US federal agencies warned hackers were targeting the business sector using malware that can lead to ransomware attacks – © AFP
The start of June 2023 has seen some concerning ransomware attacks. Digital Journal rounds up three recent ransomware stories.
Swiss government targeted
The ransomware events includes the news that the Swiss government has disclosed a ransomware attack on IT supplier, Xplain, and is now being targeted in DDoS attacks.
Considering the issues in Switzerland for Digital Journal is Haggai Polak, Chief Product Officer at Skybox Security.
Polak says that the attackers aimed big with their cyberattack: “This recent attack serves as a crucial reminder of the serious financial losses that could result from ransomware gangs targeting major businesses, and especially when government entities are targeted.”
For any person directly affected, Polak advises: “While the investigation into the source and motive behind the attack is ongoing, authorities are working to minimize the impact and protect sensitive data.”
Turning his attention to the lessons that can be learned from such incidents, Polak cautions: “Organizations must maintain a fortified security posture to protect against popular threats such as DDoS attacks. When evaluating the seriousness of vulnerabilities, it is important to give priority to factors such as network accessibility, exposure, exploitability and the potential commercial consequences.”
Adding to the actions that firms should take, Polak suggests: “Organizations should also ensure they have solutions in place capable of quantifying the business impact of cyber risks with economic impact factors. This approach will assist in identifying and prioritizing the most significant threats based on their financial impact, in addition to considering other risk analyses like exposure-based risk scores.”
Polak’s final advice is for companies to “Improve the effectiveness of their vulnerability management programs to promptly determine if a vulnerability affects them, assess the urgency of remediation, and explore available remediation options.”
German education instiution receives ransomware demand
A second ransomware incident has been aimed at a German-speaking university. Here, the Kaiserslautern University of Applied Sciences has confirmed that a ransomware attack has occurred and one that forced its entire IT infrastructure offline.
Explaining the consequences is Kevin Kirkwood, Deputy CISO at LogRhythm.
Kirkwood finds: “The Kaiserslautern University has been hit by a ransomware attack forcing its entire IT infrastructure offline. Over 6,200 students have been affected and have been warned not to access any university computers as the encryption attack continues to take over. Although it is not yet clear who is behind the attack or whether information has been compromised, the attack on HS Kaiserslautern is a reminder of the uptick in cyberattacks against higher education in recent months. Just last week, German universities Harz University of Applied Sciences, Ruhr West University and EU/FH European University of Applied Sciences reported similar attacks.”
In terms of preparedness, Kirkwood recommends: “Considering the increasing risk posed by cybercriminals, it is imperative for educational institutions to reassess their incident response protocols and enhance their security stance.”
During recent weeks the Clop ransomware gang has been involved in a series of attacks by exploiting a zero-day vulnerability in the GoAnywhere MFT file. This prolific gang has recently targeted Saks Fifth Avenue.
Terry Olaes, Product Marketing Manager at Skybox Security, explains that the retail sector is an attractive target for digital criminals: “Retailers comprise up to 24.5 percent of material breaches, making them the largest number across any industry. This cyber-attack against Saks Fifth Avenue underscores the significance of taking a proactive stance in validating network exposure, prioritizing vulnerability remediation based on this exposure, and having flexibility in mitigating the risk (application patch vs firewall block).”
Learning from this is valuable, explains Olaes: “It is essential to prioritize network accessibility, exposure, exploitability, and commercial impact in order to guarantee that the full threat environment is assessed. By aiding in the prioritization of the urgency of vulnerability mitigation, the development of exposure-based risk scores can considerably improve the efficacy and durability of vulnerability management programs.”
