We’re Not As Protected As We Think: Ransomware of the Week (Monday, August 15, 2022)

Are the things we think protect us from ransomware working as well as we think they do? It makes it clear that you are not protected.

Multi-Factor Authentication “Fatigue” Leads to Cisco Ransomware Breach

There is no doubt that Cisco is one of the industry leaders in network security. However, a recent ransomware attack stole data from the company.

Yanluowang ransomware gang officials claim they were able to steal 2.75 GB of data. The company acknowledged the breach, stating that the attacker “has compromised a Citrix environment, compromised a series of his Citrix servers, and ultimately gained privileged access to domain controllers.”

How can an attacker bypass Cisco’s defenses, including Multi-Factor Authentication (MFA)?

The attacker sent a massive stream of multi-factor authentication requests. The idea is to irritate the recipient into finally accepting only to stop the message without thinking about the potential consequences.

This story has gotten a lot of attention, but it is just one of many similar incidents. In addition to implementing multi-factor authentication, we must ensure that every employee understands that his MFA will only work if he uses her MFA as designed. pointing out. That is, an employee-initiated security secondary confirmation of her transaction.

SMS phishing steals credentials

Cloud company Twilio has admitted that its systems were compromised and customer data was accessed by an attacker who used an SMS phishing attack to steal employee credentials.

The attackers obtained the employee’s credentials by sending an SMS message containing a link that directed the employee to a fake Twilio login page that looked like the real thing.

In a statement released over the weekend, the company said, “On August 4, 2022, Twilio compromised a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. We have acknowledged that we were made aware of the unauthorized access to relevant information.The attackers were then able to use the stolen credentials to access some of our internal systems and gain access to specific customer data.”

Does Your Cyber ​​Insurance Cover Ransomware Enough?

A recent post by security reporter Howard Solomon points out that cyber insurance may not protect businesses after a ransomware attack.

First, not all companies have cyber insurance. According to a recent survey, 55% of his Canadian and US respondents said they currently have cyber insurance. Another 28% plan to get insurance soon.

However, more than a third (37%) said their organizations were not eligible for ransomware payments. In addition, 43% said their company was not covered for ancillary costs such as legal fees and downtime.

Of those with insurance, more than half (56%) only have insurance up to USD 600,000. According to the study authors, that doesn’t cover the average demand for ransomware in 2021.

“Not only is the threat of ransomware greater than ever, but criminals are becoming more and more ruthless. says so.

The research was paid for by BlackBerry and Boston-based Corvus Insurance.