Digital Hostile Takeovers
Cyber security threats are constantly evolving, but in the last nine months, a calculated and vicious new strain of attack has emerged; sophisticated enough to take down large business organizations.
At Vigilant, we’ve been seeing sophisticated new threat actors that operate in a very systematic way to actually dismantle an organization. These threat actors operate with patience; the attack may take months or even a year, and the goal is to quietly learn as much about an organization so they can eventually turn off all operations and lock down the organization. Once locked down, they hold the company hostage until a sum, sometimes in the millions of dollars, is paid.
How These Attacks Are Carried Out
Attacker(s) come through an open port on a firewall, or a vulnerability in a system. They can also come through users clicking on a link.
The attacker then quickly pivots to another system, and in most cases, deploys an easy to identify virus or malware on the original system as a decoy. This triggers the IT Department of the attacked organization to run antivirus on it or re-image the machine, taking them off the track of the attacker and destroying evidence.
The attacker then puts hooks in 25+ machines so they can retain consistent control.
Next, the attacker gains control of key servers, identifies backup systems and where they are stored, file servers, takes over email and learns the financial status of the organization. (This last step may take months and up to a year)
Once the attacker(s) has taken control of key systems and feels they have learned enough to be able to take the company down, they lock down all networking, firewalls, email servers, file servers, manufacturing lines and authentication servers--essentially taking the company and turning it off.
The attacker will then hold the company ransom and will leave it disabled until a ransom is paid.
Since the end of December, Vigilant has been approached by nearly 10 organizations that were attacked in this manner. In one case, the total consequences included data loss, a significant decrease in customers and great financial loss, including the ransom they paid that was in the millions. We don’t typically recommend paying the ransom, but the threat actor had been in their network a long time and dismantled the environment pretty successfully. The backups were completely erased, so they needed to get back up and running. We were able to cordon off the infrastructure and allow them to rebuild everything quickly, in a way that was 100 percent secure. This company was facing significant fines for being down, so time was of the essence. However, this was a good case. Other companies have simply gone out of business.
How To Mitigate These Attacks
Act now – there isn’t time to find a place in your budget next year, there isn’t time to find a place in a project plan. This is a serious danger that can take you out of business overnight.
Deploy detection and prevention technology that is not “off the shelves”. Commoditized technology, that is based on widespread accessible technology, will cause you to be behind the attacker because they have access to the same technology.
Obtain threat intelligence that is curated and specific to your organization.
Move detection of SIEM and Firewall technologies as these are easily visible and attackable to threat actors.
Ensure that you have a team of highly qualified analysts consistently hunting and looking at your network and system traffic for threats. I do not mean Artificial Inteligence or automatic detection, I mean actual people investigating. If you can’t afford, or do not have the expertise to build a team it is important to outsource to a Managed Security Provider.
Vigilant provides custom technology that can be deployed into your entire organization within 24-48 hours fully configured, and provides a full team of analysts as a service, who investigate all traffic and find threats when they are still small--before your organization is held captive. Vigilant investigates all layers of communication in your organization, in real time, to determine where threats are taking place and to stop them. In addition to continuous verification of data, Vigilant records all traffic forensically like a DVR, so the actual network state of your organization can be rewound, paused and investigated, tracking the threat actor faster than they can move through your organization.
Vigilant is a privately owned and operated cybersecurity firm, headquartered in Cincinnati, Ohio.
Trusted by top accounting firms; Vigilant has been securing businesses and futures with our exclusive patented visibility detection, prevention and response services since 2009.
With our zero false positive guarantee, unlimited incident response and the fastest detection and resolution times in the industry, Vigilant protects over 450 million identities every day and over 100 billion in customer assets globally.