Firewall Firm is a Managed Cyber Security Company in India
Home » Tag: Ransomware

Tag Archives: Ransomware

Home » Tag: Ransomware

Maze ransomware hits US giant Cognizant

Maze ransomware hits US giant Cognizant

maze-ransomware

maze-ransomware

The latest company to fall victim to a ransomware attack is Cognizant, a large US IT services company which admitted at the weekend that it had fallen victim to Maze.

The three-paragraph statement offers little detail except, perhaps, the most telling:

Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.

That one word, Maze, hints that the company is already steeling itself to report the ransomware attack as a full-blown data breach.

Maze has been blamed for extorting a succession of large organisations since last summer, and is known for stealing as well as encrypting files in an innovation used by the criminals to increase the pressure on victims to pay up: We’ve scrambled your sensitive files but will also leak them to the world if we don’t get what we want.

For US companies, a data breach is a big deal which brings with it regulatory oversight as well as hefty potential costs if any customer information is found to be part of the stolen data.

It’s also commercially awkward to admit an attack is causing problems for customers even if the company is far from the only prominent name affected by Maze in recent months.

In late March, Swiss cyber-insurance company Chubb admitted it had been hit by an unidentified attack, which some took to confirm an unverified claim by the Maze gang that it had successfully stolen data from the company weeks earlier.

The attackers even, cheekily, justified their actions in a statement that reportedly began:

We want to show that the system is unreliable. The cybersecurity is weak. The people who should care about the security of the information are unreliable. We want to show that nobody cares about the users. […] Now it’s our turn. We will change the situation by making irresponsible companies pay for every data leak.

In January, Naked Security reported on a confirmed Maze attack in December which so annoyed the victim company, cable maker Southwire, that it filed a civil suit against its makers that mentioned the ransom demand of $6 million in Bitcoins.

If these and a series of others credited to Maze in recent weeks serve as a warning, what are they a warning against?

The short answer is a ragbag of tactics that read like a penetration test gone rogue.

That could include known vulnerabilities in any kind of privileged asset such as load balancers to Microsoft Remote Desktop Protocol (RDP) servers. If it can’t reach these directly, there’s always standard phishing attacks and boobytrapped Word attachments to fall back on in the search for a network foothold.

None of this is exactly hard to predict. In December, the FBI even put out a private warning about Maze tactics to US organisations.

The challenge is that today’s successful compromises reflect the security weaknesses that have built up from yesteryear. Companies sometimes suspect that they have weaknesses but simply fail to find them as quickly as the attackers do.

How to protect yourself from ransomware

  • Pick strong passwords. And don’t re-use passwords, ever.
  • Make regular backups. They could be your last line of defense against a six-figure ransom demand. Be sure to keep them offsite where attackers can’t find them.
  • Patch early, patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
  • Lock down RDP. Criminal gangs exploit weak RDP credentials to launch targeted ransomware attacks. Turn off Remote Desktop Protocol (RDP) if you don’t need it, and use rate limiting, two-factor authentication (2FA) or a virtual private network (VPN) if you do.
  • Use anti-ransomware protection. Sophos Intercept X and XG Firewall are designed to work hand in hand to combat ransomware and its effects. Individuals can protect themselves with Sophos Home.

 

CYBER SECURITY

CYBER SECURITY – Protect and Secure Your Data

CYBER SECURITY - Protect and Secure Your Data

CYBER SECURITY – Protect and Secure Your Data

Protect and Secure Your Data

Protect and Secure Your Data

Protect and Secure Your Data

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.

  • Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware.
  • Application security focuses on keeping software and devices free of threats. A compromised application could provide access to the data its designed to protect. Successful security begins in the design stage, well before a program or device is deployed.
  • Information security protects the integrity and privacy of data, both in storage and in transit.
  • Operational security includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.
  • Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data. Disaster recovery policies dictate how the organization restores its operations and information to return to the same operating capacity as before the event. Business continuity is the plan the organization falls back on while trying to operate without certain resources.
  • End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons is vital for the security of any organization.

