AXEL.org

cyber attack

Another Day, Another Cyberattack: Kaseya Software and the Future of Ransomware

Once again, a major ransomware attack has affected businesses and consumers across the globe. Kaseya, a software company that provides IT infrastructure for managed service providers, was the victim of this latest cyberattack. Over the 2021 Independence Day weekend, REvil, a Russian-based hacker gang sent out a malicious software update to Kaseya’s clients, resulting in up to 1,500 small businesses being compromised[1]. Now, the group is asking for USD 50 million to undo the damage, the largest ransomware demand in history[2].

While the effects on some compromised businesses were minor, others were hit hard. For example, hundreds of grocery stores in Sweden were forced to close after their cash registers became inoperable following the attack, with railways and pharmacies in the country also being affected[3]. Additionally, some New Zealand schools were taken offline because of the attack[4]. This worldwide attack shows how crippling ransomware attacks can be, and highlights the importance of businesses protecting and securing their data.

The History of REvil

REvil, short for Ransomware Evil, is a Russian-based group of cybercriminals that attacks businesses by encrypting their data and rendering it unusable until a ransom is paid to them. Founded in 2019, REvil quickly gained prominence and, recently, has increased the scale of its attacks. While the average ransom demand from REvil was just USD 728,000[5], recent attacks have shown the group’s willingness to aim for more. For example, REvil attacked JBS, a meat processing company, in May. While food shortages were avoided, the company still paid REvil USD 11 million to prevent further supply chain interruptions[6]. Even worse, REvil uses its ransom money to hire new hackers and research new ransomware technology, becoming a thriving business of cybercrime[5]. In just two years, REvil has become a powerful group, launching successful ransomware attacks across the globe.

A Troubling Trend

Unfortunately, the Kaseya attack is just one example of a larger problem faced by businesses around the globe. Hacker groups seek to attack and exploit any business they can by threatening to destroy or leak data unless a massive payment is made. Much worse than simple computer viruses, ransomware attacks can grind business to a halt within hours.

Cyberattacks involving ransomware have increased further in 2021, with recent attacks affecting people and businesses around the globe. In May, an attack on the Colonial Pipeline affected millions of Americans, causing fuel shortages in the Southeast. Even though Colonial Pipeline paid the ransom within hours of the attack, the effect was still felt by millions. 

The Colonial Pipeline attack was just one of the thousands of expected ransomware attacks in 2021[7], and, unfortunately, they show no sign of slowing down. As long as hackers continue to find vulnerabilities in business security, ransomware attacks will continue. With more and more work being done online, data becomes more and more vulnerable. Ransomware attackers can strike at any time, destroying a business’s ability to function. And even if a business pays the ransom, it can take a long period of time to get back to normal. 

So while ransomware prevention can be a headache, it helps make sure you are as protected as possible from attackers. After all, there is nothing hackers love more than a business with lax cybersecurity.

Tips to Prevent Ransomware Attacks

Create and Frequently Update Offline Backups of Data: While this is a time-consuming process, this is the best way to ensure your business can still function if a ransomware attack occurs. Backing up your data offline ensures that if you are affected by ransomware, your important data will be safe from hackers. Simply delete your affected systems and reupload your offline data onto a new system.

Consider Using White Hat Hackers: While hackers have a negative connotation, white hat hackers can help businesses tremendously. They ethically check and test your cybersecurity measures and inform you of any potential vulnerabilities. Once you know the issues, you can fix them and protect your business from the hackers who wish to hurt rather than help.

Update your Antivirus Software: This is the simplest, easiest way to make sure you and your business are protected from ransomware attacks. Each update of antivirus software helps patch vulnerabilities that are present. Staying up-to-date helps ensure you are as protected as possible from unethical hackers who check for holes in security. If your business is on an older version of antivirus software, hackers can find a way past the protection and hold your business hostage. Patching these holes through software updates keeps you safe from old security bugs that attackers often exploit.

The Future of Ransomware

As technology evolves further, unfortunately, so do the practices of unethical hackers. Every day, businesses and individuals put data at risk of cyberattacks. While businesses and antivirus softwares try to ensure every security vulnerability is patched, hackers may still find a way to attack. However, following the tips mentioned before and safeguarding your data can make you less likely to become a victim of a ransomware attack.

