now browsing by tag


#nationalcybersecuritymonth | Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security

Source: National Cyber Security – Produced By Gregory Evans

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today warned of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies.

According to the alert issued in collaboration with the Swiss Government Computer Emergency Response Team (GovCERT), the attackers have asked for ransoms ranging from thousands of Swiss Francs to millions — 1 million CHF is just over $1 million.

Over a dozen of such ransomware attacks that resulted in systems being encrypted and rendered unusable have been reported in recent weeks.

“The attackers made ransom demands of several tens of thousands of Swiss francs, in some cases even millions,” the alert says.

Swiss ransomware victims ignored warnings, had poor security

As MELANI and GovCERT discovered while investigating these ransomware incidents, recommended best practices such as MELANI’s information security checklist for SMEs were not implemented by the victims and previous warnings of such attacks were not taken into consideration.

The Swiss Government-funded cybersecurity body advises businesses not to pay ransoms to avoid becoming involuntary sponsors for the hackers’ ongoing campaigns.

Also, by paying them, businesses don’t have any guarantee that their data will be recoverable using decryption tools provided by the attackers.

It is important that the companies concerned contact the cantonal police immediately, file a complaint and discuss the further procedure with them. As long as there are still companies that make ransom payments, attackers will never stop blackmailing. – MELANI

MELANI also warned both SMEs and large companies that they are still at risk even after paying the ransoms and restoring their systems and data seeing that “the underlying infection from malware such as ‘Emotet’ or ‘TrickBot’ will remain active.”

“As a result, the attackers still have full access to the affected company’s network and can, for example, reinstall ransomware or steal sensitive data from it.”

MELANI said that there are examples of companies from Switzerland and other countries that were ransomed multiple times within short periods of time.

While analyzing the recently reported ransomware incidents, the Swiss cybersecurity body identified a number of weaknesses that allowed attackers to successfully breach the companies’ defenses (all of them can be mitigated by MELANI’s recommendations):

• Virus protection and warning messages: Companies either did not notice or did not take seriously the warning messages from antivirus software that malware had been found on servers (e.g. domain controllers).
• Remote access protection: Remote connections to systems, so-called Remote Desktop Protocols (RDP), were often protected with a weak password and the input was only set to the default (standard port 3389) and without restrictions (e.g. VPN or IP filter).
• Notifications from authorities: Notifications from authorities or from internet service providers (ISPs) about potential infections were ignored or not taken seriously by the affected companies.
• Offline backups and updates: Many companies only had online backups which were not available offline. In the event of an infestation with ransomware, these backups were also encrypted or permanently deleted.
• Patch and lifecycle management: Companies often do not have a clean patch and life cycle management. As a result, operating systems or software were in use that were either outdated or no longer supported.
• No segmentation: The networks were not divided (segmented), e.g. an infection on a computer in the HR department allowed the attacker a direct attack path to the production department.
• Excessive user rights: Users were often given excessive rights, e.g. a backup user who has domain admin rights or a system administrator who has the same rights when browsing the internet as when managing the systems.

Stream of ransomware warnings

Last year, in November, a confidential report issued by the Dutch National Cyber Security Centre (NCSC) said that at least 1,800 companies from around the globe and with operations in various industry sectors were affected by ransomware attacks.

The three file-encrypting malware strains responsible for the infections — LockerGoga, MegaCortex, and Ryuk — relied on the same infrastructure and were previously spotted in attacks that targeted corporate networks and enterprises such as Norsk Hydro and Prosegur.

The Federal Bureau of Investigation (FBI) also warned private sector partners last month about Maze Ransomware operators focusing their attacks on US companies. 

This warning came less than a week after the FBI warned private industry recipients about LockerGoga and MegaCortex ransomware infecting corporate systems from the U.S. and abroad in a flash alert marked as TLP:Amber.

“Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands,” the FBI announced at the time.

“The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.”

Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) alerted organizations across all critical U.S. infrastructure sectors of a recent ransomware attack that hit a natural gas compression facility and took down pipeline operations for two days.

Source link

The post #nationalcybersecuritymonth | Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Twitter says Olympics, IOC accounts hacked | News

Source: National Cyber Security – Produced By Gregory Evans

(Reuters) – Twitter said on Saturday that an official Twitter account of the Olympics and the International Olympic Committee’s (IOC) media Twitter account had been hacked and temporarily locked.

The accounts were hacked through a third-party platform, a spokesperson for the social media platform said in an emailed statement, without giving further details.

“As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners to restore them,” the Twitter spokesperson said.

A spokesperson for the IOC separately said that the IOC was investigating the potential breach.

Twitter also said Spanish soccer club FC Barcelona’s account faced a similar incident on Saturday.

“FC Barcelona will conduct a cybersecurity audit and will review all protocols and links with third party tools, in order to avoid such incidents,” the soccer club said in a tweet after the hack.

Last month, the official Twitter accounts of several U.S. National Football League (NFL) teams, including the San Francisco 49ers and Kansas City Chiefs, were hacked a few days ahead of the Super Bowl.

Earlier this month, some of Facebook’s official Twitter accounts were briefly compromised.

(Reporting by Akshay Balan in Bengaluru, Editing by Rosalba O’Brien)

Source link

The post #nationalcybersecuritymonth | Twitter says Olympics, IOC accounts hacked | News appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | Let’s make ransomware MORE illegal, says Maryland – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

The oft-attacked city of Baltimore not only uses mind-bogglingly bad data storage. Its home state, Maryland, also knows how to swiftly propose mind-bogglingly bad legislation that would outlaw possession of ransomware and put researchers in jeopardy of prosecution.

It is, of course, already a crime to use the data/systems-paralyzing malware in a way that costs victims money, but proposed legislation, Senate Bill 30, would criminalize mere possession.

It’s not supposed to keep researchers from responsibly researching or disclosing vulnerabilities, but like other, similar “let’s make malware more illegal” bills before it, SB 30’s attempts to protect researchers could “use a little more work,” as pointed out by Ars Technica‘s Sean Gallagher.

It covers much of the same ground as does Federal law, but SB 30 would take it a step further by labelling the mere possession of ransomware as a misdemeanor that would carry a penalty of up to 10 years imprisonment and/or a fine of up to $10,000.

The draft could get yet more draconian still: Earlier this month, members of the Maryland Senate Judicial Proceedings Committee said they’d actually prefer to make the crime a felony, according to Capital News Service.

The problematic outlawing of “unauthorized access”

Besides mere possession of ransomware, the bill would outlaw unauthorized, intentional access or attempts to access…

…all or part of a computer network, computer control language, computer, computer software, computer system, computer service, or computer database; or copy, attempt to copy, possess, or attempt to possess the contents of all or part of a computer database accessed.

It would also criminalize acts intended to “cause the malfunction or interrupt the operation of all or any part” of a computer, the network it’s running on, and their software/operating system/data. Also verboten: intentional, willful, unauthorized possession or attempts to identify a valid access code, or publication or distribution of valid access codes to unauthorized people.

Where does that leave researchers? Partially protected by a thin blanket that doesn’t protect them from liability, experts say.