Dow Jones list containing 2.4 million names of high risk banking clients left exposed- Comment

A Dow Jones list of 2.4 million people considered at risk for bribery and corruption, as well as high-profile criminals and terrorists, sat out in the open on an unsecured online database, a researcher has found.

Commenting on the story are the following security experts:

Warren Poschman, senior solution architect at comforte AG:

“In a regrettable trend, Dow Jones & Co. is yet another example of a company that has failed its customers without taking proper security measures – and twice now.  Surely, heads will roll in their IT organization but it’s their customers that are left at risk and bearing the pain of the identity theft and privacy failures.  Really, it’s a classic case of a company wanting to invest in the cool technology, in this case, Elasticsearch and AWS S3 buckets, but they’ve not understood the security ramifications of this technology.  Organizations need to adopt data security to protect their data, wherever it may exist or whoever may be managing it on their behalf. A data-centric security model allows a company to protect data and use it while it is protected for analytics and data sharing on cloud-based resources.  These incidents would have been preventable with such a model – and if a 3rd party or partner has a security lapse, instead of trying to shift blame, Dow Jones would be talking about how it proactively protected its customers from such threats.”

Sergio Loureiro, director cloud solutions at Outpost24: 

This is another case of sensitive data on Elasticsearch clusters being left wide open on the internet, and it happens to be hosted on AWS. We’ve seen this time and time again – companies using Elasticsearch for analytics or big data projects and making careless mistakes in the misconfiguration.

To prevent this scenario, companies must ensure they have the security process and controls in place to assess and be alerted of potential misconfigurations on a continuous basis.”

 

 

(110)

Share

Protecting Data In A Hybrid Cloud Environment

This is an excerpt of the Veeam Report ‘Availability in the Age of the Cloud’, to read more articles surrounding cloud technology, protection and security, download the report for free here.

Technology is integral to business operations today and there is a widespread expectation that important data be available and secure 24 hours a day, 365 days a year.  In many ways, securing your business’s data has become the most critical role for the IT division.   As this dynamic market creates even more sophisticated attacks and glaring vulnerabilities, it will be IT’s responsibility to stay ahead of the game.  A hybrid-cloud storage architecture should leverage this by delivering secure, end-to-end architecture that provides the flexibility of the cloud with the performance of an on-premises solution, while still encrypting data flows from one site to the other.  Here’s how you can keep your customers’ information, and your own business, safe in a hybrid cloud architecture:

 

  1. PHYSICAL DATA PROTECTION

Cloud protection starts with physical security protecting against theft, loss, accidents, power failures, etc.  Cloud data centres are physically secure, often in remote locations, with multiply-redundant, backed-up power supplies, and redundant telecom connections.  They offer secure building physical security with controlled access, and their size and the nature of storage management makes it near-impossible to identify the physical location or device storing any one organisation’s data.  By comparison, many enterprises at best tend to have a single data centre, and SMEs might have only an in-building server room or data closet. Very small companies may just have a NAS sitting unprotected on site.

To protect against physical data loss, it is essential to have a physically separate offsite backup copy.  Unsurprisingly, simple data backup to cloud is the oldest application and, until the advent of big data with cloud, one of the largest consumers of cloud storage.

For physical separation, cloud storage is divided into redundancy or availability zones.  Users can select from multiple zones within one data centre (locally redundant) or data can be duplicated across different datacentres in different locations in a region (zone redundant) or in different regions (geo-redundancy).  Unlike traditional storage tiering or offsite backup, cloud-based storage is distributed across redundancy zones and handled by the cloud storage system software transparently to users.

  1. PROTECTION FROM DEVICE FAILURE

No matter the storage medium, there is always the risk of device failure.  With HDD it’s inevitable, and Flash devices used in SSD will wear out.  RAID technology was developed to protect against drive failure, although with very large drives, RAID is increasingly less effective.  For traditional storage, best practice in the industry is to follow a 3-2-1 backup strategy – back up to a second device and then back up to offsite.  This quickly becomes expensive in both hardware and IT time spent on maintenance – time that could be spent on strategic business initiatives.

