HolistiCyber Offers Protection Against WannaCry Ransomware
In May 2017 what is believed to be the biggest ransomware campaign yet hit hundreds of companies around the globe. Identified as a variation of WannaCry ransomware, it blocks access to the victim’s computer system and files and demands a payment of as much as US$300 per computer to unblock it. Once a single computer is infected with the ransomware, it searches for other vulnerable computers in the network and infects everything in its path. Because of vulnerabilities in Microsoft products after a Windows exploit was recently hacked from the NSA, the dangerous campaign is spreading at an astounding pace. In only a few hours more than 45,000 computers in at least 74 countries were infected.
Cyber Attacks Could Bring the World to Its Knees
This particular attack affected 16 UK hospitals to such an extent that they had to shut down work. In Spain over 85% of the country’s main telecommunications firm Telefonica was infected. These hackers are turning out to be a powerful global threat. With cyber attacks not only increasing in frequency but also in severity, it is becoming clear that significant investments in cyber defence technologies should be made. End-to-end holistic cyber security solutions have to be implemented to ensure safety from this massive threat.
World-Class Cyber Protection
HolistiCyber delivers integrated defence options with the express aim of keeping clients safe from highly sophisticated hackers. I co-founded the company in 2016 together with brigadier general Ran Shachor and former air force officer Moshe Ishay. All employees are former military intelligence, both Israeli and American. As a company, we focus on developing cyber solutions for advanced protection against cyber attacks on a wide variety of fields including the insurance industry, credit companies and more. Our main markets are the US and Europe. With a comprehensive service portfolio, HolistiCyber is equipped to identify, prevent and neutralize all major security threats.
Security researchers made a worrisome discovery of two major vulnerabilities in chips installed in millions of networking devices and access points around the globe.
Named BleedingBit, the two chip flaws in Bluetooth Low Energy (BLE) chips may allow hackers to run arbitrary code to take complete control of devices that don’t require authentication. This includes point-of-sales and IoT devices and well as critical medical devices such as pacemakers and insulin pumps. The discovery was made by researchers at Armis, an Israel-based security company that was also responsible for recently discovering BlueBorne, a range of Bluetooth-related flaws that affected billions of smartphones, TVs, laptops and watches using Android, Linux, iOS and Windows.
The vulnerabilities unveiled exist in BLE Stack chips manufactured by Texas Instruments and are embedded in a range of their enterprise products, used by companies such as Aruba, Meraki and Cisco. The first flaw affects many of Meraki and Cisco’s Wi-Fi access points. It uses a loophole in how incoming data is analysed by the chips. When excess data is sent to the chip, its memory is corrupted which makes the device vulnerable to malicious code. The second flaw stems from a firmware update done to a feature called Over the Air Firmware Download (OAD). All Aruba access points share the same password to this feature which can easily be obtained by hackers through sniffing a legitimate update or by reverse-engineering the Aruba BLE firmware. A malicious update can then simply be delivered to the access point and full control can be gained.
After making the discovery, Armis reported it to all vendors and duly assisted companies with rolling out updates that address the issues. Texas Instruments confirmed the flaws and subsequently released security patches to affected companies. Cisco, Meraki (owned by Cisco) and Aruba released security patches for the hardware and announced that they are not aware of anybody exploiting these vulnerabilities.
Cybercriminals never take breaks and never waste an opportunity to steal sensitive data from unsuspecting companies. British Airways doesn’t look like an easy target, but apparently, their defensive mechanisms were not enough to prevent hackers from stealing customer data from their website. The company has confirmed the fact that as many as 380,000 customers had their personal details and credit card numbers exposed during the data breach.
15 Days of Cyber-Insecurity for British Airways
The attack started on August 21 and customers who have booked their flights on the company’s website and through its mobile app were affected. British Airways has advised them to get in touch with their banks and take the necessary measures to protect themselves. The hackers got their hands on the names, addresses and financial information belonging to the victims. According to a British Airways spokesperson, they were not able to get the travel details and passport numbers.
Furthermore, the company has reassured customers that the payment methods saved on its website are still secure. Essentially, the hackers only got the information from the credit cards used during those two weeks of mayhem. British Airways didn’t provide information about how the hackers were able to create the breach, but went to great lengths to reassure customers that they are no longer in danger. Meanwhile, the National Crime Agency is working to assess the best course of action.
