Tag: data breach

From Vulnerability to Execution: A Ransomware Story – Ping Podcast – Episode 56

Episode 56: From Vulnerability to Execution: A Ransomware Story

When it comes to ransomware, the typical coverage of an attack involves who was attacked, and how much the attackers demanded. But rarely is the attackers process shared. In this episode, we welcome Sophos VP of Managed Threat Operations Mat Gangwer tell a particular ransomware story. He takes us through an attack attributed to new ransomware cell Atom Silo. First, we start with the unpatched vulnerability. Then, we hear what the attackers did once they got in. And finally, we discuss the execution of the attack. Oh, and extra finally, we discuss what you can do to avoid a similar fate.

Read the full story, titled Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack.

In headlines, hear about the Facebook/Instagram/WhatsApp outage(s). And then, get the scoop on the Twitch breach. Finally, we learn why burnout is yet another factor working against cybersecurity careers.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, Overcast, Amazon Music, TuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Moreover, please rate and review us wherever you listen. And remember to subscribe or follow where you can to get the latest episodes as soon as they’re released

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week, and our knowledge hub.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

Equinix Data Center Hit With $4.5 million Ransomware Attack

One of the world’s largest global data centers has announced an investigation into a ransomware incident. On Sept. 9th, Equinix – which directly connects to AWS, Google Cloud, Azure, Oracle, and AT&T – revealed the inquiry. It’s been a rough few weeks for enterprise organizations and ransomware. Less than a month ago, we saw a thwarted breach of Tesla which could have commanded a massive ransom. Below is an official statement from Equinix.

“Equinix is currently investigating a security incident we detected that involves ransomware on some of our internal systems. Our teams took immediate and decisive action to address the incident, notified law enforcement and are continuing to investigate. Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers. Note that as most customers operate their own equipment within Equinix data centers, this incident has had no impact on their operations or the data on their equipment at Equinix. The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation.”

Equinix was reportedly hit with a Netwalker ransomware attack in which attackers asked for $4.5 million, threatening to release stolen data to the public. If 7 days lapse without payment, Equinix will face double the ransom amount. It’s not hard to imagine these guys are scrambling right now, assessing all their options.

From photos released to the public by the hacking group, it seems data centers in Australia were the weak points for the breach. The information stored in those data centers may also be what’s at risk of exposure.

About Equinix

Equinix is a global data center headquartered in Redwood City, California. Leadership of the organization includes CEO Charles Meyers and Founder Jay Adelson. Equinix is a publicly traded company on NASDAQ (EQIX). With revenue hitting $5.5 billion in 2019, Equinix is a major player in the global data center industry.

Learn More About Ransomware

Don’t be the next victim of a ransomware attack. Strong cloud-based sandboxing, frequent firmware updates, & smart network security practices can keep you secure.

Data Breach Reminds: Configuration Is Key

An Unfortunate Reminder

If we’ve said it once, we’ve said it 1,000 times – and we’ll keep saying it: the right configuration is key for your network to be fully secure. We had another reminder this week, with news of a data breach affecting Capital One in which a hacker gained access to more than 100 million credit card applications and accounts, in what CNN calls, one of the biggest data breaches ever. Capital One had security measures in place, but the breach still occurred. So how did the hacker get through? A misconfigured web application firewall.

Misconfiguration Opens the Door

More specifically, according to the criminal complaint filed by the U.S. Department of Justice, “a firewall misconfiguration permitted commands to reach and be executed by [a specific] server, which enabled access to folders or buckets of data in Capital One’s storage space at the Cloud Computing Company.” Unfortunately, this is all too common. According to Gartner, 99% of successful network breaches can be attributed to a misconfiguration of the firewall.

The DOJ complaint alleges the hacker gained access multiple times over a few months. It wasn’t until Capital One received an anonymous tip that the company became aware of the data breach. That means the stolen personal information – which included approximately 120,000 social security numbers, more than 75,000 bank account numbers, and millions of names, addresses, and birth dates – was available to the highest bidder for quite some time.

