Archive for September 13, 2021

Olympus Pwned By Ransomware

Posted in Commentary with tags on September 13, 2021 by itnerd

Japanese tech giant Olympus has apparently become the victim of a ransomware attack:

Olympus said in a brief statement that it is “currently investigating a potential cybersecurity incident” affecting its European, Middle East and Africa computer network.

“Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners,” the statement said.

But according to a person with knowledge of the incident, Olympus is recovering from a ransomware attack that began in the early morning of September 8. The person shared details of the incident prior to Olympus acknowledging the incident on Saturday.

The people allegedly behind the attack are apparently the BlackMatter group. Here’s what you need to know about them:

BlackMatter is a ransomware-as-a-service group that was founded as a successor to several ransomware groups, including DarkSide, which recently bounced from the criminal world after the high-profile ransomware attack on Colonial Pipeline, and REvil, which went silent for months after the Kaseya attack flooded hundreds of companies with ransomware.

And:

Groups like BlackMatter rent access to their infrastructure, which affiliates use to launch attacks, while BlackMatter takes a cut of whatever ransoms are paid. Emsisoft has also found technical links and code overlaps between Darkside and BlackMatter.

Here’s what Director of Strategic Threat at Darktrace, Marcus Fowler had to say:

The ransomware attack on Olympus continues the trend that no organization, irrespective of size or industry, is immune from cyber-threats. The group responsible for the Olympus attack is assessed to be BlackMatter, a newer ransomware-as-a-service group. BlackMatter is said to be born out of DarkSide, the hacking group responsible for the Colonial Pipeline attack. In the aftermath of the Colonial attack, the Biden Administration’s designation of ransomware as a national security threat most likely resulted in the dissolution of DarkSide, and this may be a new trend of these hacking groups being more temporary to distract from a government focus on any one group. Over the long-term this could make it even more difficult for the intelligence community and law enforcement to target and dismantle these groups.

The emergence of ransomware-as-a-service and double extortion ransomware has made this kind of cybercrime more efficient and profitable for cybercriminals. As ransomware attacks increase globally across industries, traditional approaches to cyber security are no longer good enough. Ransomware attacks move so rapidly across an organization’s digital environment to disable systems and encrypt files that they outpace a human security team’s ability to respond. By the time organizations like Olympus have managed to detect and “mobilize a specialized response team” – the damage has already been done. The reality is that you can’t stop breaches – but you can prevent the disruption they cause. This is why organizations are increasingly turning to AI and ‘autonomous response’ technology that is capable of pinpointing anomalous, threatening activity in real time and interrupting the threat before it escalates to a full-blown attack.

I’ve said this many times before, but companies are now running out of time to make sure that their cyber defenses are in tip top shape. If they don’t do anything substantive to protect themselves, I’ll be writing about them and the fact that they got pwned in due course.

There Was A 55,239% Increase In Ransomware Activity In Q2: Nuspire

Posted in Commentary with tags on September 13, 2021 by itnerd

Nuspire today announced the release of its 2021 Q2 Quarterly Threat Landscape Report. Sourced from 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future

In a recent Forrester podcast, security analysts discuss ransomware attacks becoming more common and more damaging. “Critical infrastructure organizations like hospitals or energy providers are more lucrative targets for attackers because the impact of their shutdown is more immediate and could threaten lives, forcing victims to pay the ransom quickly.”

In Q2 2021, Nuspire security experts witnessed a 55,239% increase in ransomware activity just a few weeks prior to the Colonial Pipeline Ransomware attack conducted by DarkSide Ransomware group. The reason for the increase is not known and it may not be related to Colonial Pipeline, but one can speculate that the increase could be from the same campaign with Colonial Pipeline.

 Additional notable findings from Nuspire’s 2021 Q2 Threat Landscape Report include:

  • Malware activity up 41.84% and continues to be driven by VBA Agent Activity and a new addition of JS/Valkyr activity
  • Botnet activity down -50% from Q1, which is likely a result from the impact of Emotet being removed from the space
  • -51% decrease in exploit activity from Q1, but beginning to trend back up into Q3 as well as a large increase in SSH Bruteforce activity that has not been seen before

I spoke to the folks at Nuspire about this and they do these reports to highlight to customers what’s out there and how best to avoid becoming the next victim. In terms of the latter, it really comes down to a handful of things that might sound familiar to you:

  • Educate all users, often
  • Take a layered approach to security
  • Up your game when it comes to malware protection
  • Segregate higher-risk devices from your internal network
  • Patch all the things

Learn more about protecting your organization from increasing cyber threats and download Nuspire’s 2021 Q2 Threat Landscape Report. There’s a live webinar planned to discuss these results on the 14th of September which you can sign up for here.