Sierra Wireless, CNA Ransomware Attacks Stoke Growing Industry Fears
Trends suggest hackers will use ransomware more frequently in 2021.
![Ransomware Desktop Ransomware Desktop](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltd423c2296848b3a3/6524555c08c31bbd246a36d8/Ransomware-Desktop.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Recent headlines have to have other businesses thinking this could happen to them at any time. What’s the first thing they should do to prevent them from becoming the next victim?
Axio’s Dave White: One of the most important things that companies should do is to make sure they have secured the privileged accounts in their environment. These accounts have enhanced permissions and are the most prevalent way ransomware attackers spread within their victim’s networks.
CF: What can be done to stop hijackers from gaining access to systems?
DW: Companies should secure all internet-facing devices, reduce network and supply-chain vulnerabilities, monitor suspicious connections to [the] network, and implement email and web protections.
Channel Futures: How do you increase protections to privileged credentials?
Axio’s Dave White: First, limit the use of these accounts to instances where they are absolutely necessary. Then, implement increased monitoring and periodic auditing of activity for these accounts.
CF: Does everyone in an organization play a role in preventing ransomware attacks? If so, how?
DW: Yes. Actions that stem from poor security awareness, such as clicking on a malicious link in a phishing email, can give attackers the foothold they need to initiate a ransomware compromise.
Channel Futures: What should organizations do to beef up endpoint protections?
Axio’s Dave White: Organizations should move beyond conventional endpoint antivirus solutions that can be defeated by many forms of ransomware, and look to introduce behavior-and anomaly-based protections that automate responses. And alert IT and security staff when suspicious events are detected.
CF: What can MSSPs and other cybersecurity providers do to help organizations fight off ransomware?
DW: Prevention should always be the goal when it comes to ransomware. Hardening systems, securing privileged accounts, and educating employees to keep them up to date on evolving threats all play a role in combating ransomware.
In particular, reducing our use of privileged accounts will make certain endpoint management tasks more difficult. Many companies will need assistance to implement a more rigorous least-privilege strategy by reducing the use of such accounts.
We mentioned cybersecurity was hot; well, so are acquisitions.
So when you combine the two, there’s a good chance it’s going to land high on our list.
Case in point: A consortium led by Symphony Technology Group (STG), the acquisition-hungry private-equity company, said it would by FireEye‘s products business, including the FireEye name for $1.2 billion.
The deal separates FireEye’s network, email, endpoint and cloud security products from Mandiant’s controls-agnostic software and services.
Learn more about this significant acquisition.
A new WhiteHat Security report focuses on how information leakage can expose vulnerabilities in connected applications across B2B partnerships.
Key findings from the report include:
· More than 40% of apps are actively leaking information and are at risk of exposing sensitive data.
· Exposure of A3-sensitive data, one of the leading vulnerabilities reported within information leakage, can result in a supply chain-type attack across connected apps. This data includes health records, credentials, personal data and credit cards.
· Apps in the manufacturing sector continue to report the highest window of exposure, with 70% of apps having at least one serious vulnerability open over the previous 12 months.
Setu Kulkarni is WhiteHat’s senior vice president of strategy.
“In any partnership, or merger and acquisition activity, organizations reach a stage where they need to integrate apps integrations to sync data, enhance productivity and grow revenue,” he said. “While app integration issues have been simplified, there is still no way to predict how their security posture will be affected by the complex orchestrations that form a digital supply chain. When two companies decide to integrate their apps, they should explicitly account for the risks that both companies will inherit, particularly concerning sensitive user and infrastructure data.”
Apps are a gateway to the enterprise, Kulkarni said.
“More than ever before, web-based apps and APIs are now the storefront for organizations to onboard and serve new and existing customers,” he said. “Consequently, an attack on these apps can lead to data exfiltration, from user data to who knows, intellectual property and trade secrets.”
The first step is to take inventory of all web-facing apps and establish a program to reduce the risk of being breached in production through apps. Essentially, this means testing for security vulnerabilities in a continuous manner in production and rapidly fixing high-risk findings.