Now that the vulnerability has been resolved, British Airways clients were reassured that they can access the site and buy tickets securely. This is not the first time an airline is attacked by hackers this summer, as this incident comes just a few weeks after Air Canada suffered a major data breach. In that attack, more than 20,000 customers using the company’s mobile app had travel and passport details exposed.
Since 2015, the cybercriminals behind ransomware SamSam have extorted nearly $6 million in payouts from individuals, companies and government organizations. No one is immune to the demands from the group who have employed an extremely targeted approach to their model which continues to net up to $300,000 per month for the criminal gang.
Follow The Money…
IT security company Sophos has been able to follow payments to the crime network by tracking Bitcoin addresses that are declared on the digital ransom notes sent to victims. Researchers have found that to date nearly $6 million in ransom has been paid by around 233 targets. The largest payment to the group by an individual was $64,000, and governmental organizations targeted by the ransomware include hospitals, universities, municipal organizations and even entire cities. The city of Atlanta and the Colorado Department of Transportation have both suffered attacks by the group.
How Does It Work?
SamSam is not a random malware injection that one can ‘pick-up’ via email or clicking on the ‘wrong’ link on a website. SamSam victims are carefully preselected and systems targeted by the group are manually infected either by obtaining stolen credentials, available for sale on the Dark Web, by exploiting vulnerabilities via remote desktop protocol (RDP), file transfer protocol (FTP) servers or by brute force attacks against unsecure passwords that allow the hackers to gain entry to the system. SamSam ransomware is deployed by a human attacker who systematically infects the entire network before sending out the demand for ransom.
Once the attacker is in the system, it is effectively locked down, the data encrypted (kidnapped) and the only way to regain access to the data is to pay the ransom to be able to receive the decryption keys. Usually, ransomware is released ‘into the wild’ so it is not easily controllable or trackable, SamSam though is frighteningly specific. Targets are researched carefully, attacks are coordinated and very often, the victim does not report the cybercrime in case they lose the data for ever. The loss of important data for a hospital, university or an entire city could be catastrophic. Victims are more inclined to pay the ransom rather than risk the collapse of their entire organization.
Why do people pay the ransom? Because the cost of the fix is almost always more expensive, and time consuming, than the ransom. In cases where ransom was not paid – the city of Atlanta for example, the cost of the fix was reported to be around $2,6 million, against the $51,000 demanded in the ransom.
You Can’t Stop SamSam, But You Can Prevent An Attack
While there is nothing to be done once your data is encrypted, as always, prevention is infinitely better than cure, and having systems and protocols in place to prevent access is the best way to minimize the risk. Keep software and systems up to date, restrict access and implement multi-factor, multi-device authentication on systems and ALWAYS have an offline, preferably air-gapped, backup of everything.
After the Cambridge Analytica data privacy put Facebook in hot water for ‘selling’ the personal data of over 85 million Facebook users, the company is embroiled in another data privacy breach. In 2015, Facebook stated that it restricted access to user data for third-party technology and app development companies. It was revealed, in a document presented to the United States Congress in July that this was not the case.
Data Sharing by Facebook – Software & App Developers
The documents delivered to the government investigation committee revealed that despite stating they had cut off access to user data by outside companies, it continued to share data that included user’s personal data with hardware, software and app developers after 2015. The report was made available just hours before the deadline for the request for information which came after CEO Mark Zuckerberg testified before Congress in April 2018.
Who Had Access to Facebook Data?
Part of the document received by Congress reads, “We engaged companies to build integrations for a variety of devices, operating systems and other products where we and our partners wanted to offer people a way to receive Facebook or Facebook experiences”.
The companies had access to Facebook user data to enable them to better create Facebook integrations for mobile devices and other websites. Seemingly innocuous and all in the quest for a better user experience, but at what cost to the loss of individual privacy and who really knows what happens to your personal data or how it is used once it leaves Facebook? Facebook has reported that it has already ended up to 38 of these joint partnerships and plans to discontinue the rest by the end of October 2018. However, it was also revealed that Facebook would continue to work with Apple, Amazon and Tobii past the October 1028 deadline.
Facebook has come under much criticism following the scandal around Cambridge Analytica and their misuse of user data to manipulate the 2016 U.S. elections. It has also raised a lot of questions about how robust the company’s data management process really is. Not only are questions being asked about the sale of personal data to third-party companies, but the overall data protection and cyber security policies in place to protect its 2 billion users against cyber-attacks and hackers. After the Cambridge Analytica reveal in March, the company lost around $60 billion in market value in just two days.