Unfortunately, if attackers obtain data and threaten to sell or leak it unless a ransom is paid, a business has few options other than paying the ransom or losing the data. Once attackers have access to the data, there is not much a business can do. This is why the best defense against ransomware is prevention. Taking the time to secure your data, update your software, and find vulnerabilities will increase your protection from cybercriminals who wish to wreak havoc on a business.

Securing Your Data

At AXEL, we believe data privacy is a right. Unlike other tech companies, we will never sell your data to third parties, helping ensure your data is only yours. Our file-sharing application, AXEL Go, uses blockchain technology and AES 256-bit encryption to provide the most secure cloud-sharing system in the industry. Whether for business or personal use, AXEL Go helps protect your most important files. 

Sign up today to receive a free 14-day trial of our Premium service with all of AXEL Go’s features unlocked. After the trial period, you can choose to continue your Premium account for just $9.99/month or use our Basic service free of charge. Together, we can help protect data from malicious attackers.

[1] “Up to 1,500 Businesses Compromised by Latest Ransomware Attack, Kaseya CEO Says.” CBS News. July 06, 2021. http://www.cbsnews.com/news/ransomware-attack-kaseya-1500-businesses/.

[2] “In Private Conversation, Hackers behind Massive Ransomware Outbreak Lower Demand to $50 Million.” CNBC. July 05, 2021. http://www.cnbc.com/2021/07/05/revil-hackers-behind-massive-ransomware-outbreak-drop-demand-to-50m.html.

[3] Browning, Kellen. “Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack.” The New York Times. July 03, 2021. https://www.nytimes.com/2021/07/02/technology/cyberattack-businesses-ransom.html.

[4] Satter, Raphael. “Up to 1,500 Businesses Affected by Ransomware Attack, U.S. Firm’s CEO Says.” Reuters. July 05, 2021. http://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/

[5] Javers, Eamon. “Axis of REvil: What We Know about the Hacker Collective Taunting Apple.” CNBC. April 23, 2021. https://www.cnbc.com/2021/04/23/axis-of-revil-inside-the-hacker-collective-taunting-apple.html.

[6] Bunge, Jacob. “JBS Paid $11 Million to Resolve Ransomware Attack.” The Wall Street Journal. June 10, 2021. https://www.wsj.com/articles/jbs-paid-11-million-to-resolve-ransomware-attack-11623280781.

[7] Hum, Thomas. “Over 65,000 Ransomware Attacks Expected in 2021: Former Cisco CEO.” Yahoo! Finance. June 14, 2021. https://finance.yahoo.com/news/over-65000-ransomware-attacks-expected-in-2021-former-cisco-ceo-125100793.html.

Ransom-Wars: The Task Force Awakens

Ransomware is a significant societal problem. If you’re unaware of how it works, read our previous blog on the topic.  2020 was a banner year for ransomware gangs, as analysts estimate they brought in approximately $350 million, with the average payment exceeding $315,000[1]. It’s gotten so concerning that 60+ government agencies and industry leaders formed a task force to tackle the situation.

Key members include the United States Department of Justice, the FBI, the Department of Homeland Security, Europol, Microsoft, Amazon, Cisco, and more. They recently published an 81-page document that discusses the issue and creates a framework for dealing with ransomware[2]. Lucky for you, we read it, so you don’t have to. Here’s the easily digestible summary.

Definition of ransomware

The first quarter or so of the report focuses on defining ransomware and the tactics threat actors use. These are covered in our previous blog if you’re interested. To summarize quickly, ransomware is a type of malware malicious agents install on high-priority computer systems, typically governmental organizations or successful businesses.

Once they infect these networks, the malware moves throughout them and encrypts or exfiltrates the files it finds. A ransom is given that the organizations must pay to decrypt their data or prevent the hackers from leaking it on the internet.

Some rather nasty gangs require double ransoms, one for decryption, the other for not leaking the information. It’s known as double-extortion and is becoming a popular tactic. Now, onto the proposed framework.

The framework for fighting ransomware

We should note that this document’s crux lies in the need for international cooperation for its implementation. Although the United States suffers the majority of ransomware attacks, it is a global problem. The perpetrators come from many different countries such as Russia, Iran, and North Korea, which have zero incentive to stop. This means the rest of the global community needs to agree to the framework for it to work.