A variant of data loss is inadvertent or malicious deletion of data. Over time users, and even IT managers, utilising file hosting and collaborative solutions such as Dropbox and Office 365, have become so accustomed to cloud reliability that they assume files are always available. However, if a file is deleted it is only available for recovery for a short time.

A 2015 study by EMC found the top causes of data loss were accidental deletion (41%), migration errors (31%), and accidental overwrites (26%). To protect against this, several new products that provide cloud backup are becoming available, especially for Office 365.

Data can also be lost via corruption by viruses or ransomware.  Ransomware is the most prevalent incident of malware today, per Verizon’s 2018 study of business risks. The WannaCry attack is one recent example; and the city of Atlanta, Georgia, is still reeling from a major ransomware attack that crippled the city’s applications, from payroll to public transportation.

Using a hybrid-cloud architecture locates the authoritative data storage in the cloud and gains all the benefits of cloud storage while still presenting a traditional on-premises filer interface, with the added advantage that the filer is now no longer a critical, high-maintenance component.  Because the filer is just a cache of the cloud data, if it is replaced it will simply replenish with most active files, once accessed.

Data in cloud storage is spread across multiple drives, and data on the drives is managed throughout their lifecycle by the cloud provider to prevent data loss and make failed drive replacement transparent to the user.  As noted above, data can also be saved in geo-redundant locations for maximum protection.

For additional protection, the cloud object store can be configured with versioning and made immutable – meaning data can only be written, not erased, although in practice time limits can be set for when erasure is enabled.  This ensures that any saved version of the file is always available for recovery.

Disaster recovery/file level recovery

With legacy NAS devices based on hard drives, we know that these drives will inevitably fail, and it’s only a matter of time before data must be recovered.  Disaster recovery is a storage function that everybody recognizes as an important baseline to have implemented.  However, many businesses today are leveraging two different storage backup and disaster recovery (DR) strategies.  They have one system for use as primary storage and another separate version for backup and recovery.

Leveraging the hybrid-cloud model streamlines this process significantly, as SMEs use the same cloud storage service for both primary storage and backup/DR.  The hybrid-cloud storage architecture consolidates files into a single store. This is especially beneficial for organizations with multiple sites, because it avoids multiple copies being stored on separate file servers for access with the attendant replication costs, active-version headaches, and overhead.  With the scalability and falling cost of cloud storage, combined with full namespace visibility and cached cloud filers, it always makes sense to just keep every file available in the cloud.

Hybrid-cloud storage services support file-level restore combined with versioning that lets users find prior versions of their files, which means you can restore/backup individual files without having to deal with the whole data store. And all of these have a high-performance connection as part of the on-premise acceleration.

  1. PROTECTION FROM DATA LOSS AND BREACH

Protection from data breaches incurred through human behaviour – many data breaches and even ransomware incidents start with phishing attacks through social engineering.  Another problem, especially with file hosting solutions, is shadow IT, where employees upload restricted data to an unauthorised personal cloud file hosting application such as Google Drive, OneDrive, or Dropbox.

Many of these do not deliver encrypted end-to-end traffic, although this might be expected from more consumer-oriented services. The bigger issue is that all these services readily facilitate file sharing – but now IT has no knowledge of what files have been shared and with whom.  This can easily violate industry compliance measures like HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation).

By avoiding shadow IT, investing in audit tools, using identity management tools like Azure AD combined with device management, and encrypting files at rest and in-transit, breaches can be better avoided and identified when they do occur.

In 2018, the GDPR made breach reporting mandatory – all companies processing or holding the personal data of data subjects in the European Union are subject to GDPR.

