A lack of valued cyber-security skills has left businesses open to attacks resulting in reputation damage and data loss .Cyber-security skills shortage leaves companies vulnerable. Being aware of latest cyber-attacks and common attacks will help your organisation to be better equipped to avoid being victim of cybercrimes. Anglo African brings you the weekly cyber-attack news wrap-up and remedy tips to support your business to defend against hackers.
Researchers at security firm FireEye may have found the malware responsible for plundering ATMs across Thailand and other parts of South East Asia. The security boffins reckon the Ripper malware is “strongly” linked to the plundering last week of ATMs in Thailand in which 12 million Thai baht (US$346,992 ,£265,308, A$458,432) was stolen by a gang thought to herald from Eastern Europe. Some 21 attacks were made against NCR ATMs between 9 July and 23 August, the Bangkok Post reports.
Linux users are reporting a new ransomware called “FairWare” played a part in taking down their websites. News of the ransomware first surfaced in a post on Bleeping Computer’s forums. According to the victim, attackers likely brute-forced or intercepted the password for their Linux machine. Once they acquired access, the baddies logged into the Linux servers for the website, deleted the web folder, and left a Pastebin message demanding a ransom payment of two Bitcoins for the return of the files.
SWIFT, the global financial messaging system, disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank. In a private letter to clients, SWIFT said that new cyber-theft attempts – some of them successful – have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank.
Researchers have developed a new malware, which is capable of bypassing airgaps to access information from systems. Dubbed USBee, the malware uses USB devices, converting them into data transmitters with no hardware modifications. USBee is designed to create electromagnetic emissions from a connected USB drive in efforts to transmit data from an air-gapped computer to an unmodified USB dongle, acting as a receiver, located a short distance from the targeted system.
Tips to handle destructive malware
Destructive malware presents a direct threat to an organization’s daily operations, directly impacting the availability of critical assets and data. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event. While specific indicators and modules related to destructive malware may evolve over time, it is critical that an organization assess their capability to actively prepare for and respond to such an event.
Potential Distribution Vectors
Destructive malware has the capability to target a large scope of systems, and can potentially execute across multiple systems throughout a network. As a result, it is important for an organization to assess their environment for atypical channels for potential malware delivery and/or propagation throughout their systems. Systems to assess include:
Best Practices and Planning Strategies
Common strategies can be followed to strengthen an organization’s resilience against destructive malware. Targeted assessment and enforcement of best practices should be employed for enterprise components susceptible to destructive malware.
Communication Flow
Ensure proper network segmentation. Ensure that network-based access-control lists (ACLs) are configured to permit server-to-host and host-to-host connectivity via the minimum scope of ports and protocols – and that directional flows for connectivity are represented appropriately.
Recovery and Reconstitution Planning
A Business Impact Analysis (BIA) is a key component of contingency planning and preparation. The overall output of a BIA will provide an organization with two key components (as related to critical mission/business operations): Characterization and classification of system components, and Interdependencies. Based upon the identification of an organization’s mission critical assets (and their associated interdependencies), in the event that an organization is impacted by a potentially destructive condition, recovery and reconstitution efforts should be considered.
Containment
In the event that an organization observes a large-scale outbreak that may be reflective of a destructive malware attack, in accordance with Incident Response best practices, the immediate focus should be to contain the outbreak, and reduce the scope of additional systems which could be further impacted.
Intrusions happen, threats emerge and your security operation needs to be at its peak efficiency. The SOC products Reveelium and SIEM can quickly intercept threats and thus help in avoiding data breaches. For more information about cyber security kindly contact Anglo African on 2331636 or by e-mail at contact@infosystems.mu
