Uncategorized

What is Network Encryption?

September 8, 2019 by Jaimin Pandya 1 Comment

For my folks with some non-technical background, this is something related to what we discussed in our last class. The article listed here talks about the importance of Network Encryption. Although we don’t realize it but it plays a really important part every time we go online whether it be accessing bank information or browsing through websites. It goes on to explain what an Encryption Key is and the algorithms behind it along with the keys which the SSL encryption depends on. I will try to hunt down the article about the strong encryption method that requires a ton of computing power (I think it was RSA).

https://www.lifewire.com/introduction-to-network-encryption-817993

Cybersecurity Regulations: 10 Ways To Encourage Employee Compliance

September 7, 2019 by Daniel Bavaro 3 Comments

https://www.forbes.com/sites/forbestechcouncil/2019/09/05/cybersecurity-regulations-10-ways-to-encourage-employee-compliance/#81189acead3d

I found this to be interesting, because one of the major hurdles that organizations face is that the employees pose a large risk to information security. If staff are not trained well, they can be the gateway to either initiating a threat or being duped into allowing an attacker inside. The struggle is often not about coming up with good policies, but is about getting employees to adopt them. This article introduces some nice ideas for how to fix that.

Thousands of servers infected with new Lilocked (Lilu) ransomware

September 7, 2019 by Xiduo Liu 1 Comment

Continuing with the ransomware discussion with Andrew’s thread.

A new ransomware has been identified:

https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/

bleepingcomputer.com/news/security/lilocked-ransomware-actively-targeting-servers-and-web-sites/

It appears the ransomware is targeting servers and encrypting the data located on them. All of the known infected servers are web sites. To make the situation worse for the website owners, their site and the encrypted files is Google searchable with the search string: intitle:”index of” “#README.lilocked”

Town Avoids Paying Massive $5 Million Ransom In Cyberattack

September 7, 2019 by Andrew P. Sardaro 3 Comments

Here is a rare ransomware case with a happy ending. The city of New Bedford, Mass was hit with a ransomware attack the night of July 4^th. The hackers demanded 5.3 million in bitcoin to release the encrypted city-data. The ransomware included in the attack was Ryuk. Ryuk has unique features where it can encrypt network drives, as well as delete shadow copies on the endpoint resulting in the disabling of the Windows System Restore feature.

City officials lucked out that the attack occurred during a holiday and only 4% of systems were deemed comprised. They decided to contact the hackers using a provided email address and negotiate for the decryption key by offering the city’s allocated insurance payment of $400.000. The negotiation tactic worked, it stalled the payment demands by the hackers, and city officials were able to restore a good portion of data using external backups.

The city exercised its business continuity or disaster recovery plan and was able to restore the compromised data and operations quickly.

https://www.npr.org/2019/09/06/758399814/town-avoids-paying-massive-5-million-ransom-in-cyberattack

Ransomware Attack on Dental Data Backup Service Offering Ransomware Protection

September 6, 2019 by Andrew P. Sardaro 3 Comments

File this one under Ironic. PercSoft, the online cloud storage company for Digital Dental records (DDR) which offers DDS Safe, a backup service used by dental offices was hit by ransomware. DDS Safe is a HIPAA Compliant online dental backup service used by hundreds of dental practices across the US. The ransomware involved in the attack is called Sodinokibi also named Sodin or REvil malware.

The article states ransomware had been deployed on the remote management software their application uses to back up client data. The hackers were able to exploit a recently patched Oracle WebLogic Server vulnerability. Oracle WebLogic Server is a Java EE application used for may web applications and portals.

Oracle Security Alert Advisory – CVE-2019-2725 https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html

The hackers could exploit this vulnerability remotely and execute commands without authorization (no credentials) by sending a specially crafted HTTP request. The vulnerability had a CVSS score 9.8/10, and Oracle addressed the flaw on April 26 by releasing an out-of-band update.

The ransom had been paid, and a tool was provided, and files were decrypted. Having a well-designed patch management process is crucial in reducing vulnerabilities. The question is, can you stay one step ahead of the hackers.

https://securityaffairs.co/wordpress/90570/malware/dds-safe-ransomware-attack.html