#PMP #PPM #project #Agile #cybersecurity #cryptocurrency #ai #SAFe #zerotrust #virtual #mindmap #remote #scaledagile #machinelearning
  • Welcome
  • Contact
  • Resume
  • Expertise
  • Blog
  • Books / White Papers
  • Software / Service Reviews
  • Mentoring Contact Form
  • This Week in PM
  • PM Video Series
  • Awards/Recognition
  • Templates & Downloads
  • Clients
  • Professional Services
  • Past Survey Results

Latest Cybersecurity Attack Shows Criminals have Expanded from Gas to Meat

6/8/2021

0 Comments

 
Picture
Russian hacking group REvil is behind the ransomware attack on meat processing company JBS Foods, according to the FBI.

The good news from the JBS Foods ransomware attack is that it seems to have followed one of the basic tenets of cybersecurity — make back-ups. The bad news is that cybercriminals have expanded their scope beyond stealing business data to sabotaging consumer supply chains.  
More about cybersecurity
  • Ransomware attackers are now using triple extortion tactics
  • How to prevent another Colonial Pipeline ransomware attack
  • Top 5 ways to protect against cryptocurrency scams
  • End user data backup policy (TechRepublic Premium)​

The meat processing company JBS said on Wednesday that its operations had mostly recovered from a ransomware attack and had shut down operations in the United States and Australia earlier this week. The company is one of the biggest cattle processors in the United States. No group has claimed responsibility and JBS has not shared the details of the attack. The FBI announced Wednesday that Russian hacking group REvil is responsible for the attack. 

Joseph Carson, chief security scientist and Advisory CISO at Thycotic, said that having a backup plan in place doesn't prevent cyberattacks but it can make the recovery process easier.

"The good news is that their backup systems appear to be unaffected by the attack, which shows that they have followed some industry best practices and have an incident response plan," he said. "Let's hope this sets an example for other companies of the importance of backup systems and network segmentation."

Pivot in real time to face changing demands.

Many organizations aren’t ready for major disruptions, especially those with planning processes characterized by scattered spreadsheets, siloed data, and misaligned strategies. To thrive in volatility, you need an AI-powered planning solution that auto...

White Papers provided by IBMThis basic tactic may not work any more as attackers penetrate farther into corporate systems. Jim McGann, vice president of marketing and business development at cybersecurity company Index Engines, said that backup environments are under assault as well. 

"Cyber criminals are now utilizing advanced techniques, including artificial intelligence, to penetrate the data center and corrupt critical data assets," he said. "Organizations need to be smarter and more aggressive in combating these attacks, instead of using common and predictable approaches."

This means protecting backup data, checking its integrity and ensuring there is a known good backup in place.

Hitesh Sheth, president and CEO at cybersecurity company Vectra, said that this represents a shift in cyberwar strategy.

"Add JBS to Colonial Pipeline and other strikes, and you get new conventional wisdom: They're going after critical infrastructure like food and fuel supply lines, which strikes at public confidence," he said. 

On Tuesday the company said that no customer, supplier or employee data has been compromised, as best they could tell. The company also said that some operations had already resumed on Wednesday. 

Sean Curran, senior director of cybersecurity at West Monroe, said that the recent cyberattacks highlight the impact ransomware can have on the community at large.  

"While data breaches five years ago were personally impactful, they had nowhere near the societal impact that a ransomware attack can have now," he said. "Critical infrastructure and other organizations will also need to look at how their own supply chain is impacted by downstream ransomware attacks." 

SEE: Biden executive order bets big on zero trust for the future of US cybersecurity

Curran said President Joe Biden's recent cybersecurity directive is the first real attempt to standardize security practices for government organizations and the private sector but there's a lot of work ahead. 

"Better understanding at the federal level of the challenges faced in dealing with today's threats will increase funding," he said. "While I am sure there will be plenty of detractors to the Executive Order and plenty more that can and should be done, without it, the status quo would have continued."
Meg King, director of the science and technology innovation program at The Wilson Center, said that this trend shows the need for a global response to the ransomware epidemic to break the business model of ransomware.  

"This will keep happening — at great cost to life and treasure — if we don't identify and stop the biggest actors, gain better early warning and help companies improve their cybersecurity," she said.

Russian hacker group suspected

CNBC reported on Wednesday that REvil was behind the attack. According to research from Cybereason, the REvil gang is the biggest ransomware cartel with the largest market share in the ransomware-as-a-service business with estimated profits of more than $100 million in 2020. Also, security researchers at Cybereason found that 60% of targets are in the U.S. and wholesale manufacturing and professional services companies. Cybereason also connects REvil to the recent attacks on Acer and Apple.

Felipe Duarte, a security researcher at Appgate, said it's not clear where the breach started but that it's possible a social engineering campaign infected employees through spear-phishing emails and then expanded to the internal network by exploiting nearby vulnerable systems. 

Duarte listed the most commonly used vulnerabilities in these attacks as:
  • CVE-2019-19781 — widely used by Ransomware groups like Sodinokibi to exploit outdated Citrix servers
  • CVE-2019-11510 — used to exploit vulnerable Pulse VPN appliances
  • ProxyLogin — a set of Microsoft Exchange vulnerabilities currently being used by several malware families, including the new EpsilonRed, to exploit on-premises Exchange Servers.
"If a company has internet-exposed systems, these vulnerabilities can carry an attack without the need to trick an employee," he said. "They also open the gate for other common infection vectors based on weak credentials exploitation."

Duarte also notes that although JBS claims that the attack did not affect its backup servers, it can take some time to restore the entire network and disclose all the affected systems.

"We expect a significant impact on the meat supply chain depending on how much time it takes for JBS systems to recover," he said. 

Tom Hoffman, senior vice president of Intelligence, Flashpoint said that if the company was hit by a ransomware attack, some of the data might show up on dump sites within 10 to 14 days, or sooner if the threat group sees that the company is recovering and does not intend to pay for decryption keys.

from TechRepublic

0 Comments



Leave a Reply.

    Author:

    Picture

    Brad Egeland


    Named the "#1 Provider of Project Management Content in the World," Brad Egeland has over 25 years of professional IT experience as a developer, manager, project manager, consultant and author.  He has written more than 8,000 expert online articles, eBooks, white papers and video articles for clients worldwide.  If you want Brad to write for your site, contact him. Want your content on this blog and promoted? Contact him. Looking for advice/menoring? Contact him.

    Picture
    Picture
    Picture
    Picture
    Picture

    RSS Feed

    Archives

    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    July 2011
    June 2011
    May 2011
    March 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    June 2010
    May 2010
    April 2010
    March 2010
    November 2009

    RSS Feed

Powered by Create your own unique website with customizable templates.