Observations from the Incident Response Front Lines

Observations from the Incident Response Front Lines

A recent case study by InfoSystems demonstrates that cybercriminals target organizations across industries – regardless of size or the nature of their business.

Government municipalities, law firms, manufacturing plants, and trucking businesses have all been victims of phishing scams this past year. This blog post will examine how the attacks unfolded and what companies must do to prevent cyberattacks from compromising their networks and data.

Of the recent attacks, RYUK ransomware infected three out of four companies. This strain of ransomware accesses a company's network by sending a phishing email, in this case a Word document that was opened by users.

When the ransomware gained access, it was injected into the companies' processes and ultimately harvested user credentials, contact names, and email addresses from Outlook. It then sent additional malicious phishing emails to the compromised users' contacts.

The fourth company was subjected to a RAT attack. In this case, the victim lost fleet card numbers, and its data was compromised. Like the RYUK attacks, RAT's success depended on a user opening a malicious email attachment. When this happened, RAT installed on the targeted system, spread across the company network, and exfiltrated data.

Cybercriminals tend to send mass phishing campaigns that are industry agnostic and rely on a single user's failure to recognize the email's malicious intent. By depending on volume instead of precise targets, cybercriminals bet that out of the hundreds of emails they send, someone will make the wrong decision and open the ransomware attachment.

We know from the number of successful cyber attacks alone that the criminals are right to think this way. All it takes is a single user's vulnerability for ransomware to breach a network. While other attacks may zero in on specific targets, RYUK and RAT ransomware's efficacy proves that a blanket campaign works as well. 

Cybercriminals take advantage of ignorance and unpreparedness. As long as organizations do not treat cybersecurity as a required business strategy, criminals will continue to exploit vulnerabilities such as human error and insufficient security protocols. As a result, companies are gambling with their digital assets, revenue, and reputation.

Vulnerable companies like the ones in the case study had high-level commonalities concerning cybersecurity. These included:

  1. That a hacker would not be interested in their business because it is "boring" or small
  2. They minimized or discredited the damage that could happen from an attack
  3. They did not have an incident response plan
  4. They did not conduct security training and phishing simulations
  5. They lacked a communication plan for key partners and vendors

These commonalities represent the human side of the problem. When people do not understand cyber threats and how to handle them, criminals pounce. But technology also plays a large role. Some of the technological disadvantages the victims shared included:

  1. Poor data asset management
  2. No application whitelisting
  3. Single AD Domain Controllers
  4. No script blocking
  5. Corrupted Exchange servers

Organizations should start thinking about cybersecurity as a necessity of doing business. The risks are too high, and the outcomes are potentially devastating to procrastinate any longer.

Working with a cybersecurity service provider like InfoSystems improves an organization's security posture overall and provides the tools and training to keep people, data, and networks safe over time.

To ensure the safety of your organization, follow these best-practices:

  • Maintain an incident response plan
  • Secure the human element
    • Situational awareness
    • Persistent training and education
    • Realize insider risk threats
  • Understand business risks
  • Triple-check and protect backup plan

As you review your cybersecurity strategy, keep in mind that your cyber liability can directly impact your bottom-line.

Two of the four companies in this case study did not have a cybersecurity liability insurance policy; the other two did, but the policies were limited and did not cover post-event consulting.

In both cases, this liability resulted in high costs – costs that were compounded by the losses already accrued during the breach. 

Watch: Fred Cobb, Executive VP and CISO of InfoSystems, Inc., presents the InfoSystems case study.

Leave a reply

Your email address will not be published. Required fields are marked *