The goal of ransomware is simple: to hold your data hostage until a ransom is paid to its captor. The effects are devastating. The NotPetya ransomware is estimated to have cost businesses up to $10 billion. Its sibling, WannaCry, tallied somewhere between $4 billion and $8 billion in losses to business. The costs of ransomware …
ZENworks will be in attendance at RSA, Located at North Expo #4508. Visitors are invited to discuss the impact of preventable malware and unified endpoint management solutions built for implementation. Ransomware and malware attacks devastated some of the largest brands in 2018. WannaCry lived up to its name, dishing out as much as $10 billion …
Everyone has heard of WannaCry and NotPetya, two of the most devastating ransomware attacks in history. WannaCry cost businesses somewhere between $4-8 billion, and losses due to NotPetya are estimated at more than $10 billion, making it the most destructive attack in history from a cost perspective. The extent of the damage to businesses goes far …
We have detected the infection of Wannacry ransomware in one of our endpoint, which was cleaned by deletion by SEP Client.we are investing the same.
I have read that Wannacry Ransomware does not infect the machine through Malicious mail.
Can someone help me with exact attack vector of Wannacry Ransomware.
Has anyone found out how the first system in organization get infected by Wannacry ransomware??
Quick response will be appreciated.
According to U.S. intelligence sources who spoke to the Washington Post, Russian military spies likely hacked the computer network used to run the South Korean Winter Olympics, disrupting the ticketing and broadcast systems in retaliation for banning the Russian team for doping violations — and tried to leave digital fingerprints that would pin the blame on North Korea.
U.S. officials declined to comment to the Post, but if the report is accurate, Russia’s tactic was a savvy one. North Korea has flexed its hacking capabilities several times in recent years, in campaigns ranging from spreading the WannaCry ransomware to its suspected hack of Sony Pictures in 2014. Dmitri Alperovitch, the co-founder of cybersecurity firm CrowdStrike, told The Guardian Monday that he’s more concerned about North Korea’s cyber attack capacity than Russia’s. Still, the February 16 indictment by a U.S. federal grand jury of thirteen Russian nationals for influencing the 2016 presidential election suggest the country is more than holding its own.
The drama highlights the porous, destabilizing nature of the internet. The international community sanctions the flow of many goods to and from North Korea, but China and Russia still provide its government with reliable internet access. And though most North Koreans don’t have access to the open web, cyberspace was still a positive force in repressive nations as recently as the Arab Spring, when young activists used Facebook and Twitter to mobilize.
But political hacks and social media disinformation campaigns over the interceding years have muddied those waters. The web’s power for good or ill depends on who wields it — and in the era of sophisticated, state-sanctioned cyber warfare, even that’s often unclear.
It might look to be out of the limelight compared to 2017, but it would be foolish to write ransomware off yet, as more attacks using the file-encrypting malware are ahead.
High profile incidents like WannaCry, NotPetya and Bad Rabbit made ransomeware infamous last year. WannaCry and NotPetya have since both been attributed to be the work of nation-states – the former to North Korea and the latter to Russia – changing the perception of ransomware from something used by cybercriminals attempting to make a quick buck, to it becoming a tool of cyberwarfare.
That’s especially the case for NotPetya, which took down the networks of businesses around the world and causing billions of dollars in damages and lost income.
So while some cybercriminal operations have pivoted towards cryptocurrency mining as means of making money, don’t expect ransomware to be any less effective – or destructive.
“We do not expect the trend of ransomware plateauing in 2018. Enterprise ransomware will continue to be a major trend for various nation-state and criminal adversaries,” Adam Meyers, VP of Intelligence at security company CrowdStrike told ZDNet.
The company’s newly released 2018 Global Threat Report suggests that rather than fading into the background, ransomware could become an even more prominent tool of cyberwarfare – especially as the likes of WannaCry have demonstrated the large amounts of damage which can be done.
Such is the evolving nature of the cyber threat landscape, it’s entirely possible these types of destructive forms of ransomware could be adopted by others
“The propagation of advanced exploits has now blurred the lines between statecraft and tradecraft, and the threat landscape is evolving into a much grander scale of threat actors,” said Meyers.
There’s the possibility that the success of destructive ransomware attacks means they could be exploited by other groups, such as smaller-nations who want a piece of the pie, or even activist groups with hacking arms.
