Cyber Defense eMagazine December 2019

More documents

Recommendations

Info

29 Ransomware PerCSoft, the online data backup service, was successfully attacked with ransomware. This attack encrypted files for approximately 400 US dental offices. It appears the tool used was Sodinokibi, a ransomware variant aka Sodin or REvil malware. This was addressed as a critical vulnerability with Oracle WebLogic Servers, and with CVE-2019-2725 with a severity score of 9.8/10. This operates as a deserialization remote code execution vulnerability. This was designed to encrypt files and delete the shadow copy backups. This prevents the victim from recovering the data from other sources and puts the victim in a very difficult situation. Attack The ransomware was detected on August 26. This was, relatively, a very successful attack, and apparently profitable for the attackers, as they were paid. There were over 400 dental practices affected. To appreciate the full extent of just this aspect, imagine the number of patients seen every day, multiplied by two weeks, and then multiply this by 400, to be conservative. This attack did not merely affect a few offices, but also all the people that work there and the patients. The practices were not able to access patient history, charts, schedules, x-rays, or patient balances. I can only imagine how difficult this was to work through for the affected staff members and patients. Remediation PerCSoft ended up paying the attackers. While not published, this course may have been required as their primary files and all of their backups being encrypted or deleted, and they simply had no choice. It was not reported who was paid or how much. As of 8/29/2019, 80-100 of the 400 dental office files had not been decrypted. In these instances, the decrypt key did not work, which is an issue. The restoration of the other offices was a bit slow. On a positive note, the organization did communicate on a regular basis with their clients and interested parties through, among other means, Facebook from their postings. Defenses Perhaps PerCSoft should have followed a few of the basic industry standards and processes to reduce the potential for an epic fail. The practices include: • Backing up your data. This can be done on- or off-site. Dedup is an option, dependent on the circumstances and budget. • System inventory. Over time, we tend to become complacent with the network. Periodically we should take an inventory of the assets on the network. This reduces the opportunity for missed patches and also detects any unknown or shadow assets using your equipment and network.
30 • Conduct cybersecurity training throughout the year and make it relevant. The once a year cybersecurity mandatory training to check the box simply still does not work. This needs to be done through the year with relevant, current training. Granted, your task is not to entertain the staff during these, however, you still need to attract and retain their attention. This will assist with them internalizing the message and applying it, as some level, to their work, when the need presents itself. The alternative is to play the same VHS tape from the 1990s and having your staff in an infinite loop of mass password resets, patching vulnerabilities, scanning for issues, and headaches. • Patch cycle. While this may not directly impact the ransomware attack, it is still prudent and an industry-standard to address this with regularity, in addition to the critical and time-sensitive patches requiring immediate attention. Lessons Learned? PerCSoft paid the ransom, as noted previously. This may have been their only option given the germane circumstances. The organization may not have backups of their client’s data. The organization having to pay the ransomware fee to operate is bad enough. This however should ask you, in a researcher role, to wonder why they had to pay the attackers only to operate. There generally are so many issues with this avenue, it is hardly recommended. Resources Kobialka, D. (2019, August 29). Ransomware attack hits backup provider, US dental offices. Retrieved from