Goal 1: Deter

The first goal of the framework is to prevent as many ransomware infections as possible. The document outlines various steps the world must take to do so:

Establish an international ransomware coalition. Governments and corporations around the world have to come together. The document suggests that leaders must communicate regularly about the threats to keep the global community informed about new groups and malware variants. It outlines that nations should create “investigation hub” networks for data sharing and analysis.

The U.S. Government should prioritize ransomware policy. The task force wants the United States, in particular, to get tough on ransomware. It proposes the intelligence community designate it as a formal national security threat and for the DoJ to prosecute ransomware cases more aggressively. Furthermore, it wants the U.S. to levy sanctions against countries that harbor ransomware gangs to increase pressure for cooperation.

Goal 2: Disrupt

The second objective is to disrupt the current business of ransomware gangs and make it a less profitable endeavor. The task force recommends:

Crack down on cryptocurrency markets. Ransomware groups force victims to pay nearly all ransom payments in cryptocurrency.  They do this because cryptocurrencies are borderless and can be challenging to track. There are anonymous exchanges, privacy coins, and techniques to exchange the assets from cryptocurrency to cryptocurrency to obfuscate the origins. The report suggests governments provide more of a regulatory framework to this market. It wants exchanges to follow current anti-money laundering laws to which other financial institutions must adhere.

Create an insurance company consortium. Insurance companies do offer protective plans against ransomware. The task force would like to see collaboration and data sharing between these organizations. It claims this could reduce payments to sanctioned or terrorist bodies since they could use the mass amount of information to get a clearer picture of the groups demanding the ransoms.

Target infrastructure used by criminals. Ransomware campaigns require significant computer infrastructure. The report proposes international cooperation that targets these systems and brings them down.

Goal 3: Help

Unfortunately, many organizations aren’t well prepared for ransomware attacks. The fact is that most organizations over a certain size will be targeted sooner than later. The task force recognizes this and wants to provide these organizations with more information and better toolsets to deal with attacks. It advises:

Create and highlight complementary materials for the framework’s adoption. There are a significant amount of readily available materials about ransomware prevention and mitigation. The task force wants to promote these existing materials and create new ones to fill in any information gaps. The new materials should be geared toward organizational leaders and include specific implementation procedures.

Require government agencies to follow guidelines and incentivize private businesses. The task force wants to include ransomware-specific guidelines in existing cyber-hygiene standards and require government agencies to follow them. Furthermore, it supports creating more grants while alleviating fines and taxes for private companies that follow the framework. This would make a strong incentive for everyone to be on board.

Goal 4: Respond

Organizations need a more effective response after a ransomware infection. This goal aims to aid businesses and agencies after an incident. The task force recommends:

Increased support for victims. Ransomware is destructive and could be incredibly dangerous if it affected critical infrastructure or health-based organizations such as hospitals. The task force wants to set up a relief fund that would help funnel resources quickly if such a situation ever occurs.

Encouragement to report ransomware.  Ransomware attacks are embarrassing for companies, and many don’t even report them. This stops the flow of information and hinders future efforts to predict and prevent attacks. The task force feels proper encouragement and education materials are crucial to getting an accurate, holistic picture of the insidious malware.

Educate organizations about payment alternatives. The truth is, if organizations stopped paying the ransoms, the income would dry up for ransomware gangs, and it would no longer be a worthwhile endeavor. This is easier said than done, as some data is very sensitive and perhaps not backed up offline. Still, the task force urges companies to look at the alternatives to paying whenever possible.

Potential roadblocks

These all sound like good suggestions and would actually go a long way in fighting ransomware if implemented adequately. However, there are some weaknesses to consider:

Privacy concerns. If the world at large enacts this framework, governments and businesses will share a lot of data. As with most scenarios regarding Big Data collection, this has a good chance of going awry from a privacy standpoint. Is it worth it? A detailed cost-benefit analysis would have to be done, but AXEL believes the possibility of abuse is too great as-is. The fact is, even if governments gave privacy guarantees, they don’t mean much.

