It seems that every week new news breaks regarding the progress toward reaching practical quantum computing. While this is excellent news for the promised benefits quantum computing will provide, it helps society tackle the biggest problems in computing that traditional computers just can't handle. These include potential breakthroughs in artificial intelligence, the complex modeling involved in nuclear fusion, improved solar cells, cancer, and disease treatments, and financial markets modeling.
Advanced Persistent Threat (APT) groups are at the heart of today’s cyber-espionage efforts. Unlike one-off hackers, APTs distinguish themselves through novel attack techniques, cunning lateral movement across the victim’s infrastructure, swift malware deployment, efficient data exfiltration and – perhaps most importantly – stealthy operation to avoid detection by cybersecurity tools.
Ransomware continues to be the ultimate business disruptor. This week
Colonial Pipeline, a private operator of the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily, announced they were a victim of a ransomware attack by the organization known as “Darkside.” The attack propelled Colonial to take systems offline, halting operations and threatening to cause the price of oil to rise.
This attack against the U.S. infrastructure is yet another harsh reminder of how fragile critical infrastructure can become when targeted by ransomware and may become the final catalyst for an executive order on cybersecurity from U.S. President Biden. According to the New York Times, the speculated order will “require federal agencies to take a “zero trust” approach to software vendors, granting them access to federal systems only when necessary, and require contractors to certify that they comply with steps to ensure that the software they deliver has not been infected with malware or does not contain exploitable vulnerabilities.”
Since August of 2020, Darkside operators (the group behind the Colonial Pipeline ransomware attack) have become increasingly active, targeting bigger names across a diverse array of industries, culminating in more attacks against critical infrastructure operators.
Darkside also started reorganizing the ransomware business by adopting novel tactics such as creating a press center on their website to announce upcoming leaks and to encourage reporters to get in touch with them. They started partnering with dubious data recovery companies who help victims disguise ransomware payments as “data recovery fees.” Like a digital Robin Hood, the group has also been taking some proceeds from their attacks and donating to charities to show “moral principles.”
Since the release of our free Darkside decryptor this January, Bitdefender has seen an increased number of companies and Managed Service Providers (MSPs) reach out to us for help with decryption – a strong indicator that targeted ransomware attacks have become more frequent and effective.
This incident is not the first and will not be the last, as U.S. critical infrastructure, spans across the continent. Ransomware operators take advantage of vast networks of systems in remote areas, by probing networks for weak points of entry or by buying phished credentials to remote desktop instances that they can use to mount an attack.
Critical infrastructure is increasingly appealing to ransomware operators – particularly those who are involved in Ransomware-as-a-Service (RaaS) schemes because of several reasons:
Read More
This attack against the U.S. infrastructure is yet another harsh reminder of how fragile critical infrastructure can become when targeted by ransomware and may become the final catalyst for an executive order on cybersecurity from U.S. President Biden. According to the New York Times, the speculated order will “require federal agencies to take a “zero trust” approach to software vendors, granting them access to federal systems only when necessary, and require contractors to certify that they comply with steps to ensure that the software they deliver has not been infected with malware or does not contain exploitable vulnerabilities.”
Since August of 2020, Darkside operators (the group behind the Colonial Pipeline ransomware attack) have become increasingly active, targeting bigger names across a diverse array of industries, culminating in more attacks against critical infrastructure operators.
Darkside also started reorganizing the ransomware business by adopting novel tactics such as creating a press center on their website to announce upcoming leaks and to encourage reporters to get in touch with them. They started partnering with dubious data recovery companies who help victims disguise ransomware payments as “data recovery fees.” Like a digital Robin Hood, the group has also been taking some proceeds from their attacks and donating to charities to show “moral principles.”
Since the release of our free Darkside decryptor this January, Bitdefender has seen an increased number of companies and Managed Service Providers (MSPs) reach out to us for help with decryption – a strong indicator that targeted ransomware attacks have become more frequent and effective.
This incident is not the first and will not be the last, as U.S. critical infrastructure, spans across the continent. Ransomware operators take advantage of vast networks of systems in remote areas, by probing networks for weak points of entry or by buying phished credentials to remote desktop instances that they can use to mount an attack.
Critical infrastructure is increasingly appealing to ransomware operators – particularly those who are involved in Ransomware-as-a-Service (RaaS) schemes because of several reasons:
- Increased Notoriety - High-profile critical infrastructure attacks are extensively covered by the media which brings added attention to ransomware operators and their attacks. This increases their visibility and adds an extra pressure point on the victims to pay up faster.
- Added “Affiliates” - In the RaaS space, reputation is paramount. The more high-profile victims a group compromises, the more likely additional “affiliates” will join their team and share illicit revenue obtained through extortion.
- Likely to Negotiate – Last, but not least, competition among ransomware groups is fierce, with as many as 15 new families of ransomware showing up every month. Ransomware groups know that operators of critical infrastructure don’t have the luxury of losing data or shutting down operations (without massive loss) – not to mention regulatory fines. Ransomware groups know infrastructure operators may more open to negotiation than companies in less critical areas.
The current situation with Darkside and the Colonial Pipeline shows once again that protection and prevention are key factors, and that one missed sample can have dire consequences not only for the business in question but also for the local or global economy as well.
If you are worried about your organization becoming a victim of ransomware – here are three things you can do to become more cyber resilient against ransomware and avoid business disruption:
Basic security hygiene – It’s obvious but true that many of the most pervasive cyber-attacks have been possible because of an unpatched machine, or outdated antimalware. You should apply patches immediately and audit your systems regularly to ensure everything is up to date.
Security operations are expensive! Hiring, training, and keeping a team of security analysts demands significant resources from any organization wanting to run security operations in-house. There are many studies which show the urgent need to improve security operations center (SOC) analysts’ productivity.
- The threat landscape continues to evolve in terms of complexity
- Email is still the weakest link in the security chain and neglecting email security can leave your customers’ networks vulnerable to attacks
- Many legacy solutions can’t fend off today’s modern attacks
- Investment in modern email security is essential to protect against sophisticated attacks
- Ensuring data privacy is now a worldwide concern, with many countries adopting data protection laws
- Much work still needs to be done to ensure the privacy of information
- Tools and training are keys to success
- An unsecure communication protocol proves to be a headache in today's world
- Despite its age and problems, Telnet sticks around
- The mitigation of Telnet security problems is possible with the right solution
On April 20th, the results of the latest round of the annual MITRE ATT&CK® Evaluation of security solutions were released. This year, a field of 29 security solutions from leading cybersecurity companies including Bitdefender, Crowdstrike, and Microsoft were tested on their ability to detect the techniques and tactics of Carbanak and FIN7.
Since the onset of the current health crisis, many systems have found themselves strained. From remote work platforms to collaboration software, most services have been affected by the heavy traffic and the necessity to accommodate large numbers of users.
“When in doubt, choose change.” (Lily Leung)
- McAfee has agreed to sell its enterprise business
- Many McAfee customers may be considering alternatives
- Don’t just replace - upgrade
The global cybersecurity landscape has changed dramatically over the past year due to the COVID-19 pandemic as adversaries look to use the outlier event to their advantage.
