Are Charities Immune to Cyberattack?

When I first moved into the charity sector, I assumed it was barren ground from the perspective of hackers and fraudsters. Speaking with charity leaders and friends in the cyber industry has disabused me of this belief, though.

Certainly, there have been some quite public breaches in the past year. First among these is the Pareto Phone breach, which resulted in the exposure of sensitive data for around 50,000 donors across up to 70 organisations. The breach was orchestrated by the LockBit ransomware group. The specifics of how the breach occurred point to a few potential methods commonly used by LockBit.

Notably, LockBit is known to recruit insiders within organisations, promising significant financial rewards for providing access to networks through credentials like RDP, VPN, or corporate email. This method involves insiders either sharing login credentials or running malicious software provided by the attackers, allowing remote access to the network. Additionally, LockBit and similar ransomware groups often use phishing attacks and exploit vulnerabilities in software or network configurations to gain initial access. Once inside, they can move laterally across the network, exfiltrating data before deploying ransomware to encrypt the organisation’s files.

In the case of Pareto Phone, the breach included data from a single machine’s D: drive that held extensive legacy data, indicating potential lapses in data security and retention policies. This suggests that the attackers either exploited a specific vulnerability in the system or utilised insider information to access this particular machine. It makes sense that hackers and fraudsters target concentration points like this one. By breaching one organisation, they breached many.