The frequencies of the ransomware attack on high-profile companies have been experienced. In the past two weeks, several significant companies have either been hit by ransomware attacks or have revealed some previous attacks that they have faced. The companies that came into the light were Jack Daniels, Konica Minolta, spirits giant Brown Forman, Garmin and Canon. Following this is one of the major cyberattacks that happened with the cruise operator Carnival Corp. The Chief financial officer for Carnival, David Bernstein had stated to the SEC in a regulatory filing that the firm had suffered a massive ransomware attack involving crucial files bein theft.
The filing stated that on the 15th of August 2020, the company “detected a ransomware attack that accessed and encrypted a portion of one brands information technology systems. The unauthorized access also included the download of certain of our data files.”
As soon as the security teams of the Carnival Corp. had discovered the attack, they had called the cops who started an investigation and implemented a chain of containment and remediation measures for addressing this situation and alongside reinforce the security of the information technology (IT) system.
The filing further adds, “the company expects the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders and regulatory agencies.”
During the initial investigation, it indicates that the ransomware attack was limited to one brand’s system. In this regard, Bernstein wrote –
“There can be no assurance that other information technology systems of the other company’s brands will not be adversely affected.”
The chief information security officer at Thycotic, Terence Jackson told that he has seen the ransomware evolve over the past couple of years from something that has needed a fair amount of the coding skill to an extra simplified ransomware-as-a-service offering. He has also noted that the exploit kits can also be purchased online similar to that of the other commercial softwares that in turn leads to a spike in the attacks.
Ransomware: The Double Financial Hits
The Managing Director of the Information Security Forum, Steve Durbin had told that the debate on whether to pay the ransom is still a raging question. If the companies pay ransom to retrieve their data or get their systems online, then the rate of cyberattacks will increase and the cyberattackers will invest more time on the resources creating ransomware tools.
“An affected organization will have to face the potential of a double financial hit as it is forced to pay a large ransom to protect its people or resume normal operations, and then to retrospectively build in security,” Durbin said.
“Ransomware attackers are not interested in stealing assets and using them to cause damage, but in exploiting the value of the asset to its owner. When striking at organizations, attackers will target systems that are fundamental to business operations, some of which may be operating in an unprotected manner or which may have been unwittingly exposed during the COVID-19 response when workers were forced to access corporate systems from home.”
This similar thing has happened with Carnival Corp. The company has revealed that the cyber attackers had gone after the crucial systems that manage the personal data of the employees and the guests. Durbin added that the firms now need proper planning for the extended downtime in case of the ransomware attacks and put in place the contingencies.
Prior to this Carnival Corp. had struggled a lot for the coronavirus pandemic. In the month of April, the cruise had seen the death of dozens while over 1500 fell ill owing to the virus.
“Business interruption, loss of revenue, and reputational damages are all financial burdens that cyber insurance can provide relief for,” Thompson said.
One expert, Acceptto CEO Shahrokh Shahidzadeh, said attackers are able to leverage “the unparalleled availability of stolen/exposed credentials available courtesy of the numerous breaches that have been made visible in the press. Unfortunately, current binary approaches to authentication allow too many cybercriminals into networks, allowing them to effectively plant ransomware attacks. The use of valid digital credentials which have been purchased on the dark web, or stolen out right in a breach, provides the best access for planting ransomware when a targeted organization doesn’t have a continuous, behavior-based authentication solution which would catch the inappropriate use of that credential.”
Here is what others have to say on curbing the cybercrime –
Large organizations like Carnival that own multiple brands have to make sure their entire supply chain is protected.
In addition to routine patching, basic staff education on phishing and defense for any internet-facing application, enterprises “need to make sure they vet the security of partners as thoroughly as they vet their own security infrastructure.”
“The best defense against ransomware is a good offense through proactive prevention and mitigation. Behavioral modeling through user and entity behavior analytics is one of the most effective approaches,” Richard Cassidy, senior director of security strategy at Exabeam.
“The goal is to monitor certain behaviors on a regular basis in order to recognize what is normal for users and devices on the network. This makes it easier to detect unusual behavior that could be the result of a ransomware attack. Typically a ransomware attack takes several stages, making early detection possible with the right solution.”
Source: Tech Republic
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.