The return of the "Polish" virus?
20 years ago, there was a joke going around - in which you may have received the following message -
You have just received the "Polish Virus"!!! As we don't have any programming experience, this virus works on the honor system.
Please delete all the files on your hard drive, then manually forward this virus to everyone on your mailing list. Thanks for your cooperation.
Why do I think this is relevant again? Back then, viruses (computer viruses-not the Covid ones) were the main concern, and everybody wanted to take part of this emerging "scene"- attackers, defenders and joke writers...
20 years later, ransomware has replaced the legacy viruses as the hottest topic - we have all heard about people getting locked out of their rooms, plants shutdown, energy operators being affected, everywhere you would turn, you could see evidence of such malicious activity.
The main concept was - the attacker encrypts your files, you then understand that your backup program was not good enough. So, you decide to pay-to buy Bitcoin (an interesting topic would be the correlation of Bitcoin rates and ransomware campaign distribution, but let's leave that for another article), pay off the attackers and hopefully get your systems up and running again. The byproduct of these ransomware campaigns was the fact that backups are now treated with more attention, leaving the attackers with less victims willing to pay.
One thing that I have learned throughout my career is the fact that attackers are ALWAYS smart, and they will always adapt to the changing setup.
Now the odds are in the attackers favor again. Attackers no longer need to gain access, encrypt all those files, and risk getting flagged by all the Cyber security products. There is an old-new threat - "Data leakage", in which all the attacker has to do is to prove that he has confidential data. He then can threaten the victim that he will publish it-damaging the victim's reputation, causing financial difficulties, shutdown of service, and in general make the victim go through hell for a short-medium period... So, as in the case of the "polish virus", the attackers do not need to hold significant technical capabilities in order to accomplish their mission.
The only thing the attacker needs to do is get proof-of-data, it does not have to be the whole data - your ransomware campaign will be just as good as your bluff is. Now I urge you to take a moment to think and reflect... how difficult would it be for someone to get data snapshots from your company?
This is where some of you might say, we have a DLP solution in place-you can't plug in any storage device. Great that you have it, but will you bet your company's life on it?
How difficult would it be to pay-off, threaten or just identify an unhappy employee that will be willing to obtain those snapshots? BTW - if your employee captures a screenshot, do you have anything to prevent him from pasting it online?
Need another example to keep you up at night? Some of your employees are working from home, right? You've secured everything, all of your applications are cloud based, and you have even followed all the #WFH policies - great effort, really. I would like to introduce you to John, who was recently released from county jail for fraud, and happens to be the beloved cousin of Henry from accounting. John visits Henry and during his visits and watches how Henry connects to his company's databases... now let your imagine fly.
You might be thinking to yourself - "Interesting stuff, but are you offering some actionable measures or is it just one of those another-threat-that-we-aren't-covering posts?" Well, the honest answer would be that there is no bulletproof solution to this challenge, but it doesn't mean that you shouldn't do anything.
Here are a couple of suggestions:
- Protect your employees hosts (home and office), mainly device control wise, even if everything runs on the cloud (remember that at the end of every cloud there is a human being). USB protection is relevant now more than ever.
- Watermark specific sensitive information (i.e., add another user unique ID to each DB) shared by multiple employees, so that when something does happen, you can back-track and have a more speedy forensic phase.
- Follow any negative sentiment building against your company over SM (and DarkNet if you can).
- Be aware of employees that are likely to leave, and if eventually they do so, make sure that you "diffuse" any potential resentment based activities (just waving the NDA they've signed 5 years ago-NOT in the best way), be emphatic and listen, that's always good advice.
- Remember that your company boundaries exceed its physical locations and employees, your suppliers, sub-contractors, and freelancers (especially the ones that you've been stalling payment for the last 30 days) should be treated as employees with regards to their potential risk.
In summary, ransomware campaigns are evolving and so should we. We need to make sure that we have enough counter measures in place in order to try to prevent them, as well as distinguish those who are pure "bluffs" and when all fails, at minimum understand what was the source of the leak (pure technology or human assisted).
As always, keep safe, on-life and online.
Owner at Plan(a-z) | Leading Marketing & Business Dev. for premium brands | Ex. CEO of Y&R Israel
4 个月????? ??? ???? ????? ?????? ????? ??????: https://bit.ly/3C8puqQ
????-?????????????? ?????? ?????? @ ???? ?????????? I help businesses create websites that generate traffic and quality leads | Let’s create digital magic together!
2 年Bentsi, thanks for sharing! https://www.dhirubhai.net/feed/update/urn:li:activity:7031129190049435648?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7031129190049435648%2C7035313968592097280%29&dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287035313968592097280%2Curn%3Ali%3Aactivity%3A7031129190049435648%29
Founder @ Pink Media | Digital Marketing
2 年Bentsi, Thanks for sharing!