Although most major cloud vendors fully intend to be GDPR-compliant, it’s essential that your IT organisation ensure your on-premises and global file system are a compliant storage architecture. Adopting a hybrid-cloud architecture with secure on-premises filers for access and encryption at rest and in transit, utilizing identity and device management and audit capabilities, preventing shadow IT, and limiting how files can be shared and by whom will minimise breaches.  In the unfortunate event of a breach, accurate log files, immutable data, and versioning will speed forensics and recovery.

Maintaining security on an ongoing basis – audits / reviews

Once you finally secure your hybrid-cloud storage architecture, there is no guarantee that it will stay that way!  As a result, you should perform regular cloud-compliance audits. These audits can span your cloud storage provider (or providers) and your own on-premise architecture piece as well. As this dynamic market creates even more sophisticated attacks and glaring vulnerabilities, it will be IT’s responsibility to stay ahead of the game.  A hybrid-cloud storage architecture should smooth that pathway.

FIND OUT MORE

Find out more about cloud security, protection options & legislation for your cloud at the Cloud Migration Summit in London on 14th May 2019. It is the only conference dedicated to the business challenges, strategy and implementation behind successfully migrating to the cloud through proven case studies, round tables and networking sessions. Download the agenda.

 

(54)

Share

‘Ground-breaking alliance for the security industry’ IFSEC International and Security & Counter Terror Expo to co-locate at ExCeL London, May 2020

Clarion and UBM announce the co-location of the two most important events to the UK security industry in a ground-breaking strategic alliance, from May 2020 onwards.

It has been revealed that next year will see IFSEC move to a brand-new dateline of 19 – 21 May and welcome three prestigious events alongside it at ExCeL London; Security & Counter Terror Expo (SCTX), Ambition and Forensics Europe Expo.

Building on a rich history of the two exhibitions – IFSEC steeped in the trade and commercial security world and Security & Counter Terror Expo immersed in national security – the collaboration of these key events has been designed to meet the strength of demand for a central focal point for the security industry.

The added synergies between the first responder focused, Ambition and Forensics Europe Expo, which currently run alongside SCTX, and FIREX International as well as the wider security community, also lend additional diversity and strength to this new alliance.

ExCeL London will become the global destination for the security community, pushing the boundaries of security product innovation and expertise. 38,000 trade, commercial, public and policing security professionals will unite at one venue to discover the most extensive range of security suppliers on offer. In doing so, the industry will see a single marketplace for the security ecosystem made up of installers, government end users, corporate end users, integrators, manufacturers and distributors.

The announcement of the move to stage IFSEC and SCTX together at London’s ExCeL from 2020 is already being warmly welcomed, as the security industry look forward to seeing one sole event for the whole community.

“This has come at the perfect time for the security industry. The BSIA are excited to be supporting this major new partnership between the UK’s two leading security exhibitions. We have a long-standing partnership with IFSEC and we look forward to extending our welcome to SCTX.” Mike Reddington, CEO, BSIA

Dahua is excited to see this partnership between IFSEC and SCTX in 2020. It will provide a rewarding balance of end-users, consultants, installers and integrators. This presents a fantastic opportunity for likeminded end-users and integrators to exchange ideas with manufacturing security professionals.” Steve Norman, Sales Director, Dahua Technology UK & Ireland

“Risk UK, Benchmark and Professional Security Installer welcome the news that Security & Counter Terror Expo is running alongside IFSEC in 2020. We have a long-standing association with this market sector via Risk UK magazine and associated media. We look forward to supporting SCTX and IFSEC in 2020.” Mark Quittenton, Managing Director, Risk UK, Benchmark and Professional Security Installer Magazines

“Hikvision are pleased to hear the news that IFSEC and Security & Counter Terror Expo will run alongside each other in 2020. This is a good move forward for the security community, and we look forward to supporting this.” Justin Hollis, Marketing Director, Hikvision UK & Ireland

“IFSEC is always a great success for BRE Global / LPCB and we’re looking forward to showcasing the dynamic Attack Testing Zone to the SCTX and IFSEC 2020.” Richard Flint, LPCB Physical Security Certification Scheme Manager, LPCB / BRE

“IFSEC never stops surprising me. Great move for the whole security industry, getting SCTX alongside IFSEC in 2020. It’s going to be a massive set of shows.” Roy Cooper, Managing Director, Professional Security

Discussing this move for the market, the organisers of IFSEC and SCTX share their thoughts as they announce the culmination of these 18 month-long discussions to co-locate these events.