Inefficient bureaucracy. The task force recommends multiple new governmental and private-public partnership organizations created to combat ransomware. It’s admirable to put so much thought into methods to take on the problem, but additional levels of bureaucracy may prove (as they typically do) to be inefficient.

Data security

AXEL believes that basic education about cybersecurity best practices for all members of an organization is the best way to prevent ransomware infections currently. While all systems have technical weaknesses, the biggest weakness tends to be the human factor. Teaching employees to be vigilant about ransomware and understand the risks entirely is effective.

Another part of the equation is data security. Are you storing and sharing data securely? If not, or you aren’t sure, you should try AXEL Go. AXEL Go utilizes multiple layers of security to protect data from malicious agents. You can read more about our use of technology and download the app to try for yourself at AXELGo.app. Sign up today and receive a free 14-day trial of our Premium service.

[1] “Ransomware Skyrocketed in 2020, But There May Be Fewer Culprits Than You Think”, ChainAnalysis.com, Jan. 26, 2021, https://blog.chainalysis.com/reports/ransomware-ecosystem-crypto-crime-2021

[2] Ransomware Task Force, “Combatting Ransomware”, SecurityAndTechnology.org, April 2021, https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force-Report.pdf

How Virtual Reality Is Being Used To Put An End To Cyber Attacks

**This is part of our series highlighting startups who share our mission of trying to make people’s lives just a little easier**

The explosion of new technologies has seen a huge rise in the quantity and – more importantly – the quality of cyber hackers out there. Crude attempts to hack into systems are a thing of the past, and instead expert attackers are collaborating with governments and crime syndicates to do questionable things with data.

For digital businesses in particular, this is a big concern. Large, distributed networks that are scattered around the web lend themselves perfectly to cyber-attacks from sophisticated hackers, and those hackers are more savvy than ever before.

New Israel-based startup Illusive Networks was built to stop these attackers in their tracks – literally (albeit digitally).

Malicious hackers will find every entry point they can to wriggle into a network, often bypassing firewalls that companies thought would protect them and their assets. Because of this, Illusive Networks has said goodbye to firewalls and has instead gone for a different method of creating a new world for the hacker to disappear into (and get lost).

If it sounds like something out of Minority Report, you might be onto something. And, if it sounds a bit farfetched, you’re on the same wavelength as us. I mean, creating a whole new world simply to distract potential hackers seems like a lot of extra effort, right?

This is where it gets interesting.

You’ve heard of virtual and augmented reality, right? These are two new technologies that layer an alternate reality over the top of, well, real reality to bring participants new perspectives and new worlds entirely.

Illusive Networks taps into these technologies and creates a false version of a company’s network to either trap the hackers in an alternate “reality” or kick them out completely.

Isn’t Illusive Networks Just Like the Others?

The answer to this question is, of course, yes and no.

Businesses have access to thousands of different security products these days, and there seems to be a new anti-cyberattack startup popping up every single day.

Because of this, business owners and security leaders are resisting adding even more tools to their security arsenal – the last thing people want or need are noisy alerts every time a hacker tries to break through a digital barrier.

“But technologies that truly look at existing problems in new ways and are purpose-built to help companies deal with the unexpected can deliver significant efficiencies that reduce rather than add to the security burden,” says Illusive Networks’ Founder and CEO, Ofer Israeli. “Distributed deception technology is certainly one of them.”

How Illusive Networks Works

On its website, Illusive Networks says that it:

  • Maps potential paths attackers can take to get to the goods (a.k.a. your most important assets)
  • Finds and gets rid of risky areas that help attackers reach your assets
  • Cloaks your system with thousands of high-fidelity deceptions that trigger an alert when one wrong move is detected
  • Offers real-time forensic reports to help response teams stay in control

But what do all these things really mean? And what even is “distributed deception technology”?

“There will always be a phishing or drive-by attack,” says Israeli. “Humans are the weakest link and always will be and will continue to make mistakes. But once the hacker is in, now we have an attacker who needs to orient himself.”

Essentially, distributed deception means creating a series of fake journeys a potential hacker could take. The aim is to confuse, deceive, and catch them red handed.

Illusive Networks creates an “illusive” version of a company’s network (that alternate reality we were talking about earlier). And, once a hacker finds themselves in this parallel universe, the tool identifies the individual and either keeps them shut in there forever or kicks them out for good.