https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/dental-offices-hit/ Krebs, B. (2019, August 29). Ransomware bites dental data backup firm. Retrieved from https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/ Kumar, M. (2019, May 1). Hackers found exploiting oracle WebLogic RCE flaw to spread ransomware. Retrieved from https://thehackernews.com/2019/05/ransomware-oracle-weblogic.html Percsoft Dental Technology Consulting. (2019). Facebook posts. Retrieved from https://www.facebook.om/pg/percsoft/posts Wei, W. (2019, August 30). Ransomware hits dental data backup service offering ransomware protection. Retrieved from https://thehackernews.com/2019/08/dds-safe-dental-ransomware-attack.html
Page 1 and 2: 1 8 Most Common Cybersecurity Mista
Page 3 and 4: 2
Page 5 and 6: 4 The Internet Got Safer In 2019: A
Page 7 and 8: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10: 8
Page 11 and 12: 10
Page 13 and 14: 12
Page 15 and 16: 14
Page 17 and 18: 16
Page 19 and 20: 18
Page 21 and 22: 20 8 Most Common Cybersecurity Mist
Page 23 and 24: 22 You can prevent (or decrease) th
Page 25 and 26: 24 While it’s not feasible to res
Page 27 and 28: 26 The major difference is the addi
Page 29: 28 Oh, my! PerCSoft’s Irony By Ch
Page 33 and 34: 32 Persistent Cybersecurity Industr
Page 35 and 36: 34 Automation is welcome and seen a
Page 37 and 38: 36 Protecting Against Modern Cybera
Page 39 and 40: 38 Conclusion Unfortunately, no tec
Page 41 and 42: 40 For 2020 The Death of Traditiona
Page 43 and 44: 42 The Next Five Years The End of E
Page 45 and 46: 44 Government Agencies Are Prime Ta
Page 47 and 48: 46 It’s a basic fact of contempor
Page 49 and 50: 48 simpler way to approach these pr
Page 51 and 52: 50 Why Outsmart Cyber Attackers Whe
Page 53 and 54: 52 Depending on how you look at it,
Page 55 and 56: 54 devices. Russian actors can extr
Page 57 and 58: 56 How to Become a Cybersecurity Sl
Page 59 and 60: 58 industry. Perform online searche
Page 61 and 62: 60 The Security Challenges of Robot
Page 63 and 64: 62 The typical approach in providin
Page 65 and 66: 64 The Blockchain And Wireless Tech
Page 67 and 68: 66 systems. As is quite well-known,
Page 69 and 70: 68 Benefits of Having an SSL Certif
Page 71 and 72: 70 Google has made SSL compulsory s
Page 73 and 74: 72 This year, privacy and security
Page 75 and 76: 74 The Perspectives Of The 5th Indu
Page 77 and 78: 76 The balance between offense and
Page 79 and 80: 78 The Rise of Cybercrime-As-A-Serv
Page 81 and 82:
80 About the Author Mark Belgrove i
Page 83 and 84:
82 the conflict. Practically, it’
Page 85 and 86:
84 fact is something that would see
Page 87 and 88:
86 Furthermore, Tessian in 2019 del
Page 89 and 90:
88 Automatic for The SOC People How
Page 91 and 92:
90 Allows Transparency and Drive Le
Page 93 and 94:
92 Only large enterprises can benef
Page 95 and 96:
94 The Growing Costs of Cyber Attac
Page 97 and 98:
96 After suffering a cyber attack m
Page 99 and 100:
98 Some of the most damaging Inside
Page 101 and 102:
100 Out-Smarting the Cybersecurity
Page 103 and 104:
102 Empower Other Teams Network and
Page 105 and 106:
104 New Security Report Highlights
Page 107 and 108:
106 The Threat Lab team also analyz
Page 109 and 110:
108 Drive, AWS, Office 365, etc. It
Page 111 and 112:
110 former governor, this bill also
Page 113 and 114:
112 I mean, if you want to be able
Page 115 and 116:
114 Is It Safe to Connect to Public
Page 117 and 118:
116 5. Safe Browsing Additional dil
Page 119 and 120:
118 flawed method in which Evernote
Page 121 and 122:
120 Really, Imagine a Day Without W
Page 123 and 124:
122
Page 125 and 126:
124
Page 127 and 128:
126
Page 129 and 130:
128
Page 131 and 132:
130
Page 133 and 134:
132
Page 135 and 136:
134
Page 137 and 138:
136
Page 139 and 140:
138 Meet Our Publisher: Gary S. Mil
Page 141 and 142:
140 Free Monthly Cyber Defense eMag
Page 143 and 144:
142
Page 145 and 146:
144
Page 147 and 148:
146 Nearly 8 Years in The Making…
Page 149 and 150:
148
Page 151:
150
show all

Cyber Defense eMagazine December 2019

Create successful ePaper yourself

Delete template?

Save as template?