“The security industry is both broad and complex – and in recent years Clarion and UBM have come to realise that in this environment both IFSEC and SCTX had evolved in ways which were seeing them become increasingly complementary in both profile and audience.” said Tim Porter of Clarion Events.

 ‘’SCTX is by far the most prestigious and market leading event in the counter terror arena, with a proven track record in drawing a high calibre audience of government specifiers, law enforcement and related crime intelligence agencies.” added Gerry Dunphy of IFSEC. “This is a great fit for IFSEC as it strengthens our message of the critical nature of security as a major global issue. IFSEC will also highly complement this offering by continuing to champion integrated security for the trade and commercial markets. The prospect of these events, working in harmony, promoting expertise and guidance for the broader security environment has already been met with immense anticipation by the security community.” 

Bringing the events together will offer exhibiting manufacturers and distributors an unrivalled opportunity to access the entire end-to-end security audience, with a greater number of security product buyers in one venue than any other security event across the globe. Over 600 exhibiting companies will join to represent all aspects of the security sector, ranging from the latest developments in commercial and corporate security through to critical national infrastructure and policing.

For 2019, Clarion’s Security & Counter Terror Expo, Ambition and Forensics Europe Expo will take place at Olympia from the 5-6 March and IFSEC International will bring expert security products to ExCeL, from 18-20 June.

(59)

Share

Five essential tools for Supply Chain Risk Management

By Jake Olcott, VP of Government Affairs at BitSight

All areas of risk management involve blind spots, including supply chain risk management. To be effective in this field, risk professionals must account for risks from a wide variety of sources, from bad password management to geopolitical upheaval. Supply chain risks can be difficult to detect, unpredictable, and fast-moving.

Thankfully, technology companies have made the process of managing risk in the supply chain easier. These companies put big data, machine learning, and artificial intelligence to work to increase visibility for risk professionals, giving them the ability to more effectively monitor, prepare for, and mitigate supply chain risks.

Depending on the nature of their supply chains, professionals should consider adding at least a few of these supply chain risk management solutions to their toolbox.

Mapping solutions

One of the most important components of any supply chain risk management programme is an up-to-date map of supplier relationships. The more detail this map includes, the more insights risk professionals can draw from it, helping them to monitor and mitigate supply chain risk.

For most companies, mapping tier-one suppliers is relatively easy. However, true visibility requires knowing who supplies the suppliers. These maps can get very complex very quickly; relying on humans alone to create and maintain them can lead to missed connections and relationships.

A variety of technology providers have stepped in to solve the problem, leveraging artificial intelligence to help businesses map their global supply chains, and produce automated insights about potential risks.

That’s all well and good for physical supply chains, but what about digital ones? After all, risks to technology vendors like cloud services providers and operations software companies can be just as costly as risks to physical suppliers.

Organisations need to be working with solution providers to utilise externally-available data, to map digital supply chains. These can also be used to identify fourth and fifth-tier connections and single points of failure, which could introduce additional risk.

Environmental Risk Solutions

Artificial Intelligence and Big Data are now being employed to help businesses predict and respond to weather events faster than ever before. These solutions use a combination of forecasting data, real-time updates on infrastructure status, historical data, and compliance factors to deliver risk insights that would not have been possible in the past.

