ITBusiness.ca

Not as protected as we think we are: This Week In Ransomware as of Monday, August 15, 2022

Are the things we think protect us from ransomware working as well as we might think?  Some stories from this week make it clear that we are not as well protected as we might believe.

Multi-Factor Authentication “fatigue” leads to Cisco ransomware breach

There is no question that Cisco is one of the leading companies in terms of network security. Yet a recent ransomware attack managed to steal data from the company.

A person associated with the Yanluowang ransomware gang claims that they were able to steal 2.75 GB of data. The company acknowledged the breach, stating that the attackers, “moved into the Citrix environment, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers.”

How could an attacker get past Cisco’s defences, which include multi-factor authentication (MFA)? It turns out that the attackers managed to exploit what is called “MFA fatigue.”

The attacker sent a large stream of multi-factor authentication requests. The idea is to annoy the receiver so that they finally accept just to stop the messages – without thinking of potential consequences.

This story is high profile, but it’s only one of many similar occurrences. It points out the need to not only implement multi-factor authentication, but to ensure that all employees know that MFA only works if employees use it as it was designed – as a secondary confirmation of a security transaction that the employee has initiated.

SMS phishing captures credentials

Cloud company Twilio acknowledged that its systems were breached and customer data accessed by attackers who stole employee credentials using an SMS phishing attack.

Attackers sent an SMS message with a link that took the employees to a realistic looking fake Twilio login page, which then captured their credentials.

In a statement issued over the weekend, the company acknowledged that “on August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

Cyber Insurance Doesn’t Adequately Cover Ransomware?

A recent posting by security reporter Howard Solomon noted that cyber insurance may not protect companies after ransomware attacks.

First of all, not all companies are covered by cyber insurance. According to a recent study, 55 per cent of the Canadian and U.S. respondents said they currently have cyber insurance. Another 28 per cent intend to acquire coverage shortly.

But more than one-third (37 percent) said their organizations aren’t covered for ransomware payments. A further forty-three per cent said their firms aren’t covered for auxiliary costs such as court costs and downtime.

Of those who have coverage, over half (56 per cent) are only covered up to US$600,000. According to the survey authors, that wouldn’t cover the average ransomware demand in 2021.

“Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage,” said Shishir Singh, executive vice president and chief technology officer for cybersecurity at BlackBerry.

The study was paid for by BlackBerry and Boston-based Corvus Insurance.

Exit mobile version