Think about it: to strategically plan a pathway to the main asset, a hacker needs to consider two things. They need to know what options they have for where they can go next, and they need to know how they can access the powers needed to execute that particular move. In the security world, this two-step process is known as orientation and propagation.

You see, to get to the coveted prize, a hacker needs to make a series of hundreds or thousands of tiny moves – something that Illusive Network aims to put a rapid stop to.

Say, for example, there’s a hacker who has the option to take three different paths towards their next step. Illusive Networks then swoops in with a further twenty choices, of which only three are real and the other seventeen are traps. If the hacker takes any of those seventeen options which, let’s face it, is highly likely with the law of probability, the system is alerted to an unwanted intruder.

Likewise, if a hacker needs to gain credentials to make their next move, Illusive Networks will supply them with tens more credentials than they need so that, again, if they pick the wrong choice the system goes into lockdown.

So, rather than shutting out hackers entirely like firewalls do, Illusive Networks deceives them so it’s almost impossible for them to reach their end goal. The startup has even brought several ex-attackers on board who have shared their perspectives to make solutions more realistic and useful.

Perhaps the most advanced thing about the startup is that neither the professionals working for Illusive Networks nor the hackers can see the deceptions until they walk into them head first. This means the deception sensors are only triggered if someone “bumps into them”, but it also means that it only takes a few moves (out of potentially thousands) for an attacker to be detected and kicked out.

What Does This Mean for the Future of Cyber Attacks and Data Breaches?

Illusive Networks plans to bring a new age of security to digital businesses that will see less hackers succeeding despite them getting more and more sophisticated every day.

Data breaches could be a thing of the past, as distributed deception means hackers don’t have to just navigate one obstacle like a firewall. Instead, there are obstacles all around them (think security lasers in a museum as a real-life example), and every wrong move can be quickly detected.

But while it might be comforting to know that our personal data looks to be safer than ever, the technology behind Illusive Networks might not be limited stopping hackers in the future.

What if hackers start using it to their advantage? These are people that are highly skilled in tech-endeavors, so surely they’re buffing up on this new technology as we speak and working out ways they can use it to their benefit? If they’re not, maybe they’re missing a trick.

Systems like the one Illusive Networks is using are groundbreaking in the war against cyber attacks but only time will tell if they’re victorious.

We’re Wearing Our Data – What Wearables and the Internet of Things Mean for Data Privacy

Dave is an average US worker.

His day starts when his smart watch buzzes gently on his wrist, and ends when it tells him he needs to get some shut eye to rack up the eight hours he needs.

Throughout the day, his smartwatch tracks his blood pressure, his heart rate, and how many steps he takes. Some days Dave doesn’t get enough sleep and he feels groggy, and other days he does more than his recommended daily amount of exercise and he feels great.

Dave likes knowing this information, just like millions of other consumers out there who have invested in wearable technology.

But while Dave and his fellow consumers might like knowing this information about themselves, they don’t want it to be captured and kept by large corporations.

Understandable, right?

However, that becomes particularly difficult when wearables rely on collecting user data in order to provide personalized programs and enhance user experience. Take Fitbit, for example, which collects data on health levels and uses that information to improve its algorithms and offer individual fitness programs.

Now, alongside the ever-increasing news about government-backed surveillance programs and data breaches, consumers are getting more and more paranoid about who has access to their data.

And, as we begin to dive into a world of wearable technology that’s with us all the time, the worry that has been simmering away is starting to bubble over.

So What Do Wearables Mean for Our Data Privacy?

Popular wearable products like the Apple Watch and the Fitbit have shifted the industry from heavily health-centered into the realms of popular culture. And, while this means that wearables can be used for a whole lot more than tracking our heart rate, it also means that the healthcare industry rules and regulations around data protection become hazy.

Sure, consumers all over the world are clamoring to get their hands on fitness trackers and smartwatches, but the vast majority of them don’t know what these devices mean for their data security.

In fact, a study released by the Center for Digital Democracy and the School of Communication at American University claimed that the health privacy regulatory system in the US doesn’t give consumers the protection they might expect when it comes to wearables.