Supply chain risk management solutions give businesses the ability to track the environmental risks affecting shipments. These risks can be quantified and continuously updated, giving risk professionals the power to predict, in real-time, how whether shipments along their supply chain will be delayed by bad weather.

Code Verification Solutions

Within a digital supply chain, one of the greatest risks is vulnerabilities introduced by third-party code that has been integrated within a proprietary system. This is exactly the kind of threat that caused a major data breach at Ticketmaster earlier this year.

Therefore, solutions like IBM’s ‘AppScan’ and CA Veracode, are an integral part of the supply chain risk management toolbox. All third-party code should be scanned for integrity before it’s allowed anywhere near internal systems or data.

Geopolitical Risk Solutions

With so many businesses relying on suppliers and providers on the other side of the world, it can be easy to overlook geopolitical risks to the supply chain.

However, risk professionals in the West can’t be expected to become experts in the complex political realities of China or India, for example. So, how can you know whether your critical partners that are based overseas, are at risk?

Believe it or not, technology helps in this arena as well. Aggregating data from social media, news outlets and other sources, can be analysed with natural language processing and machine learning algorithms. This can subsequently provide indicators of political risk, in near real-time.

Vendor Risk Management Solutions

Whether we’re talking about the physical or digital supply chains, cyber risk is a major consideration. Well-known cybersecurity events like Heartbleed, Petya, and WannaCry, can take down huge swathes of a business’s supply chain almost immediately. Every business is subject to cyber threats, and those who are unprepared to defend against them risk operational disruption, regulatory violations, and data breaches.

This is where security rating tools can indicate the overall cybersecurity posture of an organisation, based on external-facing data. This information includes metrics related to compromised systems, user behaviour, and diligence. Updated daily, these can be used to quickly ascertain how prepared an organisation’s entire supply chain is for a potential cyber-attack.

Armed with this visibility into the cyber risk exposure of their suppliers, risk professionals can take the necessary steps to mitigate any potential issues before they get out of hand. Not every company needs to use all of these solutions. However, they should undertake continuous monitoring and advanced analytics, to improve visibility into supply chain risk.

(86)

Share

Hackers destroy all data from popular US email provider VFEmail – Comment

Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers’ data in the process. The attack took place yesterday, February 11, and was detected after the company’s site and webmail client went down without notice.

Full Story: https://www.zdnet.com/article/hackers-wipe-us-servers-of-email-provider-vfemail/

Commenting on the news is Chris Doman, security researcher at AlienVault, an AT&T company:

“VFEEmail offers an anonymous email service that is popular with some of the more shady parts of the internet. This in itself, provides some interesting motivations for why someone might want to wipe all of their data.

Based on the command executed by the attackers, and shared on Twitter by VFEEmail, the attackers used the dd to wipe the systems. It may be possible to restore the files, but it will be harder than if the attackers had simply deleted individual files.

VFEEmail mention the backups were destroyed too. This shows the importance of off-site back-ups that can’t be easily accessed.”

(83)

Share

Mumsnet suffers data breach with 1000s of users impacted – ICO also notified

It has been discovered there was a problem affecting Mumsnet user logins between 2 pm on Tuesday 5 February and 9 am on Thursday 7 February. During this time, it appears that a user logging into their account at the same time as another user logged in could have had their account info switched. Mumsnet believes that a software change, as part of moving services to the cloud, that was put in place on Tuesday pm was the cause of this issue. It has been reported that up to 4,000 users have been exposed.

 

Commenting on the news and offering advice is Lamar Bailey,  Director of Security research and development at Tripwire:

 

“Every change to an organisation’s infrastructure is a delicate process that needs to be planned out and carefully executed. While – depending on the cloud service model – the responsibility of maintaining the security ‘of the cloud’ is entrusted to the cloud service provider, while the security of the data ‘in the cloud’ is still the responsibility of the customer, and so is the security and effectiveness of the migration process.It makes sense for a glitch like the one experienced by Mumsnet to have happened as a consequence of a misconfiguration during the migration process, but thankfully, the breach was contained and swiftly reported.”