“Hacktivist groups will use ransomware and pseudo-ransomware wipers to disrupt victims, eroding trust between vital businesses and their customers or between governments and their constituencies,” says the report.
It’s also worth noting that while ransomware was a menace before WannaCry appeared, this particular strain of ransomware was made much more potent via its ability to exploit the EternalBlue vulnerability – and it opened the door to other forms of malware doing the same.
There’s no reason why ransomware couldn’t do the same again, exploiting newly discovered vulnerabilities to make payloads more potent.
“In 2018 and beyond, new campaigns could incorporate the latest vulnerabilities or additional TTPs [Tactics, Techniques, and Procedures] that have not been previously observed or associated with ransomware campaigns,” said Crowdstrike.
READ MORE ON CYBERCRIME
- Cybercrime drains $600 billion a year from the global economy, says report
- US: Russia’s NotPetya the most destructive cyberattack ever [CNET]
- This lucrative ransomware campaign secretly surveys vulnerable networks to maximise infections
- The nasty future of ransomware: Four ways the nightmare is about to get even worse
- Ransomware attacks: Here’s what we need to learn from WannaCry and Petya[TechRepublic]
Our advanced technologies have enabled us to transcend and communicate beyond boundaries. However, they have also created new and increasing threats to businesses. With the recent news on WannaCry and Petya cyber attacks, cyber warfare has been conducted by a plethora of criminal hackers, organized crime groups and even anyone to obscure the resources. Come and join us for our FREE Cyber Warfare Seminar (worth S$99) on 13 and 14 March 2018 and explore the various threats in the cyberspace and how they impact the infrastructure and state of cybersecurity.
Key Seminar Highlights
- Cyber Warfare Explained | Risks, Threats and Vulnerabilities
- Cyber Attacks in History | Case Studies
- Attack Strategies | Demo: Wireless Hacking
- Vulnerability Assessments | Activity: Scanning for vulnerabilities and Exploiting machines
- Defense Strategies and Countermeasures
- To understand key concerns in cyber warfare
- To prepare for cyber challenges which are transcending beyond boundaries
- To understand active cyber defense strategies and countermeasures
Who Should Attend
IT Managers, IT Security Auditors and Testers, IT Penetration and Security Analysts, Network and Security Administrators, In-House Network Administrators, Network Executive and anyone who wish to know more on cyber threats in general are sure not to miss!
Session Dates (Please select one upon registration):
- 13 March 2018 (Tuesday) | 7.00pm to 9.30pm
- 14 March 2018 (Wednesday) | 7.00pm to 9.30pm
Spaces are limited. Sign up here to avoid disappointment!
THE CYBERSECURITY war between North Korea and the rest of the world appears to be taking a turn for the worse.
A private security company, FireEye has identified a North Korean cyber infiltration group called APT37 which has raised its sites from its previous concentration on purely South Korean targets to a more scattergun approach to cyber espionage.
At the same time, US authorities have formulated potential plans for a series of what it terms “bloody nose” attacks on targets in North Korea, which will focus on digital warfare rather than a conventional attack, according to UK news organization, The Daily Telegraph.
The new targets for the APT37 group, as revealed by FireEye, include a Middle Eastern company which had previously worked with North Korean authorities in telecommunications but whose venture had ‘gone south’. Furthermore, individuals working for Olympic organizations, a journalist associated with human rights issues in North Korea, and a Japanese party concerned with UN missions on sanctions have also been affected.
While the number & type of targets for the North Korean attacks have changed and broadened, the methods employed by the group remain much the same. Focusing primarily on phishing attacks in the first instance, the group sends Microsoft Office documents to its targets which, once open, drop malicious payloads into machines’ systems.
The variants of malware deployed in this way collect system information, take screenshots and remotely download further code from sites controlled by the group.
The hacking group seems quite quick to adopt newly publicised vulnerabilities, developing their specific tactics after only a few weeks from when vulnerabilities are publicised. FireEye’s report states this aspect “suggest[s] a high operational tempo and specialized expertise.”
According to sources for The Telegraph, for the last few months, the US has been laying the groundwork for cyber attacks against North Korea which will be routed through South Korea and Japan, where the US has a significant military presence. Preparations include installation of network infrastructure such as fibre cables, and the setting up of virtual listening posts from where government agents will attempt to access the North Korean Internet.
