InForce Cyber

Threat Report July 2020

The month of July was rich of ransomware attacks.
Here are some topics to support this statement:

1.   REvil Ransomware Hackers Commandeer Spanish Railway Company

A ransomware assault was propelled against a state-possessed firm with the obligation of observing and keeping up Spanish rail foundation. The firm, known as Adif, succumbed to a gathering that took steps to release delicate organization information taken utilizing REvil ransomware (otherwise called „Sodinokibi“).

The malicious actors requested $6 million as a byproduct of 800GB of encoded information. However, Adif authorities made light of the seriousness of the assault in correspondences with the International Railway Journal. They deny that individual subtleties were undermined, however the programmers made it bounteously certain that they had taken touchy records from the organization.

The assailants are said to have taken individual data, correspondence, agreements and bookkeeping information. They compromised that, on the off chance that Adif didn’t submit to their conditions, at that point another assault would occur. The result of this most recent cyberattack is as yet indistinct.

Records Exposed/Ransom Paid/Revenue Lost: Emails, professional contracts, and accounting data 

  • Type of Attack: REvil (Sodinokibi) ransomware 
  • Industry: Public services, railways
  • Date of Attack: July 23, 2020
  • Location: Spain

Key Takeaways

Travelex, the London-based currency exchange platform used by Adif, had ignored repeated warnings of weaknesses in its Pulse Secure VPN server, which was exploited in the attack. Consider the following tips as means of protection:

Update Your Antivirus Software 

Maintain updated firewalls and antivirus software. Ignoring warnings can have devastating results for your data. 

Limit the Use of Your VPN

Restricting VPN access to a select few individuals will significantly decrease the chances of its exploitation or misuse. 

  • Tax-Collection Phishing Scam Targets Self-Employed 

In another cyberattack, hackers acted like HMRC (Her Majesty’s Revenue and Customs) SMS (short message administration). They focused on independently employed people in the United Kingdom (UK), clarifying the casualties were owed a duty discount and afterward guiding them to a pernicious URL.

For the blessed not many that have cybersecurity items introduced on their gadgets, admonitions were shown demonstrating the site was not secure. Those without such securities, however, weren’t so fortunate. The bogus government site, promoting „Coronavirus (COVID-19) direction and backing,“ mentioned Mastercard numbers and identification data from clueless guests.

Specialists accepted those focused on were picked as the top of their organizations. (The majority of the 80 casualties reached were enlisted chiefs or proprietors of bookkeeping firms.) They were expected to hold data on representative wages and other touchy data, making them the ideal entryway to advance information misuse.

Records Exposed/Ransom Paid/Revenue Lost: Credit card information and passport numbers belonging to at least 80 people

  • Type of Attack: SMS phishing
  • Industry: Financial services
  • Date of Attack: July 2020
  • Location: United Kingdom

Key Takeaways

The attackers are believed to have specifically used the SMS approach since most companies have measures in place to protect email communications from phishing attacks. Keep this, as well as the tips below, in mind so as not to become a victim:

Always Be Critical of Requests 

National governments will never ask their constituents for such sensitive information and nonsecure payments via text. Never engage with such correspondence and be sure to report it immediately.

Prepare Yourself for Threats 

The victims who proceeded to the website either ignored warnings or did not have the software to protect them from the nonsecure site. Employ web security software to protect against such events. 

  • Travel Management Giant CWT Pays $4.5M Ransom

Business-to-business travel the board organization Carlson Wagonlit Travel (CWT) was likewise focused by a horrendous ransomware information break in July 2020. Subsequent to booting 30,000 of the universal organization’s PCs disconnected and propelling extra assaults, the programmers requested $4.5 million. Conflicting with specialists’ recommendation, CWT yielded.

The malicious actors had significant inspiration to target CWT rather than other travel services in the Ragnar Locker ransomware assault. The organization is positioned as one of the main 5 most beneficial travel services, and incorporates 33% of all S&P 500 enterprises among its shopper base.

The ransomware focused on Microsoft Windows, malware discovery, and guard programming. CWT paid the whole of $4.5 million after the cybercriminals at first requested $10 million. The cash, in bitcoin structure, arrived at the hackers’ computerized wallet on July 28.

Records Exposed/Ransom Paid/Revenue Lost: $4,500,000 

  • Type of Attack: Ragnar Locker ransomware
  • Industry: Travel
  • Date of Attack: July 28, 2020
  • Location: Minnesota (CWT Headquarters)

Key Takeaways

CWT owns offices located around the globe. This means that some of its sensitive data would be shared and/or stored in the cloud. Here are two ways to protect yourself from incidents involving the cloud:

Enable Two-Step Authentication

This way, even if a hacker manages to acquire corporate passwords, they will not have access to the second layer of security, and therefore, cannot bypass it. 

Limit Access to Sensitive Company Information

Not all employees need to have the same extent of clearance to certain data; too much access will endanger its security.

  • Garmin Receives Decryption Key for WastedLocker Ransomware Following $10 Million Demand

Another on the rundown of corporate goliaths that endured a hack in July is tech device maker Garmin. In one of the most noticeably terrible cybersecurity breaks in 2020 hitherto, WastedLocker Ransomware administrators constrained Garmin to close down its administrations for many clients around the world. Administrations that couldn’t be gotten to included Garmin Connect and flyGarmin, among others.

Appropriately, Garmin workers shut down totally associated PCs and scholarly of a $10 million payment request. Given that the aggregate’s IT office later procured an immaculate decoding key, it is accepted they paid the payoff. Garmin authorities would not remark on the issue.

WastedLocker is just somewhat affirmed as liable for the occurrence, since the decryptor referenced Emsisoft and Coveware. The cybercriminal bunch is believed to be established in Evil Corp. Since Evil Corp is remembered for the U.S. sanctions list, submitting installment in light of ransomware assaults may bring about extreme fines.

Records Exposed/Ransom Paid/Revenue Lost: $10,000,000 (allegedly)

  • Type of Attack: Ransomware
  • Industry: Technology
  • Date of Attack: July 23, 2020
  • Location: Kansas (Garmin Headquarters)

Key Takeaways

WastedLocker is known specifically for targeting enterprises. If your business fits that category, follow these tips for maximum protection:

Always Encrypt and Back up Your Data

Along with limiting physical access, this renders data useless when accessed by an unauthorized party.

Keep Unused Devices Offline

Instead of waiting until there’s an attack to power down, set all unused devices to automatically “lock” or “sleep” after 5 idle minutes, preventing unwanted access.

The Next Attack

The recent cybersecurity breaches were particularly hard-hitting due to the widespread economic harm wrought by the ongoing COVID-19 pandemic. With more businesses now transitioning to remote work, the threat of cyberattacks grows along with the ever-expanding “attack surface.” So, if you’re ever wondering, “Has there been a cyberattack today?”, odds are that there has.

Experts predict that IoT (Internet of Things) problems will worsen with continual development of 5G technology, and they believe critical infrastructure will be targeted with increasing frequency. For these reasons, it is important to take the appropriate precautions so as not to experience damages such as those characterizing the worst cyberattacks of 2019.