The scale of the cyber threat

The global cyber threat continues to evolve at a rapid pace, with a rising number of data breaches each year. A report by RiskBased Security revealed that a shocking 7.9 billion records have been exposed by data breaches in the first nine months of 2019 alone. This figure is more than double (112%) the number of records exposed in the same period in 2018.

Medical services, retailers and public entities experienced the most breaches, with malicious criminals responsible for most incidents. Some of these sectors are more appealing to cybercriminals because they collect financial and medical data, but all businesses that use networks can be targeted for customer data, corporate espionage, or customer attacks.

With the scale of the cyber threat set to continue to rise, the International Data Corporation predicts that worldwide spending on cyber-security solutions will reach a massive $133.7 billion by 2022. Governments across the globe have responded to the rising cyber threat with guidance to help organizations implement effective cyber-security practices.

In the U.S., the National Institute of Standards and Technology (NIST) has created a cyber-security framework. To combat the proliferation of malicious code and aid in early detection, the framework recommends continuous, real-time monitoring of all electronic resources.

The importance of system monitoring is echoed in the “10 steps to cyber security”, guidance provided by the U.K. government’s National Cyber Security Centre. In Australia, The Australian Cyber Security Centre (ACSC) regularly publishes guidance on how organizations can counter the latest cyber-security threats.

Types of cyber threats

Cyber threats - Cybercrime, Cyber-attack, Cyberterrorism

Cyber threats – Cybercrime, Cyber-attack, Cyberterrorism

The threats countered by cyber-security are three-fold:

  1. Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption.
  2. Cyber-attack often involves politically motivated information gathering.
  3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common methods used to threaten cyber-security:

Malware

Malware means malicious software. One of the most common cyber threats, malware is software that a cyber criminal or hacker has created to disrupt or damage a legitimate user’s computer. Often spread via an unsolicited email attachment or legitimate-looking download, malware may be used by cybercriminals to make money or in politically motivated cyber-attacks.

There are a number of different types of malware, including:

  • Virus: A self-replicating program that attaches itself to clean file and spreads throughout a computer system, infecting files with malicious code.
  •       TrojansA type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading Trojans onto their computer where they cause damage or collect data.
  • Spyware: A program that secretly records what a user does, so that cybercriminals can make use of this information. For example, spyware could capture credit card details.
  • Ransomware: Malware which locks down a user’s files and data, with the threat of erasing it unless a ransom is paid.
  • Adware: Advertising software which can be used to spread malware.
  • Botnets: Networks of malware infected computers which cybercriminals use to perform tasks online without the user’s permission.

SQL injection

An SQL (structured language query) injection is a type of cyber-attack used to take control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database.

Phishing

Phishing is when cybercriminals target victims with emails that appear to be from a legitimate company asking for sensitive information. Phishing attacks are often used to dupe people into handing over credit card data and other personal information.

Man-in-the-middle attack

A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal data. For example, on an unsecure WiFi network, an attacker could intercept data being passed from the victim’s device and the network.

Denial-of-service attack

A denial-of-service attack is where cybercriminals prevent a computer system from fulfilling legitimate requests by overwhelming the networks and servers with traffic. This renders the system unusable, preventing an organization from carrying out vital functions.

Latest cyber threats

What are the latest cyber threats that individuals and organizations need to guard against? Here are some of the most recent cyber threats that the U.K., U.S., and Australian governments have reported on.

Dridex malware

In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an organized cyber-criminal group for their part in a global Dridex malware attack. This malicious campaign affected the public, government, infrastructure and business worldwide.

Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it infects computers though phishing emails or existing malware. Capable of stealing passwords, banking details and personal data which can be used in fraudulent transactions, it has caused massive financial losses amounting to hundreds of millions.

In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises the public to “ensure devices are patched, anti-virus is turned on and up to date and files are backed up”.

