarious position because we’re not used to spending on something like a patch management tool that keeps our software up to date."
Organizations of all sizes need to protect themselves against digital attackers by patching their systems. To learn how Tripwire's solution can help safeguard your organization's financial accounts and critical services, please click here. In the meantime, UAID is asking for donations of money and clothes so that it can still serve people this holiday season. Anyone wishing to donate should call its main telephone number: 385-887-4145.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!