Medigate and Rapid7 are partnering to help health care delivery organizations (HDOs) detect, prevent and act against clinical cybersecurity threats in real time.
Under this collaboration, Medigate’s IoT security platform will integrate with Rapid7 InsightVM and Nexpose vulnerability management systems. This allows HDOs, clinics and other HIPAA-covered entities to manage and secure connected assets.
Thomas Finn is Medigate’s market development director.
“For the scanning administrator, instead of an asset’s identification being limited to an IP address, a full profile of the device, including its network status, its location, security posture and key intelligence is now available,” he said. “Medigate’s partners execute integrations that bring to life core capabilities, like InsightVM, and further enable complementary systems that rely on related workflow enhancements. When effectively orchestrated, these services drive business value throughout the entire asset management and security ecosystem.”
Device safety, and therefore patient safety, is dramatically improved, Finn said.
“Medical devices should not be scanned,” he said. “It is unsafe practice, so much so that device manufacturers will often void warranties if it happens. Keep in mind, these devices may be connected to patients. This integration not only eliminates this risk, but it provides scanning administrators the confidence to cover more device classes.”
Medigate and Rapid7 are partnering to help health care delivery organizations (HDOs) detect, prevent and act against clinical cybersecurity threats in real time.
Under this collaboration, Medigate’s IoT security platform will integrate with Rapid7 InsightVM and Nexpose vulnerability management systems. This allows HDOs, clinics and other HIPAA-covered entities to manage and secure connected assets.
Thomas Finn is Medigate’s market development director.
“For the scanning administrator, instead of an asset’s identification being limited to an IP address, a full profile of the device, including its network status, its location, security posture and key intelligence is now available,” he said. “Medigate’s partners execute integrations that bring to life core capabilities, like InsightVM, and further enable complementary systems that rely on related workflow enhancements. When effectively orchestrated, these services drive business value throughout the entire asset management and security ecosystem.”
Device safety, and therefore patient safety, is dramatically improved, Finn said.
“Medical devices should not be scanned,” he said. “It is unsafe practice, so much so that device manufacturers will often void warranties if it happens. Keep in mind, these devices may be connected to patients. This integration not only eliminates this risk, but it provides scanning administrators the confidence to cover more device classes.”
If you weren’t already afraid of ransomware attacks, some of this week’s headlines serve as a chilling reminder of the potential devastation. A Sierra Wireless ransomware attack halted the IoT solution provider’s internal operations and production. Even the company’s website is down.
The company, which is active in the channel, said it discovered the attack on its internal IT systems on March 20. Since then, its IT and operations teams implemented measures to counter the attack.
In response to the ransomware attack, Sierra Wireless stopped production at its manufacturing sites. As of Friday, production has resumed and the company is working to bring internal IT systems back online, including its website.
The company isn’t commenting on who may be behind the attack or if they’re demanding a ransom.
Cyber Insurance Provider Also Attacked
CNA, one of the nation’s top cyber insurance providers, discovered it was victim of a sophisticated cyberattack on March 21. The attack caused a network disruption and impacted certain CNA systems, including corporate email. Its website also is down.
Bleeping Computer confirmed CNA suffered an attack by a new ransomware known as Phoenix CryptoLocker.
CynergisTek’s Caleb Barlow
Caleb Barlow is CEO of CynergisTek.
“It’s quite ironic they targeted the cybersecurity insurance company itself,” he said. “But it just demonstrates that anyone can be a victim. And everyone needs to be prepared to respond to a cybersecurity incident.”
Axio’s Dave White
Ransomware attacks continue to rise with recent trends suggesting hackers will use ransomware more frequently in 2021 and beyond. That means companies need to be more vigilant than ever to prepare for attacks.
So what should organizations be doing to help ensure they’re not the next target? We spoke with Dave White, president of Axio, to find out.
See our slideshow above for our Q&A with White and more cybersecurity news making headlines this week.
Read more about:
MSPsAbout the Author(s)
You May Also Like