American analysts with experience in other areas such as the war on drugs are being reassigned to the new Korea Mission Centre, which is being run by the CIA.
This provides customer context and telemetry.
— Nick Carr (@ItsReallyNick) February 20, 2018
The cyber war between North Korea and the rest of the world has heated up recently, with reports of the rogue state being behind the theft of ¥58 billion from Japanese cryptocurrency exchange Coincheck at the beginning of this year.
North Korea is thought to have mobilized around 6000 individuals to wage a virtual war against its enemies, and the choice of battleground may well suit an American administration particularly sensitive to physical casualties among US personnel in conventional conflicts, with the associated imagery of body bags being flown home.
As well as previous attacks laid at the door of the North Koreans such as the WannaCry incidents, a further malware instance termed “DogCall” and a wiper tool “RUHappy” have also been deployed.
“An individual we believe to be the developer behind several APT37 malware payloads inadvertently disclosed personal data showing that the actor was operating from an IP address and access point associated with North Korea,” said FireEye.
JOIN THE CONVERSATION
The last decades have seen many organizations following solely tech-based cyber security policies. With the human factor increasingly moving into focus recently, a shift to a more holistic approach in cyber defense strategies can be observed.
This does not come as a surprise when looking at the statistics. Nearly 90 percent of all successful cyber warfare attacks are executed through the human element within the organization – Sony Pictures, Lockheed and Edward Snowden being just a few prominent examples.
It is not only malicious intent of employees that causes problems. Far too often it is complacency or lack of knowledge that can open the gates to potential attacks. One only needs to look at the WannaCry ransomware attack of May 2017, which within a day infected networks across the globe (including Myanmar). WannaCry used vulnerability in Windows, for which Microsoft had already released a critical advisory and a patch two months prior to the initial attack. While the damages are hard to quantify, estimations go into billions of dollars.
Consequences of a successful phishing attack
A typical attack every organization faces is phishing. Phishing attacks aim at getting access to sensitive information, such as passwords, pin numbers, company documents and bank account or credit card details, etc. From an empty bank account to data leakage or identity theft, the consequences of a successful phishing attack can be serious.
Just think about your competitor knowing your next steps. We have all encountered emails promising us cash, cars or an exotic vacation, if we only click that ominous link at the bottom of the email. Should you not already know this, let it be said now – don’t click the link! Instead of getting a prize, you are more likely to enter a world of pain. What is little known is the level of sophistication of many of these attacks. This is where we enter the realm of social engineering.
Cyber criminals will often go through a painstaking amount of research using open source information, such as from social media sites (Facebook/LinkedIn) or company websites, blogs, etc., or sources in the darknet (a network that trades in illicit wares) to gain as much information as possible on their target. This information is then used to create tailor made phishing emails, imitating a trustworthy source.
Maybe it’s an email to the human resources department: “Hi Steve, good running into you the other week…” or the criminals may create a false domain, which at first glance looks similar to your own – …@myanrnar.com instead of …@myanmar.com. Verizon’s 2015 Data Breach Investigations report states that 23pc of recipients open phishing emails and that in companies 11pc click on the attachments.
Cheap and effective way of bolstering security
To counter these issues, organizations must look at all aspects of security in a holistic manner, and a key component is the human factor. Cyber criminals are adept at finding the weakest links in any organization – from executive personnel who ignore security protocols to office staff that are unaware of the threats.
Cyber security is no longer just the responsibility of the IT team but that of every employee. Investing in cyber awareness is a relatively cheap and effective way of bolstering an organization’s security.
Around the world, many corporations have adopted mandated cyber awareness programs, usually from a specialized outside party. In Myanmar, such training programs are increasing in popularity, especially because of their cost effectiveness. Overall, there are many different approaches, for example, training programs and lectures, regular messages, quizzes and games.
Another option could be conducting controlled and guided cyber warfare drills for the management with a special focus on the financial effects and company reputation and client confidence. What they all should have in common is that they need to be sustainable to be effective. At the end of the day, we all need to keep in mind that we are only as secure as the weakest link in the organization, and all too often, it comes down to the human factor.
Florian Frank is the Director of Business Development at DLG, a Yangon based consultancy specialized in Cyber Security Solutions.