 

“The most common reason for a failure in the cloud migration process is poor planning. Organisations need to be able to allocate the necessary resources into the migration process. This could be having increased personnel, training for existing staff and taking experts’ advice on realistic budget and execution time.”

“The best way to prevent these issues happening is to prepare thoroughly for cloud migration, taking into account that the process could potentially take time and resources. Not rushing is paramount to maintaining the security of the enterprise, and sometimes it might be advisable to migrate services one by one, starting with the less critical, to ensure that the process is running smoothly. Organisations should also ensure that they have well trained and skilled personnel on the task.”

“The best way for organisations to maintain security when moving to the cloud is to have in place foundational controls, that monitor file integrity, configuration management, asset discovery, vulnerability management, and log collection. The majority of cloud breaches, however, can be traced back to misconfiguration and mismanagement of cloud-native controls, therefore it is careful planning and preparation that will ultimately protect businesses during the migration to a cloud environment.” 

 

(39)

Share

Wi-SUN Alliance Drives Delivery of Open, Secure and Interoperable Solutions, with Availability of First Wi-SUN Field Area Network Certified Products

The Wi-SUN Alliance, a global ecosystem of member companies seeking to accelerate the implementation of open standards-based Field Area Networks (FAN) and the Internet of Things (IoT), announced that the first wave of members have successfully completed interoperability testing to become the first solutions to achieve Wi-SUN FAN certification.

“Standards and interoperability are key to continued growth for the IoT industry,” says Phil Beecher, President and CEO of the Wi-SUN Alliance. “The availability of certified Wi-SUN FAN solutions delivers on our mission to offer utilities, cities and service providers adaptable multi-service networks that will help ensure interoperability today and for future generations.”

The solutions from Cisco, Itron, Nissin Systems, Kyoto University, Landis+Gyr, Renesas and ROHM address the needs of utilities, city developers and other service providers to simplify and support large-scale, outdoor networks for smart cities, smart utilities and other IoT rollouts.

Wi-SUN FAN is a communications infrastructure for very large-scale networks, enabling many devices to interconnect on one common network. All Wi-SUN certified products were rigorously tested by Allion Test Labs in Taiwan, the first test lab to achieve Wi-SUN FAN 1.0 validation, to ensure the devices worked together effortlessly and securely to ensure rapid time to market. Upon successful test completion, approved products are permitted to display the Wi-SUN Certified FAN logo, which indicates to users that these products are compliant with open standards, interoperable, secure and scalable and can be deployed with confidence. To learn more about Wi-SUN product certification, please visit http://www.wi-sun.org.

Wi-SUN FAN Certified Products:

Cisco:  Achieved the very first Wi-SUN FAN 1.0 certification with its IR509 WPAN Industrial Router, which will be deployed into a diverse set of Internet of Things applications including: smart metering, smart grids, distribution automation, supervisory control and data acquisition, and street lighting.  Dedicated to the Wi-SUN program, Cisco has contributed multiple test bed units for the Wi-SUN FAN certification program.

 

Itron: The Wi-SUN FAN certified Itron Bridge5-WS is a key component of the Itron Network platform that enables cities and utilities to cost-effectively integrate industrial IoT and utility control and monitoring devices onto a secure, reliable and open standards-based Wi-SUN FAN. With this certification, Itron continues its long-time leadership in the Wi-SUN Alliance leading up to this milestone, including significant contributions to the development of the FAN Technical Profile, Compliance Test Plan and Test Bed.

 

Nissin Systems, Kyoto University, and ROHM: Collaborated on the development of the EW-WSN BP35C4, which has achieved Wi-SUN FAN certification. The EW-WSN BP35C4 is a multi-purpose module compliant with Wi-SUN FAN 1.0 router with a UART interface. It is easy to integrate in smart utilities and various IoT devices.