Romance scams

In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that cybercriminals commit using dating sites, chat rooms and apps. Perpetrators take advantage of people seeking new partners, duping victims into giving away personal data.

The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019, with financial losses amounting to $1.6 million.

Emotet malware

In late 2019, The Australian Cyber Security Centre warned national organizations about a widespread global cyber threat from Emotet malware.

Emotet is a sophisticated trojan that can steal data and also load other malware. Emotet thrives on unsophisticated password: a reminder of the importance of creating a secure password to guard against cyber threats.

End-user protection

End-user protection or endpoint security is a crucial aspect of cyber security. After all, it is often an individual (the end-user) who accidentally uploads malware or another form of cyber threat to their desktop, laptop or mobile device.

So, how do cyber-security measures protect end users and systems? First, cyber-security relies on cryptographic protocols to encrypt emails, files, and other critical data. This not only protects information in transit, but also guards against loss or theft.

In addition, end-user security software scans computers for pieces of malicious code, quarantines this code, and then removes it from the machine. Security programs can even detect and remove malicious code hidden in Master Boot Record (MBR) and are designed to encrypt or wipe data from computer’s hard drive.

Electronic security protocols also focus on real-time malware detection. Many use heuristic and behavioral analysis to monitor the behavior of a program and its code to defend against viruses or Trojans that change their shape with each execution (polymorphic and metamorphic malware). Security programs can confine potentially malicious programs to a virtual bubble separate from a user’s network to analyze their behavior and learn how to better detect new infections.

Security programs continue to evolve new defenses as cyber-security professionals identify new threats and new ways to combat them. To make the most of end-user security software, employees need to be educated about how to use it. Crucially, keeping it running and updating it frequently ensures that it can protect users against the latest cyber threats.

Cyber safety tips – protect yourself against cyber attacks

How can businesses and individuals guard against cyber threats? Here are our top cyber safety tips:

  1. Update your software and operating system: This means you benefit from the latest security patches.
  2. Use anti-virus software: Security solutions will detect and removes threats. Keep your software updated for the best level of protection.
  3. Use strong passwords: Ensure your passwords are not easily guessable.
  4. Do not open email attachments from unknown senders: These could be infected with malware.
  5. Do not click on links in emails from unknown senders or unfamiliar websites:This is a common way that malware is spread.
  6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave you vulnerable to man-in-the-middle attacks.

