Not as protected as we think we are: This Week In Ransomware as of Monday, August 15, 2022

Are the things we think protect us from ransomware working as well as we might think?  Some stories from this week make it clear that we are not as well protected as we might believe.

Multi-Factor Authentication “fatigue” leads to Cisco ransomware breach

There is no question that Cisco is one of the leading companies in terms of network security. Yet a recent ransomware attack managed to steal data from the company.

A person associated with the Yanluowang ransomware gang claims that they were able to steal 2.75 GB of data. The company acknowledged the breach, stating that the attackers, “moved into the Citrix environment, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers.”

How could an attacker get past Cisco’s defences, which include multi-factor authentication (MFA)? It turns out that the attackers managed to exploit what is called “MFA fatigue.”

The attacker sent a large stream of multi-factor authentication requests. The idea is to annoy the receiver so that they finally accept just to stop the messages – without thinking of potential consequences.

This story is high profile, but it’s only one of many similar occurrences. It points out the need to not only implement multi-factor authentication, but to ensure that all employees know that MFA only works if employees use it as it was designed – as a secondary confirmation of a security transaction that the employee has initiated.

SMS phishing captures credentials

Cloud company Twilio acknowledged that its systems were breached and customer data accessed by attackers who stole employee credentials using an SMS phishing attack.

Attackers sent an SMS message with a link that took the employees to a realistic looking fake Twilio login page, which then captured their credentials.

In a statement issued over the weekend, the company acknowledged that “on August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

Cyber Insurance Doesn’t Adequately Cover Ransomware?

A recent posting by security reporter Howard Solomon noted that cyber insurance may not protect companies after ransomware attacks.

First of all, not all companies are covered by cyber insurance. According to a recent study, 55 per cent of the Canadian and U.S. respondents said they currently have cyber insurance. Another 28 per cent intend to acquire coverage shortly.

But more than one-third (37 percent) said their organizations aren’t covered for ransomware payments. A further forty-three per cent said their firms aren’t covered for auxiliary costs such as court costs and downtime.

Of those who have coverage, over half (56 per cent) are only covered up to US$600,000. According to the survey authors, that wouldn’t cover the average ransomware demand in 2021.

“Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage,” said Shishir Singh, executive vice president and chief technology officer for cybersecurity at BlackBerry.

The study was paid for by BlackBerry and Boston-based Corvus Insurance.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jim Love
Jim Love
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now