Ransomware Is Still A Real Threat

Ransomware

Ransomware still remains one of the main methods that hackers utilise to carry out cyber attacks on businesses.

New strains of viruses are emerging all the time one such type is Sodinokibi which is only three months old but has had a significant impact already. It is also know as Sodin and REvil and connected to a previous form of ransomware called GrandCrab.

It is beloved that the average ransom demand for Sodinokibi in May was $150,000 against $50,ooo for other forms of ransomware. The largest recorded to date is $500,000.

Furthermore according to a report by Coveware, an incident response company the average downtime from a ransomware attack during the first part of this year has increased from 7.3 days 9.6 days which is believed to be due to the impact of this new ransomware.

The use of  Sodinokibi is also on the increase so much that it now accounts for 12.50% of the overall market.

Attack Methods

Sodinokibi is a ransomware-as-service (RaaS) and is used to attack both businesses and consumers and use various attack methods that include the following:-

  • Acting as malicious spam
  • Phishing attacks
  • Malvertising
  • Exploitation  of vulnerabilities in Oracle

The Signs of this Ransomware Infection

The normal signs of a ransomware attack are displayed when a computer system has been compromised by Sodinokibi this being changes in the desktop wallpaper and the announcement of the attack by way of a ransom note.

https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/

How it Happens

Files are encrypted on local drives by an encryption algorithm renaming all files with a pre-generated pseudo- random alpha- numeric extension that can be up to eight characters in length. This type of ransomware appears to target files which are mainly media related.

It also has been found to delete shadow copies of back-up and disables the Windows Startup Repair tool which prevents users from fixing any system errors relating to the ransomware attack.

Sodinokibi is unique in that it does latch on to zero-day vulnerabilities and and allow a Sodinokibi ransomware attacker access to endpoints that it infects replicating tasks that administrators would normally carry out.

How to Try and Prevent an Attack

Creation of back-ups of data on an external drive or on the cloud

Ensure that updates are run on all computer systems and appropriate patching is carried out.

Reinforce training of staff so that they are aware of possible phishing attacks that might carry this ransomware.

Restrict the use administrative tools to the IT team

Disable macro on Microsoft Office products

Cyber Insurance

The purchase of cyber insurance can help manage and mitigate the impact of these form of attack. This type of policy will provide coverage for the investigation costs of such an attack, the cost of negotiating with the hackers and if need be the actual ransom itself.

Image : Shutterstock

The Holiday Cyber Risk Landscape

Holiday

The holiday season is now in full swing where people travel to far off destinations to enjoy a well earned break and to spend time with their families. Unfortutely the cyber threat remains with us …… and arguably is increased as people’s guard is somewhat down due to the relaxed environment that being on holiday promotes.

A survey carried out by Keeper Security Inc last year showed that the US posed to the greatest threat to holiday makers from hackers, however more worryingly the UK came in a second place with France, Spain and Italy also featuring in the top ten.

https://www.marieclaire.co.uk/entertainment/technology/cyber-security-holiday-destinations-523668

Some of the cyber threats that exist to indivuals and businesses are as follows :-

Insecure Wi-Fi Networks

A hotel wi-if network may be vulnerable if not secured with the latest security encryption software. This could also be said of restaurants or cafes. Attacks know as “Man in the Middle” where a third party is listening and changing information pretending to both the user and the application can intercept highly sensitive data and use this to compromise a users details.

GCHQ regularly warn travellers of the threats posed by insecure wi-fi networks and the holidayseason is when these threats become more prevalent. It is therefore important to check that the wi-if has the appropriate safety protocols in place in particularly when money is being transacted.

Holiday Scam E-mails 

It is conceivable that an individual could fall foul of a hacker before they leave their house .Holiday scam e-mails may portray a bogus website that offers a holiday deal which is too good to be true and the likelihood is that this could well be the case. Funds could be stolen by an on-line transaction with debit or credit card details also being compromised by a hacker.