For Cyber Security Consultant Please contact

Sales :+91 958 290 7788 | Support : +91 96540 16484

Register & Request Quote | Submit Support Ticket

Cyber Security News 3rd Week August 2016

  1. NSA’s hacking group hacked! Bunch of private hacking tools leaked online: Last week, unknown hackers calling themselves “The Shadow Brokers,”  hacked into NSA (US Intelligence agency)– and dumped a bunch of its hacking tools (malware, private exploits, and hacking tools) online. The hackers are offering to sell more private “cyber weapons” to the highest bidder. The files mostly contained installation scripts, configurations for command-and-control (C&C) servers, and exploits allegedly designed to target routers and firewalls from American manufacturers. Last year, a company called Hacking Team was hacked and its tools were similarly leaked.
  1. Retailer says point of sales system was infected with malware: US retailer Eddie Bauer had said that hackers may have accessed customers’ payment card information after infecting its point-of-sale systems with malware. The company says it’s in the process of identifying customers whose payment information may have been stolen and will notify those who’ve been affected and is also working with payment card networks so that they can coordinate with card issuing banks to monitor for fraudulent activity. Wendy’s is the another recent example of such PoS attacks.
  1. Insider attack at Sage: Last week, Sage – a provider of accounting and business software for companies worldwide, admitted to a data breach caused by someone accessing internal systems with employee credentials rather than an external cyber attacker. A female Sage employee has been arrested from London Airport, following the data breach which may have exposed information belonging to hundreds of business customers. Cyber-attacks are on the rise, and now, businesses not only have to deal with the threat of external attackers but insider threats as well. According to experts, 55 percent of all corporate cyber-attacks are either caused by malicious employees or through accidental, human error on the inside.
  1. Another site hacked because it was not patched: DLH.net which provides Steam game related news, reviews, cheat codes, and forums, was breached using a known vulnerability found in older vBulletin forum software, which powers the site’s community. The data stolen from the forum includes full names, usernames, scrambled passwords, email addresses, dates of birth, join dates, avatars, Steam usernames, and user activity data. The company is denying any breach though it is asking its users to change their passwords. “Clash of Kings” forum was hacked recently for similar reasons.
  1. Ransomware in Ranchi: Ransomware has become a modern form of extortion, with a small town like Ranchi reporting more than 3 dozen Ransomware cases in the past fortnight. Till date, the victims have been automobile companies, Software consultants providing services to the Govt. of Jharkhand, Medical establishments and few small wholesale traders. In its advisory, the Govt. of India  has advised not to pay ransom, as it doesn’t guarantee the release of the files. Affected users should report such instances of fraud to computer emergency response team (CERT) and law agencies. India continues to be one of the top Victim countries and last week the Finance minister revealed that a major attack on the public banking system in India was averted. In May this year – there was a major Ransomware attack in Maharashtra’s Mantralaya. Other news from India – Websites of Sagar university and Goa Institute of Management were defaced by Pakistani hackers.
  1. Clinton Foundation suspected to have been hacked: Bill and Hillary Clinton’s charitable foundation hired experts to examine its data systems after seeing indications they might have been hacked. Though no message or document hacked from the New York-based Clinton Foundation has surfaced in public, Democrats are worried that leaked info may be used to attempt damage the campaign. The hack is very similar to the techniques used in the DNC hack and DCCC hack.
  1. ‘Massive’ Locky Ransomware campaign targets hospitals: A ‘massive’ cybercriminal campaign is targeting hospitals with the notorious Locky Ransomware and is using a new technique in an effort to infect systems with the file encrypting software. Hospitals are an appealing target for cybercriminals to infect with Ransomware not only because of the crucial role of IT in healthcare, but also because the data held by hospitals is so vital. Earlier this year a Los Angeles hospital paid a $17,000 Bitcoin ransom after a Locky infection took down its network.
  1. VeraCrypt security audit is being spied upon: VeraCrypt is an open-source freeware utility used for on-the-fly encryption. OSTIF (The Open Source Technology Improvement Fund) announced at the beginning of this month that it had agreed to audit VeraCrypt independently. Last week, the OSTIF announced that its confidential PGP-encrypted communications with the auditors were mysteriously intercepted and it suspects some outsiders are attempting to listen in on and/or interfere with the VeraCrypt security audit process.
  1. Post Bitfinex hack; Bitcon.org is worried: Recently, Hong Kong based crypto currency exchange-Bitfinex, was hacked resulting in a loss of around $72 Million worth of Bitcoins. Last week, Bitcoin.org, the website that hosts downloads for Bitcoin Core, posted a message on its website warning users that the next version of the Bitcoin Core wallet, one of the most popular bitcoin wallets used to store bitcoins, might be replaced with a malicious version of the software offered by government-backed hackers. The advisory also went on to say that one should securely verify the signature and hashes before running any Bitcoin Core binaries.
  1. Chat service can be hacked: Omegle is a free online chat website that allows users to socialize with others without the need to register. The service randomly pairs users in one-on-one chat sessions where they chat anonymously. The anonymity encourages users to talk dirty and sometimes share identifiable info. Unfortunately, the chat conversations are recorded and stored on their servers. An Indian bug bounty hunter, found a way to hack into these servers to access these conversations. One should be careful with what identifiable information you are sharing over such online service while chatting with strangers. The more personal information you share, the more chances there are for others to blackmail or misuse the information.
Read More »