As the wearable trend expands from people’s personal lives into their working lives and other verticals, users are becoming increasingly skeptical. Now, 82% of workers that use wearables as part of their job believe that it’s invading their privacy, while 86% think it makes them more susceptible to data breaches.

Why Wearables are Challenging Consumer Views on Data Privacy

In a report put together by the University of London and Rackspace, it was discovered that wearables boost user productivity rates by 8.5% – so yes, there are many positive points surrounding the industry.

But the increased usage of them has an impact on data privacy for two reasons.

Firstly, wearable devices increase the popularity of apps – because, well, the majority of them need an app to deliver the information from wrist (or clothing) to a screen. The problem with this is that apps are more susceptible to data breaches than general web browsing because they collect data and store it all in one place.

Secondly, wearable devices are used in real-time. They don’t need to be used in a certain place at a certain time; they can be used, wherever and whenever, which is one of their biggest draws.

This means that the devices are processing greater volumes of information at every moment the user is wearing it. This is great for the user, because they get loads more data on-the-go, and it’s also great for the wearable provider, because they’re also constantly getting their hands on data to improve and refine.

But where is the line? Where is the line between being beneficial to the user and the provider having too much information?

Let’s take a look at an example.

One of the biggest benefits of wearables is that they can be used discreetly – for the most part, they double up as fashion accessories and can blend in with any outfit.

This image has an empty alt attribute; its file name is Google_Glass_detail.jpg
Credit: Antonio Zugaldia (Wikimedia) Creative Commons Attribution 2.0 Generic

A number of casinos in Las Vegas are tapping into this benefit with a system that buzzes staff member’s wearables when a high roller walks past. When they check their smartwatch, the staff members can gather information about the high roller so they can then greet them by name.

While it can be argued that this improves the customer experience and it helps the casino get more money by targeting high rollers, who is the process more beneficial for?

And Then There Are Cyberattacks…

With any new technology the risk of cyberattacks increase. And, when wearables often connect to wireless networks, it can be a struggle to keep the system safe.

Let’s look at the numbers.

At the end of 2015, there were around 200 million wearable devices on the market. By the end of 2018, there is predicted to be around 780 million – a considerable increase in just a few years.

This shows the industry is continuing to blossom regardless of whether users are concerned about their data or not, but it also gives hackers more opportunity to steal sensitive data for their own gain.

Chief consumer security evangelist at Intel Security, Gary Davis, says that “the information that’s contained on your wearable that’s stored either on your smartphone or stored downstream on a cloud is worth ten times that of a credit card on a black market.”

This is because credit card companies are well-versed at detecting and dealing with fraud, and can make it go away pretty quickly. On the other hand, data stored on wearable devices is permanent – people can’t change their Social Security Number or their date of birth.

It’s Not All Doom and Gloom

But while there are undoubtedly increased data security risks from wearables (any kind of new technology is vulnerable to this), there are plenty of ways wearables are improving certain industries, whether it’s just enhancing customer experience in a shop or going all out and improving medical treatments for serious illnesses.

In the retail sector, store employees are increasingly tapping into the power of smartglasses to find key information about products on-the-spot. This improves the customer experience, but it also optimizes employees’ time. And, in the medical industry, smartwatches are able to monitor blood pressure and even examine a baby’s heart rate in the womb.

Which begs the question: do the benefits outweigh the data risks?

But perhaps the more pressing question is whether anything is being done to quash consumer paranoia?

In most industries there are a set of accountability laws and regulations. In the health industry, there’s the Health Insurance Portability and Accountability Act (HIPAA) which puts rules in place for what medical companies can and can’t do with data.

But the key problem is that this act, for example, only covers healthcare providers like doctors and hospitals, and doesn’t stretch as far as health-conscious wearables.

What’s the Future Like for Wearables and Data?

If predictions are right, the wearables market is only set to explode further in the next couple of years but, like with any fast-growing tech arena, it looks like there needs to be some serious thought put into how data is collected and used.

Like other industries, we might see a new rules and regulations act pop up that devotes itself to monitoring and laying down laws for the wearables industry, regardless of whether a smartwatch is being used for health reasons or to boost productivity in the workplace.

What we can be certain of is that consumer paranoia about wearables and data privacy is completely justified, but the next few years are vital for the industry to prove that it has its users at the front of the mind.