Not only was the firewall misconfigured, the theft was not quickly detected. Those are two expensive issues you don’t want your network to have. Capital One expects to spend $100 to $150 million in costs related to this data breach.

How Can I Prevent a Breach?

So how do you prevent the same thing from happening to you? Get a professional configuration with ongoing management of your network. Our network engineers provide personalized solutions based on your unique needs, ensuring optimized performance and security. Once your configuration is complete, they offer managed security services that take the burden of everyday monitoring, patching vulnerabilities, threat detection, and more away, allowing you to rest assured that the security of your valuable data is in the hands of top-notch, certified professionals. And anytime you have a question, they’ll be there at our Security Operations Center to help.

LEARN MORE ABOUT OUR PROFESSIONAL CONFIGURATIONS

If you want to take a crack at a configuration on your own, we can help with that, too. Our configuration checklist takes you on a deep dive through the complexities of the configuration process and helps you keep your settings, rules, and hierarchies organized. Did we mention it’s FREE to download?

 

*If you’re a Capital One customer and think you may be affected by the data breach, here are some steps you can take.

POS Breach: How firewalls & PCI compliance keep your customers safe

The POS breach. They’re the bogeyman on the mind of every consumer when they swipe their card at the check-out counter: POS, or Point of Sale, breaches. With famous examples such as the Target breach of 2013, in which 2000 retail stores lost sensitive financial data for their customers, it is no wonder that the menace of cyber thievery through the conduits of transaction systems are legitimate concerns. To understand why this type of attack is a real threat, it’s important to first understand how and why it keeps happening.

The Objective:

In most every case of a POS breach, the attacker’s goal is to make off with the sixteen digits printed on the front of your credit card. Credit card data goes for big bucks on the cyber black market, so stealing credit card credentials will always be a worthwhile endeavor for cyber criminals. For the last several years, credit and debit transactions have taken the number one spot as the most common form of payment in the United States. With a majority of transactions taking place through plastic, the Point of Sale device has a big target on its chassis.

The Marks:

Cyber criminals aren’t exactly picky about whose data they’ve stolen. Instead, their game is focused on quantity. Therefore when it comes to a POS breach, attackers are only looking for a few factors to designate a quality target: ease of the breach, number of potential victims, and business functions reliant on Point of Sale systems. Certain types of industries are on the chopping block. Usually, those industries include restaurants, hotels, grocery stores, gas stations, and department stores. Perimeter security in these kinds of businesses are often lax and a high volume of credit card transactions means that attackers have a better chance of snagging something.

The Method:

Most POS systems run on a Windows system. This means that POS systems are susceptible to the same vulnerabilities as a Windows-based computer. Upon swipe, a POS stores credit card data, unencrypts that data in order to process the transaction, then stores the transaction data to later be rolled up to corporate for audit. In the case of POS breaches, cyber criminals are focused on inserting themselves between the unencrypting process and the transaction archives.

You may be wondering how malware is delivered to a POS system. Are criminals swiping malware-laced credit cards at the register? Or hacking into the wires out back? No. Unfortunately, the same means and methodology of the everyday hacker work just fine for a POS breach: phishing emails, weak passwords, and cyber security oversights.

In most cases, breachers target the computers connected to the POS machine to gain access. Employees use these machines not only for transactions, but also use these machines to check email, run other Web-facing applications, or just to surf the web when the boss isn’t looking.

Social engineering and a lack of basic security culture can easily turn a computer used as a cash register 95% of the time into a fruitful honeypot for hackers.

The Cure:

PCI Compliance is a 12-step checklist to ensure that your business is safely handling payment cards. Nearly half of the dozen requirements can be accomplished by use of a properly configured and up-to-date firewall device. If your firmware is kept current and your appliance has been configured in a way which leaves no vulnerabilities and blindspots in the network, you should be golden. Further, regularly discussing cyber security and email safety with employees should be a no-brainer.

Curious about keeping your organization PCI Compliant?

CHECK OUT OUR PCI COMPLIANCE ARCHITECT SOLUTION