The hacking group has put in a demand for $7.5 million in ransom, against the major telecommunications provider. InfoSecurity reports that the firm’s official website is currently down and local reports suggested that employees started having trouble accessing internal VPNs and databases as early as July 15, 2020. Furthermore, following the and that sum will supposedly double after three days. The incident did not cause any damage to the ISP’s customers, but the company’s official websites have been down since July 18, 2020, and 18,000 computers have been infected after the hackers gained control of an internal domain administration.
In addition to demanding a ransom, the hacking group behind the incident are also known to steal a portion of locked data first and then encrypt the malware.
To gain an insight, Mark Bagley, VP or Product at AttackIQ looks into the issue for Digital Journal.
According to Bagley,the scale and significance of this specific attack is high: “This is likely to be one of the more expensive ransomware attacks this year.”
Focusing on the weaknesses that enabled the attack to happen, the analyst opines: “A security program that included network segmentation, preventing the lateral movement of an adversary would have been decisive in mitigating this situation. Legacy approaches that focus on stopping an adversary at their initial attempts to access targets of interest will continue to fail. Companies must design their security programs to minimize the impact when an adversary successfully infiltrates their network.”
in terms of what needs to be done in order to put control measures in place, Bagley says: “This control of lateral movement is imperative to preventing many other adversary behaviors. Preventing an adversary from using credentials harvested from one system elsewhere in the network – a technique called “credential stuffing” when automated – is one crucial way organizations can reduce the damage of an attack.”
Issuing a stark warning for the future, Bagley concludes: “Given the increases in sophistication and automation that have been observed in recent attacks, it’s not enough to address cyberthreats as they happen. A proactive cybersecurity approach is vital and should include continuous testing of security posture to identify exposures and improve defenses before adversaries apply exploits to them.”