Can your data be held hostage?

Info Security Magazine April 2019:    

It seems as if we are awash with ransomware stories these days. Many caused by users inadvertently clicking on a link within an email triggering the ransomware program and hey presto, the user is then unable to access their data without paying for it. Ransomware victims paid an average of $6,733 in the fourth quarter of 2018, according to ransomware incident response firm Coveware.

A more insidious attack is now appearing, where a company’s data or network is compromised by a cunningly hidden attack. A company’s data may include secret formulas or recipes that a product depends on and should someone alter that data, they haven’t theoretically stolen it, but suddenly the product is not being made to the correct formula or recipe.

Such attacks fall under the banner of commercial espionage and attackers range from competitors, disgruntled employees and even nation states. Once in the network, the attacker remains hidden and takes various approaches dependent on what the attack is to achieve. We have seen attacks where data has been monitored and fed back to the competition when a tender has been submitted, or a change to pricing. Such information can be very valuable when governments are placing large contracts. It is not the intension of the attacker to tell the victim that they have their data, but to remain hidden, indefinitely.

Equally we have seen a rise in data modification that has resulted in very expensive product recalls and loss of market confidence, which ultimately could have led to the business failing. It is likely that such attacks will evolve into a blackmail scenario, where the victim is advised of the infiltration and possible data modification ramifications, should ongoing payment not be forthcoming.

These attacks generally occur due to the poor monitoring of network access and missing unusual events that are happening within the infrastructure. Frequently, incidents are flagged up, but due to the busy nature of many IT departments, they go unchallenged.

The difficulty in preventing these data protection rackets is that the route into the system can be varied. It is no longer simply about a user clicking on a link within a random email, these attacks are targeted to order. They can come from carefully crafted email infiltration, by manipulated links on what appears to be genuine websites or they could be physical attacks where access to the network is gained from within and the exploit payload delivered, effectively by hand.

Read the full article in Info Security Magazine Here