Landis+Gyr: The N550 Network Node is an integral part of Gridstream® Connect, the industry leading utility IoT solution that delivers flexibility for applications such as AMI, distribution automation, consumer engagement, smart cities, DER integration and more. For more information please visit: https://www.landisgyr.com/solution/gridstream-connect/

 

ProCubed: Provided test tools for the certification testing environment including:

1) ProShark Plus (Wi-SUN FAN 1.0 Protocol Analyzer), 2) Test Bed Controller (Pro-Si-SUN FAN1.0-915-TBC

 

Renesas: Selected to provide one of the interoperability test bed units for the Wi-SUN FAN certification program and achieved Wi-SUN FAN 1.0 certification with its RF (RAA604S00)+ MCU (RX651) wireless solution.

 

Be sure to visit us at DistribuTECH 2019

The Wi-SUN Alliance will showcase Wi-SUN FAN certified solutions from Cisco, Itron, Landis+Gyr, Nissin Systems and Renesas at DistribuTECH 2019 in booth 11225.

 

 

 

Wi-SUN Alliance and the Wi-SUN Alliance logo are trademarks of the Wi-SUN Alliance.

(33)

Share

Sophos releases ‘Matrix Deconstructed: the trend for targeted ransomware continues’

Sophosa global leader in network and endpoint security, released a new report about a ransomware family called Matrix. The malware has been operating since 2016 and Sophos has tracked 96 samples in the wild. Like previous targeted ransomware, including BitPaymer, Dharma and SamSam, the attackers who are infecting computers with Matrix have been breaking in to enterprise networks and infecting those computers over Remote Desktop Protocol (RDP), a built-in remote access tool for Windows computers. However, unlike these other ransomware families, Matrix only targets a single machine on the network, rather than spreading widely through an organization.  
In its latest paper, SophosLabs reverse engineered the evolving code and techniques employed by the attackers, as well as the methods and ransom notes used to attempt to extract money from victims. The Matrix criminals evolved their attack parameters over time, with new files and scripts added to deploy different tasks and payloads onto the network.
Matrix ransom notes are embedded in the attack code, but victims don’t know how much they must pay until they contact the attackers. For most of Matrix’s existence, the authors used a cryptographically-protected anonymous instant messaging service, called bitmsg.me, but that service has now been discontinued and the authors have reverted to using normal email accounts. The threat actors behind Matrix make their demand for cryptocurrency ransom in the form of a U.S. dollar value equivalent. This is unusual as demands for cryptocurrency normally come as a specific value in cryptocurrency, not the dollar equivalent. It’s unclear whether the ransom demand is a deliberate attempt at misdirection, or just an attempt to surf wildly fluctuating cryptocurrency exchange rates. Based on the communications SophosLabs had with the attackers, ransom demands were for US$2,500, but the attackers eventually reduced the ransom when researchers stopped responding to demands.
Matrix is very much the Swiss Army Knife of the ransomware world, with newer variants able to scan and find potential computer victims once inserted into the network. While sample volumes are small, that doesn’t make it any less dangerous; Matrix is evolving and newer versions are appearing as the attacker are improving on lessons learned from each attack.
In  Sophos’ 2019 Threat Report we highlighted that targeted ransomware will be driving hacker behavior, and organizations need to remain vigilant and work to ensure they are not an easy target.
Sophos recommends implementing the following four security measures immediately:
  •   Restrict access to remote control applications such as Remote Desktop (RDP) and VNC
  •  Complete, regular vulnerability scans and penetration tests across the network; if you haven’t followed through on recent pen-testing reports, do it now. If you don’t heed the advice of your pentesters, the cybercriminals will win
  •   Multi-factor authentication for sensitive internal systems, even for employees on the LAN or VPN
  •   Create back-ups that are offline and offsite, and develop a disaster recovery plan that covers the restoration of data and systems for whole organizations, all at once

(45)

Share