Being Aware

Leaving a laptop or smart phone on your beach towel of on a cafe table opens opportunity for a speculative hacker to steal an electronic device and use data themselves or to post on the dark web to be sold at a later date.

Keeping a tight ship

The same principle applies to businesses during the holiday season who may not have their usual numbers in their cyber security team which creates an environment where threats could be missed or not acted upon as quickly as normal. A greater reliance therefore is imposed on everyday users to carry out good cyber hygiene in their everyday work schedule. Watching out for phishing e-mails and dubious website links which could lead for example to an incident of fraud or a ransom ware attack.

Back Home

Once back home it is good housekeeping to to check matters such as bank statements to ensure that no fraudulent transactions have taken place and that you can account for everything spent.

At work looking for any unusual e-mail activity or change in the functionality of your computer in case a virus may have downloaded itself whilst you were away.

Wherever you are on holiday cyber threats exist in many forms , hackers do not go on holiday so it is vitally important that you maintain the same cyber security posture.

Are You Prepared For A Data Breach?

Data Breach

Are you prepared for a Data Breach ?

Every business should be prepared for a data breach …… hackers act indiscriminately and any business could be a legitimate target.

An incident response plan is essential part of the jigsaw in managing cyber risks and does play a very important role in being prepared for a data breach.

The plan should be constantly updated on at least an annual basis with consideration given to the following:-

  • Breach experience of a businesses peer group
  • Independent third party review of the incident response plan
  • Tabletop exercises to ensure effective implementation of the plan
  • Appropriate employee training
  • Crisis management scenarios played out in order to address changing cyber risk landscape
  • Ensure that effective communication is practiced at all levels of the business in the event that the plan becomes operative.

What makes a good Incident Response Plan?

1.Buy in of implementation of plan by all relevant stakeholders to include the legal team , IT , risk management , HR    Public relations and facilities management.

2.Board level support lead by CISCO.

3. An on-going synopsis of cyber threats to the business so the plan can be adapted or revised

4. Assessment of any third parties cyber exposures that may impact on the businesses with checks carried out on their own cyber risk posture.

5. Minimum security standards implemented with third party providers

6. The purchase of cyber insurance to support the business and avail assistance of insurers incident response team of professionals.

The Experian Data Response Guide is an annual report that provides plans and processes to implement when a data breach occurs within a business.

The most recent report shows that the awareness is now at a much higher profile that it ever has been with senior management more involved with being data breach prepared. There is still however a lack of confidence in actually being able to manage a data breach. The report also showed that incident response plans were not regularly updated with 35% of businesses not updating this since the plan was first instigated. It was also discovered that very few businesses have a “dry run” to see how the plan would work in practice.

http://www.experian.com/assets/data-breach/white-papers/2016-2017-experian-data-breach-response-guide.pdf

The stakeholders of the incident response plan need to be at all levels from senior board members, finance and HR directors and employees representing different sectors of the business.

General Data Protection Regulations (GDPR)

The GDPR comes into force on 25th May 2018 and with this brings an obligation to protect personal data of individuals with the onus to report any data breach that may impact on such individuals.

It is important therefore that businesses have robust systems in place to manage the appropriate handing of data but also how cope with a data breach should this occur.

This includes who to report the breach to and what to report and make reference to such matters as the nature of the breach, the consequences of the breach and measures taken to address the breach. Systems therefore need to be in place so that this information can be provide to the ICO or other relevant regulatory body.

Experian Data Breach Resolution and Ponemom Institute released an industry study on 27th June this year which revealed that whilst most businesses are aware of global and data security regulations they have not yet have addresses the necessary organizational changes in order to achieve compliance.

The study carried out on 550 IT security and compliance officers entitled “Data Protection & Regulations in the Global Economy” ascertained that only 32% of the respondents still didn’t have an incident response plan in place. Furthermore only 9% of business stated that they were ready to comply with the GDPR next year with 59% stating that they did not know how to comply……

https://www.experianplc.com/media/news/2017/experian-data-breach-resolution-and-ponemon-institute/

Cyber Insurance

Cyber insurance can help with managing and mitigating a data breach, the following services are included when a cyber insurance policy is purchased :-

  • Legal assistance in notifying data subjects that may have lost data
  • Forensic Investigation is provided to help ascertain how the breach was caused and if the hacker is still able to infiltrate the computers systems.
  • Public Relations to help manage the impact that this might have on the public’s perception of the breach.
  • Credit Monitoring services to monitor individuals bank accounts should their date be used to carry out fraudulent transactions.

The appointment of such specialists on an individual basis can be very expensive and it is worth considering this form of insurance for this reason alone.

To sum up an incident response plan is a key piece of armoury to help protect a business from the consequences of a data breach and should be an integral part of the overall cyber risk management procedures and practices.

 

Image : Shutterstock

EU-US Privacy Shield – En Garde !

EU-US Privacy Shield

EU-US Privacy Shield will come into force on the 1st August and this now replaces the defunct Safe Harbour.

What has caused the delay?

Finally getting this over the line has been frustrating as it has met the resistance of the European Commission whose fault finding Article 29 Working Parties Opinion on this was delaying the final agreement.

This has now been given approval by the Article 31 Committee on 8th July and on 12th July the European Commission issued an “implementing decision” which ratifies that the Privacy Shield will be adopted.

Despite criticism from certain quarters during the negotiation phase this does now provide some certainty on how businesses can legally transfer personal data between the EU and US.

The Background

In February we covered the announcement of the  hotly awaited replacement to the Safe Harbour in our post

EU-US Privacy Shield – Is data safe again?

The main obligations imposed on firms handling Europeans personal data are as follows:-

  • Individual Notification

Businesses must inform individuals of their rights under the US-EU Privacy Shield and what rights they have including specific reference to how their particular data is processed

  • Opt Out

Individuals can object to the disclosure of their personal data to third parties or for specific purposes.

  • Responsibility for movement of personal data

This should be limited and made clear for what purpose this is going to be utilised. The level of protection of the data in this process must be no lesser to that set out under the Privacy Shield.

  • Security Measures

These must be in place commensurate with the type and sensitivity of the data and how this will be processed.

  • Access to Data

This must be possible and if amendments are required to the data then this must be carried out promptly.

  • ƒData Integrity

Data must be set out in accordance to its’ relevance and end use, this must be up to date and accurate in all respects.

  • Consequences of non adherence

Processes to be put in place to ensure that compliance is achieved and a system of redress with options for legal remedies.

A copy of the Framework Principles as issued by the US Department of Commerce is available at the link below

EU-US Privacy Shield Framework Principles

What will the impact of Brexit?

This is going to be one of the many issues that will need to be negotiated with the U.K. leaving the EU. The protection of personal data is a foremost consideration all around the world today and this geographical location is no exception.

Would the UK now need to negotiate a separate Privacy Shield with the US – will we therefore see a US-UK Privacy Shield?

How does this interact with the General Data Protection Regulations that come info force on 25th May 2017? The UK will need to implement similar data protection regulations when dealing with the EU and the personal data of individuals within these European States. Data from the EU may also circulate via the UK to the US which is a further dilemma that will need to be addressed.

Can Cyber Insurance Help?

This form of policy provides protection for loss of personal data for such scenarios as a result of a hacker attack , the inadvertent loss of data by an employee or the destruction of data by a malicious act. The post breach response vendors provided by insurers also provides a significant benefit to businesses.

Cyber Insurance can therefore play a role in mitigating the impact of a data loss irrespective of the changing legal landscape that is evolving.

The underlying message to the business environment is that they must have heighten awareness and be very much ” En Garde” as to the dynamic changes on how data is processed and protected and the pitfalls of non-compliance.